Slashdot Mirror
Stuxnet Analysis Backs Iran-Israel Connection
Trailrunner7 writes "Liam O'Murchu of Symantec, speaking at the Virus Bulletin Conference, provided the first detailed public analysis of the worm's inner workings to an audience of some of the world's top computer virus experts. O'Murchu described a sophisticated and highly targeted virus and demonstrated a proof of concept exploit that showed how the virus could cause machines using infected PLCs to run out of control. Though most of the conversation about Stuxnet is still based on conjecture, O'Murchu said that Symantec's analysis of Stuxnet's code for manipulating PLCs on industrial control systems by Siemens backs up both the speculation that Iran was the intended target and that Israel was the possible source of the virus. O'Murchu noted that researchers had uncovered the reference to an obscure date in the worm's code, May 9, 1979, which, he noted, was the date on which a prominent Iranian Jew, Habib Elghanian, was executed by the new Islamic government shortly after the revolution. Anti-virus experts said O'Murchu's hypothesis about the origins of Stuxnet were plausible, though some continue to wonder how the authors of such a sophisticated piece of malware allowed it to break into the wild and attract attention."
Symantec has also issued a lengthy and detailed dossier on Stuxnet (PDF).
So the entire idea of the "Israel created this to attack Iran" idea is based on finding the date May 9, 1979 hidden in the code - and that because it's the first day the current theocratic asshats running Iran beheaded the first Jew of their despotic regime? Really?
This is like playing Nostradamus. Pluck something vague, go hunting, and see what you can say later to claim you "predicted it." For instance, in Eastern bloc countries, May 9 1945 is "Victory Day." I'm sure some prominent politician somewhere in there also died on May 9, 1979. A google search for that date came back with 196,000 results just on the precise phrase "May 9, 1979".
Ridiculous.
So it's the new craze now, trying to get news outlets to listen to you using political/racial fear mongering virus news!
They were smart enough to write and deploy a complex virus, but stupid enough to include a reference to an obscure execution date of a prominent Iranian Jew; the first .Google hit conveniently pointing to the relevant Wikipedia entry. That screams red herring (en.wikipedia.org/wiki/Red_herring_(idiom)), not proof.
-- Cave quid dicis, quando, et cui
Why are they surprised that it broke out? That's probably part of the whole idea: seed the target area (presumably Iran) with flash drives with the worm on it, then sit back and wait. When world + dog gets infected, you know *someone* in your targeted area picked up the flash drives, so there's a very high likelihood that someone at your target site infected their PC.
Doing it this way allows the attacker to know that they've succeeded (and presumably to take whatever follow-up measure they had planned) without giving away who they are. Since *everyone* knows that the worm exists, there's no secret signal path to trace back to the author.
It's possible to attach significance to any given date in the past 60+ years to an important, though obscure, event that occurred in the Middle East. Someone dies, someone is born, or elected, or deposed, or a protest is held, etc.
I wouldn't be surprised if Israel really DID organize Stuxnet, and the date hidden in the code DID mean something, but whoever put it in there was referring to a completely different obscure historical event.
In Russia you don't blame code, code blames somebody else !
I for one respect their taking direct action in the interest of their national security. And if they can do so in a way that does not cost human life, all the better.
They want to start a war with Israel/Middle East because they know the US would get sucked in and weakened.
I don't buy this for a second.
Iran still has several thousand Jews living in Tehran and Isfahan. To refer to the execution of Elghanian is to invite the execution of some other scapegoat out of the Jewish community. The Mullahs of Iran are very, very easy to offend, tease, tweak, et cetera. There are plenty of ways to put insults aimed at them into this virus without pointing at the Jewish community, and rest assured any Israeli hacker knows plenty.
It doesn't reveal anything at all about who wrote it. Anyone could have put such a date or other breadcrumbs in there to deliberately mislead anyone who might look into it.
...was utterly unconcerned for any potential cost. Many countries use German-made equipment. A prior story covered an air crash in Spain caused by viruses on mission-critical computers, demonstrating that critical computers are poorly-secured. There are likely to be French and British nuclear reactors that use the specific machine targeted. The "collateral damage" could have been extensive. Whether the virus was written by a member of the security forces or a member of the general public, one single inadvertent contamination of the wrong machine could have cause a gigantic nuclear accident in some of the most densely-populated parts of Europe.
