A Finnish-Chinese Connection For Stuxnet?

Lingenfelter writes "I recently wrote a white paper entitled 'Dragons, Tigers, Pearls, and Yellowcake' in which I proposed four alternative scenarios for the Stuxnet worm other than the commonly held assumption that it was Israel or the US targeting Iran's Bushehr or Natanz facilities."

I did it.

[MrQuacker]

Since everyone else is taking credit, I might as well...

My paper is coming

[unity100]

In which, i will blame stuxnet worm on late Marilyn Monroe.

Re:My paper is coming

[ilsaloving]

I'm not sure I follow... how does version control fit into this?

Overthinking it

[mike260]

Israel is (by far) the most nervous about Iran's nuclear program, and already had one pre-emptive attack on a nuclear plant under it's belt that (in their worldview) was a resounding success and is a point of national pride.
So one of the drives targeted by stuxnet is manufactured in China...I hate to state the obvious, but what isn't?

Re:Overthinking it

[RenHoek]

Wasn't there a wikileaks cable about Israel preparing a cyberattack on Iran?

Re:Overthinking it

[eulernet]

And an iranian nuclear scientist has been killed recently:
http://www.bbc.co.uk/news/world-middle-east-11860928
And the article mentions that another one was killed at the beginning of this year.

It's more efficient to kill scientists than to use virus.
This is very similar to Mossad's ways http://en.wikipedia.org/wiki/Mossad

As usual, Iran blames Israel, and Israel blames Iran for this murder.

Re:Overthinking it

[mike260]

You can only kill the scientists and bomb the facilities you know about; a virus can go anywhere.

Re:Overthinking it

[gl4ss]

I guess the current way many finnish industrial machine manufacturing goes is that the first models are machined and done in finland and then at least parts manufacture is subcontracted from somewhere cheaper, also we don't have chip fabs in finland so naturally a lot of the parts need to be imports anyways. and another thing that's done on contract by finnish firms by finns is to go to a project site and fix up the mess that the export chinese workmen haven't been able to fix.

the finnish connection is an interesting one because there's plenty of people in finland who could've written stuxnet by themselfs(and access to fresh exploits and the means to look for exploits themselfs) and possibly had the information too - and quite low probability of getting connected to it by anyone else. but it's an obvious one that's hard to prove so it's just that it's targeting some finnish connection hardware that's the connection to finland. the motivation in that case wouldn't have been money, fame or such, it would be that it's just such a sweet target and even if caught criminal chargers would've been extremely hard to press(and even condemning it morally would have sparked a lot of discussion, after all stuxnet was a more civil way to slow the progress there than bombing some scientists).

finland does a lot of trade with many shady countries, nobody gives a rats ass you see(about what finland does and with whom) and economy isn't exactly booming so extra business is extra business, that's not to say that the iranians maybe hadn't lied about what they're going to use the machinery for - notice that had they been used for something else than what the iranians (now apparently confirmedly) were using them for then stuxnet would have done nothing :). they could've used them to run some fat seperators but nooo, had to use for some zero economical output work.

Re:Overthinking it

[grrrgrrr]

On the other hand China is the most obvious source of any cyber warfare or espionage. They have shown they can and will do it. So why not for this one? I think Israel would use one of the more trusted methods of bombing or assassination that is what they are known for and it has also the added benefit of showing your strength publicly as you point out yourself.

Re:Overthinking it

[Pharmboy]

I tend to agree, although the scientists that died of high velocity lead poisoning does sound like something Israel could and would do, very effectively. The problem with the US is that we are always too obvious, try to be "loved", and overly open about stuff like this. We save the secret spying and covert operations on our own citizens.

Re:Overthinking it

[mike260]

IMHO this also sends a message: "We've been peeing in your centrifuges for months without even having to leave our offices."
Mossad already had the ninja assassin rep, now they get to be ninja assassin hackers.

Re:Overthinking it

[LWATCDR]

Actually just about everybody is worried about Iran's nuclear program. Russia has it's own problems with muslim extremists and Iran and Russia are natural enemies that for now are cooperating. They do not want Iran to have nuclear weapons they just want to sell them stuff.
India doesn't really want an extremist Islamic nuclear power that could become allies with an extremist Pakistan.
Throw in France, Germany, the UK, Sweden, Italy, and all the nations near Iran and you have a long list. Frankly you can make it pretty easy.
Who wants Iran to have nuclear weapons.
The extremists elements of the Iran.

Who doesn't want Iran to have nuclear weapons?
Everybody else on the planet.

Of course you will have a few people outside of Iran but you get the picture. The world really doesn't want this.
 

Re:Overthinking it

[Xest]

"Israel is (by far) the most nervous about Iran's nuclear program, and already had one pre-emptive attack on a nuclear plant under it's belt that (in their worldview) was a resounding success and is a point of national pride."

