The question of who made Stuxnet and who targeted it on Natanz is still a much-debated mystery in the IT and espionage community. But from the beginning, the prime suspect has been Israel, which is known to be open to using unconventional tactics to defend itself against what it regards as an existential threat. The New York Times published a story that pointed to U.S.-Israeli cooperation on Stuxnet, but with Israel’s role highlighted by the assertion that a file buried within the Stuxnet worm contained an indirect reference to “Esther,” the biblical heroine in the struggle against the genocidal Persians.
Would the Israelis have been foolish enough to leave such a blatant signature of their authorship? Cyberweapons are usually cleansed of any identifying marks—the virtual equivalent of the terrorist’s “bomb with no return address”—so there is no sure place on which to inflict retaliatory consequences. Why would Israel put its signature on a cybervirus?
On the other hand, was the signature an attempt to frame the Israelis? On the other, other hand, was it possible the Israelis had indeed planted it hoping that it would lead to the conclusion that someone else had built it and was trying to pin it on them?
When you’re dealing with virtual espionage, there is really no way to know for sure who did what.
Unless you’re Richard Clarke.
“I think it’s pretty clear that the United States government did the Stuxnet attack,” he said calmly.
This is a fairly astonishing statement from someone in his position.
“Alone or with Israel?” I asked.
“I think there was some minor Israeli role in it. Israel might have provided a test bed, for example. But I think that the U.S. government did the attack and I think that the attack proved what I was saying in the book [which came out before the attack was known], which is that you can cause real devices—real hardware in the world, in real space, not cyberspace—to blow up.”
Isn’t Clarke coming right out and saying we committed an act of undeclared war?