Is a temporary setback for Iran worth putting millions of European's live at risk over? (Yes, these countries ARE densely-populated. Britain isn't that much larger than Rhode Island but has over a quarter of the population of the entire United States. You don't need a hell of a lot to put a great many people in serious danger.)
As far as I am concerned, whoever wrote that virus is guilty of endangerment on a scale unimaginable by most people.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
It was Star Trek Next Generation - The Vengence Factor. Only one in a million Acamarians have the DNA which this virus was designed to kill.
Yeah, right. Israel creates this super-secret superworm, attacks Iran with it, after putting their fingerprints all over it just so that they will get caught by the first person to look at it in a text editor. All this knowing that it is going to infect the whole world and everybody is going to be coming after the authors with torches, pitchforks, and blood in their eye.
Of course, that explains it all.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
A google search for "executed in Iran" and "May 9, 1979" doesn't turn up any other names, but if I recall correctly, by that time Tehran's Evin Prison was already an abbatoir, with many more victims killed. Can any Iranian chime in on this ? By May, weren't the Islamists already massacring the leftists?
This is turning into something right out of the Art of War
RIP America
July 4, 1776 - September 11, 2001
This is compounded by the problem that people are presupposing the answer. From the start, it seems people have assumed this MUST be an attack against Iran and thus done by the US or Israel. As such their thought process is "Find evidence of US or Israeli involvement," and not "Try to find out the source of the attack."
If you look hard enough for evidence of something, you'll often find it, even when there isn't any, particularly when the standard for evidence is low. Same kind of shit with all the 9/11 conspiracy. People doing 9s 11s and so on all over the place. Snopes did a great bit choosing another number and showing how that was all over the place too.
Sorry, but I'd require a significant amount for than this to be convinced. This isn't evidence, it is speculation at best and conspiracy mongering at worst.
Technical analysis aside, all these Israel claims are based on huge assumptions and zero concrete evidence. Even if Israel did create this virus why would they put references in the code that led back to them?
And it adds up. Besides the "date", admittedly a bit of a stretch as you note, there are also references to "Myrtus" within a path left in the code. Myrtus, a type of myrtle, is possibly a biblical reference to the Book of Esther (Esther was originally called Hadassah - similar to the Hebrew word for myrtle) in which Jewish forces, after unraveling a Persian attack plan, stage a preemptive and successful assault against their adversaries. There is also the level of knowledge required for the targeting of Stuxnet, including highly specific details about its intended target that would have required internal knowledge of the kind that is likely to require espionage to acquire. Finally, there is also a cut-off date of June 24, 2012 when Stuxnet will go dormant. While not unheard of in the world of more conventional botnets, this is decidedly unusual and further points to a nation state's involvement.
Taking all that together, I think it's fairly reasonable to limit the list of suspects to those countries with a reason to be wary of Iran's nuclear program - of which there are, admittedly, quite a few. However, Israel does have a track record for being decidedly unsubtle when it is being proactive about such things, viz the 2007 air raid on one of Syria's nuclear facilities, or the murder of Mahmoud_al-Mabhouh.
UNIX? They're not even circumcised! Savages!
Exactly. It shows how badly the people analyzing the worm would like it to tie it back to a super-secret Mossad operation. Talk about "confirmation bias"!
Why did they just send an execution squad to kill Mahmoud al-Mabhouh in Dubai in a way that the whole fucking wide world knows it was them... and the agents where even filmed? Well, who knows, perhaps they like the publicity.
would Israel threaten to attack Iran? Oh, that's right: Iran is a state sponsor of terrorism and has threatened to attack Israel.
Wonder if he is the one that came up with Murphy's law!
Anti-virus experts said O'Murchu's hypothesis about the origins of Stuxnet were plausible, though some continue to wonder how the authors of such a sophisticated piece of malware allowed it to break into the wild and attract attention.
Seriously? We refer to this kind of programs by names like "worm" and "virus" because they resemble their biological namesakes in that they get into all kinds of places and reproduce. Who wonders about shit like this?
If Stuxnet was designed by a hostile state to damage Iranian industry, it's quite possible that, lacking any good way to deploy it inside Iran, it was released into the wild in hopes that it would find its way in on its own. Even states like the US and Israel, who probably have at least some operatives inside Iran, would probably prefer to take this approach than to risk compromising their inside operatives.
While Israel and the US are the most likely nation-state actors, it's worth considering that there are any number of NGOd that are hostile to Iran and would have the resources to hire programmers to build a worm -- if they didn't already have some in-house. It's also possible that this is the work of a lone individual: the idea that it would take a state actor to create a worm is even more laughable than SCO's contention that Linus Torvalds couldn't have possibly written a kernel by himself. And finally, Iran has plenty of competitors and outright enemies in the Islamic world. Pakistan in particular has the technical personnel, a nuclear monopoly within the Islamic world to defend, and an ongoing struggle with Iran over influence in Afghanistan. If I was forced to bet on the question, I'd put my money on Israel, but at the same time, I wouldn't be at all surprised if I lost the bet. Iran has lots of enemies, internal and external. It's almost like one of those cliched murder mysteries where a broadly disliked person is murdered and everyone he knew is a suspect.
Proud member of the Weirdo-American community.
Export 16 first checks that the configuration data is valid, after that it checks the value “NTVDM TRACE” in the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\MS-DOS Emulation
If this value is equal to 19790509 the threat will exit. This is thought to be an infection marker or a “do not in- fect” marker. If this is set correctly infection will not occur. The value appears to be a date of May 9, 1979. While on May 9, 1979 a variety of historical events occured, according to Wikipedia “Habib Elghanian was executed by a firing squad in Tehran sending shock waves through the closely knit Iranian Jewish community. He was the first Jew and one of the first civilians to be executed by the new Islamic government. This prompted the mass exodus of the once 100,000 member strong Jewish community of Iran which continues to this day.” Symantec cautions readers on drawing any attribution conclusions. Attackers would have the natural desire to implicate another party.
Next, Stuxnet reads a date from the configuration data (offset 0x8c in the configuration data). If the current date is later than the date in the configuration file then infection will also not occur and the threat will exit. The date found in the current configuration file is June 24, 2012.
But really, May 9, 1979 being Rosario Dawson's birthday puts this back on the teenager in his basement path to me.
While it could be possible organizations such as Mossad could be behind this, from what I've read about modern espionage, http://en.wikipedia.org/wiki/False_flag sounds equally plausible. Could be even a rival to Siemens. Or good old Ruskys or Chinese or Saudis for some reason. Someone else who would profit from Iran-Israel war? Eskimos? Obama's evil twin? Bush's good twin?
No way to know really - secret services & black ops people tend to be secretive an stirring that pot is certainly dangerous game.
This could have been VERY DANGEROUS if those boards went into productions and caused an industrial accident or worse yet, an nuclear one.
The origins of this code could be a mystery for a while. The connection to something in Iran seems clear.
Different techs and directors then get on the phones/emails within Iran and start getting/requesting more info and better reports.
Israel Army’s intelligence Unit 8200/Urim then sits back and watches Iran glow with new connections and sites.
http://cryptome.org/eyeball/ilsig/ilsig-eyeball.htm
Domestic spying is now "Benign Information Gathering"
"led back to them?" thinking of eternal 'discovery' news vs internal 'we did it'?
Think back to USS Liberty, Wrath of God and Spring of Youth and this post 911 talk show comment http://www.youtube.com/watch?v=o_V9seW4W38
Domestic spying is now "Benign Information Gathering"
Assuming the author was born in 1979 AND was born on the 9th of May, you'd have a 1 in 1 chance. Even better odds!!! ;-)
If I had mod point, I'd try to mod you up to 100.
See what he did there people? He found something else that fit the rather vague data, that weakly points to a totally different theory. This is even assuming the number there is meant to be a date.
That is precisely why shit like this is useless: If you look hard enough you will find evidence, even when there is none. I'm sure with a bit of searching, you could find a whole bunch of other shit that happened on that day. Of course you could probably find other things, real or imagined, that the number could stand for, including just a random string of digits.
This is a very excellent example of how your bias in what you are looking for can cloud what you find, and how easy there are many alternate explanations when you are going for weak "conspiracy theory" level evidence.
Other than a James Bond movie, CSI episode, or Dan Brown novel, I can't think of any circumstance in which your arguments could be called evidence.
Actually, all the bits pointing to Israel should be assumed to be evidence *against* a conspiracy starting in Israel.
Bits in code aren't like pollen or clay that get accidentally stuck to the culprit's clothing and shoes. It's not like software written in Israel would have any tendency to pick obscure references to Jewish culture.
Therefore, if there are some unneeded bits in the code that have references to Israel, the most logical assumption is that they were put there in order to draw the suspicion away from the true authors of the malware.
No actually. The leftists were anti-American so the regime kept them around
on purpose? I'm thinking you must be young and haven't learned just how bad a faux pas it is to incorrectly refer to a peoples.
Cubans are not Mexicans. ...
Persians are not Arabs.
One of Ted Kaczynksi's tactics was leaving false clues in every bomb to purposely mislead investigators into thinking they had a clue. Interesting that the targets here were industrial, and May 9, 1979 is also the anniversary of the second unabomber attack.
If someone wants to sign their code with a date, the most logical pick would be their birthdate
If you want to make a veiled threat, you wouldn't pick something that gets hundreds of thousands results in Google. You would try to make your threat clear but deniable
May 9th 1979. This is the anniversary of the US & USSR signing the Salt 2 treaty, limiting nuclear weapons.
Thus, the worm is OBVIOUSLY the cooperative work of disaffected former nuclear weapons designers in the US and Russia. They're angry that Iran is trying to build a bomb, and the sanctions on Iran won't let them make lots of money helping them like Abdul Qadeer Khan did.
And Myrtus is a religious reference to the practice of women wearing myrtle garlands in their hair during the Roman Veneralia festival celebrating the Goddess Venus Verticordia (Venus, the changer of hearts).
How can this be anything but a clear plea for those placing the sanctions to have a change of heart and allow these worthy weapons designers to support themselves in a thoroughly capitalist manner.
(If you take this seriously, I truly pity you. ;)
Did anybody else find it kind of odd that there is uninstall code included?
Could very easily be private individuals. Why? Who knows? Could be just to cause havoc, that's what many viruses are for. They don't have any point other than to cause trouble. This one is just better at causing trouble than most. Could be some Iran haters/Israel lovers who decided to take matters in to their own hands. They might not have a military but they have computers and so on. Could be Iran wasn't the intended target at all, just that they utterly fail at IT security since they are not very geek friendly (they frown on Atheists and drinkers, which are things geeks commonly are). Maybe a rival company wanted to make Siemens look bad.
That's the thing is we DO NOT KNOW who wrote this or why. If you start presupposing things, then you are biasing the findings you'll get. You will find what you are looking for if you look hard enough, no matter how wrong that is. You have to start by presupposing nothing, and just looking at the evidence. You then have to see what fits. The answer initially will be "There isn't enough evidence," and that may always be the answer.
However when you start making guesses as to who did it and searching down those paths, you are not going to have solid results.
Oh, there are lots of possibilities for who might do it. The list of groups and nations who would quietly or not so quietly be very happy to see a deniable dagger stuck in the back of the Iranian nuclear program is quite long.
I'll just toss up some involving Russia, the US and Saudi Arabia. (disclaimer: I have no particular reason to think they would do this, but as long as conspiracy theories are running rampant here on Slashdot, I'll add fuel to the fire. :)
If you are a Russian company that is doing engineering on the Bushehr plant, it could be an interesting way to make extra money. Plant a worm to damage the plant and then not only make the original contract money, but charge them a large extra fee for fixing the plant after the sabotage. Make it look like the Israelis did it, and you're home free. (There is speculation that the worm was funneled through Russian contractors doing work on Bushehr.)
Or, if you're the Russian government, Bushehr has been a sticking point with the Western powers. If it's be taken down by an ostensibly Israeli worm just as it's completed, you've fulfilled your commitment to the Iranians, and removed a point of contention. You could even have negotiated a valuable quid pro quo of some kind in return for that. (So sorry, Iran. We tried to finish the plant we've been delaying on for so long, but the Israelis broke it. Shucky dern... Of course, if we get ticked off at the US again, we could help fix it for a substantial fee. ;)
(As to possible paybacks: There has been a question of whether there was some quid pro quo for the US, seemingly unilaterally deciding to not put interceptor missiles in Poland. Russia helping scuttle Iranian nuclear ambitions would be a very valuable payback for that. For another tack, the Saudis are very worried about Iran's nuclear ambitions and their influence in OPEC could be very valuable for an oil exporter like Russia.)
Talk about "confirmation bias"!
Yes - exactly what I was thinking!
Sheesh, evil *and* a jerk. -- Jade
Iran has since blocked communications to Stuxnet's command and control infrastructure, he said.
That is certainly how they traced back to Israeli origins. The virus may call home from time to time, in a certain range of IP.
RIP Slashdot. I used to love you. dead account - but slashdot wont let me delete it.
Thought it was obvious by their flagrant tactics...
http://www.nytimes.com/2010/09/26/opinion/26friedman.html?_r=1&partner=rssnyt&emc=rss
I am tired of this. Israel, tell the controllers to blow up the plant. If it exists, then lets get rid of it.
I prefer the "u" in honour as it seems to be missing these days.
I'm wondering if Iran actually created this virus for some purpose but it accidentally got into their own systems or was released into them on purpose (at least the fake/dummy/low-level systems they don't care about). That kind of incompetence would be in line with leaving stupid fingerprints in the code like they have found.
Try a court of law. There's a reason for my use of the word circumstantial before the word evidence.
UNIX? They're not even circumcised! Savages!
It shows how badly the people analyzing the worm would like it to tie it back to a super-secret Mossad operation.
..or how badly the guys from Symantec would like to make the news.
Bits in code aren't like pollen or clay that get accidentally stuck to the culprit's clothing and shoes.
Actually, it kinda is, although you have it backwards -- what often happens is bits of info regarding the environment in which the code was developed get accidentally stuck in the code.
"Convictions are more dangerous enemies of truth than lies."
Ever noticed how anti-Semitism and illiteracy go hand in hand?
It's as though you need to be a fucking moron, to hate Jews with any credibility.
Every single thing about "dogzdik's" post (even his username) screams DUMB.
It's a Zionist plot I tell you!
Do you or your partner snore? - Visit www.snoring.com.au
False flag operation?
It seems like they're looking at this from the perspective of "Who, then why, then how".
For some reason, I feel the correct order of figuring this out should be "Why, then how, then who".
Why is the hardest part of this. You could easily solve it by saying "It's to damage the Iranian nuclear plant". That's could be a why, but it could also just be the method required for the "how". The why should be attempted first, who would gain from the Iranian facility being damaged, who could risk it going wrong, do they care about it going wrong, what resources are needed, many variables need to be solved before you choose a who or you'll see traces of your predetermined "who" whenever you look for the "why", and "how".
Your arguments sound and awfull lot like people who argue 9/11 was a government plot. Why do they argue this? Because they are afraid and can't deal with a world were a random group of individuals can do such a complex thing.
This is especially amazing as a story running at the same time is about the leaked Intel key. And of course the ongoing story of the PS3 being cracked.
Random individuals are a lot more resourceful then some people are willing to give them credit for. But blaming a shadow government for it is far easier to cope with because that means at least someone is in charge. In control.
Those "stolen" certificates also mean nothing. They get "leaked" all the time. Case in point, the Intel key, which was a LOT more valuable then the keys in this worm.
As for hackers knowing about Siemens... that is so easy and trivial to explain I hard find it worth the effort. But it is PUBLIC knowledge who supplies Iran with its tools. Export bans and all make sure everything has to be declared.
No, I look deeper and look at the fact this worm was so quickly discovered and so handily easily decoded with all these handy clues pointing to Iran's enemies. Mmm, a virus outbreak in Iran that nobody else notices, spreads uncontrollably yet then is near instantly dissected and points towards Iran's standard scape goats.
Gosh, how convenient.
Zero day exploits are a dime a dozen, smart people the same. This is just a worm that worked its magic in a mono-culture. The moment I start thinking "government conspiracy" is when someone reveals anything about the data transferred.
WHY would Israel do this? They got far better methods available. And they don't need to disable a windows PC of a nuclear reactor office workers. They got reliable aircraft to do that that send a far stronger message. They got plenty of experience with it.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
What I don't get is how can they get info from the binaries of Stuxnet.
The date it will go dormant OK, the program probably checks for it, but a past date like may 9 1979 ? And what about Myrtus ?
Btw I would think that the americans coded Stuxnet (they are the only ones that have a full acces to Windows source and the technological (read financial) capacity to build such a complex piece of malware) and asked the Israelis to take the blame for it, as they don't seem to care much about their international reputation.
Of course it's just a guess.
So, has anyone else suggested that it may have been an inside job? Maybe some rebellious Iranian faction wants to make life difficult for the religious government?
... also an analysis from F-secure about Stuxnet here.
Until the skies turn blue...
Until the air of freedom strikes us...
Iran has been threatening Israel since 1979 and has been attacking Israel and Israelis since 1982. Hell Hezbollah is backed, funded and armed by Iran.
I caught one of Hezbollah's gifts to Israel in 1994 when a 122mm rocket exploded in the north of Israel, so I'm really getting a kick out of your trying to paint everything as Israel's fault.
When Israel wins a war with outside help from the US, they want to keep the land they conquer without any concessions. When Israel loses a war and their foe has received outside help (however minimal), they decry interference in their affairs. They are like children who just want to get their way.
I say arm the Palestinians with the same weapons as the Israelis have. Then you won't have to complain about homemade rockets and suicide bombers, and I guarantee you peace would seem like a much more achievable goal for Israeli hawks once they have to deal with people with the means to fight back.
I am constantly reminded by that bit in the Battle of Algiers:
REPORTER: Isn't it cowardly to have bombs carried in baskets to public places by Muslim women?
LARBI BEN M'HIDI: Is it any less cowardly to bomb villages from planes with napalm? Give us your planes, and we'll give you our baskets.
May 9, 1979 - The U.S. announced that; after seven yars of negotiations, a new draft treaty limiting strategic arms had finally been completed by representatives of the U.S. and the Soviet Union. Though the exact wording of the accord would still have to be worked out by negotiating teams in Geneva, the SALT II treaty went beyond the SALT I agreement, which was signed in 1072 and expired in 1977. If and when SALT II was formally signed by the U.S. and the U.S.S.R. and ratified by the U.S. Senate, negotiations for a SALT III agreement would get under way. Though Carter declared that SALT II would "lessen the danger of nuclear destruction, while safeguarding our military security in a more stable, predictable and peaceful world," it was certain that the U.S. Congress would debate the provisions of the treaty with great intensity before the Senate vote on ratification. (source: The Britannica Archive)
Shhhh be quiet! We're trying to find an excuse for our left-brained hatred of Jewry, and don't want anyone to distract us with facts or logic!
The affinity (and frequent historical collusion) between the Western political Left, Muslims, the bygone Communists of Russia and the National Socialists of Germany is fairly striking: hatred and blaming of the Jews for all/many of their woes; top-down political structures which make people miserable; love for and acceptance of dramatic, glorious, image-invoking rhetoric; and ready acceptance of a Jewish scrapegoat.
If I were looking for a culprit in this worm, I'd be looking for someone with this shared affinity.
~/ssh slashdot.org ssh: connect to host slashdot.org port 22: too many beers
Nobody suggested or implied Israel can do no wrong. Which speaks volumes about copponex's large bias against Israel.
Jews and Muslims each have their own calendar, both quite different and with different starting years from the Christian (okay, now called "Common Era") calendar which this date allegedly is based on.
So WTF?
-- Alastair
I didn't knew George Bush was jew... neither Dick Cheeney.
It was the former governer of Alaska.
It pales in consequence of what that person could do if there was a true attempt to destroy.
If you read the very illuminating Symantec pdf, you would notice that they do not draw any such conclusion:
Export 16 first checks that the configuration data is valid, after that it checks the value “NTVDM TRACE” in the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\MS-DOS Emulation
If this value is equal to 19790509 the threat will exit. This is thought to be an infection marker or a “do not infect” marker. If this is set correctly infection will not occur. The value appears to be a date of May 9, 1979. While on May 9, 1979 a variety of historical events occured, according to Wikipedia “Habib Elghanian was executed by a firing squad in Tehran sending shock waves through the closely knit Iranian Jewish community. He was the first Jew and one of the first civilians to be executed by the new Islamic government. This prompted the mass exodus of the once 100,000 member strong Jewish community of Iran which continues to this day.” Symantec cautions readers on drawing any attribution conclusions. Attackers would have the natural desire to implicate another party.
It is very common for worms and viruses to have such a simple check/do not infect marker to make it easier to develop & test them, the choice of this particular string is interesting but not conclusive.
The extremely strong clustering of Stuxnet infections in Iran however makes it very clear that this particular country has been clearly targeted by the malware authors. Due to all the ways it can spread itself, they must also have used multiple attack vectors in order to get it onto as many relevant machines as possible.
Terje
See subject and this information, straight from their own talmud etc.:
http://www.waylanderskeep.com/2009/12/jewish-talmud-quotes/
****
1. Sanhedrin 59a: "Murdering Goyim is like killing a wild animal."
2. Abodah Zara 26b: "Even the best of the Gentiles should be killed."
3. Sanhedrin 59a: "A goy (Gentile) who pries into The Law (Talmud) is guilty of death."
4. Libbre David 37: "To communicate anything to a Goy about our religious relations would be equal to the killing of all Jews, for if the Goyim knew what we teach about them, they would kill us openly."
5. Libbre David 37: "If a Jew be called upon to explain any part of the rabbinic books, he ought to give only a false explanation. Who ever will violate this order shall be put to death."
6. Yebhamoth 11b: "Sexual intercourse with a little girl is permitted if she is three years of age."
7. Schabouth Hag. 6d: "Jews may swear falsely by use of subterfuge wording."
8. Hilkkoth Akum X1: "Do not save Goyim in danger of death."
9. Hilkkoth Akum X1: "Show no mercy to the Goyim."
10. Choschen Hamm 388, 15: "If it can be proven that someone has given the money of Israelites to the Goyim, a way must be found after prudent consideration to wipe him off the face of the earth."
11. Choschen Hamm 266,1: "A Jew may keep anything he finds which belongs to the Akum (Gentile). For he who returns lost property (to Gentiles) sins against the Law by increasing the power of the transgressors of the Law. It is praiseworthy, however, to return lost property if it is done to honor the name of God, namely, if by so doing, Christians will praise the Jews and look upon them as honorable people."
12. Szaaloth-Utszabot, The Book of Jore Dia 17: "A Jew should and must make a false oath when the Goyim asks if our books contain anything against them."
13. Baba Necia 114, 6: "The Jews are human beings, but the nations of the world are not human beings but beasts."
14. Simeon Haddarsen, fol. 56-D: "When the Messiah comes every Jew will have 2800 slaves."
15. Nidrasch Talpioth, p. 225-L: "Jehovah created the non-Jew in human form so that the Jew would not have to be served by beasts. The non-Jew is consequently an animal in human form, and condemned to serve the Jew day and night."
16. Aboda Sarah 37a: "A Gentile girl who is three years old can be violated."
17. Gad. Shas. 2:2: "A Jew may violate but not marry a non-Jewish girl."
18. Tosefta. Aboda Zara B, 5: "If a goy kills a goy or a Jew, he is responsible; but if a Jew kills a goy, he is NOT responsible."
19. Schulchan Aruch, Choszen Hamiszpat 388: "It is permitted to kill a Jewish denunciator everywhere. It is permitted to kill him even before he denounces."
20. Schulchan Aruch, Choszen Hamiszpat 348: "All property of other nations belongs to the Jewish nation, which, consequently, is entitled to seize upon it without any scruples."
21. Tosefta, Abda Zara VIII, 5: "How to interpret the word 'robbery.' A goy is forbidden to steal, rob, or take women slaves, etc., from a goy or from a Jew. But a Jew is NOT forbidden to do all this to a goy."
22. Seph. Jp., 92, 1: "God has given the Jews power over the possessions and blood of all nations."
23. Schulchan Aruch, Choszen Hamiszpat 156: "When a Jew has a Gentile in his clutches, another Jew may go to the same Gentile, lend him money and in turn deceive him, so that the Gentile shall be ruined. For the property of a Gentile, according to our law, belongs to no one, and the first Jew that passes has full right to seize it."
24. Schulchan Aruch, Johre Deah, 122: "A Jew is forbidden to drink from a glass of wine which a Gentile has touched, because the touch has made the wine unclean."
25. Nedarim 23b: "He who desires that none of his vows made during the year be valid, let him stand at the beginning of the year and declare, 'Every vow which I may make in the future shall b
Technical analysis aside, all these Israel claims are based on huge assumptions and zero concrete evidence. Even if Israel did create this virus why would they put references in the code that led back to them?
(why would they? duh right?), no offense just my thoughts.