Actually, it's done two. It bombed the Osirak reactor in Iraq and '81, and it bombed the Syrian nuclear installation in 2007.

But here's the point, when you consider that Iran is no more a threat to Israel than Iraq was then, and than Syria was in 2007, then why do you think if Israel is responsible, that they made such a change of tactics this time? Why switch to such a covert method that's at worst going to delay things a bit, and certainly not going to completely destroy the facility when their pre-existing modus operandi is simply to go in and bomb the installations? Something they're more than capable of doing.

You may be right that China didn't do it, but there's so many possibilities, just because Iran vocally hates Israel doesn't mean it's any more concerned than other countries. With Iran trying to build long range missiles capable of hitting Europe, what makes you think that pretty much any European country isn't responsible? It's arguable that even Saudi Arabia is more interested in dealing with Iran than Israel.

Yes you're right Israel has motive, but when they want to do something they also tend not to fuck around either, Stuxnet seems to very much be a case of fucking around. It seems more like something designed to disrupt Iran's ambitions rather than outright destroy them, likely to delay their programme to force them to sit at the negotiating table longer, again, something Israel tends not to care about if it's really bothered by something.

Re:Overthinking it

[grrrgrrr]

You think any intelligence organization has the knowhow to write a specialized worm like that? I think that is not how an operation like that is executed. They will really need to have a contact in the company that made the centrifuges to do it for them. That is also their main business having a network of contacts. It will be much more difficult for the mossad to have that kind of network or contacts in China than it is to just do the attack. That is why the articles argument is so strong in my eyes

Re:Overthinking it

[mike260]

The Military Option: Bushehr is not Osirak:

the GOI does not know where all of the targets are located

potential targets are well dispersed throughout the country, with several located in built-up civilian areas

any attack on Bushehr would likely result in Russian casualties and endanger Moscow's cooperation

Re:Overthinking it

[GameboyRMH]

Not really:

http://www.securecomputing.net.au/News/241927,cablegate-dsd-unprepared-for-cyberwar.aspx

The group also discussed Israeli nervousness over Iran's nuclear programme, the ONA expressing interest in Fort's and INR's assessments on Israeli "red lines" and the "likelihood of an Israeli strike against Iranian nuclear facilities".

Source:

http://images.theage.com.au/file/2010/12/15/2096934/Cables.htm

Re:Overthinking it

[Eunuchswear]

Russia has it's own problems with muslim extremists

Yeah, 'cos Shia Iran spends all its time cooperating with Sunni/Salafist jihadi groups.

Re:Overthinking it

[mlts]

China has a lot to gain by doing this:

1: Slowing down Iran's nuclear ambitions is in China's interests because when Iran does have the bomb, who knows what direction it may be sent.

2: Having Stuxnet blamed on the US/Israel is a good thing for China -- the more countries hostile to the west, the better.

3: If a conflict does break out, China could easily make a deal with Iran by offering to have the Red Guard protect the country in return for oil rights. This would ensure them a strong strategic base in the Middle East essentially forever.

But it may not be even China. Yesterday, along a similar topic, I stated that it could be a group of sociopathic people who have a skillz level far better than a script kiddy. There are people out there with a lot of knowledge and access to the 0-day scene who would love to do something like this just for kicks. They don't like any foreign power, so being instrumental in slowing one foreign power's aims while having it blamed on other people would accomplish their goals. There are people out there who would love to cause an incident, and then "watch the world burn", regardless of the consequences.

Re:Overthinking it

[Ben4jammin]

I agree with what you say about Israel, but that to me makes it LESS likely they would do something so indirect. From my limited knowledge of the whole thing, this attack appears much too subtle for Israel's taste...as in no bombs. A subtle approach like a virus where you really aren't going to be able to prove the source the way you can with aircraft and bombs suggests someone who wants to get it done without rocking the boat. Like someone with a bunch of side deals or other things at stake...both of which could describe the US and China.

I guess what I am trying to say is that IMHO when Israel does something, they WANT you to know they did it. For this virus, someone wanted to remain somewhat anonymous.

Re:Overthinking it

[Bill,+Shooter+of+Bul]

Its like you're wondering why anyone would ever improve their tactics. Why on earth did we start dropping bombs from planes, when charging head on into machine gun fire worked so well for the past 6000 years? Why on earth did we start using computers, when typewriters were cheaper and more available?

Stuxnet is an awesome weapon. It continues to screw up the centrifuges. They have no way of keeping their systems clean. No one died. No human casualties. No one's that ticked off at Israel, except Iran who has been calling for the destruction of Israel for the past 30 years. Sounds pretty good to me. If Israel didn't do stuxnet, they sure as hell should have, and owe whoever did a huge favour.

