Stuxnet seems to be staging a comeback after a short dip in its show-biz career
It hit big after being discovered in the wild in 2009, allegedly redesigned as a guided cyberweapon aimed at Iran's nuclear development program by the U.S. and Israel during 2010, then stolen from a security firm and posted as decompiled source code by radical humorists at 4Chan's Anonymous hactivist group.
Then it turned out it hadn't been born in 2009 then nip-and-tucked into an anti-Iranian activist. It was active and attacking Iran's nukes and four other organizations within the country since 2008, keeping itself cloaked the whole time.
Like many big celebrities, the big publicity break often comes after one's greatest work is already done. In this case Stuxnet showed up as a featured security threat on The Colbert Report, inadequately explained by often-misguided neo-con security wonk David Albright, who did his best to explain why a virus that attacks and destabilizes nuclear facilities is a big difference from one that deletes data from your hard drive.
The presentation was pretty weak, too, though the idea of a direct interview-by-proxy was pretty funny. Rather than just repeat questions a producer read in his earpiece (a la Network News), Colbert called foreign-correspondence doyenne Christianne Amanpour out from the wings to speak her questions, while Colbert lip sync'd and tried to look serious.
Albright did make the point that, while cyberwar is less bloody than the real thing (until we see an online attack that can create nuclear-plant meltdowns or other catastrophes), digital attacks bring the same risk of retaliation that real attacks do.
Now that Israel is actually bragging about the success of Stuxnet, it would be silly not to expect a counter-punch from Iran. So far its response hasn't exactly caused global terror.
(Israel's culpability is still unconfirmed, by the way, though there is plenty of analysis tying it and the U.S. to its development and testing. In covert operations, it often makes as much sense to claim you're capable of a devastating but underhanded attack as it is to be capable of it and actually carry it through. If nothing else, it can serve as a deterrent, which is one theory on why Saddam Hussein kept trying to give the impression he still had chemical or biological weapons long after both were long gone.)
The Colbert Report bit on Stuxnet wasn't that successful, either as information or entertainment.
There was certainly enough material there for good satire:
- The image of Iranian scientists flummoxed by the misbehavior of their own equipment;
- Covert, (almost certainly) snickering involvement (alleged) of anti-nuke U.S. and Israeli intelligence operatives;
- Extreme dichotomy between the public concept of virii as script-kiddy vandalism vs. the real-world destructiveness of the actual Stuxnet;
- And the quick slide into the ridiculous as radical chaoticists at Anonymous stole and posted some code from the virus itself.
The details may just have been too complex to boil down, or the threat may have seemed too abstract.
Colbert did hit one point that most people don't really get – that Stuxnet is a real break from everything people have understood as "cyberwar" or "hacking" until now.
Most people consider Stuxnet, Julian Assange and the kids who steal each other's Facebook identities all to fall into the same class of hacker.
They're not, any more than the whistleblower who steals information to expose corporate skulduggery is anywhere near as vile as the corporations killing miners, oiling the Gulf, fleecing investors and destroying the economy by breaking the rules and blaming others when they're caught.
Unfortunately, whistleblowers and Facebook eavesdroppers tend to get caught and punished, partly because it's not necessary to have specialized knowledge to understand what they've done.
Those committing more esoteric crimes – or pushing cyberwar beyond online harassment, to the point they can destroy or deteriorate weapons in the real world – are harder to blame because it's harder to understand concretely what they've actually done.
Whether you profit by them or not, whether you approve of them or not, whether you wish you could laugh at them or not, the fleecing of stockholders, shirking of safety measures in coal mines, destruction of the environment and cyberwar attacks all have real-world repercussions.
It's just a shame the causes aren't clear enough for most people to really understand.
Without understanding, outrage is impossible; without outrage, satire is irrelevant.
Without relevance, satire isn't funny.
For readers bracing themselves in the flow of so much confusing, often bad news, not being funny is at least as big a sin as not being relevant.