The Greatest Threat to World Stability No One Knows About

why the Stuxnet virus opened up Pandora's Box for the rest of the world

The absolute greatest threat to world stability is a threat that oddly receives virtually no publicity. It’s not nuclear arms, it’s not a US stock market crash, it’s not a global bond market crash and it’s not a real estate market crash. The greatest threat to world stability is one that originates within the realm of cyberwarfare. Before you state, “Yeah, I’ve heard that many times before” and dismiss this article, there is a very low probability that your understanding of the magnitude of this risk is anywhere near complete simply due to the fact that the great majority of people do not have a clear understanding of how much of their daily modern lives depend upon a functioning internet. There is a massive threat to all infrastructure that exists in virtually every modern nation in the world today, because of the invention of the Stuxnet virus by US and Israeli intelligence agencies that inadvertently spread around the world. And virtually no one is discussing the greatest threat to world stability, one much greater than the threat of conventional warfare, outside of the opaque confines of State intelligence agencies. In fact, due to the release of Stuxnet into cyberspace, the safest places in the world may be, as of right now, the least developed nations technologically, that possess few or no life-sustaining key infrastructure controlled by computers. On the contrary, the nations subject to the highest risk from the greatest threat to world stability are the most technologically advanced that possess all critical infrastructure controlled by computers and that are now at a fairly advanced stage of adoption in regard to the IoT (Internet of Things).

Why the Creation and Discovery of the Stuxnet Code in 2010 Forever Altered Global Security for the Worse

The Stuxnet code was first detected by a small software security firm in Belarus in June, 2010 after one of their Iranian clients complained about experiencing a problem in software execution. However, by the time Stuxnet was detected, it had already likely been deployed in cyberspace for at least a year, though the exact date of its deployment remains unknown for self-evident reasons. Though Stuxnet specifically targeted Siemen manufactured PLC used to control automated processes of Iranian centrifuges central to their uranium enrichment program, and was an unusual virus in that it required a spy to enter the buildings that housed Iran’s uranium enrichment program and to manually deploy it using a physical USB drive. The reasons that Stuxnet had to be carried into the Iranian facility for deployment was because the computers that controlled Iran’s uranium enrichment program were not plugged into the world wide web for obvious security reasons. Still, the execution of this program was definitely not well thought out given the massive blowback that could now result today as result of its deployment. Back then, when Stuxnet was first discovered, the evolution of Stuxnet into the greatest threat to world stability was likely not yet understood.

Though the intelligence agencies that made the decision to deploy Stuxnet perhaps believed that manual deployment of the virus would limit its infection radius to Iran’s uranium enrichment facility, it’s nearly impossible to believe that they did not understand the very high probability of the virus escaping the facility and being downloaded onto the internet, given that the virus’s creators fully intended for Stuxnet to infect any computer operating on the Windows OS. Therefore, Stuxnet’s creators understood that the virus could be portably transported outside the facility by an infected laptop or USB drive and then spread around the world via the internet. Of course, this is exactly what happened, and once Stuxnet was unleashed on the internet, it quickly spread to an estimated 100,000 to 200,000 computers worldwide, including computers in Indonesia and India and even blowing back to the shores of the United States. Thus, somewhere in the apparatus that calls itself as “intelligence” agencies, someone of very low intelligence made a decision to attack Iran’s uranium enrichment facility at the risk of endangering the safety of 7.7 billion citizens on planet Earth in the future. If you don’t understand this statement, then keep reading because I will explain why Stuxnet’s spread to the internet unleashed a Pandora’s box of evil horrific possibilities upon the world.

The Opening of Pandora’s Box

To begin, let me explain what are PLCs. PLCs are Programmable Logic Controllers used to control automated mechanical processes upon which the proper functioning of critical infrastructure depends. The Stuxnet virus was unique in its sophistication, containing in its code something called a zero-day exploit, an exploit designed to attack computers because no known patch to the exploit has yet been developed. In the instances in which a zero-day exploit is discovered, the developers of the software are said to have “zero days” to fix it, as an attack can be unleashed from zero hours, zero minutes and zero seconds of the discovery to any subsequent day in the future.  In other instances, many zero-day exploits are believed to exist that have yet to be discovered. Consequently, the only proof of its existence will come from its execution and the unleashing of chaos that the zero-day exploit is meant to accomplish. Therefore, the resultant chaos that could be unleashed by deploying undiscovered zero-day exploits are impossible to stop. Because zero-day exploits are so valuable to hackers, they likely sell on the black market and dark web for prices that range from a quarter million dollars to a few million dollars, depending upon their level of sophistication and what they are designed to accomplish.