Re:Overthinking it

[Bill,+Shooter+of+Bul]

I think you have the Military confused with the Mossad. Military always wants cred. Intel Agency wants you to have a doubt. Having that little bit of doubt makes you hesitant, giving them a little bit more of an edge.

Re:Overthinking it

[ColdWetDog]

I guess what I am trying to say is that IMHO when Israel does something, they WANT you to know they did it. For this virus, someone wanted to remain somewhat anonymous.

But everyone (except notably the submitter) thinks it's Israel. Therefore, they win this round. The Israelis are indeed quite nuanced and capable of a wide range of 'interventions': Blowing up people with cell phones, disappearing people, generic spying, high seas piracy and more.

It doesn't just have to go kaboom. Maybe the fighter jocks get bonus points for air raids but it's always good to have access to a deep toolkit.

Re:Overthinking it

[Migraineman]

Why on earth did we start dropping bombs from planes, when charging head on into machine gun fire worked so well for the past 6000 years?

Was it over when the Germans bombed Pearl Harbor? Hell no!

Re:Overthinking it

[Unequivocal]

Bruce Schneirer debunked the sociopath theory reasonably well when he observed that this tool is very specifically focused. If this tool had been built with sociopathic/antisocial intent it would have f'ed-up way, way more public infrastructure world-wide.

Re:Overthinking it

[Pharmboy]

Interesting, but I find it difficult to envision China offering to protect Iran in this way, it would raise the ire of the entire world, including their best customer, the USA. No, China tends to stay a bit less involved in the public light. If China volunteered to protect Iran, which would be seen as helping them develop nuclear weapons, I'm pretty sure we would have B-52s carpeting the place as an emergency effort, within 72 hours. They can get there in about 18 to 20 hours with direct flight with mid-air refueling. Even China knows this could cause a global conflict, which would shut down their economy.

The U.S. has effectively, on many occasions, demonstrated the ability and willingness to carpet bomb brown people when it comes to oil. The Chinese know this.

Re:Overthinking it

[Xest]

"Stuxnet is an awesome weapon. It continues to screw up the centrifuges. They have no way of keeping their systems clean."

No it doesn't, this is the point. At the end of the day you can always just bring in clean computing hardware, or completely restart from scratch with the software. This is why, at worst, it delays things, and does nothing long term to stop the nuclear programming. It doesn't damage the hardware, it merely alters the operation of it, and if the hardware is intact- the most expensive and hardest part to get right, then isolating the systems and sorting the software once you know there is an infection isn't hard, just time consuming.

A military strike decisively destroys the plants and makes it prohibitively costly to start right from the beginning again.

Re:Overthinking it

[Bill,+Shooter+of+Bul]

Ohh... didn't pay attention to the source.

Well, Maybe this isn't true. But it might be. You never know with fox.

http://www.foxnews.com/scitech/2010/12/09/despite-iranian-claims-stuxnet-worm-causing-nuclear-havoc/#ixzz17fEbOlq4

Re:Overthinking it

[Bill,+Shooter+of+Bul]

Germans? I'm pretty sure it was the Persians.

Rather basic question

On the presumption that this is some electronic device with a user-modifiable firmware (how else would the worm be able to modify it?) - what would stop Iran from taking an unaffected piece, dumping the firmware, and re-uploading it?

Do a clean reinstall of Windows, and you're set to go.

Is there something I am missing?

Re:Rather basic question

[mike260]

Nope, seems about right. But you can reinfect a PC by inserting an infected USB key and viewing the contents, so until you know the infection-vectors (which took a while to discover) you'd have difficulty staying clean.

Stuxnet was made to stay undetected as long as possible - it only mucks about with attached drives (rapidly spinning them up and down) at long intervals and for short periods. So instead of a room full of exploding centrifuges, you get an abnormally high failure-rate. It even records sensor data from normal operation and replays it while it's messing with the drives to hide itself from anyone monitoring it.

Re:Rather basic question

On the presumption that this is some electronic device with a user-modifiable firmware (how else would the worm be able to modify it?) - what would stop Iran from taking an unaffected piece, dumping the firmware, and re-uploading it?

Do a clean reinstall of Windows, and you're set to go.

Is there something I am missing?

Here's what you're missing:

We originally only had two basic kinds of memory chips, RAM which is volatile, and ROM which was non-volatile. Then someone came up with a new chip that could be 'flashed', that is you could change the data values once but then it became completely non-volitile and was no longer updatable (WORM- Write Once Read Many).
These were the first flashable chips, and had a finite amount of space to use for updates since once you wrote new data, it was there for good.
Well we have largely moved away from WORM technology on most consumer devices, since it's a lot better to have a chip which is largely non-volitie but can still be updated so you don't run out of space or risk totally ruining the chip.

