House GOP shouldn’t rush to judgment on cyberweapon ‘leaks’

House Republicans might want to pause a moment in their rush to link the Obama White House to the original leak about computer viruses that the United States and Israel reportedly developed years ago to sabotage Iran’s nuclear program.

It appears that the initial leak about the viruses — known under the names Stuxnet and Flame — came in early January 2009 while President George W. Bush was still in the White House and that some sources were active and former officials of that administration.

At a House Judiciary subcommittee hearing July 11, Rep. Dan Lungren (R-Calif.) asked whether “the Espionage Act would not properly come into play with the alleged revelation of our [U.S.] participation, if true, in the Stuxnet virus or the Flame virus?”

He was talking about a story written by New York Times reporter David Sanger, which was published June 1.

It began, “From his first months in office, President Obama secretly ordered increasingly sophisticated attacks on the computer systems that run Iran’s main nuclear enrichment facilities, significantly expanding America’s first sustained use of cyberweapons, according to participants in the program.”

Sanger quickly added that Obama was accelerating a program “begun in the Bush administration and code-named Olympic Games.”

How did Sanger know that?

On Jan. 10, 2009, Sanger had written another Times story that first disclosed a “covert American program, started in early 2008,” that included new efforts “to undermine electrical systems, computer systems and other networks on which Iran relies . . . aimed at delaying the day that Iran can produce the weapons-grade fuel and designs it needs to produce a workable nuclear weapon.”

He also wrote that “some of the efforts focused on ways to destabilize the centrifuges.” He said that “several details of the covert effort have been omitted” at the request of senior U.S. intelligence and Bush administration officials. He attributed the article to “current and former American officials, outside experts, international nuclear inspectors and European and Israeli officials,” but added that Obama “transition aides have refused to comment on the issue.”

Of course, Sanger’s 2009 article was not the last published word about Stuxnet and Flame before his June 2012 piece. There are numerous examples:

●In mid-June 2010, a Belarus-based security firm first reported a computer virus targeting industrial control systems in manufacturing and utility firms. That announce­ment caused computer security researchers around the world to begin what Wired magazine would later describe as “months [of work] deconstructing what would come to be known as the most complex malware ever written — a piece of software that would ultimately make history as the world’s first real cyberweapon.”

●By July 2010, Symantec, a U.S.-based computer security, storage and systems management company with employees in 50 countries, determined that Iran was the main target of the new virus, which had infected nearly 60 percent of that country’s personal computers.