Posted in anerisms, cause it seems to me more of political interest than technological:
http://news.yahoo.com/s/csm/20100921/ts_csm/327178/print
some quotes bits, plus emphasis mine:
Quote(intro blablabla skipped)
The appearance of Stuxnet created a ripple of amazement among computer security experts. Too large, too encrypted, too complex to be immediately understood, it employed amazing new tricks, like taking control of a computer system without the user taking any action or clicking any button other than inserting an infected memory stick. Experts say it took a massive expenditure of time, money, and software engineering talent to identify and exploit such vulnerabilities in industrial control software systems.
(skip)
A gradual dawning of Stuxnet's purpose
It is a realization that has emerged only gradually.
Stuxnet surfaced in June and, by July, was identified as a hypersophisticated piece of malware probably created by a team working for a nation state, say cyber security experts. Its name is derived from some of the filenames in the malware. It is the first malware known to target and infiltrate industrial supervisory control and data acquisition (SCADA) software used to run chemical plants and factories as well as electric power plants and transmission systems worldwide. That much the experts discovered right away.
But what was the motive of the people who created it? Was Stuxnet intended to steal industrial secrets – pressure, temperature, valve, or other settings –and communicate that proprietary data over the Internet to cyber thieves?
By August, researchers had found something more disturbing: Stuxnet appeared to be able to take control of the automated factory control systems it had infected – and do whatever it was programmed to do with them. That was mischievous and dangerous.
But it gets worse. Since reverse engineering chunks of Stuxnet's massive code, senior US cyber security experts confirm what Mr. Langner, the German researcher, told the Monitor: Stuxnet is essentially a precision, military-grade cyber missile deployed early last year to seek out and destroy one real-world target of high importance – a target still unknown.
A guided cyber missile
On his website, Langner lays out the Stuxnet code he has dissected. He shows step by step how Stuxnet operates as a guided cyber missile. Three top US industrial control system security experts, each of whom has also independently reverse-engineered portions of Stuxnet, confirmed his findings to the Monitor.
"His technical analysis is good," says a senior US researcher who has analyzed Stuxnet, who asked for anonymity because he is not allowed to speak to the press. "We're also tearing [Stuxnet] apart and are seeing some of the same things."
Other experts who have not themselves reverse-engineered Stuxnet but are familiar with the findings of those who have concur with Langner's analysis.
"What we're seeing with Stuxnet is the first view of something new that doesn't need outside guidance by a human – but can still take control of your infrastructure," says Michael Assante, former chief of industrial control systems cyber security research at the US Department of Energy's Idaho National Laboratory. "This is the first direct example of weaponized software, highly customized and designed to find a particular target."
"I'd agree with the classification of this as a weapon," Jonathan Pollet, CEO of Red Tiger Security and an industrial control system security expert, says in an e-mail.
One researcher's findingsLangner's research, outlined on his website Monday, reveals a key step in the Stuxnet attack that other researchers agree illustrates its destructive purpose. That step, which Langner calls "fingerprinting," qualifies Stuxnet as a targeted weapon, he says.
Langner zeroes in on Stuxnet's ability to "fingerprint" the computer system it infiltrates to determine whether it is the precise machine the attack-ware is looking to destroy. If not, it leaves the industrial computer alone. It is this digital fingerprinting of the control systems that shows Stuxnet to be not spyware, but rather attackware meant to destroy, Langner says.
Stuxnet's ability to autonomously and without human assistance discriminate among industrial computer systems is telling. It means, says Langner, that it is looking for one specific place and time to attack one specific factory or power plant in the entire world.
"Stuxnet is the key for a very specific lock – in fact, there is only one lock in the world that it will open," Langner says in an interview. "The whole attack is not at all about stealing data but about manipulation of a specific industrial process at a specific moment in time. This is not generic. It is about destroying that process."
So far, Stuxnet has infected at least 45,000 industrial control systems around the world, without blowing them up – although some victims in North America have experienced some serious computer problems, Eric Byres, a Canadian expert, told the Monitor. Most of the victim computers, however, are in Iran, Pakistan, India, and Indonesia. Some systems have been hit in Germany, Canada, and the US, too. Once a system is infected, Stuxnet simply sits and waits – checking every five seconds to see if its exact parameters are met on the system. When they are, Stuxnet is programmed to activate a sequence that will cause the industrial process to self-destruct, Langner says.
Langner's analysis also shows, step by step, what happens after Stuxnet finds its target. Once Stuxnet identifies the critical function running on a programmable logic controller, or PLC, made by Siemens, the giant industrial controls company, the malware takes control. One of the last codes Stuxnet sends is an enigmatic "DEADF007." Then the fireworks begin, although the precise function being overridden is not known, Langner says. It may be that the maximum safety setting for RPMs on a turbine is overridden, or that lubrication is shut off, or some other vital function shut down. Whatever it is, Stuxnet overrides it, Langner's analysis shows.
"After the original code [on the PLC] is no longer executed, we can expect that something will blow up soon," Langner writes in his analysis. "Something big."
For those worried about a future cyber attack that takes control of critical computerized infrastructure – in a nuclear power plant, for instance – Stuxnet is a big, loud warning shot across the bow, especially for the utility industry and government overseers of the US power grid.
"The implications of Stuxnet are very large, a lot larger than some thought at first," says Mr. Assante, who until recently was security chief for the North American Electric Reliability Corp. "Stuxnet is a directed attack. It's the type of threat we've been worried about for a long time. It means we have to move more quickly with our defenses – much more quickly."
Has Stuxnet already hit its target?It might be too late for Stuxnet's target, Langner says. He suggests it has already been hit – and destroyed or heavily damaged. But Stuxnet reveals no overt clues within its code to what it is after.
A geographical distribution of computers hit by Stuxnet, which Microsoft produced in July, found Iran to be the apparent epicenter of the Stuxnet infections. That suggests that any enemy of Iran with advanced cyber war capability might be involved, Langner says. The US is acknowledged to have that ability, and Israel is also reported to have a formidable offensive cyber-war-fighting capability.
Could Stuxnet's target be Iran's Bushehr nuclear power plant, a facility much of the world condemns as a nuclear weapons threat?
Langner is quick to note that his views on Stuxnet's target is speculation based on suggestive threads he has seen in the media. Still, he suspects that the Bushehr plant may already have been wrecked by Stuxnet. Bushehr's expected startup in late August has been delayed, he notes, for unknown reasons. (One Iranian official blamed the delay on hot weather.)
But if Stuxnet is so targeted, why did it spread to all those countries? Stuxnet might have been spread by the USB memory sticks used by a Russian contractor while building the Bushehr nuclear plant, Langner offers. The same contractor has jobs in several countries where the attackware has been uncovered.
"This will all eventually come out and Stuxnet's target will be known," Langner says. "If Bushehr wasn't the target and it starts up in a few months, well, I was wrong. But somewhere out there, Stuxnet has found its target. We can be fairly certain of that."
I think it's stupid to call this thing a "missile" cause it's a piece of software, not a rocket-bomb.
But apart from that, DAMN.
ITT: Why networking critical systems such as industrial machinery control and water/power utilities is a HORRIBLE idea.
wow, that certainly is terrifying!
I did not know that this was possible.
If I understand it, this is a historical event.
The first thing that popped into my head is what do we not know about what it is looking for. What is out there that is so bad this thing had to be made?
Charley, I don't know how much we can trust the report, but:
"A geographical distribution of computers hit by Stuxnet, which Microsoft produced in July, found Iran to be the apparent epicenter of the Stuxnet infections. That suggests that any enemy of Iran with advanced cyber war capability might be involved, Langner says. The US is acknowledged to have that ability, and Israel is also reported to have a formidable offensive cyber-war-fighting capability."
I smell political motives.
wild speculation - preventing Iran from building nukes
the code it sends - "DEADF007" - is worth some examination. It's English. It contains "007", a reference to a deadly secret agent. Could totally be a red herring, but worth noting.
/WILD SPECULATION
Quote from: Sigmatic on September 22, 2010, 05:41:06 PM
Charley, I don't know how much we can trust the report, but:
"A geographical distribution of computers hit by Stuxnet, which Microsoft produced in July, found Iran to be the apparent epicenter of the Stuxnet infections. That suggests that any enemy of Iran with advanced cyber war capability might be involved, Langner says. The US is acknowledged to have that ability, and Israel is also reported to have a formidable offensive cyber-war-fighting capability."
I smell political motives.
Let's consider another possibility. What if they are wrong? What if it isn't looking for a specific lock. Allow for a moment it is embedding itself everywhere, and that it is a time bomb. Once it is adequately embedded in enough systems, it goes off.
Thinking deeper, this is more likely. Wouldn't you deliberately set up false trails to keep everyone occupied?
Quote from: Charley Brown on September 22, 2010, 05:43:52 PM
Quote from: Sigmatic on September 22, 2010, 05:41:06 PM
Charley, I don't know how much we can trust the report, but:
"A geographical distribution of computers hit by Stuxnet, which Microsoft produced in July, found Iran to be the apparent epicenter of the Stuxnet infections. That suggests that any enemy of Iran with advanced cyber war capability might be involved, Langner says. The US is acknowledged to have that ability, and Israel is also reported to have a formidable offensive cyber-war-fighting capability."
I smell political motives.
Let's consider another possibility. What if they are wrong? What if it isn't looking for a specific lock. Allow for a moment it is embedding itself everywhere, and that it is a time bomb. Once it is adequately embedded in enough systems, it goes off.
Less a cyber-missile and more a cyber nuke... interesting.
Dramatic, sure. But this was probably made by a well-funded, goal oriented group, not some malicious fools who cause havoc for fun.
I think that because whoever wrote it knows enough about industry specific software to give it commands.
Quote from: Doktor Blight on September 22, 2010, 05:50:19 PM
Quote from: Charley Brown on September 22, 2010, 05:43:52 PM
Quote from: Sigmatic on September 22, 2010, 05:41:06 PM
Charley, I don't know how much we can trust the report, but:
"A geographical distribution of computers hit by Stuxnet, which Microsoft produced in July, found Iran to be the apparent epicenter of the Stuxnet infections. That suggests that any enemy of Iran with advanced cyber war capability might be involved, Langner says. The US is acknowledged to have that ability, and Israel is also reported to have a formidable offensive cyber-war-fighting capability."
I smell political motives.
Let's consider another possibility. What if they are wrong? What if it isn't looking for a specific lock. Allow for a moment it is embedding itself everywhere, and that it is a time bomb. Once it is adequately embedded in enough systems, it goes off.
Less a cyber-missile and more a cyber nuke... interesting.
My brain is a very, very bad place.
Quote from: Sigmatic on September 22, 2010, 05:57:08 PM
Dramatic, sure. But this was probably made by a well-funded, goal oriented group, not some malicious fools who cause havoc for fun.
I think that because whoever wrote it knows enough about industry specific software to give it commands.
Yeah, not a bunch of super teens out for a prank.
hmm..
i hadn't heard of it when it was first discovered. interesting, have to do some homework on this one!
article does seem rather sensational, however, and repetition of scary phrases does make me raise an eyebrow....
it'll be interesting to see what comes of this.
also, SCADA being attacked has been a known vulnerability for many years now. i heard a lecture on it my first year in university, and the guy was practically flipping out on stage about how dangerous our situation is because of it.
from what i understand, precious little has actually been done about it.
i'm actually surprised a large scale one hasn't already occurred...
Pranks generally don't involve the threat of nuclear power plants going haywire. Even fucked up kids who are too smart for their own good know that.
Quote from: Iptuous on September 22, 2010, 06:00:11 PM
hmm..
i hadn't heard of it when it was first discovered. interesting, have to do some homework on this one!
article does seem rather sensational, however, and repetition of scary phrases does make me raise an eyebrow....
it'll be interesting to see what comes of this.
also, SCADA being attacked has been a known vulnerability for many years now. i heard a lecture on it my first year in university, and the guy was practically flipping out on stage about how dangerous our situation is because of it.
from what i understand, precious little has actually been done about it.
i'm actually surprised a large scale one hasn't already occurred...
Just for giggles picture what it could do with a traffic grid during rush hour in a major city.
hmmm....
where was i reading about an automobile software worm that could shut down traffic?....
ETA
ah, yeah....
here it is: http://earlywarn.blogspot.com/2010/08/city-crippler-car-worms.html
i think someone posted the link on this forum?
Quote from: Iptuous on September 22, 2010, 06:05:37 PM
hmmm....
where was i reading about an automobile software worm that could shut down traffic?....
or a comsat grid...
Wheeeee!
or some major trucking operations.
hit some food distribution networks.
two meals from anarchy in this JIT distribution age, no?
Quote from: Iptuous on September 22, 2010, 06:08:51 PM
or some major trucking operations.
hit some food distribution networks.
two meals from anarchy in this JIT distribution age, no?
Add the confusion of ALL of it happening at the exact same moment.