But a lot of high-dollar embedded devices still use WORM chips. Why? Because devices like the ones in question are not only expensive in terms of the raw hardware, but also cost a fortune in license fees for the software which runs them. And the last thing they want is for someone to purchase the equipment from someone else (used or stolen, for example) and run their own software on it- the company makes nothing. So they use chips which are based on WORM technology, which means that a malicious (or bugged) update could easily prevent any further updates (upgrades or downgrades, it's all updates)... which would require replacing the chip. And in most cases, it would be an entire board not just a single chip.

So that's basically a headache for any legit operation which has a support contract with the manufacturer (which they WILL have, always), they ship it back and the maker ships a new one. Or maybe just sends a tech to the site with a spare. Which is all fine and dandy when you're not a country under international embargo, and has multiple powerful nations working to prevent you from getting these machines in the first place. But when you are a 'rogue state' or whatever we're calling them today, getting a replacement chip with the proper software on it is probably even more difficult than just getting an entirely new unit on the black market.

Re:Rather basic question

[tacktick]

Stuxnet is quite the nasty piece of malware. There isnt anything simple about it.
This is Symantec's summary:

Stuxnet is a threat targeting a specific industrial control system likely in Iran, such as a gas pipeline or power
plant. The ultimate goal of Stuxnet is to sabotage that facility by reprogramming programmable logic controllers
(PLCs) to operate as the attackers intend them to, most likely out of their specified boundaries.
Stuxnet was discovered in July, but is confirmed to have existed at least one year prior and likely even before.
The majority of infections were found in Iran. Stuxnet contains many features such as:
Self-replicates through removable drives exploiting a vulnerability a llowing auto-execution.
Microsoft Windows Shortcut ‘LNK/PIF’ Files Automatic File Execution Vulnerability (BID 41732)
  Spreads in a LAN through a vulnerability in the Windows Print Spooler.
Microsoft Windows Print Spooler Service Remote Code Execution Vulnerability (BID 43073)
  Spreads through SMB by exploiting the Microsoft Windows Server Service RPC Handling Remote Code Execution
Vulnerability (BID 31874).
  Copies and executes itself on remote computers through network shares.
  Copies and executes itself on remote computers running a WinCC database server.
  Copies itself into Step 7 projects in such a way that it automatically executes when the Step 7 project is
loaded.
  Updates itself through a peer-to-peer mechanism within a LAN.
  Exploits a total of four unpatched Microsoft vulnerabilities, two of which are previously mentioned vulnerabilities
for self-replication and the other two are escalation of privilege vulnerabilities that have yet to be
disclosed.
  Contacts a command and control server that allows the hacker to download and execute code, including updated
versions.
  Contains a Windows rootkit that hide its binaries.
  Attempts to bypass security products.
  Fingerprints a specific industrial control system and modifies code on the Siemens PLCs to potentially sabotage
the system.
  Hides modified code on PLCs, essentially a rootkit for PLCs.

The full Stuxnet dossier for interesting reading:
http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_stuxnet_dossier.pdf

Chinas viewpoint on Iran and nukes

[antifoidulus]

China is actually worrying about Irans nuclear ambitions but for different reasons than most of the west is. They arent worried too much about Iran attacking any of its interest but dont want to see US influence continue to grow in the region

Its already well established(and the leaked cables support this) that many of the other countries in the area are quite wary of Iran and its ambitions, and a nuclear armed Iran would give the US and these countries a rationale for increasing US presence and influence in the region. China does not see this as being beneficial in the long run as it sees the US as its biggest, and really only, potential rival. Therefore they are against a nuclear armed Iran but on the other hand Iran is one of Chinas biggest oil suppliers and it really does not want to piss them off. So Chinas position is to try to prevent Iran from getting nukes while at the same time looking like the `good guy`. They often times abstain when it comes time to vote on Iranian sanctions in the security counsel. This essentially gives them an out, they can continue to see sanctions and pressure put on the Iranian nuke program without looking like a bad guy to Iran. They can always tell the Iranians that they were worried about vague and unspecified reprecussions if asked why they didnt vote no.

Re:Chinas viewpoint on Iran and nukes

> China does not see this as being beneficial in the long run as it sees the US as its biggest, and really only, potential rival.

That feels like some kind of logical fallacy to me - it's assuming China is really smart about one thing but really stupid about a bunch of other things (even when there've been clues that China is indeed aware of the other things). China has many rivals besides the US - India, Russia, maybe the EU, maybe Japan. They clearly know this, and clearly plan for it.

I bring this up because it complicates the analysis, of course. Between the two of us, we see multiple reasons China might act and multiple reasons it might not, all depending on how China thinks it might get away with using one rival to weaken another rival (or weaken both if possible).

