Slashdot Mirror
New York Times Reports US and Israel Behind Stuxnet
Oxford_Comma_Lover writes "Confirming heavy speculation in the Slashdot community, the New York Times reports that joint US-Israeli efforts were almost certainly behind the recent Stuxnet attack on Iran's nuclear program." The article stops just short of saying in so many words that Israeli is the doer, but leaves little doubt of its conclusion.
They probably "almost certainly" did, but the NYT article is still just speculation. The haven't confirmed anything.
It will considered an act of war resulting in the real thing, of course.
For justice, we must go to Don Corleone
WhooRah!!
You really have to hand it to Israel, they continue to be the very best at cloak and dagger style work. Yes, I consider this C&D due to its ingenious nature. Spread a massive virus across as many systems as you can, and nestle a chunk a code in it to only activate on the correct system. This not only requires the method to spread it, but far more impressive is the fact that it required the correct code for there machines. This means they do 100% have spys inside of Iran's nuclear systems and gives a butt load more credit to the statements made by Israel and America about Iran's nuclear goals. Well done
So basically, -1 troll/offtopic is really slashdots way of saying "I hate that you thought of something before me."
In this case whoever did it seems to have averted war at least for a few years.
There was some decent evidence that it was actually a Chinese-Finnish operation
My guess is when it's all declassified in 100 years or so we'll find out it was actually created out of different virus cross breeding and the Internet has been alive this entire time. Yea, I'll be shocked too.
You'll never be able to trust anything more complex than a simple light switch ever again. Wait till all this crap gets into your "smart grid". It'll be comedic to say the least.
For justice, we must go to Don Corleone
What's wrong with doer? It's a perfectly good English word--it was quite old already when Shakespeare used it.
.sig withheld by request
Jason Wright, the OpenBSD developer funded by NETSEC to work on IPsec (and allegedly put in backdoors for the FBI) went to work at the DHS cyber security lab that the NYT is saying helped do Stuxnet http://nyti.ms/grd51X http://bit.ly/feB9ZV
SecTor 2008 gives his speaker bio http://www.sector.ca/speakers2008.htm
I am not making this up.
I'll have to put it in a blog post this evening. See homepage link.
My guess is when it's all declassified in 100 years or so we'll find out it was actually created out of different virus cross breeding and the Internet has been alive this entire time. Yea, I'll be shocked too.
Yes, it might be pretty shocking to find yourself still alive 100 years from now - but I imagine you'll have had plenty of time to adjust in the meantime.
#DeleteChrome
Since when is the media considered factual confirmation? "Hey, let's all go out and look at the Inquirer to get proof that aliens exist!" While it is almost certain that the attack did originate from the suspected nations, a better wording would be, "supporting /* speculation" rather than "confirming" seeing as NYT is certainly not the fount of truth and honesty in reporting and fact-finding. Now excuse me while I go study on Wikipedia...
What's wrong with doer? It's a perfectly good English word--it was quite old already when Shakespeare used it.
Regardless of the appropriateness of "doer" the most obvious fault is with "Israeli." Presumably we are are talking about the actions of the government of Israel. In which case "Israel is the doer" would be appropriate. If your were talking about the people of Israel committing the act, then "Israelis are the doers" would be an acceptable phrase.
Much better would be "The alleged culprit is the government of Israel."
... and then they built the supercollider.
There are a few important aspects of the story that didn't get covered by the NYT. One is that there was no mention of the origin of the 4 zero-day Windows vulnerabilities and another is the insertion method. Obviously Stuxnet wasn't just blasted out on botnets. Someone got it very close, probably into a facility or more than one facility, or perhaps into a government office or contractor. That's one of the aspects of this that always told me it was a state actor with quality human intelligence capabilities. Actually, my wild guess before is that a contractor from Siemens or someone like that spread it. Which brings up another aspect of this: This story can't be good news for Siemens's customer relations, especially with their government customers.
I have to agree with those that think this article was a bunch of innuendo and unsubstantiated statements.
.."
"...when it began circulating around the world, unexplained, in mid-2009.
I found it extremely funny when they mentioned that the worm had no explanation of it's purpose, as if that were somehow indicative of a covert and malicious nature.
So, does anybody out there know of any worm, virus, trojan, or other malware that actually comes with a manifesto to explain it's existence/purpose?
