Stuxnet: An actual Cyber attack weapon

[Jasper]

Am I the only one that is reminded of The Masque of the Red Death?

Hey, I read that in High School english, Dok.  Now that you mention it...

[Adios]

It seems stupid to me that nuclear computer systems aren't entirely closed. Nothing gets stuck in, nothing gets taken out. Gotta upgrade the system? Buy new computers. Or new hard drives, at least.

They are, this is all mental masturbation.

[Jasper]

I believe the nuclear launch systems require human intervention to activate, so the virus would have to trick the humans into thinking they were supposed to.

[Adios]

I believe the nuclear launch systems require human intervention to activate, so the virus would have to trick the humans into thinking they were supposed to.

Heh. I have been inside Cheyenne Mountain. There are very unfriendly people with locked and loaded automatic weapons. If some moron put a thumb drive in one of the systems, I would be for getting the fuck out of the way.

[Jasper]

Are you sure these places don't have internet?  I thought the whole reason they invented the internet was to defend the nuclear launch capability.

[Adios]

Are you sure these places don't have internet?  I thought the whole reason they invented the internet was to defend the nuclear launch capability.

Heh. Are you going to try to hack a Cray Supercomputer with a multimillion dollar firewall system?

See you in Gitmo.

[Requia ☣]

Having internet at the site and having the critical systems on the internet are not the same thing.

[Jasper]

Not me, no.  That's not even the point.  

The point is that you're just not protected against viruses if you nor your software know about them.  Antivirus software can't tell if an unrecognized file is a virus or not.  It only knows whether it's on the "virus" list.  There's no computer that can do that, as far as I'm informed.

ETA:  I just realized this wasn't my original point, because I am a stupid person.  See below.

[Jasper]

Having internet at the site and having the critical systems on the internet are not the same thing.

Yeah, exactly, and I really doubt they'd put controls for anything important online.  The whole point of a fortress is so that people have to physically be there to fuck things up.  Surely they're at least that clever.

[Adios]

Having internet at the site and having the critical systems on the internet are not the same thing.

Yeah, exactly, and I really doubt they'd put controls for anything important online.  The whole point of a fortress is so that people have to physically be there to fuck things up.  Surely they're at least that clever.

They are. The movie War Games was a joke.

[Cain]

First of all, everything I am about to say below is assuming Iran has nuclear weapons or is working towards them:

Iran would have likely bought information on weapon and control design from Pakistan's ISI (surprise!), under the auspices of AQ Khan Labs.  North Korea, who also bought information on nuclear weapon, missile and control system design from the ISI, we know from ISI defectors and interrogation of those arrested for aiding AQ Khan Labs, did not include the basic safety requirements that nuclear warhead armed missiles need.  In short, if one of their nukes landed and didn't go off, a possibility given the poor showing of North Korean missiles so far, chances are whoever got to it first could remove the nuclear warhead without any obstacles and do whatever they like with it, detonate themselves, turn it into a dirty bomb, sell it on the international black market or whatever.

Furthermore, because of the political situation in North Korea, it is highly unlikely that those missiles could be launched by anyone but Kim Jong-Il.  He doesn't entirely trust the military, and with good reason, plus the chances that they would misinterpret his games of international brinkmanship are too high (an accurate assessment, since practically everyone else who isn't a North Korea specialist has made the same errors in judgement) .  Also, the technology they have to hand is not as sophisticated as probably even 1950s American tech in some areas, which leaves open the possibility of it being tricked, hacked or gamed somehow to allow others access to launch the weapon.  Far safer, in the long term, to leave it in his hands, from his (and funnily enough, the rest of the world's, though they'd never admit it) point of view.

Iran has similar problems to North Korea.  The Iranian Revolutionary Guard are akin to the KGB or ISI, a powerful state within a state with their own agenda.  But at the same time they have the ear of powerful clerics within the Iranian government.  There are also factions loyal to certain Parliament members, the President and the Ayatollah.

Ultimately, it would seem that, given the supreme power of the Grand Ayatollah in foreign and military affairs, he would have the final say over a nuclear weapon's use.  But because the Iranian government is more developed, with power more distributed between certain factions, other groups will want a say.  Certainly the Guardian Council and Assembly of Experts would want a say, especially as some of them seem to think the detonation of a nuclear weapon may be prohibited except for certain circumstances in Islamic law.  The Supreme National Security Council and military, especially the Revolutionary Guard, would also likely have a say.

The problem comes in that likely the system sold to Iran was the same as the one sold to North Korea - it has several notable flaws in it's security.  Iran may have patched those up, but again, there is no such thing as a foolproof system, and while I'm sure Iran is batting well ahead of North Korea on technological issues, no system is too well-designed to be compromised.  A powerful faction with numerous sympathizers in other branches of government and a history of pursuing it's own agenda may have a way of being able to access launch codes without having to notify any other branches of government.  And if they can use that exploit, so can outside parties.

As it is, what is probably going on is someone is trying to make the Bushehr nuclear power facility shut down.  The facility is capable of creating weapons grade uranium and without it, no nuclear material can be produced (though it can still be bought on the international market, both legitimate and otherwise).  Interestingly, Bushehr was meant to open last month, and the timing of the Stuxnet worm suggests it was designed precisely to target the facility before it could become fully operational.

[LMNO]

Cain wins thread.

[Jasper]

I am in awe. 

[Adios]

Any information that public gives me hives.

[Triple Zero]

I kinda wonder though, I;ve been looking around and haven't really found any reputable security blog detailing the tech on this worm (while for lesser worms there are always some). I saw an article or two on zerohedge but they were just copying the news. Anybody got some better links?