Stuxnet Analysis Backs Iran-Israel Connection

Trailrunner7 writes "Liam O'Murchu of Symantec, speaking at the Virus Bulletin Conference, provided the first detailed public analysis of the worm's inner workings to an audience of some of the world's top computer virus experts. O'Murchu described a sophisticated and highly targeted virus and demonstrated a proof of concept exploit that showed how the virus could cause machines using infected PLCs to run out of control. Though most of the conversation about Stuxnet is still based on conjecture, O'Murchu said that Symantec's analysis of Stuxnet's code for manipulating PLCs on industrial control systems by Siemens backs up both the speculation that Iran was the intended target and that Israel was the possible source of the virus. O'Murchu noted that researchers had uncovered the reference to an obscure date in the worm's code, May 9, 1979, which, he noted, was the date on which a prominent Iranian Jew, Habib Elghanian, was executed by the new Islamic government shortly after the revolution. Anti-virus experts said O'Murchu's hypothesis about the origins of Stuxnet were plausible, though some continue to wonder how the authors of such a sophisticated piece of malware allowed it to break into the wild and attract attention." Symantec has also issued a lengthy and detailed dossier on Stuxnet (PDF).

Re:Whoever did release this

[jd]

There probably aren't that many innocent Iranians in the vicinity of Iranian reactors - at least in comparison to the number of innocent Britons living next to British nuclear reactors. The problem with the "innocent Iranians" argument is that there will be plenty of people who would argue that it was "for the greater good". On the other hand, an accident in Europe or America that was due to the virus is indisputably not for the "greater good". As I've said before, I have a serious problem with assassinations of any kind of anyone. I recognize that this opinion is not universally shared, so the logical thing to do is to look at whether this virus would potentially harm those whom all concerned would agree are not acceptable targets.

Re:Wait a minute.

[Wyatt+Earp]

Who has "motivation, capability and demonstrated willingness", US, EU and Israel as state actors.

Russian Jews/Russian Mafia, Saudi/UAE/Qatar outsourcing for the technology to Malaysia, Indonesia, Pakistanis or the PRC (Saudi Arabia has a long history of high end weapons purchases from the PRC, perhaps including some atomic warheads).

But, of course Israel did it, and you don't need crazy cracker crumb clues.

Re:Whoever did release this

[jd]

The Internet Worm was programmed to not spread. Being programmed != being programmed correctly.

Re:Yeah, Right...

[Maltheus]

Israel has acted with impunity for as long as I can remember. It was only a few months ago that they executed an American citizen in international waters and all the US congress did was issue a statement of support. Obama didn't even request a return of the kidnapped. They sank the USS Liberty and the US military issued a gag order to prevent the soldiers from talking about it. Why wouldn't they see how far they can push it?

Re:Wait a minute.

[Moryath]

Or it could be a disgruntled Siemens employee or two.

Or it could be a dishonest competitor with connections to organized crime hiring their programmers for some dirty "sabotage" work - just think if every Siemens controller started going wonky, what companies that make competing PLC's stand to gain?

The reality is, conjecturing "Israel rawr" is the function of a bunch of people with previous axes to grind, not based on anything remotely substantial in terms of evidence. Someone else pointed out above that if we run calculations based on the idea of a team of 6-8 programmers, the likelihood of "May 9 1979" being just one of the programmers' birthday is pretty substantial.