But IMHO, the scenario that works worst for everyone is one where Iran actually does get nukes. Consider: if they have them, don't use them, and there isn't a war, Iran gains influence. If they have them, don't use them, and there's a war, there's a whole lot of damage and no matter who wins, there's a big military somewhere that everyone else doesn't want it. If they have them and use them, there's fallout all over places that all the big powers are interested. If they have them and ship them to terrorists, potentially *all of the above* happens at once. And at the very least, China needs to prevent a weakening of its major trade partners (else the trade dries up and China's current way of life collapses).

AND OF COURSE, E.T.

Because they have visited, and some have stayed on, as well. They are amongst us now. Aliens. Believe it !! Or not. I won't tell. They'll lock me up and throw away the key this time !!

It's about oil and coal

[moxsam]

Iran not only gets money but also Chinese coal in exchange for their crude oil that they sell to China. Now when Iran finishes their reactors, Iran needs less coal for making electric energy. But China will still need the oil. Thus they have to pay more for the oil. Even worse, the less coal Iran needs the less dependent they become on China, so they are more likely to sell thei oil to other countries.

Sabotaging the nuclear plants of Iran is a cheap way to sustain the co-dependancy between Iran and China.

Re:It's about oil and coal

[tacktick]

Now that is a tempting hypothesis.
But I'm going with Occam's razor on this one.

Who has the most to lose should Iran get nukes? Israel. Who has the most interest in the region? Israel. Who has the cash and the tech know-how? Who has a close relationship with a more powerful country with a _big_ interest in stopping Iran? Israel

If Lingenfelter is right

[Kupfernigk]

he has soberly pointed out a case of China engaged in cyber-warfare using means which have got out of control. (There seems to be a fair number of medical doctors who suspect that "swine flu" is actually a Chinese military virus that escaped from a lab.)

This will go against the entire business mantra, but if he is right the West really needs to pull back manufacturing of electronic devices and make more serious efforts to combat Chinese electronic warfare, because in this case they were either incompetent or simply didn't give a shit about collateral damage. Either option is exceedingly worrying,

Re:If Lingenfelter is right

[acidfast7]

As a microbiologist, I haven't anyone reputable suggest that H1N1/09 was engineered. Sounds like tin-foil hat material to me. And I wouldn't trust an MD/DO to speculate about the evolutionary origin of a virus.

Re:If Lingenfelter is right

[tacktick]

Seriously?
If it was an escaped Chinese military virus wouldn't it have been alot more deadly?

Also, it was traced to a pig farm in Mexico.

Now please coat your tin foil suit with tungsten carbide.You're gonna need it.

Re:If Lingenfelter is right

There seems to be a fair number of medical doctors who suspect that "swine flu" is actually a Chinese military virus that escaped from a lab.

Stop. Right. There.
"Medical doctors"? What are they basing their suspicions on?

You made this up or were fooled.

Re:If Lingenfelter is right

[John+Hasler]

I believe that the "AIDS is a CIA plot" bullshit started as Soviet propaganda in the eighties and evolved into the current set of conspiracy theories.

Re:If Lingenfelter is right

[Eunuchswear]

I believe the '"AIDS is a CIA plot" is Soviet propaganda' rumour started as a Belgian misinformation campaign in '93.

Re:If Lingenfelter is right

[ColdWetDog]

Seriously? If it was an escaped Chinese military virus wouldn't it have been alot more deadly?

Maelcum produced a white lump of foam slightly smaller than Case's head, fished a pearl-handled switchblade on a green nylon lanyard out of the hip pocket of his tattered shorts and carefully slit the plastic. He extracted a rectangular object and passed it to Case. `Thas part some gun, mon?' `No,' Case said, turning it over, `but it's a weapon. It's virus.' `Not on thisboy tug, mon,' Maelcum said firmly, reaching for the steel cassette. `A program. Virus program. Can't get into you, can't even get into your software. I've got to interface it through the deck, before it can work on anything...'

`What is this thing?' he asked the Hosaka. `Parcel for me.' `Data transfer from Bockris Systems GmbH, Frankfurt, advises, under coded transmission, that content of shipment is Kuang Grade Mark Eleven penetration program. Bockris further advises that interface with Ono-Sendai Cyberspace 7 is entirely compatible and yields optimal penetration capabilities, particularly with regard to existing military systems...'

Didn't you read the manual? You have to buy the things.

Re:If Lingenfelter is right

[Unequivocal]

Thanks - I was going to post similarly. I haven't heard a peep in any med lit about H1N1 being anything other than a natural variant. Maybe OP heard it at the doctor's office but you hear a lot at the doctor's office that is worth a second opinion.

Here's a question...

[Rone]

Interesting article, which (indirectly) raises an even more interesting question:

If China was behind the StuxNet worm, why would they risk undoing all of their careful origin-obfuscation work by subsequently carrying out two high-risk meat-space operations against high-level Iranian engineers?