By the way, all the pundits saying it would take the resources of a government to create that worm know very little about what it actually takes to make one. It did however take very intimate knowledge of the code running on those systems, so the creator probably has a copy of the source code on those machines, or the equivalent. (I'm pretty sure it's too large to be memorized by a single person.)
considering that 1. Massive numbers of Jews left Russia to go to Israel in the past 20 years 2. Massive numbers of those Russians know a shitload about computers and 3. Massive numbers of them keep contact with their buds in Russia and 4. Russia has been helping Iran with its 'civilian' nuclear program for a long time. Now, 4 is probably at the behest of the CIA, who pays the Russians big bucks to go "help" Iran. Thank god, is all I have to say, because of the Russians weren't inside Iran's program watching it, then the Chinese would be, and that's the last thing we need, a China-Iran alliance.
Iran has oil. North Korea are just a joke.
Now albeit through anonymous sources that government powers are developing malware, how will it be either through legislation, treaty or "gentleman's agreement" that anti-virus software manufacturers will have to look the other way for certain payloads? Is this already happening? Certainly the Third Amendment tells us we don't have to use our homes to quarter soldiers, but will the government use its citizenry's hard drives and bandwidth to host a weapon?
There are two kinds of fool. One says, This is old, and therefore good. And one says, This is new, and therefore better.
There's nothing wrong with the word 'doer', however saying "Israeli is the doer" doesn't quite make sense. That would be like saying "American is the doer."
Perhaps they meant to say that "the Israelis are the doer" or "the Israeli government is the doer" or simply "Israel is the doer".
My blog
2) This is much, much preferable to Israel bombing (or even nuking) bits of Iran. Shutting down their nuclear bomb program this way is far better - of course it also lets the cat out of the bag.
Much preferable, but much less effective.
I'm currently working my way through the article, but I'm sure a collection of sane countries helped out on this. I would guess the Saudis, the Brits, and the Germans helped out in some form or another.
Except for ending slavery, the Nazis, communism, & securing American independence, war has never solved anything.
Doer is a perfectly cromulent word
...you need to build all your own shit, from the ground up.
For now, anyhow. Maybe, in the future, it will be OK to buy your infrastructure off of Craig's List and eBay... (or various Euro conglomerates) but for now, if you want the job done right, do it yourself.
In this case, I think a Simpson's quote, from Nelson would be appropriate - "Ha Ha".
This issue is a bit more complicated than you think.
What would you rather have, Israel and the US bombing Tehran, or the CIA and Mossad making a computer virus to disable centrifuges? I think I'll open door #2, thank you very much.
Either way, you have collateral damage; I just think the world is better off with fried OS installations than fried humans.
"Screw Sun, cross-platform will never work. Let's move on and steal the Java language." - Visual J++ Product Manager
...that NYT does all this work on StuxNet and so little on the current US administration and its allies?
Prove the government did it.
The government would claim state secrets and walk away.
You are entitled to your own opinions, not your own facts.
North Korea are just a joke.
That's what MacArthur thought.
The funny thing about modern war is that everybody loses. The victor loses too. That the enemy lost more doesn't negate your own losses.
And right now, I don't think the US could afford "winning" another war.
1) While technically impressive, this is not "cloak and dagger" by any stretch of the imagination. Everyone knows Israel did it. They broadcast the code all over the world. "Cloak and dagger" implies some degree of stealth or misdirection.
2) If Israel had a spy in Iran's nuclear systems, why would Stuxnet have leaked out? Why wouldn't all the centrifuges just quietly self-destruct? It didn't take espionage to get the technical specs on Iran's centrifuges. They were reported to the IAEA. Sure, it's not impossible, but seems unlikely.
3) For the US, war is basically a right-wing welfare program, so there is constant pressure for lucrative new targets. Israel is perpetually engaging in economic warfare against basically everyone. The scare-mongering with respect to Iran's nuclear power program is just typical, sabre-rattling, lies exactly like those told about Saddam to drum up the Iraq invasion. An energy-independent Iran poses the same threat as Saddam's pricing oil in Euros and state gas subsidies: hastening the end of petrodollars and cheap oil for the US.
"I assumed blithely that there were no elves out there in the darkness"
Or if there's a big war and there's only one Israeli left, that would work, too: "The Israeli is the doer."
Unity? Screw that: XFCE. Slashdot Beta? Screw that: SoylentNews. Australis? Screw that: Pale Moon. UX developers DIAF
are either denying the obvious/equivocating ridiculously i.e. "this is not confirmation, so we can't take it as fact, even though it's almost certainly true" or flat out justifying the sabotage. If some Chinese hacker group (which would clearly be some shadow arm of the EVIL COMMUNIST PARTY) did this to an American government institution, the masses here would be calling for immediate war against China.
