Stuxnet Expert Calls US the "Good Guys" in Cyber-Warfare
The German researcher has become one of the most-cited sources on Stuxnet, the US-and-Israeli computer worm that targeted Iran's nuclear program. Langner's 2011 TED talk has been seen over half a million times, and he spoke at last year's CyCon here in Estonia.
He's less worried about "Flame," a new piece of espionage malware that analysts here say has yet to be fully understood. At the moment, it also appears to specifically target Iran.
"Flame is nothing really new. It doesn't bring any new qualities," he told Ars on Wednesday. "Cyber-espionage has been conducted for years. Duqu, the German [state trojan] does similar things-it can turn on the microphone for voice messages. It's not new. Espionage attacks are occurring worldwide on a daily basis and for purposes of state espionage. In my opinion, Flame might be a little bit overhyped."
Langner reiterated his ongoing concern that governments and industry are not doing enough to protect themselves against cyber-threats like Stuxnet that could be used to damage real-world infrastructure. And he sees a danger that, the longer Stuxnet's code remains in the wild, the more likely someone will adapt it for more malicious purposes.
"Simply because somebody hasn't done it, that doesn't mean it can't be done," he said. "What we try to do is to try to prevent it from being exploited in the first place."
He lamented the fact that European and American governments, utility companies, and infrastructure operators continue to engage in "complete negligence" in hardening their infrastructure against such attacks. Stuxnet copycat attacks, or an expansion of similar tactics by rogue agents, remain a real threat.
"It does not require the resources of a nation-state to develop cyber weapons," he wrote in an opinion piece for 'The New York Times' on Monday. "I could achieve that by myself with just a handful of freelance experts. Any US power plant, including nuclear, is much easier to cyberattack than the heavily guarded facilities in Iran. An attacker who is not interested in engaging in a long-term campaign with sophisticated disguise (which rogue player would be?) needs to invest only a tiny fraction of effort compared to Stuxnet."
Last year, Langner suggested that the United States might try to expand on its covert cyber-operations as a way to up the ante.
"So either we're going to see an updated version 2.0 soon that goes straight for a simultaneous catastrophic destruction of as many centrifuges as possible (which had been, and maybe still is, technically possible) or the problem has to be delegated to the Air Force," he wrote last year.
Still, Langner seems generally in favor of the willingness of the United States to engage in such tactics; he said that the US government admission of complicity in Stuxnet (leaks which the FBI is now investigating) will surely shore up domestic political support for the president.
"During the first weeks of our analysis, I had a hard time finding sleep, as long as we assumed that [Stuxnet] could have been the Russians," Langner said Wednesday. "That would have been a very uncomfortable thought, because the capabilities that you see are so advanced. I think when I reached the conclusions that this must have been launched by the United States that added to my comfort - you're the good guys."