Today is Purim, a Jewish holiday which celebrates the victory of Jewish people over the Persian King’s Vizier  Haman  who received royal permission to kill the Jews. It is one of those “They Tried to Kill US, We Won, Lets Eat,” type of Jewish holidays.

Dry Bones 10/4/10

Stuxnet is the virus which has infected the computers the Iranian nuclear centrifuges causing them to be damaged. The job of the centrifuge is to purify Uranium so it could be used for reactors and/or weapons. Stuxnet “takes control” of the centrifuge and spins them of control so they burn out. Until recently Iran had repeatedly denied that the complex computer worm had affected its nuclear program. In November, the UN said Iran had temporarily halted most of its uranium enrichment. It is clear that this cyber-attack has slowed down Iran’s march toward a nuclear weapon. Both the United States and Israel have pushed back their time-lines saying that Iran is now a few years away from achieving nuclear weapons.

While no country has taken credit for Stuxnet, there is evidence that Israel is probably behind the computer worm…evidence of biblical proportions. Computer Scientists who are analyzing the Stuxnet virus file name that seemingly refers to the Biblical Queen Esther.

The first directory inside the virus is named “Myrtus.” The person/people who developed the virus could simply be amateur horticulturists and the use of Myrtus could simply refer to the myrtle plant, which is indigenous to — and prevalent in — various Mediterranean, Middle Eastern and North African areas. On the other hand the Hebrew word for myrtle is the root of Hadassah which is Queen Esther’s Hebrew name. Given Iranian President Mahmoud Ahmadinejad constant threats against Israel, that use of Myrtus could obviously indicate a Jewish or Israeli involvement.

Since Iran is the modern day Persia (where the Purim Heroes Queen Esther and her uncle Mordecai lived), and the computer virus is meant to stop the destruction of millions of Jews in Israel, could this be a message from Israel, something used just to confuse, or maybe something put in the virus just to make the paranoid Iranians even more nervous.

Don’t look for Israel to confirm the story; they don’t comment on any defense action even the ones that they have nothing to do with.

There are many competing explanations for Myrtus, which could simply signify myrtle, a plant important to many cultures in the region. But some security experts see the reference as a signature allusion to Esther, a clear warning in a mounting technological and psychological battle as Israel and its allies try to breach Tehran’s most heavily guarded project. Others doubt the Israelis were involved and say the word could have been inserted as deliberate misinformation, to implicate Israel.

According to a New York Times report one former intelligence official who still works on Iran issues said. “The Iranians are already paranoid about the fact that some of their scientists have defected and several of their secret nuclear sites have been revealed. Whatever the origin and purpose of Stuxnet, it ramps up the psychological pressure.”

During a conference on the Stuxnet virus Israeli cyber intelligence expert Nimrod Kozlovski, head of Altal Information Security suggested that the Myrtus reference was an accident. 

“The development and execution of Stuxnet is a stroke of genius no matter what country is behind it or what real damage was done to Iran,” said Kozlovski. “It is a landmark activity that opens the battlefield for global cyber warfare. But the word Myrtus appears by chance, not as a signature. Why would any designer, especially an Israeli, leave a signature with such a trace to Jewish history in ancient Persia? It is farfetched.”

Accident? Maybe not. The reference to Queen Esther is not the only Jewish connection to Stuxnet. According to a paper on Stuxnet by Symantec :

“Export 16 [main installer] first checks that the configuration data is valid, after that it checks the value ‘NTVDM TRACE’ in the following registry key. If this value is equal to 19790509 the threat will exit,” the paper continues. “This is thought to be an infection marker or a ‘do not in­fect’ marker. If this is set correctly infection will not occur. The value appears to be a date of May 9, 1979.”

That date happens to be a significant date in Iranian Jewish history, on May 9, 1979 Habib Elghanian was executed by a firing squad in Tehran sending shock waves through the closely knit Iranian Jewish community. He was the first Jew and one of the first civilians to be executed by the new Islamic government.”

There is no way to determine where the virus came from, US, Israel or some crazy hacker living in his mother’s basement. There are even reports that the virus may have come from Russia or China

There are many reasons to suspect Israel’s involvement in Stuxnet. Intelligence is the single largest section of its military and the unit devoted to signal, electronic and computer network intelligence, known as Unit 8200, is the largest group within intelligence.

Yossi Melman, who covers intelligence for the newspaper Haaretz and is at work on a book about Israeli intelligence over the past decade, said in a telephone interview with the NY Times that he suspected that Israel was involved.

He noted that Meir Dagan, head of Mossad, had his term extended last year partly because he was said to be involved in important projects. He added that in the past year Israeli estimates of when Iran will have a nuclear weapon had been extended to 2014.

“They seem to know something, that they have more time than originally thought,” he said.

Wherever it came from, the use of the word Myrtus should remind us that any virus that slowing down Iran’s quest for nuclear weapons, no matter where they come from, is doing the work of God.