In the case of the Stuxnet virus, due to the fact that the source code was tens of thousands of lines long and uber sophisticated, when US security engineers at Symantec were sent the code to determine the purpose of the code, they stated that they immediately knew the code had to be the creation of a State agency or a collaboration of multiple State agencies. Eventually, these Symantec software security experts traced the origins of the Stuxnet virus back to US national intelligence agencies and Israel’s Mossad, a discovery that sufficiently worried them enough that they openly discussed, on camera, whether they should issue public statements about being happy and not being suicidal. Furthermore, I recall when the discovery of the Stuxnet was first reported, reading US media generated reports that linked the origins of the virus back to Iran. Instead, Symantec’s detective work firmly planted the origins of the Stuxnet virus as American and Israeli, with the target of the virus being Iran. Consequently, the security experts at Symantec likely feared that going public with their discovery and directly opposing the narrative of the US State that Iran had created Stuxnet may be a life jeopardizing truth.

Once the target of Stuxnet was revealed by these two brave Symantec security experts to be specific Siemens S7 300 PLCs used by centrifuges in the Iranian nuclear enrichment program, the US State narrative that attributed the creation of Stuxnet to Iran obviously lost all credibility as Iranian intelligence would never develop a computer virus to sabotage its own State programs. Furthermore, the Stuxnet virus was so sophisticated that not only was it designed to feed information back to computers monitoring the centrifuges that everything was operating at optimal levels even as the virus made centrifuges spin out of control, but it was also designed to avoid deploying every computer it infected that was not its intended target. The Stuxnet virus accomplished this by querying every computer it infected to determine if the computer matched its target, and if it did not, Stuxnet did not activate within the infected computer.

However, it is only at this point that the story becomes truly interesting regarding the implications for future global security, none of which are good.

The documentary Zero Days revealed that security experts that worked for the US security firm Symantec discovered that computer systems that controlled key US infrastructure had been infected as well with Stuxnet. However, since the virus was designed not to deploy unless it found specific parts that were used by the Iranian uranium enrichment program, the virus remained dormant and did not shut down any of the operational systems that controlled American infrastructure. However, because the Stuxnet virus made it all the way from Iran back to American shores in its infection path, I believe this is the reason that Bill Gate’s Microsoft disabled, or at least makes it very difficult, for anyone that owns a computer running under a Windows OS, the ability of the computer owner to disable Windows software updates as the updates ensured that it wiped the Stuxnet virus from the computer and prevented future infections.

Though I have been a Mac OS user forever, I was informed by Window OS users that many times, they did not want to update their OS because the update often contained glitches that disabled software applications they used frequently, and therefore, they turned the automatic Windows update off. However, they said it was near impossible to prevent a Windows update from happening as to do so they had to change numerous settings on their computer and if they ever forgot to turn their WiFi off or unplug an internet cable after using their computer, they would often wake up, not only to discover updates had been installed on their computer against their wishes, but that all privacy settings on their computer had been reset during the Windows update to allow all data from their computer to be collected.  I’m not sure if this is true or not since I’ve haven’t been a Windows user in years, but I was informed by many Windows users that these changes in making the option of disabling updates much more difficult happened around 2010, around the same time the Stuxnet virus was discovered. Furthermore, many Windows users today have told me that even if they use the services application in Windows to disable Windows update, that Windows constantly overrides their disable selection and that if they don’t disable the update option every single time they use their computer, that the one day they forgot to do so, their Windows OS was automatically updated. I believe this change in Windows OS practices, if true, were to address the spread of the Stuxnet virus. If competent hackers have discovered competent ways to permanently disable the Windows update that will clean the Stuxnet virus from an infected computer, then a hacker consequently could have extracted the source code of the Stuxnet virus from an infected computer and re-engineer it to attack other PLCs controlling vital networks around the world.  In fact, if the number of infected computers at 100,000 to 200,000 is anywhere close to being accurate then the probability of dozens of hackers now having the complete source code to Stuxnet, including many Black Hat terrorists and not just White Hats, and of them selling the source code to Stuxnet on the dark web is 100%.

The reason the release of the Stuxnet virus into cyberspace was the equivalent of opening Pandora’s Box was because it allowed perhaps the worst Black Hats in the entire world that did not have a quarter million dollars, a half million dollars or a few million dollars to gain access to the source code of a virus as malignantly destructive as Stuxnet to access code that would be far out of their financial reach for free. And even though Stuxnet was designed to specifically only destroy Iranian centrifuges, with the tens of thousands of lines contained in its source code, there is likely an extremely high probability that the Stuxnet source code can be altered and re-engineered to attack other PLCs that control critical infrastructure necessary for the continuation of modern human life all around the world.  And with the opening of Pandora’s Box that showed hackers that computer viruses could be used to cause great physical destruction in the real world, the greatest threat to world stability now comes in the form of a computer virus. There is very little chance that the Stuxnet source code has not been in the hands of some very evil hackers for many years now. Stuxnet was an especially dangerous virus because it was the first virus discovered in the world that had the capacity to not just attack computers and result in the destruction of computers but that could also attack physical infrastructure and cause enormous damage in the physical world. In other words, Stuxnet demonstrated to terrorists all over the world that they no longer needed a dirty bomb or armaments to inflict serious damage, but that they could inflict damage a thousand-fold worse through stealth now with little ability to trace the attack back to the real attackers, now that that dozens or hundreds of hackers may now have the Stuxnet source code in their possession.  And for this reason, I have labeled its creation and release on the internet as the greatest threat to world stability.