The Western hypocrisy is strong with Slashdot, as it has always been. It loves to get on its soapbox and be sanctimonious when non-allied nations try to defend themselves against Western imperialism, but it's clear that when it's your team doing it, it's all good, just like in a sports match.
ingenious act of sabotage? They messed with a MS driven usb product?
Script kiddies and perl coding UFO hunters play with MS everyday.
Iran should have had its own networks, own software, own sealed production lines.
They went cheap and saved time. The mistake was noted.
Real ingenious acts enter fiction and are exposed as been reality many decades later.
Domestic spying is now "Benign Information Gathering"
The big thing in this article that stuck out for me was that Siemens participated with the Idaho National Lab to do a security audit of their software.
We now know that cooperating with the US Government in this regard is giving up your customers to them, effectively.
What if the Siemens gear were a few generations ahead and automatically updated itself online? Would they be barred from issuing some fixes? Did Siemens even get a full report of what was found? Was their participation in this exercise a requirement for some other business contract?
We've read previously that Stuxnet used 4 0-days in Windows to propagate. So, we can assume that part of the US Government knows about holes that affect its citizens' economic and real safety, has DHS/US-CERT in place, but does not disclose? Does CERT know about these and sit on them or are they in the dark as well?
I'm not necessarily arguing that the ends weren't justified, but it's important to understand just how everybody's relationship is structured here with regards to computer security.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
I'm sure they wish they had a refuge from this deluge of centrifuge subterfuge.
1) I didn't think the US was sophisticated enough to help with something like this, much less keep its Facebook privacy settings. Maybe the US contribution was just 'click on google.ir?'
2) This is much, much preferable to Israel bombing (or even nuking) bits of Iran. Shutting down their nuclear bomb program this way is far better - of course it also lets the cat out of the bag.
1) You're joking, right? Oh yeah, the U.S. has never had a sophisticated covert program.
2) yeah, your spot on with that one.
The third alternative would be to simply stop the provocative rhetoric and let them be.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Friends don't let friends enable ecmascript.
The beautiful thing about language is the inferences that can be naturally made and understood in certain phrases because of your continued use of a language. Saves everybody time, and it makes grammar snobs like you seem annoying, which hopefully keeps your arrogant ass out of the gene pool.
Of all the Universal Constants, here's one I know: Nice guys finish last
Without "grammar snobs," language wouldn't exist as more than a series of grunts. The beautiful thing about language is that we can refine it and use it to perform amazing tasks if we use it precisely.
... and then they built the supercollider.
Methinks thou dost protest too much.
much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell
1. its illegal for you to marry a non-'common sense american'
2. you are not allowed to work
3. your house/apartment has been taken from you and you live in a walled ghetto
4. your money has been 'kept for safety' by a special bank for 'common sense americans' only
5. your place of worship got burned down last year
6. several of your friends are dead
7. within 6 years, everyone you ever knew or loved will be a skull in a mass grave
8. you live in a one party state without any elections, with one single labor union controlled by the state, a massive military industry based on slave labor, and a dictatorial leader who has corrupted the entire court system, and replaced the constitution with laws that specifically single out 'common sense' americans for death or imprisonment
yes. i can see very much how being a "common sense american" is JUST LIKE being a german jew in 1939.
People who are seriously religiously insane tend to spend their time at the Mosque praying. Even if there's some multiple personalities involved, at least one of the guy's personalities has to be pretty calculating to have got to the level of power he has got to in the place he got there.
=~ s,(.*),<sarcasm>$1</sarcasm>,g if any_point_you_wish();
Of course, Wikileaks may help speed that up.
The funny thing about modern war is that everybody loses.
That's why they invented the term "Pyrrhic" after WWII.
That has already happened with the Sony rootkit.I think it was f-secure that had heated discussions with Sony for about a week before releasing the information to the press and their virus definition - and that may have only been because there was a non-commercial fix by then. All of the others were silent but some were reported as corresponding with Sony on the issue. The company that did release information to the press had most definitely been asked to enter a "gentleman's agreement".
Without "grammar snobs," language wouldn't exist as more than a series of grunts.
I think you just described the English language.
Learning other languages has taught me how disorganised and chaotic English is, especially the spelling but including the grammar.
