Slashdot Mirror

← Back to Stories (view on slashdot.org)

A Finnish-Chinese Connection For Stuxnet?

Posted by timothy on from the fusion-cuisine dept.

Lingenfelter writes "I recently wrote a white paper entitled 'Dragons, Tigers, Pearls, and Yellowcake' in which I proposed four alternative scenarios for the Stuxnet worm other than the commonly held assumption that it was Israel or the US targeting Iran's Bushehr or Natanz facilities."

2 of 113 comments (clear)

  1. Re:Rather basic question by Anonymous Coward · · Score: 4, Informative

    On the presumption that this is some electronic device with a user-modifiable firmware (how else would the worm be able to modify it?) - what would stop Iran from taking an unaffected piece, dumping the firmware, and re-uploading it?

    Do a clean reinstall of Windows, and you're set to go.

    Is there something I am missing?

    Here's what you're missing:

    We originally only had two basic kinds of memory chips, RAM which is volatile, and ROM which was non-volatile. Then someone came up with a new chip that could be 'flashed', that is you could change the data values once but then it became completely non-volitile and was no longer updatable (WORM- Write Once Read Many).
    These were the first flashable chips, and had a finite amount of space to use for updates since once you wrote new data, it was there for good.
    Well we have largely moved away from WORM technology on most consumer devices, since it's a lot better to have a chip which is largely non-volitie but can still be updated so you don't run out of space or risk totally ruining the chip.

    But a lot of high-dollar embedded devices still use WORM chips. Why? Because devices like the ones in question are not only expensive in terms of the raw hardware, but also cost a fortune in license fees for the software which runs them. And the last thing they want is for someone to purchase the equipment from someone else (used or stolen, for example) and run their own software on it- the company makes nothing. So they use chips which are based on WORM technology, which means that a malicious (or bugged) update could easily prevent any further updates (upgrades or downgrades, it's all updates)... which would require replacing the chip. And in most cases, it would be an entire board not just a single chip.

    So that's basically a headache for any legit operation which has a support contract with the manufacturer (which they WILL have, always), they ship it back and the maker ships a new one. Or maybe just sends a tech to the site with a spare. Which is all fine and dandy when you're not a country under international embargo, and has multiple powerful nations working to prevent you from getting these machines in the first place. But when you are a 'rogue state' or whatever we're calling them today, getting a replacement chip with the proper software on it is probably even more difficult than just getting an entirely new unit on the black market.

  2. Re:If Lingenfelter is right by tacktick · · Score: 4, Informative

    Seriously?
    If it was an escaped Chinese military virus wouldn't it have been alot more deadly?

    Also, it was traced to a pig farm in Mexico.

    Now please coat your tin foil suit with tungsten carbide.You're gonna need it.