I need more guns.
you've already got guns...
you need more ammo.
I sell a very fine array of suppressors and am a distributor for a high quality subsonic ammunition that you will be needing... pm me for address :)
Quote from: Charley Brown on September 22, 2010, 06:09:54 PM
Quote from: Iptuous on September 22, 2010, 06:08:51 PM
or some major trucking operations.
hit some food distribution networks.
two meals from anarchy in this JIT distribution age, no?
Add the confusion of ALL of it happening at the exact same moment.
I need more guns.
You could heavily damage the infrastructure of a whole country without ever dropping a bomb or firing a bullet, and let the angry citizens take care of the rest...
I think you might be right Charley.
Presumably this could be programmed in such a way that it would detect the use of a particular human language and target that. Say if Iran was the target, it would target computers that have Farsi on it.
Quote from: Doktor Blight on September 22, 2010, 06:20:28 PM
Quote from: Charley Brown on September 22, 2010, 06:09:54 PM
Quote from: Iptuous on September 22, 2010, 06:08:51 PM
or some major trucking operations.
hit some food distribution networks.
two meals from anarchy in this JIT distribution age, no?
Add the confusion of ALL of it happening at the exact same moment.
I need more guns.
You could heavily damage the infrastructure of a whole country without ever dropping a bomb or firing a bullet, and let the angry citizens take care of the rest...
I think you might be right Charley.
Presumably this could be programmed in such a way that it would detect the use of a particular human language and target that. Say if Iran was the target, it would target computers that have Farsi on it.
You are thinking too small.
If I am correct, it will be worldwide.
Quote from: Charley Brown on September 22, 2010, 06:22:02 PM
Quote from: Doktor Blight on September 22, 2010, 06:20:28 PM
Quote from: Charley Brown on September 22, 2010, 06:09:54 PM
Quote from: Iptuous on September 22, 2010, 06:08:51 PM
or some major trucking operations.
hit some food distribution networks.
two meals from anarchy in this JIT distribution age, no?
Add the confusion of ALL of it happening at the exact same moment.
I need more guns.
You could heavily damage the infrastructure of a whole country without ever dropping a bomb or firing a bullet, and let the angry citizens take care of the rest...
I think you might be right Charley.
Presumably this could be programmed in such a way that it would detect the use of a particular human language and target that. Say if Iran was the target, it would target computers that have Farsi on it.
You are thinking too small.
If I am correct, it will be worldwide.
What would be the purpose of targeting your own systems? (Presuming US/Israeli agency)
Quote from: Doktor Blight on September 22, 2010, 06:23:34 PM
Quote from: Charley Brown on September 22, 2010, 06:22:02 PM
Quote from: Doktor Blight on September 22, 2010, 06:20:28 PM
Quote from: Charley Brown on September 22, 2010, 06:09:54 PM
Quote from: Iptuous on September 22, 2010, 06:08:51 PM
or some major trucking operations.
hit some food distribution networks.
two meals from anarchy in this JIT distribution age, no?
Add the confusion of ALL of it happening at the exact same moment.
I need more guns.
You could heavily damage the infrastructure of a whole country without ever dropping a bomb or firing a bullet, and let the angry citizens take care of the rest...
I think you might be right Charley.
Presumably this could be programmed in such a way that it would detect the use of a particular human language and target that. Say if Iran was the target, it would target computers that have Farsi on it.
You are thinking too small.
If I am correct, it will be worldwide.
What would be the purpose of targeting your own systems? (Presuming US/Israeli agency)
TSK.
Suppose a group of powerful, very rich people without morals or loyalty wanted more power. Still thinking too small.
Or even worse, suppose they are doing it for our own good and they are idealists?
Quote from: Sigmatic on September 22, 2010, 05:41:06 PM
Charley, I don't know how much we can trust the report, but:
"A geographical distribution of computers hit by Stuxnet, which Microsoft produced in July, found Iran to be the apparent epicenter of the Stuxnet infections. That suggests that any enemy of Iran with advanced cyber war capability might be involved, Langner says. The US is acknowledged to have that ability, and Israel is also reported to have a formidable offensive cyber-war-fighting capability."
I smell political motives.
It could be Iranian in origin as well, and got loose on accident rather than intent.
Quote from: Charley Brown on September 22, 2010, 06:26:35 PM
Or even worse, suppose they are doing it for our own good and they are idealists?
Ah, I see- it would be a Technofascist take-over sort of thing, or conversely Primitivists/Eco-terrorists.
Instead of owning the means of production, as a Marxist would say, it's control of the machines directly involved in production.
Quote from: Requia ☣ on September 22, 2010, 06:32:39 PM
Quote from: Sigmatic on September 22, 2010, 05:41:06 PM
Charley, I don't know how much we can trust the report, but:
"A geographical distribution of computers hit by Stuxnet, which Microsoft produced in July, found Iran to be the apparent epicenter of the Stuxnet infections. That suggests that any enemy of Iran with advanced cyber war capability might be involved, Langner says. The US is acknowledged to have that ability, and Israel is also reported to have a formidable offensive cyber-war-fighting capability."
I smell political motives.
It could be Iranian in origin as well, and got loose on accident rather than intent.
Possible thought- Chinese origin, Indian target.
I don't habeeb it.
Damn. Why did I just have to remember the dam right above me?
Quote from: Sigmatic on September 22, 2010, 06:36:22 PM
I don't habeeb it.
It really could be from anywhere and targeting anywhere. All of the countries effective have some potential of being either originator or target. It was pointed out that the program uses English for file names, but that doesn't automatically point to US origin- I think I heard somewhere that English is a default language for computer programmers due to it's versatility. The only thing that suggest US origin is confirmation that the US has the capability of creating it.
Quote from: Charley Brown on September 22, 2010, 06:38:47 PM
Damn. Why did I just have to remember the dam right above me?
Shopping list:
Guns
Ammo
Boat
Quote from: Doktor Blight on September 22, 2010, 06:40:41 PM
Quote from: Sigmatic on September 22, 2010, 06:36:22 PM
I don't habeeb it.
It really could be from anywhere and targeting anywhere. All of the countries effective have some potential of being either originator or target. It was pointed out that the program uses English for file names, but that doesn't automatically point to US origin- I think I heard somewhere that English is a default language for computer programmers due to it's versatility. The only thing that suggest US origin is confirmation that the US has the capability of creating it.
The 007 reference was English, not American. Bond, ya know?
Quote from: Sigmatic on September 22, 2010, 05:41:06 PM
Charley, I don't know how much we can trust the report, but:
"A geographical distribution of computers hit by Stuxnet, which Microsoft produced in July, found Iran to be the apparent epicenter of the Stuxnet infections. That suggests that any enemy of Iran with advanced cyber war capability might be involved, Langner says. The US is acknowledged to have that ability, and Israel is also reported to have a formidable offensive cyber-war-fighting capability."
I smell political motives.
Reverse it: Iran is Patient Zero,
self-infected. Anyone hacking into Iran's networks then becomes infected. Since it's Iran's virus, no Iranian system will be affected.
Quote
The appearance of Stuxnet created a ripple of amazement among computer security experts. Too large, too encrypted, too complex to be immediately understood, it employed amazing new tricks, like taking control of a computer system without the user taking any action or clicking any button other than inserting an infected memory stick. Experts say it took a massive expenditure of time, money, and software engineering talent to identify and exploit such vulnerabilities in industrial control software systems.
It employs the amazing new trick of requiring the victim to physically insert an infected memory stick?
We're screwed.
In all seriousness, this probably isn't the global meltdown strike you're looking for, CB. If the experts say it's looking for a very specific target, then it probably is. That, and nobody with the resources to put this together is terribly interested in the economy shutting down once and for all.
Quote from: Charley Brown on September 22, 2010, 06:42:56 PM
Quote from: Doktor Blight on September 22, 2010, 06:40:41 PM
Quote from: Sigmatic on September 22, 2010, 06:36:22 PM
I don't habeeb it.
It really could be from anywhere and targeting anywhere. All of the countries effective have some potential of being either originator or target. It was pointed out that the program uses English for file names, but that doesn't automatically point to US origin- I think I heard somewhere that English is a default language for computer programmers due to it's versatility. The only thing that suggest US origin is confirmation that the US has the capability of creating it.
The 007 reference was English, not American. Bond, ya know?
foo (http://en.wikipedia.org/wiki/foo) is a standard generic name in computer science. So I parse that filename as DEAD+FOO+7, not DEADF+007.
Quote from: Charley Brown on September 22, 2010, 06:42:56 PM
Quote from: Doktor Blight on September 22, 2010, 06:40:41 PM
Quote from: Sigmatic on September 22, 2010, 06:36:22 PM
I don't habeeb it.
It really could be from anywhere and targeting anywhere. All of the countries effective have some potential of being either originator or target. It was pointed out that the program uses English for file names, but that doesn't automatically point to US origin- I think I heard somewhere that English is a default language for computer programmers due to it's versatility. The only thing that suggest US origin is confirmation that the US has the capability of creating it.
The 007 reference was English, not American. Bond, ya know?
Yeah, but 007 transcends Englishness in that the reference is global. Plus Bond has been played by a Scot as well as an Irishman. :lulz:
Quote from: Doktor Alphapance on September 22, 2010, 06:45:47 PM
Quote from: Sigmatic on September 22, 2010, 05:41:06 PM
Charley, I don't know how much we can trust the report, but:
"A geographical distribution of computers hit by Stuxnet, which Microsoft produced in July, found Iran to be the apparent epicenter of the Stuxnet infections. That suggests that any enemy of Iran with advanced cyber war capability might be involved, Langner says. The US is acknowledged to have that ability, and Israel is also reported to have a formidable offensive cyber-war-fighting capability."
I smell political motives.
Reverse it: Iran is Patient Zero, self-infected. Anyone hacking into Iran's networks then becomes infected. Since it's Iran's virus, no Iranian system will be affected.
If it spreads by USB stick, not that likely.
Quote from: Golden Applesauce on September 22, 2010, 06:46:51 PM
Quote
The appearance of Stuxnet created a ripple of amazement among computer security experts. Too large, too encrypted, too complex to be immediately understood, it employed amazing new tricks, like taking control of a computer system without the user taking any action or clicking any button other than inserting an infected memory stick. Experts say it took a massive expenditure of time, money, and software engineering talent to identify and exploit such vulnerabilities in industrial control software systems.
It employs the amazing new trick of requiring the victim to physically insert an infected memory stick?
We're screwed.
In all seriousness, this probably isn't the global meltdown strike you're looking for, CB. If the experts say it's looking for a very specific target, then it probably is. That, and nobody with the resources to put this together is terribly interested in the economy shutting down once and for all.
Quote from: Charley Brown on September 22, 2010, 06:42:56 PM
Quote from: Doktor Blight on September 22, 2010, 06:40:41 PM
Quote from: Sigmatic on September 22, 2010, 06:36:22 PM
I don't habeeb it.
It really could be from anywhere and targeting anywhere. All of the countries effective have some potential of being either originator or target. It was pointed out that the program uses English for file names, but that doesn't automatically point to US origin- I think I heard somewhere that English is a default language for computer programmers due to it's versatility. The only thing that suggest US origin is confirmation that the US has the capability of creating it.
The 007 reference was English, not American. Bond, ya know?
foo (http://en.wikipedia.org/wiki/foo) is a standard generic name in computer science. So I parse that filename as DEAD+FOO+7, not DEADF+007.
Okay, let's assume I just don't trust what I hear. I still think anyone capable of producing this not only has the
ability to lay false trails but
would do so.
Infect the sticks at the manufacturing source.
Quote from: Golden Applesauce on September 22, 2010, 06:46:51 PM
QuoteThat, and nobody with the resources to put this together is terribly interested in the economy shutting down once and for all.
That's why I don't believe it's going to be a worldwide event.
Quote from: Charley Brown on September 22, 2010, 06:51:07 PM
Quote from: Golden Applesauce on September 22, 2010, 06:46:51 PM
Quote
The appearance of Stuxnet created a ripple of amazement among computer security experts. Too large, too encrypted, too complex to be immediately understood, it employed amazing new tricks, like taking control of a computer system without the user taking any action or clicking any button other than inserting an infected memory stick. Experts say it took a massive expenditure of time, money, and software engineering talent to identify and exploit such vulnerabilities in industrial control software systems.
It employs the amazing new trick of requiring the victim to physically insert an infected memory stick?
We're screwed.
In all seriousness, this probably isn't the global meltdown strike you're looking for, CB. If the experts say it's looking for a very specific target, then it probably is. That, and nobody with the resources to put this together is terribly interested in the economy shutting down once and for all.
Quote from: Charley Brown on September 22, 2010, 06:42:56 PM
Quote from: Doktor Blight on September 22, 2010, 06:40:41 PM
Quote from: Sigmatic on September 22, 2010, 06:36:22 PM
I don't habeeb it.
