Did the US write Stuxnet? Deputy Defense Secretary won’t deny it

Last night, US TV station CNBC broadcast a documentary entitled “CodeWars: America’s Cyber Threat”, looking at the threat of cyberwarfare, hacker attacks on critical infrastructure and the risk of technology made in China containing spyware.

Deputy Defense Secretary William Lynn was amongst those interviewed, who confirmed that US government networks receive thousands of attempted hacker attacks every day, and confirms that on occasion weapons systems plans and critical information has been lost in the assaults.

The US government isn’t alone in being targeted by attackers of course, we have heard a similar message from British politicians this year, for instance.

But, as Wired magazine points out, Lynn was also asked directly whether the US was involved in the development of the infamous Stuxnet worm.

Avoiding the question, Lynn replies:

"The challenges of Stuxnet, as I said, what it shows you is the difficulty of any, any attribution and it's something that we’re still looking at, it's hard to get into any kind of comment on that until we've finished our examination."

Reporter Melissa Lee is tenacious, however, and tries asking again:

"But sir, I’m not asking you if you think another country was involved. I’m asking you if the US was involved. If the Department of Defense was involved."

Lynn’s response?

"And this is not something that we’re going to be able to answer at this point."

Unfortunately I haven’t been able to find a video clip online of this exchange.

William LynnOf course, a refusal to confirm or deny the US’s involvement in the Stuxnet worm isn’t an admission. After all, it’s possible that Lynn simply doesn’t know if the USA was involved – and doesn’t want to be caught on film denying something which later turns out to be true.

Or it’s possible that he’s not authorised to deny the US’s involvement for reasons best known to the higher echelons of US politics.

Or maybe even the USA, were involved in Stuxnet but Lynn realises what a monumental sh*t-storm that would create on the international stage so he thought better than to confirm it on a CNBC documentary.

Whatever the truth, it’s always fun to see a politician squirm when put on the spot regarding their own country’s murky activities on the internet.

Long term readers of Naked Security will remember that a couple of years ago I reported on how BBC’s Eddie Mair mischievously tied the then UK Security Minister into knots over the tricky question of whether UK ever attacks other countries in cyberspace:

(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like)

You’ll notice that Lord West makes the same point as the US Deputy Defense Secretary, that a key problem is attribution when it comes to internet attacks – proving that someone (or some nation) is behind a cyber attack is very very difficult.

By the way, if you’re wondering why there’s a picture of ABBA’s Anni-Frid Lyngstad alongside Lord West in that video you’ll have to read my original article.