When my ESL friends worry about their mistakes in English I say: "Its ok, you can't possibly butcher English any worse than its native speakers already do."
In the free world the media isn't government run; the government is media run.
Well a gentleman's agreement between corporations are lubricated with money. Between a government and a company? I assure you Uncle Sam would appeal to patriotism and expect one to lay back and take it while thinking of their country with nothing more to ease the experience. Probably even given threats as to what would happen if one did not cooperate.
There are two kinds of fool. One says, This is old, and therefore good. And one says, This is new, and therefore better.
Well it seemed very likely to be from Israel. They had means and motivation. Furthermore, there were hints to suggest it was from the virus creators and deployers themselves. Israeli motivations would be to let everyone know who did it, but deny proof. Sort of like a kid in a class winking at a teacher who knows they were the one that threw something, but didn't actually see it.
But the question was more whether it was only Israel that did this, or whether there was US involvement. That the article suggests the US were also involved, is a shame. Israel has been wagging to dog for way too long now, and their behaviour has long been more antagonistic than it would be, if everyone didn't view the US as their pet attack dog. I've mixed dog metaphors horribly. You know what I mean.
Aide-toi, le Ciel t'aidera - Jeanne D'Arc.
For all we know it could be a false-flag attempt at starting something from Iran.
Really unlikely. For one, Iran doesn't want war. For two, Israel and the US would know it wasn't them and both have far too powerful media control over their populations for a false-flag to work either governmentally or with the publics of those countries. Similar reasons mean Iran wouldn't need to pull such stunts against their own people and they'd either be damaging their own infrastructure or faking the virus, and the virus has already been examined. So that would just leave influencing other big actors such as Russia. And if something kicks off, the big actors are going to be choosing sides according to their own interests, not who is in the right.
Aide-toi, le Ciel t'aidera - Jeanne D'Arc.
Tell me then how much money you think Sony gave to the antivirus companies to look the other way? Are you suggesting bribery was involved?
I don't think it was.
I think it was a situation of "might makes right" with the large corporation of Sony possibly making threats involving expensive legal action where the one with the deepest pockets wins instead. That makes it very similar to what an organisation connected to a government would do.
Iran should have had its own networks, own software, own sealed production lines.
No country does that, pretty much all countries do what Iran does for turbine production ie. buy them from Siemens, develop using windows workstations (because Siemens development environment is windows based).
Ahhh, General Pyrrhus, hero of D-Day. We will never forget you.
Aide-toi, le Ciel t'aidera - Jeanne D'Arc.
"Siemens" as "Siemens" consistently in a single article? Where do people get "Seimens" from?
And somehow the NY times has some credibility?
Not with me they don't. Pretty easy to make up anything they want and publish it as fact when Neither of the Gov'ts involved will be willing to say "yup .. we did it" LOL
Hurricane Island Outward Bound
OB
According to the article, Israel asked the U.S. for bunker buster bombs and the U.S. refused. That doesn't sound like Israel controlling the U.S. And why would it be a shame for the U.S. to be involved...unless you think it is a good thing that Iran gets the bomb. Once they do, expect several other countries in the mid-east to start their own programs to get it. Why, in 20 years, when they are all nuclear armed, it will be nice bunny world for all.
Clear as the sun!, US is behind it.
Has Struxnet actually made the situation any better though? It may have set the Iranian nuclear program back a year or two but it has also strengthened their resolve and given them even more reason to want to develop nuclear weapons. Israel (and maybe the US) have basically declared cyber-war on Iran by attacking its infrastructure and energy production.
At best this will hold Iran back for a year or two but what happens after that? Diplomacy is much harder when you are at war with the other guy.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
To me, this looks like some reporters decided on a conclusion ( "The U.S. and Israel did it!") and then went and dug up a bunch of information that kind of supports their conclusion but doesn't actually prove it but didn't examine any other possible ideas, then published it as "We can't prove it but this is exactly what happened, honestly, it the truth!"
...they actually didn't report that. But we all *know* who did it, so that makes it okay to say they did, right?
Wow, that got my head spinning...
how long until
Fascinating. It appears that the Western Democracies are simultaneously the most vulnerable to cyber attack, and the most capable of launching cyber attacks.
That creates an unique and fantastic challenge and conundrum for our diplomats responsible for negotiating treaties regarding cyber warfare.