It really could be from anywhere and targeting anywhere. All of the countries effective have some potential of being either originator or target. It was pointed out that the program uses English for file names, but that doesn't automatically point to US origin- I think I heard somewhere that English is a default language for computer programmers due to it's versatility. The only thing that suggest US origin is confirmation that the US has the capability of creating it.
The 007 reference was English, not American. Bond, ya know?
foo (http://en.wikipedia.org/wiki/foo) is a standard generic name in computer science. So I parse that filename as DEAD+FOO+7, not DEADF+007.
Okay, let's assume I just don't trust what I hear. I still think anyone capable of producing this not only has the ability to lay false trails but would do so.
Infect the sticks at the manufacturing source.
I assumed the same thing. It seems a little convenient that the language suggests Anglosphere origin and Iran is one of the infected countries.
Infection at the manufacturing source is pretty interesting, and would probably be hard to trace. It would also guarantee that the program would propagate across a long range of computers.
Is it confirmed that the program can only spread through a thumbdrive? It's a good starting point but might not have the best success at reaching its target if it is only spread that way.
Quote from: Sigmatic on September 22, 2010, 06:54:04 PM
Quote from: Golden Applesauce on September 22, 2010, 06:46:51 PM
QuoteThat, and nobody with the resources to put this together is terribly interested in the economy shutting down once and for all.
That's why I don't believe it's going to be a worldwide event.
Devils Advocate.
If I controlled all of that, why would I concern myself with something as insignificant as the economy?
no matter what your status is, the world economy is not insignificant...
Well, most things this sophisticated and organized tend to have roots in profitability, which leads me to suspect mere industry sabotage.
Paging Captain Nemo....
romantic, but unlikely, don't you think?
In all honesty, I find this entire concept unlikely.
entire concept?
you mean a SCADA attack?
why?
Quote from: Iptuous on September 22, 2010, 07:04:37 PM
entire concept?
you mean a SCADA attack?
why?
Not a SCADA attack, no. A big issue in this particular report is the utter dependency on one Siemiens PLC device. Seriously, doesn't that strike you as odd?
Got quiet in here.
Quote from: Doktor Blight on September 22, 2010, 06:55:57 PM
Is it confirmed that the program can only spread through a thumbdrive? It's a good starting point but might not have the best success at reaching its target if it is only spread that way.
Viruses used to spread like mad through floppy disks, I don't see why a thumb drive would have any less effect as long as this thing still infects home systems to get its infected base high enough.
Quote from: Requia ☣ on September 22, 2010, 07:25:09 PM
Quote from: Doktor Blight on September 22, 2010, 06:55:57 PM
Is it confirmed that the program can only spread through a thumbdrive? It's a good starting point but might not have the best success at reaching its target if it is only spread that way.
Viruses used to spread like mad through floppy disks, I don't see why a thumb drive would have any less effect as long as this thing still infects home systems to get its infected base high enough.
Almost without exception all line control systems have very strict rules about ANY outside devices being stuck in holes.
Quote from: Charley Brown on September 22, 2010, 07:07:40 PM
Quote from: Iptuous on September 22, 2010, 07:04:37 PM
entire concept?
you mean a SCADA attack?
why?
Not a SCADA attack, no. A big issue in this particular report is the utter dependency on one Siemiens PLC device. Seriously, doesn't that strike you as odd?
oh yeah....
also,
i noticed in the wiki article about stuxnet that it says that the software relies on using default passwords in the Siemens PLCs, too, but Siemens has advised not changing them from default because "it could impact plant operations"....
lol.
Quote from: Iptuous on September 22, 2010, 07:27:00 PM
Quote from: Charley Brown on September 22, 2010, 07:07:40 PM
Quote from: Iptuous on September 22, 2010, 07:04:37 PM
entire concept?
you mean a SCADA attack?
why?
Not a SCADA attack, no. A big issue in this particular report is the utter dependency on one Siemiens PLC device. Seriously, doesn't that strike you as odd?
oh yeah....
also,
i noticed in the wiki article about stuxnet that it says that the software relies on using default passwords in the Siemens PLCs, too, but Siemens has advised not changing them from default because "it could impact plant operations"....
lol.
I was a plant tech for 25 years and the plant electrician for most of those. PLC's fail. They can be replaced WITHOUT blowing up the plant.
The more critical a system the more safeguards and bypass systems it has.
I don't know how much redundancy something like a nuclear plant would have, but I bet one failed PLC wouldn't do shit.
i would think a sophisticated software would take that into account.
if it requires intimate knowledge of the systems involved, why would it limit itself to only one part of a redundant system?
Quote from: Iptuous on September 22, 2010, 07:33:32 PM
i would think a sophisticated software would take that into account.
if it requires intimate knowledge of the systems involved, why would it limit itself to only one part of a redundant system?
Once Stuxnet identifies the critical function running on a programmable logic controller, or PLC, made by Siemens, the giant industrial controls company, the malware takes control. One of the last codes Stuxnet sends is an enigmatic "DEADF007."
Also in almost all cases there are manual overrides and bypasses.
Quote from: Charley Brown on September 22, 2010, 07:22:46 PM
Got quiet in here.
I was stuck trying to wade through another thread. In retrospect should have stayed here.
Well, if it's an actual attack, I would look to Siemens competitors in the PLC market. Trying to sell their PLC's.
DEADFOO7 doesn't sound like an executable command but instead a diagnostic code.
Quote from: Charley Brown on September 22, 2010, 07:26:41 PM
Quote from: Requia ☣ on September 22, 2010, 07:25:09 PM
Quote from: Doktor Blight on September 22, 2010, 06:55:57 PM
Is it confirmed that the program can only spread through a thumbdrive? It's a good starting point but might not have the best success at reaching its target if it is only spread that way.
Viruses used to spread like mad through floppy disks, I don't see why a thumb drive would have any less effect as long as this thing still infects home systems to get its infected base high enough.
Almost without exception all line control systems have very strict rules about ANY outside devices being stuck in holes.
This. It strikes me that if there is some sort of network to be targeted in a sensitive industry or whatever, it would be hard to spread it to that system without turning an employee and having them infect the computer themself. I know that at VA hospitals you can have outside devices confiscated. I would think that an Iranian nuclear plant would not be less secure than a VA hospital.
This makes Charley's suggestion that the infection point might be the manufacturing plant more likely- provided that the company that supplied thumbdrives to high security Iranian targets was known and could be sufficiently convinced to include the programming, which is not unlikely at all.
Quote from: Charley Brown on September 22, 2010, 07:40:19 PM
Well, if it's an actual attack, I would look to Siemens competitors in the PLC market. Trying to sell their PLC's.
DEADFOO7 doesn't sound like an executable command but instead a diagnostic code.
Create a problem, give the solution.
haven't had a chance to dig through the thread yet as I'm up to my neck in work and just taking a quick break, but I just read an article in Rockwell Automation's trade journal about securing industrial computers and controllers from internal and external threats.
Any factory worth its salt has a buffer zone in place that forces network traffic to originate or terminate within the network. Of course, if access is gained to the enterprise network, and someone can get access to a program that's communicating to a computer within the buffer zone, then boom, they have access to an industrial computer that's driving plant equip.
Rockwell is working with Cisco and selling their own security approach, which stinks a bit to me, but then I've always had a suspicion that certain anti-virus companies fund virus creation in order to drive their market.
Not that Rockwell and Cisco necessarily would need to drive this extra market, but I wouldn't be surprised if Rockwell didn't develop technology of this sort internally or that it was derived from their own in house security testing teams.
I'll finish the thread later, but good subject. It's something my own company may have to begin addressing if certain entities begin to demand stronger security requirements built into their switchgear and power control systems.
Quote from: Golden Applesauce on September 22, 2010, 06:46:51 PM
Quote
The appearance of Stuxnet created a ripple of amazement among computer security experts. Too large, too encrypted, too complex to be immediately understood, it employed amazing new tricks, like taking control of a computer system without the user taking any action or clicking any button other than inserting an infected memory stick. Experts say it took a massive expenditure of time, money, and software engineering talent to identify and exploit such vulnerabilities in industrial control software systems.
It employs the amazing new trick of requiring the victim to physically insert an infected memory stick?
We're screwed.
Heh, yeah. I was feeling kind of double about that quote too.
On the one hand it's a pretty powerful trick, if used right and if it goes undetected for a while. In some companies people plug their USBs in all over the place. An added benefit is that it can work completely quietly, and needs no tricky exploits to execute arbitrary code. Unlike, say, a Flash or Acrobat plugin exploit, which usually need to cause some crazy overflow in order to trip the OS into executing specially crafted code, often crashing something or make the system glitch.
Yet on the other hand, it's hardly new.
Another thing I wonder about is how it can specifically infect industrial control computers. Usually a virus just spreads as far and wide as it can.
Quote
foo (http://en.wikipedia.org/wiki/foo) is a standard generic name in computer science. So I parse that filename as DEAD+FOO+7, not DEADF+007.
then it spells DEADFOOT? cause the 7 can be a T like in 31337.
Quote from: Charley Brown on September 22, 2010, 07:40:19 PM
Well, if it's an actual attack, I would look to Siemens competitors in the PLC market. Trying to sell their PLC's.
DEADFOO7 doesn't sound like an executable command but instead a diagnostic code.
0xDEADF007 is a hexadecimal number. 3735941127 in decimal.
Quote from: Charley Brown on September 22, 2010, 07:40:19 PM
Well, if it's an actual attack, I would look to Siemens competitors in the PLC market. Trying to sell their PLC's.
If the US cyberdefense geeks haven't immediately cracked the virus, I see three possibilities:
1.) They have the capability to do so, but haven't because either it was either of US Gov't origin or someone we don't want to dick over / get in a fight with publicly.
2.) They've been trying to crack the virus and have so far failed to do so fully. This restricts the country of origin to somewhere like Russia or China, who are somewhat ahead of us in the cyber race. Maybe Israel? Would they tell the US if they snuck an infected USB drive into Iranian power plants?
3.) They have in fact cracked the virus, but aren't going to tell everyone (or at least the public) about it because by keeping the originator guessing they gain some national security advantage.
A PLC manufacturer that
isn't Siemens probably doesn't have the expertise to pull this off. Siemens itself probably doesn't have the expertise to pull this off - according to the wiki the attack involves numerous 0-day vulnerabilities in Windows, stolen security certificates, etc.
http://langner.com/en/ seems to have some information about this. I like his Russian contractor point of infection theory.
There are only 8 google hits for "pwn the means of production"......
Quote from: Triple Zero on September 23, 2010, 01:59:09 AM
Quote from: Golden Applesauce on September 22, 2010, 06:46:51 PM
Quote
The appearance of Stuxnet created a ripple of amazement among computer security experts. Too large, too encrypted, too complex to be immediately understood, it employed amazing new tricks, like taking control of a computer system without the user taking any action or clicking any button other than inserting an infected memory stick. Experts say it took a massive expenditure of time, money, and software engineering talent to identify and exploit such vulnerabilities in industrial control software systems.
It employs the amazing new trick of requiring the victim to physically insert an infected memory stick?
We're screwed.
Heh, yeah. I was feeling kind of double about that quote too.
On the one hand it's a pretty powerful trick, if used right and if it goes undetected for a while. In some companies people plug their USBs in all over the place. An added benefit is that it can work completely quietly, and needs no tricky exploits to execute arbitrary code. Unlike, say, a Flash or Acrobat plugin exploit, which usually need to cause some crazy overflow in order to trip the OS into executing specially crafted code, often crashing something or make the system glitch.
Yet on the other hand, it's hardly new.
Another thing I wonder about is how it can specifically infect industrial control computers. Usually a virus just spreads as far and wide as it can.
The more I think about it, the more a USB attack makes total sense. Any moron can isolate his plant from the outside web, but stopping USB drives either requires your plant to go completely removable-storage-less or to train
all of your employees and
all of your contractors against sticking untrusted drives into computers that control nuclear reactors. What's sad is that the last bit is going to be harder to achieve. (Especially if a foreign agent infiltrates your contractors.)
As for the specificity, if it were possible to restrict my viruses to only infecting relevant machines, I'd do it - the fewer machines infected, the lower your chances of detection. If you're only after one plant, then getting extra computers after that benefits you nothing, and only risks your code getting found earlier.
GAs ultimate company-wide firewall:
1. Find every computer that has access to the company local net.
2. Chew lots of gum.
3. Insert chewed gum into every orifice on that computer that can accept arbitrary data.
4. Use keyboards and mice with the old-style connectors.
This kinda reminds me of the files Kevin found on Shimomura's computer.
The toolkit he created to test cities, powerplants are one step up the foodchain
Quote from: Golden Applesauce on September 23, 2010, 05:02:19 AM
Quote from: Triple Zero on September 23, 2010, 01:59:09 AM
Quote from: Golden Applesauce on September 22, 2010, 06:46:51 PM
Quote
The appearance of Stuxnet created a ripple of amazement among computer security experts. Too large, too encrypted, too complex to be immediately understood, it employed amazing new tricks, like taking control of a computer system without the user taking any action or clicking any button other than inserting an infected memory stick. Experts say it took a massive expenditure of time, money, and software engineering talent to identify and exploit such vulnerabilities in industrial control software systems.
