New theory: Stuxnet was actually created by … China?

Darned compelling, and darned depressing. Not only because it snatches away our vicarious pride in U.S./Israeli ingenuity, but it feeds into western jitters about Chinese omnicompetence. Why, I’ll bet it was those Shanghai teens who cooked this thing up. During recess.

The circumstantial evidence is impressive. Just one question: Why would China do it?

China has an intimate knowledge of Iran’s centrifuges since, according to one source quoted above, they’re of Chinese design.

China has better access than any other country to manufacturing plans for the Vacon frequency converter drive made by Vacon’s Suzhou facility and specifically targeted by the Stuxnet worm (along with an Iranian company’s drive). Furthermore, in March 2010, China’s Customs ministry started an audit at Vacon’s Suzhou facility and took two employees into custody thereby providing further access to Vacon’s manufacturing specifications under cover of an active investigation.

China has better access than any other country to RealTek’s digital certificates through it’s Realsil office in Suzhou and, secondarily, to JMicron’s office in Taiwan.

China has direct access to Windows source code, which would explain how a malware team could create 4 key zero day vulnerabilities for Windows when most hackers find it challenging to develop even one.

That’s four pieces of evidence. Read the whole story and you’ll see that there’s more; plus, and needless to say, when it comes to cyberwar hijinks in the past few years, the Chinese are usually a safe bet as the culprits. As for the motive, the author speculates that this was China’s way of hedging its bets, supporting Iran publicly in the west’s drive for sanctions while secretly decapitating its potentially worrisome nuclear ambitions. That would also explain why the worm inexplicably became detectable by cybersecurity experts even though it was designed to be invisible. China, the theory goes, wanted the worm to be discovered because it knew the U.S. and Israel would be blamed. Why not stir up a little extra antagonism in the Muslim world towards the west by letting people draw the obvious, yet wrong, conclusion?

So why doubt that it was China? Well, remember, it supposedly took up to 10,000 days of labor for the Stuxnet team to put this together. The U.S. and (especially) Israel have a motive to invest that kind of time to stop Iran, but the Chinese really don’t. On the contrary, as unpredictable as a nuclear Iran would be, it’s a safe bet that its antagonism would be directed towards the west, which could be a useful distraction to the Chinese down the road when they need American attention drawn elsewhere. Plus, if the Chinese really are so far advanced in cyberwarfare that they’re capable of building a superworm that the U.S. and Israelis aren’t — one which allegedly has set Iran back at least two years — why on earth would they show their cards by attacking an ostensible ally? Iran’s small potatoes for a superweapon like that. Better to keep their trade secrets secret for use later against, oh, I don’t know, say … American infrastructure?

The only credible scenario I can come up with for why China might have done it (or at least participated in a secret international program) is if they truly feared that either the U.S. or Israel was about to attack Iran, which would mean all hell breaking loose in the Middle East and god knows what happening to oil supplies. Could western governments have used that threat to pressure them into providing the sort of information described above in the excerpt? Or, as I’ve long suspected, was this indeed the handiwork of cyborg time travelers sent from the future to save us from Iranian nuclear armageddon? All theories welcome.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: