Slashdot Mirror

← Back to Stories (view on slashdot.org)

Stuxnet Analysis Backs Iran-Israel Connection

Posted by Soulskill on from the my-god-has-a-bigger-firewall-than-your-god dept.

Trailrunner7 writes "Liam O'Murchu of Symantec, speaking at the Virus Bulletin Conference, provided the first detailed public analysis of the worm's inner workings to an audience of some of the world's top computer virus experts. O'Murchu described a sophisticated and highly targeted virus and demonstrated a proof of concept exploit that showed how the virus could cause machines using infected PLCs to run out of control. Though most of the conversation about Stuxnet is still based on conjecture, O'Murchu said that Symantec's analysis of Stuxnet's code for manipulating PLCs on industrial control systems by Siemens backs up both the speculation that Iran was the intended target and that Israel was the possible source of the virus. O'Murchu noted that researchers had uncovered the reference to an obscure date in the worm's code, May 9, 1979, which, he noted, was the date on which a prominent Iranian Jew, Habib Elghanian, was executed by the new Islamic government shortly after the revolution. Anti-virus experts said O'Murchu's hypothesis about the origins of Stuxnet were plausible, though some continue to wonder how the authors of such a sophisticated piece of malware allowed it to break into the wild and attract attention." Symantec has also issued a lengthy and detailed dossier on Stuxnet (PDF).

5 of 307 comments (clear)

  1. It's public intentionally, duh. by gclef · · Score: 3, Interesting

    Why are they surprised that it broke out? That's probably part of the whole idea: seed the target area (presumably Iran) with flash drives with the worm on it, then sit back and wait. When world + dog gets infected, you know *someone* in your targeted area picked up the flash drives, so there's a very high likelihood that someone at your target site infected their PC.

    Doing it this way allows the attacker to know that they've succeeded (and presumably to take whatever follow-up measure they had planned) without giving away who they are. Since *everyone* knows that the worm exists, there's no secret signal path to trace back to the author.

  2. Really fails the smell test. by Apuleius · · Score: 3, Interesting

    Iran still has several thousand Jews living in Tehran and Isfahan. To refer to the execution of Elghanian is to invite the execution of some other scapegoat out of the Jewish community. The Mullahs of Iran are very, very easy to offend, tease, tweak, et cetera. There are plenty of ways to put insults aimed at them into this virus without pointing at the Jewish community, and rest assured any Israeli hacker knows plenty.

  3. Re:Proof??? by hex0D · · Score: 3, Interesting

    The whole idea could be is that it doesn't prove anything, but still tells everyone who's responsible. Perhaps a threat veiled enough to not be actionable legally, but still heard loud and clear. I see pulling that off as evidence of smarts, not stupidity.

  4. Ya by Sycraft-fu · · Score: 4, Interesting

    This is compounded by the problem that people are presupposing the answer. From the start, it seems people have assumed this MUST be an attack against Iran and thus done by the US or Israel. As such their thought process is "Find evidence of US or Israeli involvement," and not "Try to find out the source of the attack."

    If you look hard enough for evidence of something, you'll often find it, even when there isn't any, particularly when the standard for evidence is low. Same kind of shit with all the 9/11 conspiracy. People doing 9s 11s and so on all over the place. Snopes did a great bit choosing another number and showing how that was all over the place too.

    Sorry, but I'd require a significant amount for than this to be convinced. This isn't evidence, it is speculation at best and conspiracy mongering at worst.

    1. Re:Ya by LWATCDR · · Score: 4, Interesting

      Well let's make a list of the countries that have the resources to do this and the motivation.
      1 The US.
      2. Israel.
      We know both of their motivations but I can think of a lot more.
      3. India. A nuclear Pakistan is bad enough without a Nuclear Iran.
      4. Russia. Blow up some stuff sell them new stuff. Repeat until rich. Plus Russia has no real desire to have a nuclear Iran on it's door step.
      5. Saudi Arabia. They have the money and no Love for Iran.
      6. France. They where allies with Iraq durring the Iraq Iran war. They don't want Iran to be a member of the Nuclear Club.
      7, Germany. The PLC where made by a German company. They have no desire to see Iran have nukes.
      In fact you can put all of Europe down as have both the motivation and the ability "Okay maybe not Luxembourg" to pull off this attack.
      And most of the Middle East as well has motivation and a team of CS majors with a hacking talent can not be that hard to find.
      8. China. They are now a world power. They do not need Iran trying to stir up trouble.
      9. The UK. I mean really that should be a given.
      So about the only nations with a large industrial base and high levels of education that I would rule out are.
      Canada, Australia, New Zealand, Japan, South Africa and Brazil. And frankly any one of them could have done it just to defuse the issue and try to stop a nuclear war in the middle east.
      Frankly I don't think that Israel or the US would have put a date in pointing to Israel.
      Now Russia on the other had I could see doing it. But it is all guess work with no proof at this point.

      --
      See my blog http://ilovecookes.blogspot.com/ for light hearted technical information.