Hillary Clinton and Donald Trump have wildly different views on how the United States should address cyberwarfare, but during Monday night’s Presidential debate, the Democratic candidate’s message was clear: the U.S. can, and will, fuck up any of its rivals on the digital battlefield.
Clinton slipped not one, but two subtle references to Stuxnet — a devastating cyberattack on the Iranian nuclear program that set the country’s controversial nuclear program back years — into her remarks at the debate. Stuxnet was first developed during the Bush administration, but the attack probably started in the late 2000s or early 2010s, while Clinton was Secretary of State. But here’s the kicker — the U.S. government (Clinton included), has never formally acknowledged that Stuxnet ever took place, even though both The Washington Post and The New York Times have it on good authority that it was a coordinated American and Israeli attack. Essentially, everyone involved knows what’s up, even if they can’t admit it, and two of Clinton’s answers were direct jabs at the ruined Iranian nuclear program.
Her first answer, on the broader topic of cybersecurity, directly hinted at the U.S. government’s cyberwarfare capabilities — both name-dropping Iran, and directly letting the Russian Federation know that continuing to fuck with American computer networks was not going to fly, no matter what Trump says.
“We need to make it very clear whether it’s Russia, China, or Iran, or anybody else, that the United States has great capacity and we are not going to sit idly by and let state actors go after our information,” Clinton said, (emphasis ours).
Moderator Lester Holt’s initial question on cybersecurity didn’t mention Iran, and Trump, who spoke first, gave a completely nonsensical response that only mentioned Russia and China. Clinton put a nod in to the Islamic Republic mostly because of the country’s direct attacks on Wall Street in 2015, but her comments on America’s “great capacity” for cyberwarfare pretty much mean, well, Stuxnet.
But it was Clinton’s second answer that really put salt in the wound. This time, she wasn’t even directly talking about cybersecurity — but her response still had Stuxnet all over it. After a particularly long, almost crazed, diatribe by Trump (which prompted the above GIF), Holt prompted Clinton to respond. She started with Iran.
“With respect to Iran, when I became secretary of state, Iran was weeks away from having enough nuclear material to form a bomb. They had mastered the nuclear fuel cycle under the Bush administration. They had built covert facilities. They had stocked them with centrifuges that were whirling away.”
At first glance, it’s an innocuous descriptor of Iran’s nuclear program, which Clinton later said the U.S. was able to tame through diplomatic and economic sanctions. But that last line — “stocked them with centrifuges that were whirling away,” is pure shade. Because Stuxnet’s primary target was the centrifuge system in the Iranian nuclear facilities.
It wasn’t as simple as flipping a switch, or even dropping a bomb, though: Stuxnet was a coordinated, planned, and extremely technically advanced digital attack. According to Sergey Ulasen, the man who initially discovered Stuxnet lurking inside a massive international network of infected computers, the virus’s code was a “zero day” exploit, meaning it took advantage of an inherent flaw in a system’s programming that had never been utilized before. Through an exhaustive series of interviews and research, documentary filmmaker Alex Gibney picked apart the multi-layered attack in his film Zero Day, and found a virus so complex, researchers were convinced that it was a masterpiece of computer engineering so powerful an entire nation had to be behind it. And in the end, it all came down to the centrifuges.
In order to make nuclear weapons, you have to enrich uranium, which means getting the uranium-235 isotope out of the normal element. To do that, you need centrifuges, which spin the radioactive material around to isolate the weapons-grade bits. As Clinton said, when she took office as Secretary of State, Iran’s centrifuges were “whirling away.” After Stuxnet, they weren’t.
The computer virus slowly leaked into the system through computers from companies that worked with the Iranian nuclear program. Eventually, it made its way into the heart of the system controlling the centrifuges, where it lurked for 13 days, waiting for the right moment to strike. When the machines were full of enriched uranium — blam. The virus triggered the centrifuges motors to spin out of control so violently that the massive, cutting-edge machines literally tore themselves apart. No more whirling, and Clinton knows it. Iran has other centrifuges that can isolate uranium-235, but the Stuxnet attacks were a definite part of the pressure that eventually brought the country to the negotiating table in 2015, where it worked out a new deal with the world’s major nuclear powers to limit its program.
Clinton wasn’t secretary of State in 2015, but she definitely had a hand in setting up that deal. And when it comes to cybersecurity, she knows that the U.S. is not someone to fuck with (although it certainly happens), especially not now that NATO considers the internet “operational territory.” Sure, she personally really sucks at digital security, but the U.S. has plenty of weapons in its arsenal. Stuxnet was just the beginning, and Clinton knows it.
If you want to see it all play out in real time, you can re-watch the full debate below, or read a transcript here.