The boomerang effect: Could American cyberweapon be turned against us?

Written By Jeremy A. Kaplan, Alec Liu Published March 31, 2012

FoxNews.com

The 1983 movie “Wargames” depicted a dystopian vision of a computer-controlled armageddon. Today, cyberwar is very much a reality. (United Artists)

Viruses like Stuxnet and Duqu are the atom bombs of cyberwarfare, experts say, a key tool in U.S. and foreign military arsenals. But some worry that this new generation of digital weapons could be co-opted by enemy forces — and used against their creators.

After the Stuxnet virus hit Iran‘s nuclear power plants in 2010, it was collected and disseminated, falling into the hands of hackers and code-crafters worldwide. Richard Clarke, the former counterterrorism chief, is confident that the U.S. wrote the code — and may have allowed the U.S.’s greatest cyberweapon ever to leak into enemy hands.

“It got loose because there was a mistake,” Clarke said in an interview with the Smithsonian. “And if you’re a computer whiz you can take it apart and you can say, ‘Oh, let’s change this over here, let’s change that over there.’ Now I’ve got a really sophisticated weapon. So thousands of people around the world have it and are playing with it.”

SUMMARY

The Stuxnet malware was the culmination of a vast technical and espionage effort that had one target in mind: Iran’s nuclear plans. Its success set back the Iranian program for years.

July 13, 2010: Stuxnet is discovered, though few realize what exactly it is.

Nov. 26, 2010: Experts begin to fully understand the implications of the malware.

Oct. 14, 2011: Duqu, the first clone of the Stuxnet virus, is discovered by Symantec researchers.

Feb. 14, 2012: Iran finally disables the Stuxnet virus, experts say.

“And if I’m right, the best cyberweapon the United States has ever developed, it then gave the world for free.”

Call it the boomerang effect — the weapon you designed to hit others can come right back at you.

And while many still disagree that the U.S. was responsible for Stuxnet, often citing Israel as a prime suspect, the software is now unquestionably out in the wild. What if someone used it against us? Can viruses in general be turned against their masters?

Yes and no, explained Liam O Murchu, a manager of operations at Symantec Security Response, where the firm has tirelessly analyzed Stuxnet and variants such as Duqu.

“From a practical view of what you can actually do, it would be very hard to take Stuxnet, reimage it, and target someone new without the source code,” O Murchu told FoxNews.com. “So from that point of view, it’s not so dangerous to have Stuxnet out in the wild right now. Even if you get your hands on it, you don’t have the source code to refashion it to do something else.”

Retired general and former CIA chief Michael Hayden thinks the issue is far more black and white.

“There are those out there who can take a look at this … and maybe even attempt to turn it to their own purposes,” he said in an interview with the CBS television show “60 Minutes” earlier this month.

“The best cyberweapon the US has ever developed, it then gave the world for free.” Continue reading