One possibility is that they simply didn't . Once the worm came to light, some other intelligence agency with a more direct way of handling things may have decided to seize the opportunity to increase the worm's lifespan by eliminating the people most likely to stop it.

If two different parties were behind the worm and the assassinations, TFA's China theory might indeed be plausible.

Yet another daft conspiracy theory

A conspiracy theory, particularly one which is as convoluted and as baseless as this is, does not gain any magic credibility if the loony that devised it happens to write it down in a document which then proceeds to refer to it as a "white paper". I understand his desperate need to sell his little pet conspiracy theory on the authoritativeness of the "white paper" label alone but that doesn't make it any more true.

Finland? Not entirely implausible

[damn_registrars]

One of the world's most prolific spammers has hid out in Finland from time to time. While his hiding out there does not make an argument for Finland supporting his actions, it does suggest that it may be a place where computer criminals can hide out fairly effectively. Being as he was controlling a botnet from there to pump spam, it would not be hard to envision him using the same botnet to attack someone he views as an enemy - regardless of whether or not they have any negative affiliations with anything he does directly.

Of course if it really is Kuvayev - who makes most of his money selling counterfeit prescription drugs - he may actually be acting very short-sighted here. He may be concerned that radiation accident victims wouldn't want to buy his counterfeit viagra, while really he should be thinking of all the other drugs he could sell those people...

Endless loop.

[miffo.swe]

Iran needs nuclear weapons to be sure US and Israel wont invade. Those two knows that the minute Iran has nuclear weapons as a deterrent, they cant invade. This is an endless loop where Usrael says invasion is the only solution because Iran is trying to get nuclears to deter an invasion.

The only really path to getting Iran off the path to nuclears are that the US and Israel promises to not invade Iran. Since thats their goal they wont.

One can hope China will step in and assure the freedom of Iran from US/Israeli aggression and thus disarm the situation. Thus far China have taken a very laid back aproach to the rest of the world and tried to not interfere with other countries policies. Maybe the time has come to rethink that.

Re:Endless loop.

[miffo.swe]

I see you have eaten and digested the propaganda very well. Iran is not a crazy banana republic with raving mad leaders.

The US and Israel wants an excuse to invade, just as the lies about Iraq WMD was used to fool the world. It doesnt matter if Iran stops its (for now) civilian nuclear program, some other excuse will be made. Iran sadly needs nuclear weapons to protect itself from the US and Israel.

Do you seriously think Iran would launch a first strike at Israel knowing it would turn every square inch of Iran into a parking space?

Up until today Israel and the US has been far more aggressive against other countries than Iran, who furthermore has had to defend themselves from US weapons, chemical weapons and money through Saddam back when he was US best buddy.

Re:Endless loop.

[John+Hasler]

But the threat of attack by Israel and/or the USA (and the idiot "sanctions") is very useful to the rulers of Iran (Ahmadinejad is far from being a dictator). They need an external enemy to blame for all their internal problems.

Re:Endless loop.

[mcvos]

It's hard to say that the US isn't at least partially to blame for Iran's problems. It was a democracy until 1953, when, with the help of the CIA and the ayatollahs, the government was overthrown and the Shah placed in power. And it went downhill from there.

Re:Endless loop.

[Eunuchswear]

Go back to the democracy of before 1953.

Don't be ridiculous - after all the effort we put in to overthrowing it?

Do you seriously think Iran would launch a first strike at Israel knowing it would turn every square inch of Iran into a parking space?

With Ahmadinejad at the helm? I consider it a distinct possibility.

Well, it's a good thing he's not at the helm then, isn't it.

You do know he has no control over foreign or military policy?

Re:Endless loop.

[ThatsLoseNotLoose]

Are you serious about Israel invading Iran? Have you ever looked at a map?

If the US were to invade, there wouldn't be any Israeli involvement because none would be needed or wanted.

As for Israel invading? That's seriously daft. Israel's population is less than a tenth of Iran's and they are separated by 500 miles and two sovereign nations.

Israel has about as much ability to invade Iran as the state of Iowa.

If Iran IS invaded, they won't be getting any Chinese assistance for pretty much the same reason. China has no ability to project that much power that far away from home and they have historically shied away from that sort of thing anyway.

I suspect you are the type of person who sees Mossad agents behind your favorite football team's losses.

Re:Endless loop.

[Unequivocal]

Those last round of elections were free and fair? Ahmadinejad sure sounds like a nut job whenever he opens his mouth in public.

Don't get me wrong, I agree there's tremendous media bias about Iran. But the Iranian gov't seems pretty loco. The US gov't up until recently seemed pretty loco to me as well.

The Iranian police and paramilitary stomping on civilians during a peaceful demonstration looked a lot more to me like Burma than the US or Europe. I marched peacefully against the (second) Iraq war and no one stomped on me. The gov't didn't listen, but I think there's a pretty big difference between those two things.

