Who Leaked the Stuxnet Virus Story?

Military analysis.
June 28 2013 5:28 PM

Who Leaked the Stuxnet Virus Story?

Why retired Gen. James Cartwright is facing allegations—and could be the first higher-up to go down.

(Continued from Page 1)

This doesn’t prove that Cartwright was a source—and certainly not that he was the sole, or even main, source. In fact, Sanger wrote that his Times story was “based on interviews over the past 18 months with current and former American, European and Israeli officials involved in the program, as well as a range of outside experts.”

Nor is it clear what impact the Times story had on U.S. security. Jane Harman, a former California congresswoman who served on the House Intelligence Committee, said at the time that the leak was “very damaging” and had “devastating consequences.” It is true, the Iranians eventually discovered and disabled the bug. More than that, they unleashed a retaliatory cyber-strike, known as the Shamoon virus, which destroyed the hard drives of 30,000 computers at the headquarters of Aramco, the global oil company based in Saudi Arabia, and beamed on all of its computer screens an image of a burning American flag.

But did the Iranians find the Stuxnet bug and unleash their own strike as a result of the Times story, whoever its source or sources might have been? Doubtful.

Advertisement

First, Sanger reports in his book that, as the result of an Israeli programming error, the Stuxnet virus leaked out across the global Internet in the summer of 2010—two years before the Times story. Second, right after the intriguing passage in Sanger’s book, where Cartwright says the cyber program shouldn’t be kept secret, there is the following, equally intriguing paragraph:

An intelligence officer disagreed [with Cartwright]: “Everybody who needs to know what we can do, knows,” he said. “The Chinese know.” And the Iranians, he added, “are probably figuring it out.”

One former cybersecurity official told me today, in response to a question about the impact of the leak, “Iran already figured it out”—that is, the Iranians knew about Stuxnet and figured out how to defeat it—before the Times story appeared.

The chronology tends to support that view. The Iranians launched the Shamoon virus on Aug. 15, 2012, only two and a half months after the Times story. It’s possible that they could have found the Stuxnet bug, deactivated it, and planned an ambitious counterpunch in that short time span—but not likely.

None of this speaks to Cartwright’s legal situation. If he did what the Justice Department suspects him of doing, he’s in trouble, regardless of whether his actions damaged national security.

However, the whole episode should raise serious questions—it should prompt a real national debate—about the larger subject of leaks. As every Washington insider knows, the government runs on leaks. They operate on various levels. Presidents and their aides leak to float balloons or rally support for their positions. (Many people thought at the time that the Stuxnet leak came from the White House, to show that Obama was wrecking Iran’s nuclear program without having to drop bombs.) Opponents leak to dampen support for those programs. Mid- to high-level bureaucrats leak to push their programs over competing programs. Finally, whistle-blowers or low-level functionaries, with no links in the power chain, leak for personal reasons or to call attention to activities that they think are wrong.

The whistle-blowers tend to get prosecuted. The higher-ups almost never do. If Cartwright is indicted, that will change, and it will mean that you can have power and still get hammered for freelance leaking. The key term here, though, is “freelance.” The highest-level leaks will still get a pass, will still be a vital tactic in the Washington power games. Should the bar be raised higher? Should it be lowered? Should the whole enterprise be reassessed?

One thing that everyone knows: Way too much information is classified, and way too many people have clearances. Rosa Brooks, a former Pentagon official, recently wrote in Slate sister publication Foreign Policy that she once asked a colleague why some innocuous memo he’d written was classified Top Secret. He replied that if it weren’t, no one would read it. This is the culture that’s stifling debate, that’s keeping the cloak of secrecy on matters that should be open—or at least open to discussion on whether they should be kept secret, and on what really is vital to national security and what isn’t.

TODAY IN SLATE

Foreigners

More Than Scottish Pride

Scotland’s referendum isn’t about nationalism. It’s about a system that failed, and a new generation looking to take a chance on itself. 

What Charles Barkley Gets Wrong About Corporal Punishment and Black Culture

Why Greenland’s “Dark Snow” Should Worry You

Three Talented Actresses in Three Terrible New Shows

Why Do Some People See the Virgin Mary in Grilled Cheese?

The science that explains the human need to find meaning in coincidences.

Jurisprudence

Happy Constitution Day!

Too bad it’s almost certainly unconstitutional.

Is It Worth Paying Full Price for the iPhone 6 to Keep Your Unlimited Data Plan? We Crunch the Numbers.

What to Do if You Literally Get a Bug in Your Ear

  News & Politics
Weigel
Sept. 17 2014 8:15 AM Ted Cruz Will Not Join a Protest of "The Death of Klinghoffer" After All
  Business
Moneybox
Sept. 16 2014 2:35 PM Germany’s Nationwide Ban on Uber Lasted All of Two Weeks
  Life
The Vault
Sept. 16 2014 12:15 PM “Human Life Is Frightfully Cheap”: A 1900 Petition to Make Lynching a Federal Offense
  Double X
The XX Factor
Sept. 15 2014 3:31 PM My Year As an Abortion Doula
  Slate Plus
Slate Plus Video
Sept. 16 2014 2:06 PM A Farewell From Emily Bazelon The former senior editor talks about her very first Slate pitch and says goodbye to the magazine.
  Arts
Brow Beat
Sept. 17 2014 9:03 AM My Father Was James Brown. I Watched Him Beat My Mother. And Then I Found Myself With Someone Like Dad.
  Technology
Future Tense
Sept. 17 2014 8:27 AM Only Science Fiction Can Save Us! What sci-fi gets wrong about income inequality.
  Health & Science
Bad Astronomy
Sept. 17 2014 7:30 AM Ring Around the Rainbow
  Sports
Sports Nut
Sept. 15 2014 8:41 PM You’re Cut, Adrian Peterson Why fantasy football owners should release the Minnesota Vikings star.