This unusual trick was never even seen before 2008 when someone left a basket full of free thumb drives in the men's room at CENTCOM Headquarters in Tampa, Florida.
Predictably, one of the curious soldiers took a UBS drive and plugged it into his computer at work, which then launched an infection. To this day, CENTCOM does not know who did it. It certainly was not t the US Government, which spent a lot of money trying to figure out whodunit and what they had done to CENTCOM's vaunted computer security.
I suspect it was the Chinese Government who attacked CENTCOM in 2008 as a dry run for their 2009 attack on Iran’s computers. Let me explain. In 2008, the UN’s nuclear inspectors, the International Atomic Energy Agency (IAEA) informed the Chinese Government that Iran was developing a nuclear plant using Chinese designed equipment. This caused a bit of an uproar.
Now you have to understand that China is run by two different mafia-like gangs. The Civilian Gang (Communist party bureaucrats) make their money by stealing western technology, copying it, and then selling cheaper products back to the west. Eighty five percent of the non-edible goods at Wal-Mart, including the electronics, are made in China.
The Military Gang (the People’s Liberation Army or PLA) runs it own little empire of factories, plants, and industries that have nothing to do with military defense. The PLA even owns its own country, North Korea, which the PLA uses as a black market storefront to sell drugs, guns, missiles, and recently nuclear technology.
The PLA’s gang leaders were perfectly willing to risk world peace by trading pieces of the Islamic bomb in return for access to Arab and African oil. When Col. Quadaffi turned his blueprints for nuclear warheads over to the Americans, the documents were written in Chinese. The PLA also sold blueprints for a nuclear processing plant to Pakistan.
To China's horror, the enterprising Pakistanis went into the nuclear black market business for themselves. They renamed the Chinese centrifuge the Pakistan-1 and began selling the P-1's to Iran.
In their defense, the PLA explained that the army only sold obsolete nuclear designs to Pakistan. It was crude and almost unworkable technology that predated China's signing the Nuclear Non-proliferation Agreement. It was an extremely flimsy and wholly illegal excuse.
The Civilian Gang leaders were outraged. If word got out, it would ruin China's peaceful marketing image, and threaten their underwear sales to the west.
The US State Department was already banging on Beijing’s door, as a Wikileaks Secret Cable revealed:
"In March 2009, the U.S. raised with you our concerns that Pakistans Intralink Incorporated had sought a quote from the Chinese firm Suzhou Testing Instrument Factory for a vibration test system. Intralink Incorporated appears to be closely associated with the Project Management Organization (PMO), the developer of Pakistans Ghaznavi short-range ballistic missile."
Strangely enough, Julian Assange never published this particular cable, perhaps part of an unusual pattern of self-censorship to avoid antagonizing the Chinese leadership. One internet blogger claims that Assange had over a million documents provided by the Chinese before he opened Wikileaks.
Whether Assange is a witting or unwitting dupe for Chinese intelligence, is purely a matter for speculation at this point. It is interesting, though, that this particular cable that mentions Suzhou also contains information about China’s illegal deals with Iran. Instead, a disgruntled Wikileaks employee went behind Assange’s back and gave a complete set of the Wikileaks cables to a Swedish newspaper, which promptly released the Suzhou cable without knowing its significance.
The City of Suzhou (formerly Suchow) mentioned in the ballistic missile deal with Pakistan, was also the same place where the Vacon company manufactured controllers for Iran’s illegal centrifuges. The Stuxnet Swiss Army knife was brilliantly and precisely tooled to take over only the Vacon machines and wreck only the centrifuges in Iran.
Here’s how it was done. American law forbids the export of certain electronic controllers that run at 600 Hertz or higher because that is the frequency at which uranium centrifuges spin. The Chinese made Vacon controllers in fact operate at 800 hertz to 1200 hertz, so the Stuxnet Swiss Army knife had to be designed to include a sniffer that searched only for gear that ran at the same frequency as a Vacon controller.
Since the Vacon was made in a factory in Suzhou, it was not hard for Chinese to get access to the Vacon parts and identify its weaknesses. Once identified, the Chinese could speed up and slow down the Iranian centrifuges and wreck them, while spoofing the gauges in the Iranian control room into reporting that everything was normal.
But how to get Stuxnet software past Iranian security? Once again, the Suzhou scientists had an answer. Suzhou’s several industrial parks were the Chinese home for many foreign high tech companies, among them the branch office of RealTik. Apparently, someone in Suzhou stole Realtik’s genuine authentication password and added it to the Stuxnet tool roster. That’s more than a coincidence, that’s three strikes for Suzhou, a city which, it should noted was the high tech research site of the former nuclear defense ministry of the PLA.
Why would the Chinese defense industry engage in nuclear proliferation and then reverse course to sabotage Iran’s nuclear weapons program when Iran was China’s second largest oil supplier? Oil is the answer.