The Destruction That Could Be Inflicted by the Next Iteration of Stuxnet

In fact, the release of Stuxnet into the world makes US President Trump’s declarations about the need to militarily secure space and the constant ramping up of hundreds of billions of dollars of military spending on conventional arms and conventional warfare appear almost naïve. The problem with the Stuxnet source code now being in the hands of perhaps the worst Black Hats in the world is that PLCs, or programmable logic controllers, are used to control a wide range of critical infrastructure in the real world, including public water filtration systems, traffic grids and traffic lights, electricity grids, banking ATM machines, nuclear power plants and even cement mixing systems in which the addition of ingredients must be precisely as programmed to produce structurally sound, industrial grade cement for construction. Can you imagine if a Stuxnet like virus attacked PLCs of cement mixing systems used in building a massive skyscraper, and fed information back to the computers that monitor the cement mixing that all raw materials were being mixed in the proper precise proportions even though this was not the case? And then, what if substandard cement not up to industrial standards was used in the construction of an urban skyscraper that was to house thousands of daily occupants.  From the time of the building’s completion, that building would be at risk of collapse at any time as the substandard cement would be inadequate to support the daily stress and load of the building, and nobody would even know about it. Or what if a more devious Black Hat deployed a Stuxnet like virus to shut down multiple cities’ airport systems, electrical grids, banking machines, water purification systems, oil and gas pipelines, manufacturing assembly lines, nuclear power plants, or basically any system that uses PLCs? The resultant damage would be at least a thousand-fold the worst terrorist attack ever inflicted and likely create even worse economic losses and loss of human life than the two atomic bombs the US dropped on Japan during World War II.

And in fact, such State sponsored viruses capable of inflicting nationwide damage have apparently already been invented, per the investigative work of documentary filmmaker Alex Gibney, in which a virus called NitroZeus was discussed, already allegedly deployed and ready to unleash in the event of a military war, to cripple another nations’ entire key infrastructure. And if the US has such cyberweapons at its disposal, then China and Russia almost certainly have already developed NitroZeus competitors as well.  Consequently, computers that control vital infrastructures of nations all over the world have allegedly already been infected with these doomsday, Armageddon like zero-day exploits, ready to be launched should economic tensions between nations escalate into military warfare. Since severe economic sanctions that are strangling the livelihood out of millions of citizens in multiple nations around the world (Venezuela, Belarus, Iran, Iraq, Mali, Nicaragua, Libya, Lebanon, etc.) have been deployed for years, and history has demonstrated that severe economic sanctions are often the precursor to the declaration of military war, the risk of a NitroZeus like virus being launched in a counter attack increases with every subsequent month severe economic sanctions around the world continue. Though programs like NitroZeus obviously pose a massive threat to humanity all around the world, imagine if a Black Hat terrorist used a zero-day exploit to disable the entire electrical grid, water and banking systems of major cities like Moscow, New York, Tokyo, Paris, Berlin, Los Angeles, Tehran, Abu Dhabi and so on. The resultant chaos would be unimaginable.  This threat is very real, and unfortunately, since the Stuxnet virus was released into the cybersphere, any terrorist with a couple million dollars at his or her disposal likely can purchase a zero day exploit capable of unleashing the above referenced damage. This is not a secret to security experts of all G8 nations. Every security expert of G8 states has known of this massive risk to world security since the Stuxnet virus source code was made available to hackers. Consequently, it is still mind-boggling why governments around the world are still spending cumulative trillions of dollars on weapons of conventional warfare, nuclear armaments, aircraft carries, submarines and fighter jets when the risk of NitroZeus like viruses dwarfs the risk of any conventional warfare operation.

