House Republicans might want to pause a moment in their rush to link the Obama White House to the original leak about computer viruses that the United States and Israel reportedly developed years ago to sabotage Iran’s nuclear program.
It appears that the initial leak about the viruses — known under the names Stuxnet and Flame — came in early January 2009 while President George W. Bush was still in the White House and that some sources were active and former officials of that administration.
At a House Judiciary subcommittee hearing July 11, Rep. Dan Lungren (R-Calif.) asked whether “the Espionage Act would not properly come into play with the alleged revelation of our [U.S.] participation, if true, in the Stuxnet virus or the Flame virus?”
He was talking about a story written by New York Times reporter David Sanger, which was published June 1.
It began, “From his first months in office, President Obama secretly ordered increasingly sophisticated attacks on the computer systems that run Iran’s main nuclear enrichment facilities, significantly expanding America’s first sustained use of cyberweapons, according to participants in the program.”
Sanger quickly added that Obama was accelerating a program “begun in the Bush administration and code-named Olympic Games.”
How did Sanger know that?
On Jan. 10, 2009, Sanger had written another Times story that first disclosed a “covert American program, started in early 2008,” that included new efforts “to undermine electrical systems, computer systems and other networks on which Iran relies . . . aimed at delaying the day that Iran can produce the weapons-grade fuel and designs it needs to produce a workable nuclear weapon.”
He also wrote that “some of the efforts focused on ways to destabilize the centrifuges.” He said that “several details of the covert effort have been omitted” at the request of senior U.S. intelligence and Bush administration officials. He attributed the article to “current and former American officials, outside experts, international nuclear inspectors and European and Israeli officials,” but added that Obama “transition aides have refused to comment on the issue.”
Of course, Sanger’s 2009 article was not the last published word about Stuxnet and Flame before his June 2012 piece. There are numerous examples:
●In mid-June 2010, a Belarus-based security firm first reported a computer virus targeting industrial control systems in manufacturing and utility firms. That announcement caused computer security researchers around the world to begin what Wired magazine would later describe as “months [of work] deconstructing what would come to be known as the most complex malware ever written — a piece of software that would ultimately make history as the world’s first real cyberweapon.”
●By July 2010, Symantec, a U.S.-based computer security, storage and systems management company with employees in 50 countries, determined that Iran was the main target of the new virus, which had infected nearly 60 percent of that country’s personal computers.
●In August 2010, Symantec and Kaspersky Lab, a Moscow-based computer security company operating in 200 countries, had the virus dubbed Stuxnet.
●By February 2011, Symantec produced a detailed analysis of Stuxnet based on its research without reference to any U.S. or foreign government sources.■
●In July 2011, Wired reported that Stuxnet had sabotaged centrifuges at the Iranian nuclear facility at Natanz that was first noticed by International Atomic Energy Agency inspectors the previous January. Wired’s article also noted suspicions “growing that Israel and the U.S. were behind Stuxnet and had used the malware as a devious alternative to bombing Iran’s nuclear plant.”
●In October 2011, Symantec reported that a Hungary-based laboratory had discovered a precursor to Stuxnet, a virus, eventually dubbed Flame, that selectively collected data and appeared to have been “written by the same authors (or those that have access to the Stuxnet source code).”
●On May 28, days before Sanger’s June 1 story, the Kaspersky Lab announced its discovery of the Flame program and disclosed details of its espionage capabilities. It also reported that Flame attacks were primarily on Iranian computers.
Two days later, Iran’s national computer emergency team, known as Maher, admitted that it had discovered the targeted attacks of Stuxnet and Flame and their “close relation.” That same day, the Israeli newspaper Haaretz reported that Vice Prime Minister Moshe Ya’alon said the use of sophisticated computer viruses was justified as a means to disrupt Iran’s nuclear program. “This statement was interpreted by many people in both Iran and other countries as an admission that Israel was behind Flame,” the newspaper said.
None of this history was presented last week at the House subcommittee hearing. Instead, Lungren said it was his “observation” that “either the New York Times is lying [in the 2012 story] or they had access to information of a particular detail that could only have come from someone who participated in the [White House] Situation Room.”
A former attorney general of California, Lungren asked: “Would it be unreasonable for us to subpoena individuals who would apparently be involved in the discussions that were revealed in these articles?” Rep. Trey Gowdy (R-S.C.), himself a former federal prosecutor, picked up the theme and suggested a subpoena first for the reporter.
What about calling Bush administration officials and the worldwide security experts who provided more-detailed information about Stuxnet and Flame and before Sanger?
The House Armed Services Committee takes up the leak issue Thursday with Defense Secretary Leon E. Panetta and Gen. Martin Dempsey, chairman of the Joint Chiefs of Staff, as witnesses.
Let’s see who gets blamed for the Stuxnet and Flame “leaks.”
For previous Fine Print columns, go to washingtonpost.com/fedpage.