- U.S. officials discussed several times the irony that having U.S. officials acknowledge drone and cyberware programs would help other countries justify similar attacks on the U.S.
- Stuxnet came out of a joint effort of the NSA and its Israeli equivalent, the IDF's Unit 8200.
- Stuxnet was designed to infect the Natanz facility and stay resident. Modifications, apparently by the Israelis, gave it the opportunity to escape and infect systems in other countries.
- Kaspersky Labs, which discovered the Flame malware two weeks ago, concludes that Duqu, Stuxnet and Flame share enough significant features to conclude they were written by the same state-sponsored cyberwar program.
- Flame was first identified in 2007 by the Hungarian Laboratory of Cryptography and Systems Security that also discovered Duqu; Flame may have been active for five to eight years before then.
US admits covert cyberattacks, effort to develop more powerful cyberweapons
Flame was not part of the U.S. campaign code-named Olympic Games, according to Sanger's interviews with U.S. officials; however none would say whether the U.S. was involved in developing or deploying it.
U.S. officials have admitted on the record individual attacks on single computers or web servers such as those owned by Al-Queda, Sanger reported. None have previously admitted anything like the scope, sophistication or aggressive character of Olympic Games. Panetta's comments alone make it clear that if another country had launched a similar campaign against the U.S., it would be considered an act of war that would justify a response involving war in the real world, not just the virtual one.
Sanger's report makes clear that, though revelation of Stuxnet was a mistake, it was one that let the world know the U.S. intelligence community – if not its cyber-impaired military – had introduced a whole new kind of warfare based on malware and remote-controlled drones.
By confirming orders to accelerate development and use of cyberweapons came from the top – President Obama – Sanger also confirmed that the Stuxnet and Duqu attacks were strategic decisions to use cyberwar far more aggressively than any country had before to " cripple another country’s infrastructure, achieving, with computer code, what until then could be accomplished only by bombing a country or sending in agents to plant explosives."
Read more of Kevin Fogarty's CoreIT blog and follow the latest IT news at ITworld. Follow Kevin on Twitter at @KevinFogarty. For the latest IT news, analysis and how-tos, follow ITworld on Twitter and Facebook.