Did the US write Stuxnet? Deputy Defense Secretary won’t deny it

Last night, US TV station CNBC broadcast a documentary entitled “CodeWars: America’s Cyber Threat”, looking at the threat of cyberwarfare, hacker attacks on critical infrastructure and the risk of technology made in China containing spyware.

Deputy Defense Secretary William Lynn was amongst those interviewed, who confirmed that US government networks receive thousands of attempted hacker attacks every day, and confirms that on occasion weapons systems plans and critical information has been lost in the assaults.

CNBC Code Wars - The military hacked?

The US government isn’t alone in being targeted by attackers of course, we have heard a similar message from British politicians this year, for instance.

Sign up to our free newsletter.
Security news, advice, and tips.

But, as Wired magazine points out, Lynn was also asked directly whether the US was involved in the development of the infamous Stuxnet worm.

Avoiding the question, Lynn replies:

“The challenges of Stuxnet, as I said, what it shows you is the difficulty of any, any attribution and it’s something that we’re still looking at, it’s hard to get into any kind of comment on that until we’ve finished our examination.”

Reporter Melissa Lee is tenacious, however, and tries asking again:

“But sir, I’m not asking you if you think another country was involved. I’m asking you if the US was involved. If the Department of Defense was involved.”

Lynn’s response?

“And this is not something that we’re going to be able to answer at this point.”

Unfortunately I haven’t been able to find a video clip online of this exchange.

William LynnOf course, a refusal to confirm or deny the US’s involvement in the Stuxnet worm isn’t an admission. After all, it’s possible that Lynn simply doesn’t know if the USA was involved – and doesn’t want to be caught on film denying something which later turns out to be true.

Or it’s possible that he’s not authorised to deny the US’s involvement for reasons best known to the higher echelons of US politics.

Or maybe even the USA, were involved in Stuxnet but Lynn realises what a monumental sh*t-storm that would create on the international stage so he thought better than to confirm it on a CNBC documentary.

Whatever the truth, it’s always fun to see a politician squirm when put on the spot regarding their own country’s murky activities on the internet.

Long term readers will remember that a couple of years ago I reported on how BBC’s Eddie Mair mischievously tied the then UK Security Minister into knots over the tricky question of whether UK ever attacks other countries in cyberspace:

You’ll notice that Lord West makes the same point as the US Deputy Defense Secretary, that a key problem is attribution when it comes to internet attacks – proving that someone (or some nation) is behind a cyber attack is very very difficult.

By the way, if you’re wondering why there’s a picture of ABBA’s Anni-Frid Lyngstad alongside Lord West in that video you’ll have to read my original article.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.