Re:Endless loop.

[Unequivocal]

We definitely made the bed and now we're stuck lying in it. Good point. But it still doesn't un-crazy the Iranian theocracy. Crazy US foreign policy gave them the vehicle to come to power but those nutjobs are doing fine being crazy all on their own now.

Ditto for Afghanistan come to think of it (twice there - first in the 80's and now again with Karzai). The more things change, the more they stay the same..

Re:Endless loop.

[mcvos]

We definitely made the bed and now we're stuck lying in it. Good point. But it still doesn't un-crazy the Iranian theocracy. Crazy US foreign policy gave them the vehicle to come to power but those nutjobs are doing fine being crazy all on their own now.

Well put. That's exactly my point. I do think overthrowing governments, especially from the outside, has a tendency to bring the crazies out, though.

Chinas viewpoint on the US.

Its already well established(and the leaked cables support this) that many of the other countries in the area are quite wary of Iran and its ambitions, and a nuclear armed Iran would give the US and these countries a rationale for increasing US presence and influence in the region. China does not see this as being beneficial in the long run as it sees the US as its biggest, and really only, potential rival.

A rival that is not only it's biggest market, who if it went bankrupt would render all the debt China purchased worthless.

Re:Chinas viewpoint on the US.

[HiThere]

Not really, a large part of it maybe, but much of the debt has been translated into proper ownership.

Re:Finland? Not entirely implausible

[jovius]

Besides the attack has probably been devised using an operating system originating from Finland!

Realpolitik

[Dynamoo]

China is an intriguing idea as the source for the malware.. if you think about it, China's interests are in no way served by the nuclear ambitions of Iran and North Korea. Western military action against either could be disastrous for the status quo that China depends on, but equally they might not want to side with the west. So quietly sabotaging the nuclear programmes of either or both might be an example of Realpolitik - that is, practical politics that achieves useful results rather than grand gestures.

Re:RTFA?

[Spazztastic]

A spectacularly worthless summary.

And even in TFA you have to click through three different links just to download the white paper.

USB delivered.

[Anonymous+Admin]

China would be far more likely to imbed this in the motherboard or nic than to rely on USB as a delivery vehicle.

Stuxnet and Wikileaks

[giorgist]

I think you need to include the
Stuxnet Israel Wikileaks connection that was anounced in the last couple of days

Re:Zionist origin is attested inside Stuxnet code

[antifoidulus]

Yeah because a hardcore Jewish extremist would use the Christian calendar with the American date format to celebrate their martyr.....

Re:Zionist origin is attested inside Stuxnet code

[Cryect]

That is actually more of a Chinese date format which is the format frankly that makes the most sense (at least for sorting). American's use MM-DD-YYYY as the standard though there is some use of DD-MM-YYYY and YYYY-MM-DD depending on the field.

It was Nixie

[oakwine]

I don't see the Chinese ticking off a major oil supplier. China has nothing to win and much to lose in doing so. Stux (sounds like Tux) looks to me like the work of Nixie! Nixiepixel. Mother of All Evil.

The FSM did it.

You leave a dog alone with a steak. When you later come back, the steak is eaten.

Who ate the steak? It could of course be anyone or anything. It could even be the FSM.

In all recent stuxnet-stories I've read on slashdot I've found a lot of comments (modded +5) beginning like this:

I don't know why everyone is so quick to assume it's {USA,Israel} behind this. It could be {Random country, the Yeti}...

Which is of course true. If you don't know who did it, you don't know who did it. BUT! That doesn't mean every possibility has the same probability.

Re:The FSM did it.

[Unequivocal]

Great point. It reminds me of the O.J. trial where the prosecution DNA expert was explaining how the blood matched OJ's with a 1 in 6 million chance of being someone else (I'm fuzzy on the actual number - doesn't matter).

The defense lawyer asked the expert, "So did you test six million people to see if it matched all of them." The expert said something like, "No, we used a statistical procedure to determine the match, involving samples of 600 people's blood." (again I'm fuzzy on the actual #'s)

The defense lawyer said, "But what if the 601st person's blood had matched OJ's? No further questions."

Man we need to teach more stat or logic or something school..

+1 for hilarious

[tacktick]

Did you get the tungsten-carbide coated tinfoil idea from me?

Either way, how about going into business together?
There's money to be made from paranoid people..
Glenn Beck and talk radio do the prep work for us and we do Cha-ching!

Re:+1 for hilarious

[GameboyRMH]

I just pictured Glenn Beck proudly and slowly walking onto the set of his show in an elaborate tungsten-carbide-tinfoil suit, complete with a samurai-style helmet and a US flag strapped to his back.