China’s number one oil supplier is Saudi Arabia, and the Saudis allegedly made it very clear to China that if they continued to help Iran attain a nuclear weapon, not another drop of Arab oil would ever reach China’s shores. The Chinese already knew that the Iranian military and navy was almost strong enough to blockade all oil tankers coming through the narrow Straits of Hormuz, choking off more than 40% of the world’s oil supply. If Iran went crazy, China would go dark.
Instead, Saudi Arabia offered China a deal they could not refuse. The Saudi solution was to ship the oil over land, rather than by sea. The Saudis (and all the other Gulf States) were frantically building a network of pipelines to carry their oil to Iraq. From Iraq, another pipeline ran across Syria to the Mediterranean Sea where the Russians were building a giant port.
Russia had a lot of oil to sell, but the problem was their supertankers could not fit through the Panama canal. It was costing the Russians a fortune to send their tankers west past Gibraltar, down around the continent of Africa, and then back up to the Asian oil consumers.
The Russian solution was Israel. The Israeli government had an existing unused pipeline that ran from Eilat on the Red Sea up to Ashkelon on the Mediterranean Coast. The Israelis reversed the flow, and unloaded Russian tankers at Ashkelon, and piped the oil to the Red Sea, where other tankers could sail to China without ever sailing near Iran’s chokepoint.
The Saudi offer to China was simple: China would get a cut by building the world’s largest oil refinery in Deir as Zour, Syria, just across the border from the Iraqi pipeline. Whatever Iran did in the future with the Straits of Hormuz, the Gulf States could ship China all the oil it would ever need through Syria, which would then ship it down the coast to Ashkelon and through the Israeli pipeline to the Red Sea.
It meant that in the long run China would sell out Iran and have to side with her Arab enemies. China was agreeable in principal. But first, there was a little problem of cleaning up the PLA’s nuclear mess. In 2007, Israel bombed a secret Syrian nuclear plant in Deir as Zour, Syria, wrecking Iran’s plans to build hundreds of dirty bombs for its proxies to attack Israel.
Surprisingly, the Syrian government praised Israel for their discretion in handling the raid. Once the Deir as Zour nuclear plant was rubble, the Chinese government signed the deal to build the world’s largest oil refinery in Deir as Zour Syria in April 2008.
To finish cleaning up the last part of the PLA’s proliferation mess, China launched their Stuxnet attack on Iran in June 2009. At first the Iranians blamed the Jews, but then in the Middle East, everybody blames the Jews for everything anyway. This time, it seems the Iranians may have been partly correct.
In order to get the Stuxnet Swiss army knife into Iran, someone would have to wrap the Chinese Stuxnet worm inside another software package for infiltration. Experts have confirmed that this separate software wrap around the Stuxnet payload was written in a rushed manner by a second group of programmers who were not the original authors of Stuxnet.
It is very possible that the Israeli encryption team of Unit 8200 was responsible for the second software wrap and for the actual delivery. Using the Realtik safety certification stolen in Suzhou, the Stuxnet virus spread slowly but surely throughout the civilian sector of Iran, and slowly infected the government computers without being noticed.
Even when it was eventually discovered (by a Byelorussian company) Stuxnet was dismissed as a harmless piece of malware that really didn’t do anything damaging. The reason was that Stuxnet was patiently searching for the Vacon trigger frequency, and then all hell broke loose.
By the time the Iranians realized that China was behind the attack, it was too late. The damage had been done. Many centrifuges were wrecked outright. Worse the worm seemed to reinfect the new centrifuges as soon as they were brought online. The embarrassed Russians then had to tell Tehran that the Stuxnet virus had been found in the Busher reactor, and that it could not be started for fear of a meltdown.
Iran ordered a cyber counterattack, not against Israel or America, but against China. At midnight on January 12, 2010, the “Iranian Cyber Army” took over China’s biggest internet service, Baidu, and planted the Iranian flag on their website.
It was an extreme loss of face for the Chinese leadership. By 11 am, China’s more formidable cyber Army had repulsed the attack, and Chinese hackers began to attack Iran, putting the Chinese flag on Iranian websites, and warning them not to intrude again on China’s cyber turf. Iran backed down. The first battle of the cyber war was over. China had won.
Israel didn’t stop fighting. On October 15, 2010, the Israelis used Stuxnet software to cause three separate explosions inside Iranian missile facilities. The press reported that virtually the entire stockpile of Iranian Shehab-3 medium range missiles was destroyed.
What was not publicly reported was that the Mossad had timed the blasts to coincide with a visit from Iran’s nuclear weapons team. Most of them were killed in the blast, but five more surviving scientists were assassinated over the next month. This time, Iran blamed Israel instead of China, and they were right.
In an usual postscript, Israel is believed to have shared the Stuxnet secret with the American government, so the threat is neutralized. Still, one is left wondering what else the Chinese cyber division has up its sleeve.
(C) Copyright John Loftus 2011