Perhaps my great grandchildren will get to read the actual story of how they navigated that narrow path. For now, we can only hope that Tom Clancy might be inspired to write one of his marvelous novels around this theme. I'm sure it would make fascinating reading.
Where is the uproar over the possibility that there was another leak involved with American intelligence efforts? Leaks like this have been happening for decades, so why the uproar over wikileaks?
Yup - this is why most countries try to source all their military supply chain from friendly countries, if not 100% domestic. The US won WWII because it could build ships/tanks faster than anybody could destroy them. It started out WWII much weaker than their opponents. The US could meet almost all of its production needs domestically, and geographic barriers protected the means of production.
Now, I'm not sure how likely a protracted war between equals would be in the future. If a war is fought and won in six months it doesn't really matter whether the US can build replacement microchips or whatever - the whole war is fought from inventory. However, in a protracted war the ability to continue building fancy high-tech weapons will probably help determine the outcome. If the US can only field 1970s-era tech due to supply constraints they will suddenly be on parity with many nations out there...
It is even quite likely that Ahmedinejad is looking for an attack in order to complete the nuclear program. It is unlikely that the religious leadership would want to allow him to complete a nuclear bomb: it would put him above them. If Iran really wanted a nuclear weapon they would have one by now, they have vastly more resources than were available to the Manhattan project in the 40s. Another possibility is that Iran does already have a nuclear bomb but is unable to declare it since that would lead to an immediate attack etc.
In either case it would make perfect sense for Ahmedinejad to incite an Israeli attack which would provide a pretext for withdrawal from the NPT and become a declared nuclear power within a short interval.
A war between Israel and Iran would be a war of attrition with each side aiming to rack up as many civilian deaths as possible. Israel cannot win that game and it would be stupid of them to try. The mullahs have shown themselves quite capable of accepting a million casualties in a war.
The Times report itself says nothing new and nothing that can be believed. All that we know is that there is are sources in US/Israeli intelligence that want to take credit for Stuxnet. We do not even know if the source would even have knowledge of such an operation if it existed.
The motives for wanting to take credit are rather obvious. But if you look at what the attack achieved or was likely to achieve it is very hard to see how it would be in the interests of either to burn major intelligence assets for an act of minor vandalism.
We know that the attack involved four zero days, was written in a modular fashion, probably by multiple authors and had references that might have been intended to lead to a certain conclusion. What we really don't know much about is the payload code. We do not even know for certain what the target was.
For several weeks we were discussing media reports that 'confirmed' that the virus was Chinese on the basis of some 'expert' who had seen an algorithm in Chinese code and erroneously considered it to be uniquely Chinese. The press will repeat any nonsense that is said to them by someone who is convinced they are right.
If the target was indeed the Iranian centrifuges or the Iranian power plant then the only way that it could have possibly been expected to work would be with very deep knowledge of the design and deployment of a top secret Iranian facility. There are only two ways that knowledge could be available to the attacker - if they designed the plant or if they had a source with access.
Looking at the likely result of this attack I cannot possibly see how anyone would wish to let the Iranians know about the intelligence source for the sake of some minor inconvenience to the Iranian program.
A much more likely explanation in my view is the idea that the Russians wrote Stuxnet to damage the nuclear plant they designed and thus require Iran to buy additional services from Russia to repair the damage and to accept the reprocessing proposal (which they did). Such shakedown tactics were common during the Soviet era.
Russia would not have an incentive to take credit for the attack in such circumstances. But some of the US/Israeli hawks would even knowing that the claim was false.
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
---far east sensual finesse---
This is where you lost me, pal.
Stuxnet hit a number of Chinese facilities. It was a blunt instrument. The Chinese have a marked aversion to attacking the homeland.
The Chinese also have a fairly sharp distinction between espionage and malicious damage. They do not see espionage as being at all bad (neither does our side if truth is told). As far as they are concerned, taking Western technology is merely moral restitution for the damage inflicted through Western colonialism: the opium wars, open door policy, Japanese occupation etc.
While the Chinese might well do something like Stuxnet if they had a really, really good reason, I do not think it at all likely that they would cross that line without one. And I do not see why China would consider Iran's activities to be an actionable concern.
The code signing certs were ripped off from two Taiwanese companies. So it is highly likely some Chinese speakers were involved. But those are the type of resource that is traded openly on the black market.
The easiest way for the Chinese or US intel services to create the code signing certs would have been to establish a front operation.
It is really only the Russian intel services that outsource hacking to criminals. I think that if there is an intel link to Stuxnet at all, it is almost certainly Russia.