It employs the amazing new trick of requiring the victim to physically insert an infected memory stick?
We're screwed.
Heh, yeah. I was feeling kind of double about that quote too.
On the one hand it's a pretty powerful trick, if used right and if it goes undetected for a while. In some companies people plug their USBs in all over the place. An added benefit is that it can work completely quietly, and needs no tricky exploits to execute arbitrary code. Unlike, say, a Flash or Acrobat plugin exploit, which usually need to cause some crazy overflow in order to trip the OS into executing specially crafted code, often crashing something or make the system glitch.
Yet on the other hand, it's hardly new.
Another thing I wonder about is how it can specifically infect industrial control computers. Usually a virus just spreads as far and wide as it can.
The more I think about it, the more a USB attack makes total sense. Any moron can isolate his plant from the outside web, but stopping USB drives either requires your plant to go completely removable-storage-less or to train all of your employees and all of your contractors against sticking untrusted drives into computers that control nuclear reactors. What's sad is that the last bit is going to be harder to achieve. (Especially if a foreign agent infiltrates your contractors.)
As for the specificity, if it were possible to restrict my viruses to only infecting relevant machines, I'd do it - the fewer machines infected, the lower your chances of detection. If you're only after one plant, then getting extra computers after that benefits you nothing, and only risks your code getting found earlier.
GAs ultimate company-wide firewall:
1. Find every computer that has access to the company local net.
2. Chew lots of gum.
3. Insert chewed gum into every orifice on that computer that can accept arbitrary data.
4. Use keyboards and mice with the old-style connectors.
It's possible to turn those things off in BIOS, then password protect the BIOS. (also get a motherboard that doesn't have a reset jumper).
There is virtually no dividing line between Israeli and US intelligence (or British and American intelligence for that matter) so they are obviously the main suspects. The only other nations with sufficiently advanced cyberwarfare capabilities either don't involve themselves in the Middle East in that way (Japan, South Korea, Brazil) or are invested in keeping Iran working as well as possible (Russia, China)
And given the code isn't apparently as complex as many in the media are making it, it could even be rogue elements of the aforementioned collaborating with anti-Iranian hacktivists, of which there are plenty.
I'd try sending one of the sysadmins a really good deal for company-branded ("empty") USB sticks.
Am I the only one that is reminded of The Masque of the Red Death?
Quote from: Charley Brown on September 22, 2010, 07:30:32 PM
I don't know how much redundancy something like a nuclear plant would have, but I bet one failed PLC wouldn't do shit.
Once it gets on the local network it spreads to infect all of the PLCs. Just replacing one PLC wouldn't do any good, because the program would just re-infect it.
It seems stupid to me that nuclear computer systems aren't entirely closed. Nothing gets stuck in, nothing gets taken out. Gotta upgrade the system? Buy new computers. Or new hard drives, at least.
Quote from: Doktor Howl on September 23, 2010, 05:28:35 PM
Am I the only one that is reminded of The Masque of the Red Death?
Hey, I read that in High School english, Dok. Now that you mention it...
Quote from: BDS on September 23, 2010, 08:20:04 PM
It seems stupid to me that nuclear computer systems aren't entirely closed. Nothing gets stuck in, nothing gets taken out. Gotta upgrade the system? Buy new computers. Or new hard drives, at least.
They are, this is all mental masturbation.
I believe the nuclear launch systems require human intervention to activate, so the virus would have to trick the humans into thinking they were supposed to.
Quote from: Sigmatic on September 23, 2010, 11:33:30 PM
I believe the nuclear launch systems require human intervention to activate, so the virus would have to trick the humans into thinking they were supposed to.
Heh. I have been inside Cheyenne Mountain. There are very unfriendly people with locked and loaded automatic weapons. If some moron put a thumb drive in one of the systems, I would be for getting the fuck out of the way.
Are you sure these places don't have internet? I thought the whole reason they invented the internet was to defend the nuclear launch capability.
Quote from: Sigmatic on September 24, 2010, 12:28:26 AM
Are you sure these places don't have internet? I thought the whole reason they invented the internet was to defend the nuclear launch capability.
Heh. Are you going to try to hack a Cray Supercomputer with a multimillion dollar firewall system?
See you in Gitmo.
Having internet at the site and having the critical systems on the internet are not the same thing.
Not me, no. That's not even the point.
The point is that you're just not protected against viruses if you nor your software know about them. Antivirus software can't tell if an unrecognized file is a virus or not. It only knows whether it's on the "virus" list. There's no computer that can do that, as far as I'm informed.
ETA: I just realized this wasn't my original point, because I am a stupid person. See below.
Quote from: Requia ☣ on September 24, 2010, 12:32:05 AM
Having internet at the site and having the critical systems on the internet are not the same thing.
Yeah, exactly, and I really doubt they'd put controls for anything important online. The whole point of a fortress is so that people have to physically be there to fuck things up. Surely they're at least that clever.
Quote from: Sigmatic on September 24, 2010, 12:36:27 AM
Quote from: Requia ☣ on September 24, 2010, 12:32:05 AM
Having internet at the site and having the critical systems on the internet are not the same thing.
Yeah, exactly, and I really doubt they'd put controls for anything important online. The whole point of a fortress is so that people have to physically be there to fuck things up. Surely they're at least that clever.
They are. The movie War Games was a joke.
First of all, everything I am about to say below is assuming Iran has nuclear weapons or is working towards them:
Iran would have likely bought information on weapon and control design from Pakistan's ISI (surprise!), under the auspices of AQ Khan Labs. North Korea, who also bought information on nuclear weapon, missile and control system design from the ISI, we know from ISI defectors and interrogation of those arrested for aiding AQ Khan Labs, did not include the basic safety requirements that nuclear warhead armed missiles need. In short, if one of their nukes landed and didn't go off, a possibility given the poor showing of North Korean missiles so far, chances are whoever got to it first could remove the nuclear warhead without any obstacles and do whatever they like with it, detonate themselves, turn it into a dirty bomb, sell it on the international black market or whatever.
Furthermore, because of the political situation in North Korea, it is highly unlikely that those missiles could be launched by anyone but Kim Jong-Il. He doesn't entirely trust the military, and with good reason, plus the chances that they would misinterpret his games of international brinkmanship are too high (an accurate assessment, since practically everyone else who isn't a North Korea specialist has made the same errors in judgement) . Also, the technology they have to hand is not as sophisticated as probably even 1950s American tech in some areas, which leaves open the possibility of it being tricked, hacked or gamed somehow to allow others access to launch the weapon. Far safer, in the long term, to leave it in his hands, from his (and funnily enough, the rest of the world's, though they'd never admit it) point of view.
Iran has similar problems to North Korea. The Iranian Revolutionary Guard are akin to the KGB or ISI, a powerful state within a state with their own agenda. But at the same time they have the ear of powerful clerics within the Iranian government. There are also factions loyal to certain Parliament members, the President and the Ayatollah.
Ultimately, it would seem that, given the supreme power of the Grand Ayatollah in foreign and military affairs, he would have the final say over a nuclear weapon's use. But because the Iranian government is more developed, with power more distributed between certain factions, other groups will want a say. Certainly the Guardian Council and Assembly of Experts would want a say, especially as some of them seem to think the detonation of a nuclear weapon may be prohibited except for certain circumstances in Islamic law. The Supreme National Security Council and military, especially the Revolutionary Guard, would also likely have a say.
The problem comes in that likely the system sold to Iran was the same as the one sold to North Korea - it has several notable flaws in it's security. Iran may have patched those up, but again, there is no such thing as a foolproof system, and while I'm sure Iran is batting well ahead of North Korea on technological issues, no system is too well-designed to be compromised. A powerful faction with numerous sympathizers in other branches of government and a history of pursuing it's own agenda may have a way of being able to access launch codes without having to notify any other branches of government. And if they can use that exploit, so can outside parties.
As it is, what is probably going on is someone is trying to make the Bushehr nuclear power facility shut down. The facility is capable of creating weapons grade uranium and without it, no nuclear material can be produced (though it can still be bought on the international market, both legitimate and otherwise). Interestingly, Bushehr was meant to open last month, and the timing of the Stuxnet worm suggests it was designed precisely to target the facility before it could become fully operational.
Cain wins thread.
I am in awe.
Any information that public gives me hives.
I kinda wonder though, I;ve been looking around and haven't really found any reputable security blog detailing the tech on this worm (while for lesser worms there are always some). I saw an article or two on zerohedge but they were just copying the news. Anybody got some better links?
Well, this isn't a reputable security blog, but the Guardian is now saying it was almost certainly an intelligence agency job. They have comments from several security firms on the worm
http://www.guardian.co.uk/technology/2010/sep/24/stuxnet-worm-national-agency
QuoteLatest figures, from August, show 60% of computers infected by Stuxnet are located in Iran – dramatically up from July, when it accounted for less than 25% of infections, research by Symantec shows, with the graph below (from 4 August) showing the prevalence in other countries by comparison. The company estimates that the group building Stuxnet would have been well-funded, comprising between five and 10 people, and that it would have taken six months to prepare.
Alan Bentley, senior international vice president at security firm Lumension, said Stuxnet is "the most refined piece of malware ever discovered", and that the worm was significant because "mischief or financial reward wasn't its purpose, it was aimed right at the heart of a critical infrastructure".
However Graham Cluley, senior consultant with the online security company Sophos, warned against jumping to conclusions about the target of the attack, saying "sensationalist" headlines were "a worry". Clulely is wary of reports linking Stuxnet with Israel: "It's very hard to prove 100% who created a piece of malware, unless you are able to gather evidence from the computer they created it on – or if someone admits it, of course."
But he said that its characteristics did not suggest a lone group. "I think we need to be careful about pointing fingers without proof, and I think it's more appropriate – if true – to call this a state-sponsored cyber attack rather than cyber terrorism."
Stuxnet works by exploiting previously unknown security holes in Microsoft's Windows operating system. It then seeks out a component called Simatic WinCC, manufactured by Siemens, which controls critical factory operations. The malware even uses a stolen cryptographic key belonging to the Taiwanese semiconductor manufacturer RealTek to validate itself in high-security factory systems.
The worm then takes over the computer running the factory process – which for WinCC would be "mission-critical" systems which have to keep functioning under any circumstance – and "blocks" it for up to a tenth of a second. For high-speed systems, such as the centrifuges used for nuclear fuel processing being done by Iran, that could be disastrous, experts suggested.
US army forces are aware of the threat posed by Stuxnet, general Keith Alexander confirmed this week, saying early indications showed that the worm was "very sophisticated".
Clulely told that Guardian that Siemens has "astonishingly" advised power plants and manufacturing facilities not to change the default password that allows access to functions, despite it being exploited by Stuxnet and being "public knowledge on the web for years".
Alan Bentley, SVP International at Lumension, told the Guardian: "There is a lot of circumstantial evidence to suggest that Iran was the target of Stuxnet. We know that the worm was designed with a specific target in mind – its makeup and the way it executes render the tell-tale signs.
"Combine this with the fact that the worm was identified by a Belarusian security firm working for an Iranian client and the fact that the nuclear power plant was not working properly for months, it is understandable that speculation points towards Iran as the target. But, without being inside the walls of the Bushehr nuclear power plant, we can't be certain."
Rik Ferguson, senior security adviser at Trend Micro, said: "Initially, it looks like a targeted attack. It saw a high percentage of infections concentrated in the Middle East. Iran being one. There's every possiblity that the [other countries affected] may have been collateral damage."
Asked whether a nation state was behind the attack, Ferguson said: "The truth is we don't know. But we can look at the concentration [of the attacks]. I don't think we can call this cyberwarfare, I would call it modern espionage. Countries have been spying on their neighbours for years – as the technology has improved, espionage has always improved, and this is step in that direction.
"It's significant because it's not just the malware but the vulnerability to infect machines – if this had been in more traditional, criminal hands it could have been more widely used, like Conficker was. This was a powerful vulnerability it exploited and usually either you sell it for a lot of money or use it for mass criminality."
David Emm, a senior security researcher at Kaspersky Lab, told the Guardian: "We think that Stuxnet's sophistication, purpose and the intelligence behind it suggest the involvement of a state.
"This is a very sophisticated attack – the first of its kind – and has clearly been developed by a highly skilled group of people intent on gaining access to SCADA [supervisory control and data acquisition] systems – industrial control systems for monitoring and managing industrial infrastructure or facility-based processes. In contrast to the bulk of indiscriminate cybercrime threats on the internet, this has been aimed at very specific targets. It's different also because there's no obvious financial motivation behind the attack – rather the aim seems to be to sabotage systems."
