CIA Front Sought Possible Stuxnet Development Help

Interesting reading from recent Anonymous/HBGary Federal email dumps:

January 2009 question from a very senior leader from a known CIA front company directed to HBGary CEO:

Suppose someone wanted some expert, never-before-seen malware written as part of legitimate testing of a priority target, would you be someone to talk to?

Response from HBGary CEO:

Well, HBGary can write that kind of stuff – but I will be up front in saying that me personally would not be the one coding on it, although I might weigh in on a design. I’ve got my hands full w/ our product dev team so this kind of work usually goes to [redacted HBGary employee name]. But, [redacted HBGary employee name] is pretty darned good, cleared w/ your organizations sponsor, and has done several projects in this area already.

The phrase “your organizations sponsor” is undoubtedly the CIA since it was someone in In-Q-Tel who sent the email. So I would say that the CIA was either desperately working its network of contacts for anyone who could help them cobble together Stuxnet in time, or agency resources were so preoccupied with Stuxnet that other projects were starving for attention and that forced them to reach out broadly to unusual sources for help.

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement

Share

3 Responses to “CIA Front Sought Possible Stuxnet Development Help”

  1. curtw said:

    Feb 16, 11 at 11:49 pm

    Unless I’m missing something, this is a leap of inference that “ome expert, never-before-seen malware” = stuxnet. Doesn’t mean that it’s *not* the case, but I don’t see anything here other than assumptions.

  2. David Sharpe said:

    Feb 16, 11 at 11:54 pm

    Correct. We will never see written confirmation from the CIA.

  3. anonymouser said:

    Mar 05, 11 at 12:06 am

    http://hbgary.anonleaks.ch/greg_hbgary_com/8152.html


Leave a Reply