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
Hey, someone mod this guy Funny! That crack just made my day and me without mod points. :-(
Canada would be far easier to take over than Russia with nearly the same level of natural resources.
Plus it's closer, which is important given how much Americans complain about commute times to work.
“Common sense is not so common.” — Voltaire
It's more dynamic than that. Iran is racing to acquire weapons-grade nukes before their economy collapses from the sanctions. In the US Government's view, pushing the clock gives the sanctions a better chance of succeeding.
Also, as the story points out, there's a second attack coded in the worm - one that hasn't played out yet. So, in theory, the clock might still be pushed back further.
"Diplomacy is much harder when you are at war with the other guy."
You Don't Make Peace with your Friends, You Make Peace with your Enemies
-- "In order to have power, I must be taken seriously." -Mojo Jojo
It was the best outcome that was available given the circumstances, but it was a national disaster even so.
That is one reason why people like David Brooder show themselves to be senile fools when they advocate starting a war to cure the economy. The US economy only benefitted from WWII due to a massive increase on the input side of the economy: married women started to do paid work.
If you look at every other war that the US has been involved with the result has been a massive increase in debt.
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
I want that, on a T-Shirt. Does Stuxnet have a logo?
No, we rejected public health care. This means that rich people can still pay people to find ways to extend their life further then what some government death panel says your worth spending insurance money on.
It's quite possible that within 50 years or so, anyone alive today might have the ability to be alive in 100 years from today.
And yes, rhetoric aside, this is still true regardless of public health care or not. I see no reasons why government wouldn't openly accept anything that extends a person's life if it makes their productive portions of life last longer. (ie 65 year old with the mental capaity of a 35 year old and all the knowledge of 65+ years of experience).
Mossad is behind almost all the terrorism in the world today. There is ample evidence that they perpetrated 9/11 for instance. Mossad being the bad guy in nearly any situation should come as no surprise to anybody.
I hold very few opinions. I hold information based on observation and fact. If you wish to disagree, please use facts.
Really unlikely. For one, Iran doesn't want war.
Really? Their wacko PM calls for the destruction of Israel and the coming of the Mahdi, which according the Shi'a lore can only happen and the end of days (or whatever armageddon is called). Rank-and-file Persians might not war, but it seems the official policy of the government is one of bellicosity. Meanwhile, they are engaged in an apparent proxy war against the US et al in Iraq and Afghanistan, and appear to be the puppetmasters behind Hezbollah in rocket attacks against Israel.
well said
PS - Ahmedinejad might just be the goatse guy...
... those thinking in terms of scarcity: http://www.pdfernhout.net/recognizing-irony-is-a-key-to-transcending-militarism.html
"Likewise, even United States three-letter agencies like the NSA and the CIA, as well as their foreign counterparts, are becoming ironic institutions in many ways. Despite probably having more computing power per square foot than any other place in the world, they seem not to have thought much about the implications of all that computer power and organized information to transform the world into a place of abundance for all. Cheap computing makes possible just about cheap everything else, as does the ability to make better designs through shared computing. I discuss that at length here: http://www.pdfernhout.net/post-scarcity-princeton.html
There is a fundamental mismatch between 21st century reality and 20th century security thinking. Those "security" agencies are using those tools of abundance, cooperation, and sharing mainly from a mindset of scarcity, competition, and secrecy. Given the power of 21st century technology as an amplifier (including as weapons of mass destruction), a scarcity-based approach to using such technology ultimately is just making us all insecure. Such powerful technologies of abundance, designed, organized, and used from a mindset of scarcity could well ironically doom us all whether through military robots, nukes, plagues, propaganda, or whatever else... Or alternatively, as Bucky Fuller and others have suggested, we could use such technologies to build a world that is abundant and secure for all.
So, while in the past, we had "nothing to fear but fear itself", the thing to fear these days is ironcially ... irony. :-) "
A 21st century issue: the irony of technologies of abundance in the hands of those still thinking in terms of scarcity.
probably more a matter of Mutually Assured Destruction...
although, Israel has a very powerful friend with lots of nukes. they also have enough of their own nukes to wipe Iran pretty clean if they choose. Iran don't have many friends these days, and lots of enemies.
of course, as soon as they can figure out a way of accomplishing their goals without themselves being destroyed, i'm sure they'll act on it immediately.
i believe OP has China and Thailand confused.