However, John Pescatore, vice president for internet security at Gartner, said it was "definitely not the case" that Stuxnet would have required state sponsorship. "We've seen similarly targeted software going after credit card readers for financial gain in the past," he said. "Governments have no monopoly on the talent. We've seen attacks that looked like they were state-sponsored in the past launched by hackers for attention or citizens' groups. You cannot tell just by looking at where it landed."
The experts agree that Stuxnet marks a shift away from malware deployed for financial gain to controlling critical machinery. We are now moving into a "third age" of cyber crime, Clulely said, where the intention of making money from technical exploits is replaced by an intention to bring down critical infrastructure. "We're entering this third age as well, where there are political, economic and military ways in which the internet can be exploited – and malware can be used – to gain advantage by foreign states.
"I think we will see more and more attacks which will be blamed on state-sponsored cyber attacks. There have been numerous attacks in the past which could be said to have possible military, political or economic motives, but it is very difficult to prove that a hack was ordered by Mossad or instead dreamt up by a Macclesfield student."
Is Turkey capable of this?
Not highly likely, and Turkey is fairly comfortable with the Iranian leadership anyway, as Iran wont allow Kurdish dissidents to use the country as a staging base for attacks on Southern Turkey.
I forgot to mention btw, great analysis on the previous page! :mittens:
This left butterflyes in my stomach. I think I'm inlove with the Stuxnet coders. I fucking hope they don't prevent it from taking over the target, or atleast if that would mean that we'll never know what the target was.
Reading the replyes to the thread this came to mind
(http://www.mordt.no/pers_blog/wp-content/uploads/TylerDurden.jpg)
QuoteThe Iranian government agency that oversees the country's nuclear facilities reported today that engineers are attempting to defend against "Stuxnet," a Windows-specific worm attacking industrial plants throughout the nation.
http://www.boingboing.net/2010/09/25/iranian-nuclear-faci.html
Ok, who the hell uses windows on a fucking nuclear power plant?!
Quote from: Cain on September 25, 2010, 07:26:35 PM
Not highly likely, and Turkey is fairly comfortable with the Iranian leadership anyway, as Iran wont allow Kurdish dissidents to use the country as a staging base for attacks on Southern Turkey.
While I can't see a Turkish motive, I have to imagine most countries have the capability to make this. You don't really need a huge amount of infrastructure, you just need people capable of doing it, and I'm sure the various cybercrime gangs would be happy to do it if 7 or 8 zeros were involved in the paycheck.
Quote from: Count Postcount on September 26, 2010, 09:18:25 PM
Ok, who the hell uses windows on a fucking nuclear power plant?!
Windows 3.11 is the most stable operating system out there
http://www.bbc.co.uk/news/world-middle-east-11414483
Wow they are lagging behind in the news cycle
Schneier wrote about it and his links lead to some more technical articles, which I will read later:
http://www.schneier.com/blog/archives/2010/09/the_stuxnet_wor.html
hahaha I love this comment from Schneier's blog:
"Can anyone think of another area of software development where you would say "my god this a work of breathtaking ingenuity and fiendish cunning - it could only have been written by a civil servant" !!"
:lulz:
Quote from: Count Postcount on September 26, 2010, 09:18:25 PM
Ok, who the hell uses windows on a fucking nuclear power plant?!
Iran does. They also used other unlicensed software, and apparently don't understand computer security as screenshots of their control software were posted in the news a while ago.
Anyway, the important thing is, Langner (some German security corp) seems to think (with good reasons, see his article) that the target of the Stuxnet Worm was indeed the nuclear facility in Bushehr, Iran. They also believe that
it has already done its job :
Quote from: http://langner.com/en/index.htmRalph's analysis
Now that everybody is getting the picture let's try to make sense out of the findings. What do they tell us about the attack, the attackers, and the target?
1. This is sabotage. What we see is the manipulation of one specific process. The manipulations are hidden from the operators and maintenance engineers (we have the intercepts identified).
2. The attack involves heavy insider knowledge.
3. The attack combines an awful lot of skills -- just think about the multiple 0day vulnerabilities, the stolen certificates etc. This was assembled by a highly qualified team of experts, involving some with specific control system expertise. This is not some hacker sitting in the basement of his parents house. To me, it seems that the resources needed to stage this attack point to a nation state.
4. The target must be of extremely high value to the attacker.
5. The forensics that we are getting will ultimately point clearly to the attacked process -- and to the attackers. The attackers must know this. My conclusion is, they don't care. They don't fear going to jail.
6. Getting the forensics done is only a matter of time. Stuxnet is going to be the best studied piece of malware in history. We will even be able to do process forensics in the lab. Again, the attacker must know this. Therefore, the whole attack only makes sense within a very limited timeframe. After Stuxnet is analzyed, the attack won't work any more. It's a one-shot weapon. So we can conclude that the planned time of attack isn't somewhen next year. I must assume that the attack did already take place. I am also assuming that it was successful. So let's check where something blew up recently.
Ralph's theory -- completely speculative from here
It is hard to ignore the fact that the highest number of infections seems to be in Iran. Can we think of any reasonable target that would match the scenario? Yes, we can. Look at the Iranian nuclear program. Strange -- they are presently having some technical difficulties down there in Bushehr. There also seem to be indications that the people in Bushehr don't seem to be overly concerned about cyber security. When I saw this screenshot last year (http://www.upi.com/News_Photos/Features/The-Nuclear-Issue-in-Iran/1581/2/) I thought, these guys seem to be begging to be attacked. If the picture is authentic, which I have no means of verifying, it suggests that approximately one and a half year before scheduled going operational of a nuke plant they're playing around with software that is not properly licensed and configured. I have never seen anything like that even in the smallest cookie plant. The pure fact that the relevant authorities did not seem to make efforts to get this off the web suggests to me that they don't understand (and therefore don't worry about) the deeper message that this tells.
Now you may ask, what about the many other infections in India, Indonesia, Pakistan etc. Strange for such a directed attack. Than, on the other hand, probably not. (click to read the rest of the article (http://langner.com/en/index.htm))
So, on the one hand, Stuxnet is probably not a direct threat anymore. That really makes perfect sense, after all once a worm is discovered and analyzed, removal and protection against it is pretty trivial. 0day vulnerabilities only work as long as they're not patched. This goes for most large worms that infect regular computers as well*.
So when a worm is targeting such high-value systems, it doesn't take long before it's neutralized. The attackers knew this (unless they were really stupid and put in all this effort hoping the worm would wonder around unstopped for months) so the worm must have done its job before it got discovered.
(*except for botnets which run on hacked computers in Africa running unlicensed windows versions which are a lot harder to patch--I'm not making this up but most African Windows machines have "computer AIDS" :| )
What IS a threat, however is this:
QuoteStuxnet logbook, Sep 17 2010, 1500 hours MESZ
Press release – for immediate release
Langner sees increased threat level as Stuxnet analysis progresses
Ralph Langner, who successfully analyzed that Stuxnet is a directed attack against industrial control systems sees an increased threat level as the analysis of Stuxnet progresses. Langner points out that not only security researchers will analyse Stuxnet but also the underground. The analysis that Langner has conducted shows that it is not technically difficult to inject rogue ladder logic into PLC programs. It is important to understand that this vulnerability cannot be considered a bug, either technically or legally, so it should not be expected that vendors would be able to release a "patch". Langner expects that exploit code for this vulnerability within several months in the known frameworks such as Metasploit [ http://en.wikipedia.org/wiki/Metasploit ]. While Langner does not assume to see an attack as sophisticated as Stuxnet soon, he points out that the Stuxnet story will raise a lot of attention in the hacker community where people may now start to try using the attack vector for much more trivial motivations than we must assume for the Stuxnet writers. Langner suggests equipment vendors, asset owners and integrators start developing strategies to cope with this scenario quickly.
and the latest article on the page:
QuoteStuxnet logbook, Sep 28 2010, 1100 hours MESZ
While it feels good to be proven right, we would have wished it had happened somewhen later. In respect to the latest news from Iran we recommend to start IMMEDIATELY with developing countermeasures against post-Stuxnet malware. We suggest to follow Melissa Hathaway's advice as expressed in her NYT interview (www.nytimes.com/2010/09/27/technology/27virus.html):
"Proliferation is a real problem, and no country is prepared to deal with it," said Melissa Hathaway, a former United States national cybersecurity coordinator. The widespread availability of the attack techniques revealed by the software has set off alarms among industrial control specialists, she said: "All of these guys are scared to death. We have about 90 days to fix this before some hacker begins using it."
So the problem is not Stuxnet itself, which has done its job in Iran, but the fact that the code is out there for other hackers* to copy and play with and use for "fun and profit", as they call it :)
(*I was gonna write "scriptkiddies" at first, but that's not fair, they're going to copy the technique and parts of the code, but it won't be point-and-click--not for a few years at least :lol: )
It looks like you want to sabotage a power plant. Would you like to watch the movie Wargames?
/
(http://www.philoking.com/wp-content/uploads/2007/11/clippy.png)
But it's not beyond imagining that script kiddies will have this sort of weapon in a few years?
Quote from: Sigmatic on September 30, 2010, 02:15:30 AM
But it's not beyond imagining that script kiddies will have this sort of weapon in a few years?
Yeah.
I mean, I doubt "They" will let it happen, or like that without some sort of "catch", I dunno, plus even if you do make it point-and-click the actual "malfunction/crash/trash the industrial facility part" will always require some inside knowledge of the control systems involved since I suppose they are specific to a facility. Plus, the spreading-via-USB trick, while clever, still requires some social engineering. And of course I suppose that industrial facilities will improve their computer security cause I can understand if they're scared shitless now :)
BUT
It is totally not beyond imagining, in the sense of an awesome and believable near-future cyberpunk spy-thriller story.
They don't call these things "movie plot threats" for nothing ;-)
Okay posit just one talented rat-bastard of a programmer. He attempts to make a software suite that has libraries of all the commands for common industry PLCs, whose goal is to make it easy for non-programmers to sabotage all manner of industry.
What are the odds of his success, do you think?
Quote from: Sigmatic on September 30, 2010, 06:02:26 PM
Okay posit just one talented rat-bastard of a programmer. He attempts to make a software suite that has libraries of all the commands for common industry PLCs, whose goal is to make it easy for non-programmers to sabotage all manner of industry.
What are the odds of his success, do you think?
In my case, he couldn't do anything at all, as our logic is entirely off line for that very reason.
I think the way old Stuxnet works is, it enters a system through a USB stick. No internet required.
Quote from: Sigmatic on September 30, 2010, 06:10:44 PM
I think the way old Stuxnet works is, it enters a system through a USB stick. No internet required.
Our computers don't accept USB sticks, so we can't haul off company data to sell to competitors.
We're actually covered, here.
ETA: Also, we only have one laptop that can access the plant logic.
That's good then. Does any Fucking Stupid person have access to the laptop?
ETA: You needn't answer that out loud, but it's worth looking into.
Quote from: Sigmatic on September 30, 2010, 06:15:26 PM
That's good then. Does any Fucking Stupid person have access to the laptop?
ETA: You needn't answer that out loud, but it's worth looking into.
No, not ANY stupid person. Just the engineer, who is like a human Stuxnet. Also, myself and the I&E techs, who definitely don't want anything to go wrong.
This engineer fellow sounds like a character. :lol:
Quote from: Doktor Howl on September 30, 2010, 06:11:54 PM
Quote from: Sigmatic on September 30, 2010, 06:10:44 PM
I think the way old Stuxnet works is, it enters a system through a USB stick. No internet required.
Our computers don't accept USB sticks, so we can't haul off company data to sell to competitors.
We're actually covered, here.
ETA: Also, we only have one laptop that can access the plant logic.
Sounds like you're doing it
right.I wasn't surprised to find there are apparently plants that are doing it wrong (useful assumption in computer security), it was more an "either they do or they don't" kind of thing. I could imagine IT being rather old in some places and therefore not having modern computer security strategies, but then there's probably those that do secure their stuff properly (like yours)--I wouldn't dare guess how many though.
(umm that's like a really long way of saying I don't know anything about the state of IT in industrial facilities :) )
Quote from: Triple Zero on September 29, 2010, 08:38:54 AM
(*except for botnets which run on hacked computers in Africa running unlicensed windows versions which are a lot harder to patch--I'm not making this up but most African Windows machines have "computer AIDS" :| )
Well this is odd:
http://biztechafrica.com/section/security/article/africa-web-surfing-safe/171/
Seems I was wrong about that, according to an AVG survey Africa is in the top 10 of "safest" web surfing countries.
I'm pretty sure that I read somewhere that large botnets 0wn a lot of computers in Africa because they run old unpatched versions of Windows ... Either that changed, AVG measured somethting else, or maybe they are so infected it's no use to target them
again :?
