Whether the super-worm was created in the US, Israel or China, we will never know. Nevertheless, India is still collaborating with companies from these countries without any background checks. Take for example, L-1 Identity Solutions, UIDAI’s partner for the Aadhaar project

Last week, the New York Times published an article that claimed that Stuxnet, an Internet worm, which infects the Windows operating system (OS), was a joint project of the US and Israel and its testing was done on nuclear centrifuges identical to those used by Iran at its Natanz nuke facility.

Even since Stuxnet made its appearance, it is alleged that the worm is mainly responsible for hampering Iran's nuke project. Some even claimed that the same worm was responsible for the launch failure of India's Geosynchronous Satellite Launch Vehicle (GSLV) rockets. However, the Indian Space Research Organisation (ISRO) has denied this claim.

Stuxnet was first discovered in July, but is confirmed to have existed at least one year prior and likely even before. The majority of infections were found in Iran. According to security company Symantec, Stuxnet represents the first of many milestones in malicious code history-it is the first to exploit four zero-day vulnerabilities, compromise two digital certificates, and inject code into industrial control systems and hide the code from the operator. The worm hit primarily inside Iran, Symantec reported, but in time also appeared in India, Indonesia and other countries.

"Stuxnet is of such great complexity-requiring significant resources to develop-that few attackers will be capable of producing a similar threat, to such an extent that we would not expect masses of threats of similar in sophistication to suddenly appear. However, Stuxnet has highlighted (that) direct-attack attempts on critical infrastructure are possible and not just (in) theory or movie plotlines," Symantec said in its latest report titled "W32.Stuxnet Dossier".

Last year in November, Mahmoud Ahmadinejad, president, Iran broke the country's silence about the worm's impact on its enrichment program, saying that a cyber attack had caused "minor problems with some of its centrifuges and fortunately their experts discovered it."

The most detailed portrait on the damage caused by Stuxnet came from the Institute for Science and International Security, a private group in Washington. In December, the group issued a lengthy report on Stuxnet, which said that Iran's P-1 machines at Natanz suffered a series of failures in 2009 that culminated in technicians taking 984 machines out of action.

The history of the P-1 machine is quite interesting and appears to be lifted directly from a James Bond movie. Early in 1970, the Netherlands designed a tall and thin machine for enriching uranium. A Pakistani metallurgist, Abdul Qadeer Khan, was working for the Dutch at that time. Later he stole the machine design and in 1976 fled to his homeland. There he built the machine, known as P-1 for Pakistan's first-generation centrifuge, which helped that country to make the bomb. Dr Khan, believed to have established an atomic black market, illegally sold the machine to Iran, Libya and North Korea.

Although Dr AQ Khan, often labelled as "Father of Pakistan's atomic program" is not a spy, there are others who after their first innings as superspy are turning entrepreneurs and selling machines and services to other countries. For example, our own Unique Identification Authority of India (UIDAI)-the 'de facto' agency assigned to tag all residents, has partnered with a company that is full is such 'retired' secret agents.

L-1 Identity Solutions, chosen by UIDAI to implement the core biometric identification system for the Aadhaar programme, has names associated with the Central Intelligence Agency (CIA) and other American defence organisations in its top management or as directors.

In 2004, George Tenet, ex-director of CIA, joined L-1 Identity Solutions as director on the board. L-1's chief executive Bob LaPenta, in 2006, had said, "You know, we're interested in the CIA, and we have George Tenet." Mr Tenet is also accused of being one of those who deliberately furnished false evidence to US diplomats in order to garner support for the US 'intervention' in Iraq, post 2001.

Over the years, particularly after taking some top-notch 'retired' intelligence and defence officials on board, L-1 Solutions has made rapid progress. According to an IT expert, L-1 and NADRA, the Pakistan unique identity agency, appears to have been created on the same business model.

"Staffed strongly by persons with intelligence (quasi-military) links, the major goals of both agencies are to do business with their respective governments, and they succeed to the extent that they have virtually no competition. And this is the company UIDAI has welcomed into India," said the expert.

You may ask, what does L-1 or UID have to do with Stuxnet? Read again, L-1 Identity Solutions has been chosen by UIDAI to implement the core biometric identification system for the Aadhaar programme. What if someone wants to implant the backdoor in the machines used for storing UID data? This kind of backdoor engineering would prove to be disaster in the waiting.

This ambitious and expensive project uses biometric information like fingerprints, IRIS scans and face photos to create a UID number. The authority has already started roping in fat-profit organisations as its partners, which will very likely result in the database being used for targeted marketing. (Read: Fat profit institutions continue to board UID bandwagon )

Last year, India's Department of Telecom (DoT) asked all telecom operators to get clearance from the government before importing telecom equipment due to security reasons. Later, the government allowed private telecom companies to import equipment from Chinese vendors only after meeting certain criteria with regard to national security.

The major concern for the Indian government was that telecom equipment from certain countries, including China, could contain spyware that would give intelligence agencies access to our country's telecoms networks. This type of spyware installed into a chip of equipment is called remote access Trojan or backdoor software.

The appearance of Stuxnet and the reported sabotage it has carried out in Iran is one of the best examples of spyware being used to usher in the new age war. Whether Stuxnet was created by the US or Israel or by China, we will never know for sure. However, what is important is we are blindly welcoming everyone into our homes and sharing all personal information without a simple background check.

Normally this should have rung an alarm bell. But it seems there has been no reaction, let alone any action from UIDAI or the government. So, what is the control over these databases and what is there to prevent any unauthorised use of this data?

A few days ago, Moneylife asked a couple of questions through email to internationally renowned security technologist and author Bruce Schneier whether there is any way or method to detect a backdoor in telecom equipment and whether the Indian authorities would be able to address privacy and security concerns related with the UID project. Mr Schneier's answer was in the negative. On detecting the backdoor, Mr Schneier, who is also the chief security technology officer of BT said, "Study the source code and chip layouts and hope for the best. So no, there is no guaranteed way to detect it."

No doubt, the UIDAI and its key officials including Nandan Nilekani are experts in IT, but we do not know if they posses any capabilities to check spyware installed in machines or reverse engineering. This leaves an open question, what if something like Stuxnet hits the UIDAI's ambitious project?

According to Symantec, the real-world implications of Stuxnet are beyond any threat it has seen in the past. "Despite the exciting challenge in reverse engineering Stuxnet and understanding its purpose, Stuxnet is the type of threat we hope to never see again," it concludes.