But Stuxnet was not a typical exploit. It went into areas that had really not been attacked before.
People do attack those Open Source targets. Widely used and reviewed Open Source code is rather less likely to be of help than looking at proprietary code that very few people have seen.
Mitnick certainly went to great lengths to obtain source codes so it is pretty clear that they have a value in that community. Even if the value is to have something that other people do not.
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
And you, troll, are S-A-D. I'm only posting because someone might read this and think it's true. Nobody in Iran ever talked about "wiping Israel off the map". What the president of Iran said was that, one day, Israel would disappear from the map.
The talk about wiping was originated by a botched translation by MEMRI, which poses as an independent Middle East translation agency, but even the slightest investigation reveals they have nothing but Israeli connections and staff, so, hardly independent and unbiased.
It's the extremist government of Israel that is the war-monger. Even against the will of the people it represents. And they don't even hide it no more.
Well, i'd rather have a world without nukes, but the fact is that they're here to stay. Now, would I think Iran getting the bomb is a good thing? It depends. If they were the only ones getting it, no. But considering Israel has a nuclear arsenal since some time ago, I think a little equilibrium wouldn't hurt. India and Pakistan are also nuclear, and they're involved in an open conflict, and no nuclear attack occurred. It is naive to think Iran would use the bomb anyway different from any other country* - as a deterrent. Israel knows that once Iran gets nuclear, Iran will become untouchable. Which means Israel will have to rethink its strategy of aggressiveness and complete disregard for the Middle Eastern neighbors, putting Israelis in a very delicate position: no regional allies and one untouchable enemy, which in turn will step up the Israeli lobby in Washington - which, by the way, acts independently of and often against the very Israeli national interest - which, in turn, will drag the US into new embarrassments and hostility in, but not limited to, the Muslim world.
*except the US, which remains the only country ever to have detonated such weapons on the battlefield (if we can even call Hiroshima and Nagasaki that)
Looking at the likely result of this attack I cannot possibly see how anyone would wish to let the Iranians know about the intelligence source for the sake of some minor inconvenience to the Iranian program.
I wouldn't qualify it as a "minor inconvenience." The Pakistanis made the few thousands of P-1 centrifuges that exist prior to the embargo on the parts used to make them, and sold them to Libya, Iran, and North Korea. When Libya gave up their nuclear ambitions, they turned their centrifuges over to the West. According to TFA's guess, the USA shared some with England and Israel for the purpose of testing them for weaknesses in order to figure out an effective method of sabotage. Also according to TFA, 984 Iranian centrifuges were destroyed by Stuxnet. It's estimated that they only have a few thousand, so this is a significant reduction of their overall enrichment capability.
In addition, the second payload of Stuxnet (which did not appear to have the intended effect) appears to have been targeting the reactor at Buheshr. Disassembly of the control codes indicated the worm was intended to overspeed the turbine in such a way that it would destroy itself. That also would not have qualified as a "minor inconvenience".
Someone else also posed the theory that some of the behaviors of Stuxnet were provided as cover for the inside agent. After spending the enormous amounts of money required to develop Stuxnet, would they really leave it to chance that the worm would somehow find its way into the Natanz industrial control systems? By making the behavior of the worm such that it has a plausible way to get onto the Siemens controller, the agent could have simply stuck an infected USB stick directly into that machine, and let the worm propagate all over anyway. Or maybe the agent just infected one machine in the plant, but inside the firewall. Because of the stealthy nature of the worm, there is no way to prove which direction the attack came from.
John
You mean like how the U.S. blew up its own World Trade Center, just as an excuse to attack the Muslim world?
Because most attacks aren't instigated by the far-and-away most obvious attacker(s)--but are equally as likely to be coming from anywhere, including from the victim. It's all a big conspiracy, you know.
SJW: Someone who has run out of real oppression, and has to fake it.
No, the most obvious explanation is that it's coming from the country with the most to gain (Israel), an intelligence service that is highly skilled and has been working to infiltrate Iran's military and nuclear program for years (Israel), and more than anyone wants to stop Iran from going nuclear (Israel). Of course, you can construct any number of other conspiracy theories to absolve them if you REALLY want to believe they didn't do it. But considering that Israel makes no secret that it has a cyberwarfare division, no secret that it wants to stop Iran's program, and hasn't issued any sort of denial that they were involved with this attack--I think your defense is particularly deluded.
SJW: Someone who has run out of real oppression, and has to fake it.