In other Stuxnet news, they think it's from Israel now, because there's a string "Myrtel"--or something.. Myrtus? I forgot--inside the code which is a biblical reference, as well as a magical number that signifies "dont hax0r this box" which is actually a date in 1979 of a terrorist assassination something or other: http://www.telegraph.co.uk/news/worldnews/middleeast/israel/8034987/Israeli-cyber-unit-responsible-for-Iran-computer-worm-claim.html (not the best article, but quickest i could find)
Asia Times Online also talks about the Biblical references in the code here http://www.atimes.com/atimes/Global_Economy/LJ02Dj03.html
QuoteOver the past week, security companies have been dissecting the malware code in an effort to reveal clues about its creators. Feeding conjecture that is spreading across the Internet and media are obscure biblical references discovered hidden in the code.
The word "Myrtus" offers an ephemeral reference to an Old Testament tale in the Book of Esther, depicting a story about a pre-emptive move by the Jews against a Persian plot to destroy them. The Hebrew word for myrtle, "Hadassah", was the birth name of Esther, a Jewish queen of Persia.
Other cryptic messages include the date "05091979" which refers to May 9, 1979 - the day Jewish Iranian businessman and philanthropist Habib Elghanian, who played a significant role in bringing Western technology to Iran in the 1960s and 1970s, was executed in Tehran.
The digital calling cards in the code could be red herrings designed to flummox investigators or, as many suspect, they could be confirmation of an Israeli effort to thwart Iranian nuclear ambitions.
Israel has never hidden its intentions to undermine the computer systems that manage Iran's large uranium-enrichment plant at Natanz, but the malware has also appeared in other countries, including China, India and Indonesia.
It has been reported that Iranian engineers have been struggling to control the huge centrifuges at Natanz that are required for uranium enrichment. The emergence of Stuxnet at another plant only adds to their suspicions.
Israel's secret cyberwar division, Unit 8200, has received huge resources in recent times so it is entirely possible that the Stuxnet attack on Bushehr - which does not process uranium - was a warm-up for something bigger.
Cyber warfare stakes have now moved up a level, to one that leaves it highly unlikely Iran will be able to retaliate through USB sticks and computer code.
Note: in most of the world, the date apparently hidden in the code would be read as September 5th 1979. I'm not the only one to have noticed this, fortunately, but the speculation based on it is pretty weak. I'm having trouble finding anything related to Israel that happened on that day, and I'm not sure of Israeli date-writing conventions.
http://news.yahoo.com/s/ap/20101009/ap_on_re_mi_ea/iran_nuclear
On Tuesday, Foreign Ministry spokesman Ramin Mehmanparast said Iran believed the computer worm was part of a Western plot to sabotage its nuclear program.
Who created the Stuxnet code and what its precise target is, if any, remains a mystery.
The web security firm Symantec Corp. has said Stuxnet was likely spawned by a government or a well-funded private group. It was apparently constructed by a small team of as many as five to 10 highly educated and well-funded hackers, Symantec says.
As Iran battled the computer worm over recent weeks, the intelligence minister announced authorities had arrested two nuclear spies. He did not, however, reveal their identities or clearly link them to the Stuxnet problem.
So they were infected. Interesting.
Via http://www.f-secure.com/weblog/archives/00002040.html . Good stuff, answers the right questions. Visit the link which also has a few diagrams, and a demo video or something, but here I copypasted the Q & A :
Stuxnet continues to be a hot topic. Here are answers to some of the questions we've received.
Q: What is Stuxnet?
A: It's a Windows worm, spreading via USB sticks. Once inside an organization, it can also spread by copying itself to network shares if they have weak passwords.
Q: Can it spread via other USB devices?
A: Sure, it can spread anything that you can mount as a drive. Like a USB hard drive, mobile phone, picture frame and so on.
Q: What does it do then?
A: It infects the system, hides itself with a rootkit and sees if the infected computer is connected to a Siemens Simatic (Step7) factory system.
Q: What does it do with Simatic?
A: It modifies commands sent from the Windows computer to the PLC. Once running on the PLC, it looks for a specific factory environment. If this is not found, it does nothing.
Q: Which factory is it looking for?
A: We don't know.
Q: Has it found the factory it's looking for?
A: We don't know.
Q: What would it do if it finds it?
A: It makes complex modifications to the system. Results of those modifications can not be detected without seeing the actual environment. So we don't know.
Q: Ok, in theory: what could it do?
A: It could adjust motors, conveyor belts, pumps. It could stop a factory. With right modifications, it could cause things to explode.
Q: Why is Stuxnet considered to be so complex?
A: It uses multiple vulnerabilities and drops its own driver to the system.
Q: How can it install its own driver? Shouldn't drivers be signed for them to work in Windows?
A: Stuxnet driver was signed with a certificate stolen from Realtek Semiconductor Corp.
Q: Has the stolen certificate been revoked?
A: Yes. Verisign revoked it on 16th of July. A modified variant signed with a certificate stolen from JMicron Technology Corporation was found on 17th of July.
Q: What's the relation between Realtek and Jmicron?
A: Nothing. But these companies have their HQs in the same office park in Taiwan. Which is weird.
Q: What vulnerabilities does Stuxnet exploit?
A: Overall, Stuxnet exploits five different vulnerabilities, four of which were 0-days:
LNK (MS10-046)
Print Spooler (MS10-061)
Server Service (MS08-067)
Privilege escalation via Keyboard layout file
Privilege escalation via Task Scheduler
Q: And these have been patched by Microsoft?
A: The two Privilege escalations have not yet been patched.
Q: Why was it so slow to analyze Stuxnet in detail?
A: It's unusually complex and unusually big. Stuxnet is over 1.5MB in size.
Q: When did Stuxnet start spreading?
A: In June 2009, or maybe even earlier. One of the components has a compile date in January 2009.
Q: When was it discovered?
A: A year later, in June 2010.
Q: How is that possible?
A: Good question.
Q: Was Stuxnet written by a government?
A: That's what it would look like, yes.
Q: How could governments get something so complex right?
A: Trick question. Nice. Next question.
Q: Was it Israel?
A: We don't know.
Q: Was it Egypt? Saudi Arabia? USA?
A: We don't know.
Q: Was the target Iran?
A: We don't know.
Q: Is it true that there's are biblical references inside Stuxnet?
A: There is a reference to "Myrtus" (which is a myrtle plant). However, this is not "hidden" in the code. It's an artifact left inside the program when it was compiled. Basically this tells us where the author stored the source code in his system. The specific path in Stuxnet is: \myrtus\src\objfre_w2k_x86\i386\guava.pdb. The authors probably did not want us to know they called their project "Myrtus", but thanks to this artifact we do. We have seen such artifacts in other malware as well. The Operation Aurora attack against Google was named Aurora after this path was found inside one of the binaries: \Aurora_Src\AuroraVNC\Avc\Release\AVC.pdb.
Q: So how exactly is "Myrtus" a biblical reference?
A: Uhh... we don't know, really.
Q: Could it mean something else?
A: Yeah: it could mean "My RTUs", not "Myrtus". RTU is an abbreviation for Remote Terminal Units, used in factory systems.
Q: How does Stuxnet know it has already infected a machine?
A: It sets a Registry key with a value "19790509" as an infection marker.
Q: What's the significance of "19790509"?
A: It's a date. 9th of May, 1979.
Q: What happened on 9th of May, 1979?
A: Maybe it's the birthday of the author? Then again, on that date a Jewish-Iranian businessman called Habib Elghanian was executed in Iran. He was accused to be spying for Israel.
Q: Oh.
A: Yeah.
Q: Is there a link between Stuxnet and Conficker?
A: It's possible. Conficker variants were found between November 2008 and April 2009. First variants of Stuxnet were found shortly after that. Both exploit the MS08-067 vulnerability. Both use USB sticks to spread. Both use weak network passwords to spread. And, of course, both are unusually complex.
Q: Is there a link to any other malware?
A: Some Zlob variants were the first to use the LNK vulnerability.
Q: Disabling AutoRun in Windows will stop USB worms, right?
A: Wrong. There are several other spreading mechanisms USB worms use. The LNK vulnerability used by Stuxnet would infect you even if AutoRun and AutoPlay were disabled.
Q: Will Stuxnet spread forever?
A: The current versions have a "kill date" of June 24, 2012. It will stop spreading on this date.
Q: How many computers did it infect?
A: Hundreds of thousands.
Q: But Siemens has announced that only 15 factories have been infected.
A: They are talking about factories. Most of the infected machines are collateral infections, i.e. normal home and office computers that are not connected to SCADA systems.
Q: How could the attackers get a trojan like this into a secure facility?
A: For example, by breaking into a home of an employee, finding his USB sticks and infecting it. Then wait for the employee to take the sticks to work and infect his work computer. The infection will spread further inside the secure facility via USB sticks, eventually hitting the target. As a side effect, it will continue spread elsewhere also. This is why Stuxnet has spread worldwide.
Q: Anything else it could do, in theory?
A: Siemens announced last year that Simatic can now also control alarm systems, access controls and doors. In theory, this could be used to gain access to top secret locations. Think Tom Cruise and Mission Impossible.
Image Copyright (c) Paramount Pictures
Q: Did Stuxnet sink Deepwater Horizon and cause the Mexican oil spill?
A: No, we do not think so. Although it does seem Deepwater Horizon indeed did have some Siemens PLC systems on it.
Q: Does F-Secure detect Stuxnet?
A: Yes.
Note: We have learned many of the details mentioned in this Q&A in discussions with researchers from Microsoft, Kaspersky, Symantec and other vendors.
Dunno if people are still following this thing, but this blog is filled with good info about StuxNet and it's purposes.
One recent development is that they are now almost completely sure that StuxNet has been built to target the nuclear facility in Tehran. This is because while examining the code*, they found it targeting another specific piece of hardware, which runs at a special frequency and there's only two industrial facilities that match this. One in Finland and one in Tehran, Iran. Everybody seems to agree that it's a pretty safe bet that it's probably not specifically targeting the one Finland :)
*you may wonder why this takes so long. StuxNet is really big for a virus. It's 1-2MB in size, and given that viruses are mostly pure code, that is a lot (the reason why most software needs a 700MB CD-ROM to install is because they are filled with graphics, documentation, help, translations in 20 languages and drivers and libraries), meaning it's very complex. Another, probably the most important, reason is that it's targeting industrial microcontroller devices. Most viruses are designed for PCs, in fact even Macs run on an Intel processor today. It's the processor that determines the lowest level language you can write code on the machine, and that's what viruses are written in--ok sometimes they are written in C/C++ like most software, but that is translated (compiled) to machine language, and when you get an executable, that's all you got. It's like when you examine DNA you get basepairs, but what you want is the amino acids. ANYWAY pretty much all desktop computers use a machine language called 80x86. But industrial microprocessors use a different one, and I believe that there are not nearly as many people able to speak that language. Also because every company (in this case it's Siemens) sometimes made their own language, and especially has their own quirks and oddities.
Otherwise, big news like this would have had the entire worldwide black, white and greyhat communities pour over StuxNet's code and it'd be completely transparent in a few weeks.
One other link, talking about the strategic significance of StuxNet: Better than bunker busters: The virtual Chinese water torture (http://www.langner.com/english/?p=440)
MORE: Stuxnet attacker profiling (http://www.langner.com/english/?p=431) (especially the last/conclusiony parts)
Damnit this stuff reads like a modern-day cyberpunk thriller.
Q: Did Stuxnet sink Deepwater Horizon and cause the Mexican oil spill?
A: No, we do not think so. Although it does seem Deepwater Horizon indeed did have some Siemens PLC systems on it.
Wasn't there gossip about a korean turpedo at the same time as this event?
Are we sure Finland's not the target? I mean, they have vodka. And a land border with Russia. And reindeer. You could do a lot with that, even in this day and age.
I continue to be fascinated and terrified
also, thank god this is targeting Iran and not us
http://blogs.forbes.com/firewall/2010/09/29/did-the-stuxnet-worm-kill-indias-insat-4b-satellite/
If it did, and the US had a hand in its creation....that's some nasty blowback.
India and the USA = BFF or until China reverts to its historical norm (patchland of warring states).
Iran admits Stuxnet malware sabotaged uranium centrifuges (http://www.reddit.com/tb/edk73)
wired.com -- by Kim Zetter, November 29, 2010 4:18 pm
In what appears to be the first confirmation that the Stuxnet malware hit Iran's Natanz nuclear facility, Iranian President Mahmoud Ahmadinejad said Monday that malicious computer code launched by "enemies" of the state had sabotaged centrifuges used in Iran's nuclear-enrichment program.
The surprise announcement at a press conference coincided with news that two of Iran's top nuclear scientists had been ambushed Monday by assassins who killed one scientist and seriously injured the other.
Iran had previously acknowledged that Stuxnet infected the personal computers of workers at its Bushehr nuclear power plant but had insisted that the malware had not infected work systems involved in the nuclear program, and that the program itself had not been harmed. Officials did not mention then whether any computers at its nuclear facility at Natanz had been infected.