There is almost no one in the world, except for those living off the grid, that are not aware of the proliferation of airport computer shutdowns and electrical grid malfunctions happening around the world on a consistent basis. Though I have no proof of this speculation, you still won’t be able to convince me that there is not a direct connection between the leakage of the Stuxnet virus into cyberspace that provided the blueprint to hackers all around the world of how to bring down infrastructure systems and the significant rise of infrastructure breakdowns all around the world since 2010. If somehow you are not aware of these breakdowns and the severity of these breakdowns and interruptions in service created by infrastructure malfunctions, I’ve compiled a list of news reports here, here, here, here, here and here, in which you can review incidences of massive power outages in cities, airports and other transportation hubs in Venezuela, the United States, England, Wales, Argentina and Uruguay. I never remember these outages happening on a regular basis when I was a child, and with the advancement in technologies since I was a child, theoretically these types of outages should be very infrequent, unless we are not being informed of the true origins of these outages. Furthermore, these six examples I have provided are only a handful of literally dozens of power outages in vital infrastructure that have happened in multiple cities in multiple nations around the world in the past few years, that started happening with increasing frequency ever since US and Israeli intelligence agencies unleashed Stuxnet into cyberspace in 2010. Though I have no proof that the increasing number of citywide blackouts and transportation shutdowns for hours on end that have happened all around the world since 2010 are linked to the Stuxnet code being made accessible to hackers, if I had to make an educated guess, I would guess that the two events are directly linked to one another.

If you recall the end of the David Fincher movie Fight Club, Tyler Durden reset everyone’s credit score in the US by destroying the buildings that housed the computers that held everyone’s credit scores by planting bombs in the buildings and detonating them. Today, because of the totally irresponsible access to the Stuxnet source code provided to any competent hacker that wanted it, this type of damage to physical infrastructures can now be carried out with zero physical effort and through stealth attacks coordinated by unleashing and activating computer viruses. The only question today, one to which we will never be provided a truthful answer, of course, is whether all of the ongoing shutdowns of infrastructure occurring around the world being caused by test runs of wider planned State sponsored attacks or the attacks of individual rogue Black Hats. For example, if you watched the news report of the devastating power outages happening in Caracas, Venezuela linked above, the possibility that these outages were not caused by mismanagement of utility companies by government leaders, as claimed, but by stealth cyberattacks in efforts to turn citizens against the sitting Venezuelan President now have to be considered because of the fact that we know computer viruses can now cause massive damage to critical infrastructures.

Cyberwarfare Can Now Achieve the Objectives of Conventional Warfare, at a Fraction of the Cost

Certainly, if I wanted to oust a government President or Prime Minister of some nation, and I had access to NitroZeus, or even just a Stuxnet-like virus, and I did not have a conscience, I would use it to disable infrastructure, cause misery for millions of people, and use their misery and suffering to implement the regime change I desired. In fact, it’s ironic that in the news report of massive power outages in Venezuela, one citizen asked for foreign intervention to oust the Venezuelan President. In world history, the tactic of punishing the citizens through severe economic sanctions and getting the citizens to rise up against the government because of their suffering, has always been a favored tactic and successful tactic in implementing regime change.  Though most people are unaware of this, one of the first goals of any conventional war is to take out the key infrastructure of that nation, including the electrical grid. For example, during Operation Desert Storm, launched by President George Bush Sr. against Iraq, the OPORD (Operational Orders) granted for Phase I, which was to be completed within the initial six to nine days of warfare, were as follows: a “strategic air campaign will be initiated to attack Iraq’s strategic air defenses; aircraft/airfields; strategic chemical, biological and nuclear capability; leadership targets; command and control systems; Republican Guard forces; telecommunications facilities; and key elements of the national infrastructure, such as critical LOCs, electric grids, petroleum storage, and military production facilities.” Historian William Blum, in his book Killing Hope, detailed the results of this strategy to cripple all of Iraq’s critical infrastructure within the first few days of military engagement:

“The crippling of the electrical system multiplied geometrically the daily living horror of the people of Iraq.  As a modern country, Iraq was reliant on electrical power for essential services such as water purification and distribution, sewage treatment, the operation of hospitals and medical laboratories, and agricultural production.  Bomb damage, exacerbated by shortages attributable to the UN/US embargo, dropped electricity to three or four percent of its pre-war level; the water supply fell to five percent, oil production was negligible, the food distribution system was devastated, the sewage system collapsed, flooding houses with raw sewage, and gastroenteritis and extreme malnutrition were prevalent.”

And this is exactly what is so horrific about the fact that the Stuxnet source code is very likely in the hands of some of the worst people on earth today. No longer will bunker busting bombs and megaton munitions need to be unloaded from the sky to achieve the above, but all of the above can be achieved with a computer virus. In any event, when the house of cards in global stock and bond markets that bankers have built for the last decade eventually comes tumbling down, and it will, if on top of this implosion of market asset prices, the number of critical infrastructure shutdowns around the world continues to increase, then this will be proof that infrastructure shutdowns are not happening due to regular system failures, but because someone or some organization is deliberately causing them. And this is the nightmare for which none of us are adequately prepared to handle and about which intelligence agencies have been keeping us in the dark and for which those living in nations with undeveloped nations will be best prepared.

If you found this article interesting, please consider supporting the continuation of this free content by becoming a patron here. Sign up for our free weekly newsletter here and please respect our republishing rights, clearly stated in the link above.

J. Kim

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top