Stuxnet and the future of autonomous cyberweapons.

What If Jason Bourne Were a Cyber Weapon?

What If Jason Bourne Were a Cyber Weapon?

The citizen’s guide to the future.
May 31 2012 5:28 PM

What If Jason Bourne Were a Cyberweapon?

We may soon have to make room in our lives for self-reliant, highly autonomous software.

Closeup of Bee
Thanks to computer-chip advancements, one day this bee may spy on you


In the summer of 2010, the Iranian uranium enrichment centrifuges started to malfunction. Eventually, it came to light that the cause was a piece of computer malware called Stuxnet. This little computer bug—small enough to hide on a thumbdrive among PowerPoint presentations and photographs of the kids—managed to wend its way around the world, to the cloistered confines of Iran’s nuclear facilities, and into machines that were “air gapped,” as they say in the business—isolated from any other computer network. To get into one of these machines requires more than the garden variety computer virus—it requires a virus built for maximum effectiveness and autonomy—the Jason Bourne of viruses.

How long will it be before the advanced programming techniques that went into Stuxnet make their way into cyber weapons that boomerang against us?  If anybody knows the answer to that question, they aren’t telling, but it seems a near certainty that, sooner or later, advanced malware will be headed in our direction. At the moment, the United States is highly vulnerable to a malware attack from a Stuxnet-like virus. And some security experts think it could cause as much economic and humanitarian damage as an attack with nuclear weapons. 

The advent of intelligent rogue computer programs such as Stuxnet is only one of the many ways the field formerly known as artificial intelligence is making its way slowly and inexorably into every aspect of life. This is what happens with technology. It starts out as something for an elite corps of supernerds and gradually works its way to the masses, getting cheaper and more powerful.


Artificial intelligence started out decades ago with the promise of general-purpose machines that could think and act like humans. These hopes were dashed, though, in part because the goal was too ambitious—human intelligence is just too subtle, too sophisticated, too poorly understood, to capture in a machine. It failed, too, in part because the hardware was too crude—computers in the ’60s, ’70s, and ’80s were big but not powerful. Now they’re tiny and quite powerful, and getting more so every year.

In the meantime, computer scientists have taken a divide-and-conquer approach to the problem of artificial intelligence. They’ve broken it up into bits and attacked each one separately. This had led to something of a renaissance in the field in the past decade or so. Progress in AI is proceeding in narrow slices of intelligence—speech recognition, text reading, computer vision. The pieces come together in robots, which have sensors to take in what’s going on in the real world, and the ability to move about and to effect physical change on the world. Increasingly, robots interact with people and their daily lives.

The notion of humanoid robots taking over the world is probably silly—certainly when you think of robots in the literal sense, as mechanical creatures with arms and legs that walk around in the streets and sit at a desk in the office cubicle next to yours, competing with you for a promotion. But it becomes less outlandish when you abandon the literal notion of robots as humanoids. In the world we’re now creating, you can think of robots as any artificial intelligence that connects somehow with the physical world. In this respect, Stuxnet was a kind of robot; instead of affecting the physical world through its arms and legs, it did so through the uranium centrifuges of Iran’s nuclear program. A robot is a general-purpose tool made up of different components of narrowly built artificial intelligences.

The first concern that engineers express about new technologies is inevitably privacy, and machine intelligence is no different. Take your iPhone. It is, basically, a computer, and it carries an awful lot of information about you. It’s got a camera, a microphone, a GPS that gives your location. The kind of information it collects is very telling about you and your habits. And the degree to which this information is collected and made available is only going to increase. Many policymakers and computer experts are thinking up ways of using the kind of data that cellphones collect to improve such things as traffic control and public health. If you’re home with the flu, for instance, health officials could use your cellphone data to figure out who got within three feet of you in the past few days, when you were at the peak of contagiousness, and use that information to help contain the spread of infection, perhaps by contacting those people and informing them that they are about to be sick and are unwittingly at that moment spreading infection.

Having your phone provide such information to, say, the CDC may offend your sense of privacy, or perhaps you think it’s worth it for the common good. Regardless, imagine what would happen if a computer virus promulgated by organized crime infected your phone and began to turn its capabilities of information-gathering to nefarious ends.

A sophisticated virus in your cellphone might be able to listen in on all your conversations. It would know your credit card numbers, it would intercept all your emails. Microsoft, Google, and other firms have already developed software that prioritizes email messages by what you’re most likely to be interested in. They can do “sentiment analysis” that scans email messages and finds out how you feel about certain things—whether you think Obama is doing a good job and so forth. The software can read blogs and automatically tag people as leaning to the right or the left on the political spectrum. The software could gather information the way Gallup polls do, but you wouldn’t have to ask people what they thought about certain subjects; the software would be able to tell just by analyzing their emails and blog posts.