Natanz is engaged in enriching uranium that could be used to manufacture weapons. It was therefore believed by various computer security experts to have been Stuxnet's likely target.
Ahmadinejad did not mention Natanz by name at Monday's press conference but admitted that malware had "succeeded in creating problems for a limited number of our centrifuges."
According to a recent report from the United Nations' International Atomic Energy Agency, Iran had temporarily halted uranium enrichment at its Natanz plant for unknown reasons earlier this month. Thousands of centrifuges reportedly stopped production as a result.
Iran has had various problems over the years with equipment used in its nuclear facilities. The problems have delayed progress in both the country's nuclear power plants and the uranium-enrichment program, which Iran has insisted is for peaceful purposes only.
Ahmadinejad said the malware that caused problems with its centrifuges was in software that the attackers had "installed in electronic parts." He said the infection had been halted.
"Our specialists stopped that and they will not be able to do it again," he said, according to the BBC. Ahmadinejad blamed Israel and "the West" for spreading the malware.
The Stuxnet worm was discovered on computers in Iran in June by a Belarusian security firm and has infected more than 100,000 computer systems worldwide, most of them in Iran. The targeted code was designed to attack Siemens Simatic WinCC SCADA systems. The Siemens system is used in various facilities to manage pipelines, nuclear plants and various utility and manufacturing equipment.
But speculation has focused on Iran's nuclear facilities — at Bushehr, Natanz and other locations — being the most likely target. The sophisticated malware is believed to have been created by a well-financed nation state, with speculation focusing on Israel and/or the United States.
Security firm Symantec recently determined that the malware specifically targets Siemens systems that are used with frequency-converter drives made by two firms, one based in Iran and one in Finland. Even more specifically, Stuxnet targets only frequency drives from these two companies that are also running at high speeds — between 807 Hz and 1210 Hz.
Frequency-converter drives are used to control the speed of a device. Although it's not known what device Stuxnet aimed to control, it was designed to vary the speed of the device wildly but intermittently over a span of weeks, suggesting the aim was subtle sabotage meant to ruin a process over time but not in a way that would attract suspicion.
"Using nuclear enrichment as an example, the centrifuges need to spin at a precise speed for long periods of time in order to extract the pure uranium," Symantec's Liam O Murchu told Threat Level earlier this month. "If those centrifuges stop to spin at that high speed, then it can disrupt the process of isolating the heavier isotopes in those centrifuges ... and the final grade of uranium you would get out would be a lower quality."
Iran's confirmation this week that malware was behind recent problems with its centrifuges suggests that Stuxnet may indeed have been designed specifically to target Iran's nuclear program. But if this is the case, the assassinations on Monday could indicate that whoever targeted Iran felt the malware was insufficient to halt Iran's nuclear program.
According to news reports, the scientists were targeted in separate but nearly simultaneous car bomb attacks near Shahid Beheshti University. Majid Shahriari and Fereydoun Abbasi, along with their wives, were driving to work when assailants on motorcycles zipped by their vehicles and slapped magnetized explosives to the cars, which were detonated within seconds.
Shahriari, who was head of an unnamed Iranian nuclear program, was killed. Abbasi, a high-ranking Ministry of Defense official who reportedly holds a Ph.D. in nuclear physics, was wounded. Both wives were wounded in the attacks.
Two other Iranian nuclear scientists have been killed in recent years. A senior physics professor at Tehran University was killed in January, when a bomb attached to a motorcycle exploded near his car as he was leaving for work. A second nuclear scientist died in 2007 from gas poisoning.
Ahmadinejad blamed Monday's assassination attacks on Israel and the West.
"Undoubtedly, the hand of the Zionist regime and Western governments is involved in the assassination," he said, according to an Associated Press account of the news conference.
Sunday's disclosure of U.S. State Department documents also show that Arab nations share the same concerns that Israel and the United States have about Iran's nuclear programs. The documents, given to various media outlets by the secret-spilling site WikiLeaks, reveal that King Abdullah of Saudi Arabia pleaded with the United States to stop Iran before it could develop an atomic weapon. Other Arab leaders were equally urgent that Iran had to be stopped.
There have been suggestions, however, that the Iranian government itself could have been responsible for the attacks on the two nuclear scientists.
Yes, im sure that they killed their own scientists, not only that, but infected themselves with Stuxnet so they can invade Israel and the USA.
Oh wait, no.
Btw, i dont even know who would come up with that ridiculous hypothesis, its kind of resurrecting the 9/11 meme that the USA gov. blew up their own buildings looking for an excuse to war but now planted unto Iran's supposed intents.
False flag operations have happened historically (SS members dressed as Polish soldiers and staged an attack on a German border town, in order to justify the invasion and annexation of Poland, for example), but the standard for evidence to prove them is very high, and seem absent in this case. Iran does not appear to have the technical expertise to create something like Stunext, and I suspect if it were a false flag op, the targets it would be hitting would be less critical to Iranian national security.
Or maybe those two scientists were the ones responsible for the sabotage and Iran wanted to avoid an embarrassing trial
Quote from: Cramulus on November 17, 2010, 02:32:19 PM
I continue to be fascinated and terrified
also, thank god this is targeting Iran and not us
For now, but this opens up a whole new level of sabotage to other countries. On the bright side, if it was the US, it shows that we're a little more ahead of the curve than I thought.
This really is an interesting development (with Ahmedinejad's statements and the deaths of the nuclear scientist)
New article in the NY Times pretty much spell out that the US and Israel are behind StuxNet.
http://www.nytimes.com/2011/01/16/world/middleeast/16stuxnet.html?_r=1
C&P the first page (it's 4 pages long) due to stupid login-wall:
Israeli Test on Worm Called Crucial in Iran Nuclear Delay
By WILLIAM J. BROAD, JOHN MARKOFF and DAVID E. SANGER
Published: January 15, 2011
The Dimona complex in the Negev desert is famous as the heavily guarded heart of Israel's never-acknowledged nuclear arms program, where neat rows of factories make atomic fuel for the arsenal.
Over the past two years, according to intelligence and military experts familiar with its operations, Dimona has taken on a new, equally secret role — as a critical testing ground in a joint American and Israeli effort to undermine Iran's efforts to make a bomb of its own.
Behind Dimona's barbed wire, the experts say, Israel has spun nuclear centrifuges virtually identical to Iran's at Natanz, where Iranian scientists are struggling to enrich uranium. They say Dimona tested the effectiveness of the Stuxnet computer worm, a destructive program that appears to have wiped out roughly a fifth of Iran's nuclear centrifuges and helped delay, though not destroy, Tehran's ability to make its first nuclear arms.
"To check out the worm, you have to know the machines," said an American expert on nuclear intelligence. "The reason the worm has been effective is that the Israelis tried it out."
Though American and Israeli officials refuse to talk publicly about what goes on at Dimona, the operations there, as well as related efforts in the United States, are among the newest and strongest clues suggesting that the virus was designed as an American-Israeli project to sabotage the Iranian program.
In recent days, the retiring chief of Israel's Mossad intelligence agency, Meir Dagan, and Secretary of State Hillary Rodham Clinton separately announced that they believed Iran's efforts had been set back by several years. Mrs. Clinton cited American-led sanctions, which have hurt Iran's ability to buy components and do business around the world.
The gruff Mr. Dagan, whose organization has been accused by Iran of being behind the deaths of several Iranian scientists, told the Israeli Knesset in recent days that Iran had run into technological difficulties that could delay a bomb until 2015. That represented a sharp reversal from Israel's long-held argument that Iran was on the cusp of success.
The biggest single factor in putting time on the nuclear clock appears to be Stuxnet, the most sophisticated cyberweapon ever deployed.
In interviews over the past three months in the United States and Europe, experts who have picked apart the computer worm describe it as far more complex — and ingenious — than anything they had imagined when it began circulating around the world, unexplained, in mid-2009.
Many mysteries remain, chief among them, exactly who constructed a computer worm that appears to have several authors on several continents. But the digital trail is littered with intriguing bits of evidence.
In early 2008 the German company Siemens cooperated with one of the United States' premier national laboratories, in Idaho, to identify the vulnerabilities of computer controllers that the company sells to operate industrial machinery around the world — and that American intelligence agencies have identified as key equipment in Iran's enrichment facilities.
Seimens says that program was part of routine efforts to secure its products against cyberattacks. Nonetheless, it gave the Idaho National Laboratory — which is part of the Energy Department, responsible for America's nuclear arms — the chance to identify well-hidden holes in the Siemens systems that were exploited the next year by Stuxnet.
The worm itself now appears to have included two major components. One was designed to send Iran's nuclear centrifuges spinning wildly out of control. Another seems right out of the movies: The computer program also secretly recorded what normal operations at the nuclear plant looked like, then played those readings back to plant operators, like a pre-recorded security tape in a bank heist, so that it would appear that everything was operating normally while the centrifuges were actually tearing themselves apart.
The attacks were not fully successful: Some parts of Iran's operations ground to a halt, while others survived, according to the reports of international nuclear inspectors. Nor is it clear the attacks are over: Some experts who have examined the code believe it contains the seeds for yet more versions and assaults.
"It's like a playbook," said Ralph Langner, an independent computer security expert in Hamburg, Germany, who was among the first to decode Stuxnet. "Anyone who looks at it carefully can build something like it." Mr. Langner is among the experts who expressed fear that the attack had legitimized a new form of industrial warfare, one to which the United States is also highly vulnerable.
Officially, neither American nor Israeli officials will even utter the name of the malicious computer program, much less describe any role in designing it.
Here is the complete article, print version, pasted to PasteHTML.com :
http://pastehtml.com/view/1cu5zad.html
Can't say I am surprised.
This article on Forbes is very skeptical of the NYTimes article on the previous page:
http://blogs.forbes.com/jeffreycarr/2011/01/17/the-new-york-times-fails-to-deliver-stuxnets-creators/
But the arguments it gives for this seem very suspect to me. It sounds a lot like the author just really wants the NYTimes to be wrong, or merely really badly wants to discredit the idea of the US/Israel beind behind Stuxnet. Regardless of whether this is the case or not. From the writing style alone I get a very strong "grasping at straws" feeling.
First, he only quotes Symantec as computer security experts, who did write a few excellent articles on Stuxnet, but they're just a big anti-virus company, it's the German security research firm Langner that really knows what they're talking about, because they actually have the expertise in house to analyze code that targets industrial controller systems [which are vastly different than desktop PCs--a lot more like the chips in your washing machine or VCR].
Then he quotes some Israeli guy named Shai Blitzblau, and that guy is either lying, full of shit, stupid or all of the above. You can check all this from the Stuxnet Q&A by F-Secure (http://www.f-secure.com/weblog/archives/00002040.html) that I posted on the previous page of this thread.
* "Our two main suspects for this are high-level industrial espionage against Siemens and a kind of academic experiment" which is nonsense.
- An academic experiment could never have managed to acquire the digital certificates* that Stuxnet used to sign its code, as this certificate was stolen from Taiwanese electronics companies Realtek and JMicron.
- High level industrial espionage against Siemens makes no sense whatsoever, because Stuxnet clearly targets very specific installations, specific factory environment, with a very specific number of certain devices, running at certain very specific frequencies. Which are indeed controlled by Siemens PLCs, but Stuxnet's targeting is quite a bit more specific than just the brand of PLCs.
* Blitzblau explains that the broad, indiscriminate attack on industrial computers launched by Stuxnet is not characteristic to a military operation, where the nation launching the attack tries to minimize collateral damage and focus on a specific target.
- that is bullshit, Stuxnet is one of the least broad, least indiscriminate viruses I have ever heard of :lol: and minimizing collateral damage? hell yeah, it just disables and breaks the equipment, and it does so without even having to know where all these installations are. because a lot of these are suspected to be underground, and normally they'd have to drop "bunkerbusters" or something on those things to destroy them, talk about collateral.
Then comes a link to an article by Gadi Evron (Israeli security expert and founder of Israel's CERT) on DarkReading (http://www.darkreading.com/blog/228200580/stuxnet-an-amateur-s-weapon.html) who is a big poopyhead calling the Stuxnet coders "amateurs" (http://www.youtube.com/watch?v=plnMjMVc93E). I mean, look at this guy's photo. Can you already hear him say it? BUNCH OF FUCKING AMATEURS!! (http://www.youtube.com/watch?v=plnMjMVc93E) :lulz: haaahahahahaha
Anyway he says "[Stuxnet] enables an attacker to infect a computer by merely inserting a USB key. This is perfect for attacking a nuclear facility, which isn't connected to the Internet. But operationally it means a person would have to be there physically to accomplish the mission: a spy, a rogue employee, or a commando team." -- F-Secure has a much better idea: "For example, by breaking into a home of an employee, finding his USB sticks and infecting it. Then wait for the employee to take the sticks to work and infect his work computer. The infection will spread further inside the secure facility via USB sticks, eventually hitting the target.", that really doesn't sound that hard to do, IMO. And you can do it as many times as you want.