"Today friends, I am immune to the electromagnetic radiation of the liberal media, and the silent-but-deadly kinetic impact of their hybrid cars. I can think freely and walk the streets without fear. Bring it on, Obama, if that IS your real name"

XD

Re:Yeah, anywhere

[LingNoi]

Stuxnet has been found throughout the world, you make it sound like they only found it in one facility.

Re:Zionist origin is attested inside Stuxnet code

[radtea]

That the date of death (19790509 or 9th of May 1979) for a jewish martyr, lynched during the iranian islamic revolution is hardcoded in a registry key used by Stuxnet. QED

Ok, I'm convinced: it wasn't the Israelis.

Two things convince me of that: the unbelievably lame little astro-turf campaign going on here with AC's all repeating "I'm gonna go with the OBVIOUS on this one" without one shred of actual evidence to back it up; and this particular claim that a group as canny as the Israelis would effectively sign the worm with a value that points back to them.

The astro-turfer's efforts are simply racist, no different from the police looking for a convenient person of the correct racial orgin to pin a crime on. You don't need to have any evidence, just a general knowledge that your favourite ethic group are likely to be criminals, so if a crime was committed it's OBVIOUS that one of them must have done it, right?

But this "signature" is proof of non-Israeli origin, as it requires an incredibly subtle and clever attack on Iran's nuclear program to also include an apparently clear indication of who did it.

In my experience with the Israelis, they aren't shy about taking credit. Nor are they shy about bombing Iranian nuclear facilities.

So sticking them with Stuxnet requires that Israel for some reason decide to take an indirect, deniable, clandestine approach, AND AT THE SAME TIME hardcode a clear pointer to Israeli origin in the code.

For anyone who finds anything "obvious" about that, I recommend a visit to Dr. Ockham.

Re:Zionist origin is attested inside Stuxnet code

[radtea]

That is actually more of a Chinese date format which is the format frankly that makes the most sense

It is the ISO date format: YYYY-MM-DD. It is the only acceptable standard date format for most uses.

People ignorant of modern standards, or incapble of adapting to changing times, still use some weird and archaic date formats, gifting us with ambiguous nonsense like 10/6/8.

Re:Zionist origin is attested inside Stuxnet code

[metrix007]

I have never understood why the US use MM-DD-YYYY...gosh darn it is retarded and backwards and arbitrary.

Yeah, I can write fiction too

[elrous0]

I'm sure I could concoct any number of scenarios if I really wanted to. But Israel is far-and-away the obvious suspect--with the obvious motive, means, and opportunity. Of course, they could have been framed--but then so could have O.J. and pretty much every guy on death row. It all comes down to whether you want to accept the simplest and most obvious solution, or construct a big conspiracy theory because you're such an Israel fan that you just WILL NOT accept that they might have done something like this.

Re:Yeah, anywhere

[rtfa-troll]

They knew about the design of the facility, but if I read the Symantec decoding of this they did it in a very generic way based on a specific configuration which is quite likely to repeat in all similar centrifuge sites. That would target both Iran and North Korea and even potentially Pakistan I guess. But it also means that it targets any facilities with a similar configuration. It would be very very very interesting to know if their targetting would cause a nuclear leak. If it did, would that be detectable from the outside. If so, did they then identify the location of other secret plants?

Re:Zionist origin is attested inside Stuxnet code

[Nadaka]

what is worse is that we also use DD-MM-YYYY at the same time, so two identical looking dates may have a different value, so you always have to know what the format is to correctly interpret a little less than half our dates.

Re:Zionist origin is attested inside Stuxnet code

[rtfa-troll]

Hand in your nerd card now. That is the date format. The ISO date format. The only one which alphanumerically sorts in proper order. The one which has no hundred year problem. The one which is easily upgradable to a 10kyear date format without changing ordering. They would use that because it is right. These are people who can make an virus attack on the other side of the world with precision and surprise. They will get the date format right.

Could it be...

[ducomputergeek]

Regardless of who actually did the deed, chances are a lot of folks where involved by knowing what was happening and deciding not to say anything to the Iranians about it. Sometimes the most effective spying is when you known, but say nothing.

There are a lot of parties that stand to lose from a nuclear Iran.

This is not about nukes

[moxsam]

The sabotaged facilities were for mainting nuclear power, not for producing bombs. There's yet to survive any the evidince that Iran has a nuclear weapons program.

China does not care about trade embargoes!

[moxsam]

But China never cared about the US-imposed trade embargoes. They won't certainly start to care in the future. The leverage of the US is simply too weak on them, to force them to stop trading Oil with Iran, for example.

I never said independet

[moxsam]

Less dependent on China's coal, is enough for Iran to buy less of China's coal, which is bad for China.

The reason China may export coal to Iran is not because they need to make money selling coal, but because they have to sell it to Iran in order to get the Iranian oil.