Did China Develop the Stuxnet Virus?
Forbes reports:
Does China Benefit By Attacking Natanz?
In 2008, China decided to assist the IAEA inspectors after it learned that Iran was in possession of blueprints to shape uranium metal into warheads, according to this article in The Telegraph. That same article discloses that Chinese designs for centrifuges were discovered in Iran, supplied via Pakistan’s AQ Khan.
On April 13, 2010, Beijing reiterated its opposition to Iran’s goal to develop nuclear weapons capabilities while stating that sanctions against Iran would be counter-productive. In other words, the PRC wanted to support its third largest supplier of oil (after Saudi Arabia and Angola) while at the same time seeking ways to get Iran to stop its uranium fuel enrichment program. What better way to accomplish that goal than by covertly creating a virus that will sabotage Natanz’ centrifuges in a way that simulates mechanical failure while overtly supporting the Iranian government by opposing sanctions pushed by the U.S. It’s both simple and elegant. Even if the worm was discovered before it accomplished its mission, who would blame China, Iran’s strongest ally, when the most obvious culprits would be Israel and the U.S.?
Reviewing The Evidence
China has an intimate knowledge of Iran’s centrifuges since, according to one source quoted above, they’re of Chinese design.
China has better access than any other country to manufacturing plans for the Vacon frequency converter drive made by Vacon’s Suzhou facility and specifically targeted by the Stuxnet worm (along with an Iranian company’s drive). Furthermore, in March 2010, China’s Customs ministrystarted an audit at Vacon’s Suzhou facility and took two employees into custody thereby providing further access to Vacon’s manufacturing specifications under cover of an active investigation.
China has better access than any other country to RealTek’s digital certificates through it’s Realsil office in Suzhou and, secondarily, to JMicron’s office in Taiwan.
China has direct access to Windows source code, which would explain how a malware team could create 4 key zero day vulnerabilities for Windows when most hackers find it challenging to develop even one.
There were no instances of Stuxnet infections in the PRC until very late which never made sense to me, particularly when Siemens software is pervasive throughout China’s power installations. Then, almost as an after-thought and over three months from the time the virus was first discovered, Chinese media reported one million infections, and here’s where the evidence becomes really interesting.
That report originated with a Chinese antivirus company called Rising International, who we now know colluded with an official in Beijing’s Public Security Bureau to make announcements encouraging Chinese citizens to download AV software from Rising International (RI) to fight a new virus that RI had secretly created in its own lab. Considering this new information, RI’s Stuxnet announcement sounds more like a CYAstrategy from the worm’s originators than anything else.
In Summary
The conventional wisdom on which nation state was responsible for the Stuxnet worm has relentlessly pointed the finger at Israel or the United States almost from day one of the worm’s discovery. No other scenarios were discussed or even considered with the exception of my own conjecture about India’s INSAT-4b satellite failure and Britain’s Heysham 1 nuclear plant shutdown, and then my white paper proposing 4 additional alternative scenarios; all of which were my way of trying (and failing) to expand the discussion beyond Israel and Iran. The appeal of a U.S. or Israeli cyber attack against first Bushehr, then Natanz, was just too good to pass up even though there was no hard evidence and very slim circumstantial evidence to support a case for either country. The best that Ralph Langner, CEO of Langner Communications (and the leading evangelist for this scenario) could point to was an obscure Hebrew word for Myrtus and a biblical reference for a date found in the malware that pertained to Persia; both of which could have been explained in a half dozen alternate ways having nothing to do with either Israel or the U.S.
As far as China goes, I’ve identified 5 distinct ties to Stuxnet that are unique to China as well as provided a rationale for the attack which fits China’s unique role as Iran’s ally and customer, while opposing Iran’s fuel enrichment plans. There’s still a distinct lack of information on any other facilities that suffered damage, and no good explanations for why there was such massive collateral damage across dozens of countries if only one or two facilities in one nation state were the targets however based solely on the known facts, I consider China to be the most likely candidate for Stuxnet’s origin.