"Further, Stuxnet remained active when, in 2009, one of the zero-day vulnerabilities was reported publicly and patched by Microsoft. Why would its operators risk the discovery of such a costly weapon by keeping it in the field when discovery is now a real risk?" -- I'm not even sure what this means. It sounds like he thinks the "operators" of a computer virus can just recall and disable it whenever they want. Maybe he's confused and thinks Stuxnet is a sort of botnet, but computers infected with Stuxnet cannot "phone home", Stuxnet operates in the dark and cannot receive commands from a central C&C node (unlike, say, Zeus, Conficker or Storm), because its targets are not connected to the internet, DUH.
Then, Mr Evron say, "If we are to believe media reports, then Iran's nuclear efforts have been delayed by three months. These reports are unsubstantiated, but taking them on their word, it doesn't seem likely that Israel or the United States would invest so much for such a small return. It is still within the realm of possibility that some nation-state was behind it, even Iran itself. While in democracies it's the exact opposite, in dictatorial countries most of the intelligence efforts are turned inward." -- Ok, so now Stuxnet suddenly isn't completely useless anymore, but IF it did something, then surely it wasn't America+Israel, because it COULD be, um, Iran itself, because they're crazy terrorists.
"Another option is that this was a corporate rival of Siemens, the vendor whose SCADA systems Stuxnet targets. Siemens reported it has so far discovered 14 clients (read: power plants) that have been infected, a large portion of which are in Germany. Siemens suffered major PR damage as a result of Stuxnet." -- If someone would want to discredit Siemens, they'd probably focus on the fact that Nokia-Siemens built Iran's Deep Packet Inspection systems used to intercept and censor communications during and after the Iran election protests. At the very least they'd probably wouldn't have made it so specific, because without intelligence about the Iranian nuclear facilities, they wouldn't even have known if Stuxnet would eventually hit *anything* (the frequency-ranges it looks for, occur only in one other facility, somewhere in Finland IIRC).
"It could also be criminals, with a goal as simple as ransoming these power plants. As unlikely as this scenario sounds, it is as sound a guess as any of the others." -- No it's not. Not at all. Organized cybercriminals can that kind of money in a lot easier and a lot safer ways, plus, who's claiming ransom? And for what? Again, it's not like they can remotely disable the virus.
"Among the many guesses as to who built Stuxnet, fingers were also pointed at Israel. As an Israeli [security expert and founder of Israel's CERT], I hope such sloppy work wasn't ours. Yes, Stuxnet is advanced, but no military or intelligence organization should be this careless. It is just too amateurish from an operational standpoint." -- Uuhuh, yeah.
Back to the Forbes article, he says the timeline is suspect. I don't see how.
I gotta give the author (Jeffrey Carr) one thing though, "David Albright and his co-researchers at ISIS concluded that the Stuxnet worm most likely was designed to destroy a limited number of centrifuges and temporarily set back Iran's fuel enrichment program. Does that sound like a strategy that Israel would agree to? Not to Benjamin Netanyahu, Israel's PM. After expressly stating his disagreement with Dagan's 2015 date, he said that "sanctions should be strictly enforced and materially strengthened..., and that if they don't achieve their goal, they would be followed by a credible military option." -- this is actually quite a reasonable argument. Not one that discredits the entire theory, but yeah, I can indeed imagine Netanyahu not just wanting it delayed but entirely stopped.
I'm not 100% convinced it has to be Israel+USA that did it, but the arguments against it in this article just don't hold any water IMO. I'm interested in his writeup about a Stuxnet Finnish-Chinese connection, though :)
(* http://en.wikipedia.org/wiki/Public_key_certificate is basically an encryption public/private keypair, the private part of which only a the owner of the certificate is supposed to have. The certificate owner can then use the private key to digitally sign a piece of data, thereby certifying that this piece of data can be trusted. Other people (programs) can then use the public part of the certificate to check whether the data is indeed signed and by whom, and based on that information decide whether they trust it or not. Because you can also sign and certify certificates themselves, a so called "chain of trust" can be created. The very first certificate in this chain, is called the "root" certificate. Examples of Root Certificate Authorities are companies such as VeriSign, DigiCert, GeoTrust, GoDaddy, etc (http://en.wikipedia.org/wiki/Category:Certificate_authorities)
Re: Stuxnet Chinese-Finnish connection, never mind, these Forbes people are obviously retarded and mostly interested in pointing anywhere except the USA/Israel. Finland is mentioned once at the beginning of the article and China is suspect because guess what, ... that's where the electronics were made :kingmeh:
And of course, why would China want to attack Iranian nuclear facilities in the first place? What's the motivation? To ensure more oil is used for Iranian internal consumption than sold on the international market, raising the price of oil and ensuring there is less oil overall for power-hungry Chinese factories to use?
China has blocked most UNSC attempts at proscribing Iran exactly because it wants Iranian nuclear power to work, because that means more oil for its companies. The idea that China would shoot itself in the foot in such a flagrant and determined way is ridiculous in the extreme.
It's because uh, something about rare earth metals, and that another country with a bomb is never a good thing, BUT China wants to stay on good terms with Iran so it developed Stuxnet in order to thwart its nuclear program SECRETLY while publically supporting them, so they could pin it on the poor USA and Israel.
Not making this up, that's what the article said ...
That's insanely complex. Good premise for a Tom Clancy novel, poor premise for, you know, actual policy analysis.
bump for new virus found:
http://english.aljazeera.net/news/middleeast/2011/04/2011425163710464916.html
QuoteIran has been targeted by a new computer virus in a "cyber war" waged by its enemies, according to a senior military official of the Islamic republic.
Gholam Reza Jalali, commander of civil defence, told the semi-official Mehr news agency on Monday that the new virus, called Stars, was being investigated by experts.
"Certain characteristics about the Stars virus have been identified, including that it is compatible with the [targeted] system," he said.
He said that Iranian experts were still investigating the full scope of the malware's abilities.
Jalali played down the impact of Stars, but said it is "harmonious" with computer systems and "inflicts minor damage in the initial stage and might be mistaken for executive files of governmental organisations".
He did not say what equipment or facilities the virus targeted, or when experts first detected it.
Stars is the second serious computer worm to hit Iran in the past eight months.
Iran was hit with another computer worm, Stuxnet, last year, reportedly designed to hurt Iran's controversial nuclear programme.
The country has accused the US and Israel of launching Stuxnet, which was publicly identified last June and reportedly mutated and infected at least 30,000 computerised industrial equipment in the following months.
The existence of Stuxnet became public knowledge around the time that Iran began loading fuel into Bushehr, its first nuclear reactor, last August.
Iran said in September that staff computers at Bushehr had been hit but that the plant itself was unharmed.
Bushehr is still not operational, having missed several start-up deadlines. This has prompted speculation that Stuxnet damaged the plant.
But Iran said its scientists discovered and neutralised the malware before it could cause serious damage.
bump, because Wired has written a very in-depth summary of the entire StuxNet saga:
http://www.wired.com/threatlevel/2011/07/how-digital-detectives-deciphered-stuxnet/all/1
it's quite a long article, but very interesting, and it covers pretty much the entire story from Symantec and Langner's viewpoints.
Another Iranian nuclear scientist has been assassinated
http://www.bbc.co.uk/news/world-middle-east-14263126
QuoteAn Iranian nuclear scientist has been shot dead outside his home in Tehran, Iranian media sources say.
The Isna news agency named him as Daryoush Rezaei, 35, adding that his wife was wounded. His identity has not been officially confirmed.
In 2010, nuclear scientist Massoud Ali Mohammadi was killed by a remote-controlled bomb in Tehran.
Iran blamed that attack on Israeli secret service Mossad. Israel has long warned about Iran's nuclear programme.
Yes, Mossad has warned Iran is three years away from nuclear weapons....since 1992. Every year.
Mossad: great at whacking people, but never ask them for the time.
Quote from: Cain on July 23, 2011, 06:04:40 PM
Another Iranian nuclear scientist has been assassinated
http://www.bbc.co.uk/news/world-middle-east-14263126
QuoteAn Iranian nuclear scientist has been shot dead outside his home in Tehran, Iranian media sources say.
The Isna news agency named him as Daryoush Rezaei, 35, adding that his wife was wounded. His identity has not been officially confirmed.
In 2010, nuclear scientist Massoud Ali Mohammadi was killed by a remote-controlled bomb in Tehran.
Iran blamed that attack on Israeli secret service Mossad. Israel has long warned about Iran's nuclear programme.
Yes, Mossad has warned Iran is three years away from nuclear weapons....since 1992. Every year.
Mossad: great at whacking people, but never ask them for the time.
Other than, you know, WAR and stuff, what's the big deal with Iran having nuclear capability? Isn't there other uses for nuclear science?
Freeky,
politic herp derp.
Iran uses a lot of oil it produces internally. If it has nuclear power, it can export more oil and gas. Most of that oil and gas will go to China.
If, however, it's government were to fall and a new, pro-American elite could be installed...well, contracts may have to be rethinked.
Also, if Iran gets the bomb, it means every state inbetween it and Israel will have to choose sides. Saudi Arabia may seek the bomb themselves and the region could fall under Iranian hegemony in the meantime. Also, Pakistan wont like it, as India and Iran have an understanding when it comes to their violent neighbour, which is "if push comes to shove, we both invade and raze Islamabad to the ground". So long as Iran only has conventional arms, Pakistan can probably persuade them to back off. But in a conventional fight, Pakistan is doomed if both countries work together, and if Iran has nukes it will be a conventional war.
It's like a boys club that doesn't want to allow new members. No one with any authority in Iran would actually be stupid enough to launch a nuke at Israel because Israel would turn that country into glass but the saber rattling serves to distract people from the fact that Iran is the Iran it is now because of British and US meddling in the 50's, 60's and 70's. The problem is if they DO get nukes and keep with the crazy president saying crazy things then at some point it could turn into a middle eastern cold war standoff of mutually assured destruction.
Of course then Israel might have to publicly admit to having nukes, something they don't want to do because it's against several nations laws to give aid to countries with nukes. Under the nonproliferation treaty I think.
Cain's probably more versed on this than I am and I'm nursing a bitch of a hangover and don't feel up do doing the research atm.
Quote from: Cain on July 23, 2011, 06:37:47 PM
Iran uses a lot of oil it produces internally. If it has nuclear power, it can export more oil and gas. Most of that oil and gas will go to China.
If, however, it's government were to fall and a new, pro-American elite could be installed...well, contracts may have to be rethinked.
Also, if Iran gets the bomb, it means every state inbetween it and Israel will have to choose sides. Saudi Arabia may seek the bomb themselves and the region could fall under Iranian hegemony in the meantime. Also, Pakistan wont like it, as India and Iran have an understanding when it comes to their violent neighbour, which is "if push comes to shove, we both invade and raze Islamabad to the ground". So long as Iran only has conventional arms, Pakistan can probably persuade them to back off. But in a conventional fight, Pakistan is doomed if both countries work together, and if Iran has nukes it will be a conventional war.
So it's mostly a "turd in the punchbowl" situation? Like, everyone else gets inconvenienced (at best)?
New news on Stuxnet.
Stuxnet Loaded by Iran Double Agents (http://www.isssource.com/stuxnet-loaded-by-iran-double-agents/)
I haven't gotten around to reading the whole article yet btw.
Ars Technica says:
Confirmed: US and Israel created Stuxnet, lost control of it--Stuxnet was never meant to propagate in the wild. (http://arstechnica.com/tech-policy/2012/06/confirmed-us-israel-created-stuxnet-lost-control-of-it/)
http://investigations.nbcnews.com/_news/2013/06/27/19174350-ex-pentagon-general-target-of-leak-investigation-sources-say?lite
QuotePresident Obama said he had "zero tolerance" for "these kinds of leaks."
Implying he has tolerance for any other kind? :lol:
Quote from: Doktor Howl on June 28, 2013, 02:24:05 PM
http://investigations.nbcnews.com/_news/2013/06/27/19174350-ex-pentagon-general-target-of-leak-investigation-sources-say?lite
They didn't find a convenient way to deflect onto a hapless lower official? Interesting.
Quote from: Cain on June 28, 2013, 02:41:19 PM
QuotePresident Obama said he had "zero tolerance" for "these kinds of leaks."
Implying he has tolerance for any other kind? :lol:
:lulz:
Quote from: Cain on June 28, 2013, 02:41:19 PM
QuotePresident Obama said he had “zero tolerance” for “these kinds of leaks.”
Implying he has tolerance for any other kind? :lol:
SHUT UP! TRANSPARANCY! TERROR! FREEDOM! HOPE! CHANGE!
Quote from: LMNO, PhD (life continues) on June 28, 2013, 03:38:03 PM
TRANSPARANCY!
You make me sad, the things you do to the queen.
In any case, what's everyone bitching about? As Terry Pratchett pointed out, "transparency" can mean either that you can see through it, or that you can't see it at all.