Slashdot Mirror
New York Times Reports US and Israel Behind Stuxnet
Oxford_Comma_Lover writes "Confirming heavy speculation in the Slashdot community, the New York Times reports that joint US-Israeli efforts were almost certainly behind the recent Stuxnet attack on Iran's nuclear program." The article stops just short of saying in so many words that Israeli is the doer, but leaves little doubt of its conclusion.
They probably "almost certainly" did, but the NYT article is still just speculation. The haven't confirmed anything.
It will considered an act of war resulting in the real thing, of course.
For justice, we must go to Don Corleone
You really have to hand it to Israel, they continue to be the very best at cloak and dagger style work. Yes, I consider this C&D due to its ingenious nature. Spread a massive virus across as many systems as you can, and nestle a chunk a code in it to only activate on the correct system. This not only requires the method to spread it, but far more impressive is the fact that it required the correct code for there machines. This means they do 100% have spys inside of Iran's nuclear systems and gives a butt load more credit to the statements made by Israel and America about Iran's nuclear goals. Well done
So basically, -1 troll/offtopic is really slashdots way of saying "I hate that you thought of something before me."
In this case whoever did it seems to have averted war at least for a few years.
There was some decent evidence that it was actually a Chinese-Finnish operation
My guess is when it's all declassified in 100 years or so we'll find out it was actually created out of different virus cross breeding and the Internet has been alive this entire time. Yea, I'll be shocked too.
You'll never be able to trust anything more complex than a simple light switch ever again. Wait till all this crap gets into your "smart grid". It'll be comedic to say the least.
For justice, we must go to Don Corleone
Jason Wright, the OpenBSD developer funded by NETSEC to work on IPsec (and allegedly put in backdoors for the FBI) went to work at the DHS cyber security lab that the NYT is saying helped do Stuxnet http://nyti.ms/grd51X http://bit.ly/feB9ZV
SecTor 2008 gives his speaker bio http://www.sector.ca/speakers2008.htm
I am not making this up.
I'll have to put it in a blog post this evening. See homepage link.
My guess is when it's all declassified in 100 years or so we'll find out it was actually created out of different virus cross breeding and the Internet has been alive this entire time. Yea, I'll be shocked too.
Yes, it might be pretty shocking to find yourself still alive 100 years from now - but I imagine you'll have had plenty of time to adjust in the meantime.
#DeleteChrome
Since when is the media considered factual confirmation? "Hey, let's all go out and look at the Inquirer to get proof that aliens exist!" While it is almost certain that the attack did originate from the suspected nations, a better wording would be, "supporting /* speculation" rather than "confirming" seeing as NYT is certainly not the fount of truth and honesty in reporting and fact-finding. Now excuse me while I go study on Wikipedia...
There are a few important aspects of the story that didn't get covered by the NYT. One is that there was no mention of the origin of the 4 zero-day Windows vulnerabilities and another is the insertion method. Obviously Stuxnet wasn't just blasted out on botnets. Someone got it very close, probably into a facility or more than one facility, or perhaps into a government office or contractor. That's one of the aspects of this that always told me it was a state actor with quality human intelligence capabilities. Actually, my wild guess before is that a contractor from Siemens or someone like that spread it. Which brings up another aspect of this: This story can't be good news for Siemens's customer relations, especially with their government customers.
I have to agree with those that think this article was a bunch of innuendo and unsubstantiated statements.
.."
"...when it began circulating around the world, unexplained, in mid-2009.
I found it extremely funny when they mentioned that the worm had no explanation of it's purpose, as if that were somehow indicative of a covert and malicious nature.
So, does anybody out there know of any worm, virus, trojan, or other malware that actually comes with a manifesto to explain it's existence/purpose?
By the way, all the pundits saying it would take the resources of a government to create that worm know very little about what it actually takes to make one. It did however take very intimate knowledge of the code running on those systems, so the creator probably has a copy of the source code on those machines, or the equivalent. (I'm pretty sure it's too large to be memorized by a single person.)
considering that 1. Massive numbers of Jews left Russia to go to Israel in the past 20 years 2. Massive numbers of those Russians know a shitload about computers and 3. Massive numbers of them keep contact with their buds in Russia and 4. Russia has been helping Iran with its 'civilian' nuclear program for a long time. Now, 4 is probably at the behest of the CIA, who pays the Russians big bucks to go "help" Iran. Thank god, is all I have to say, because of the Russians weren't inside Iran's program watching it, then the Chinese would be, and that's the last thing we need, a China-Iran alliance.
Now albeit through anonymous sources that government powers are developing malware, how will it be either through legislation, treaty or "gentleman's agreement" that anti-virus software manufacturers will have to look the other way for certain payloads? Is this already happening? Certainly the Third Amendment tells us we don't have to use our homes to quarter soldiers, but will the government use its citizenry's hard drives and bandwidth to host a weapon?
There are two kinds of fool. One says, This is old, and therefore good. And one says, This is new, and therefore better.
...you need to build all your own shit, from the ground up.
For now, anyhow. Maybe, in the future, it will be OK to buy your infrastructure off of Craig's List and eBay... (or various Euro conglomerates) but for now, if you want the job done right, do it yourself.
In this case, I think a Simpson's quote, from Nelson would be appropriate - "Ha Ha".
This issue is a bit more complicated than you think.
North Korea are just a joke.
That's what MacArthur thought.
The funny thing about modern war is that everybody loses. The victor loses too. That the enemy lost more doesn't negate your own losses.
And right now, I don't think the US could afford "winning" another war.
1) While technically impressive, this is not "cloak and dagger" by any stretch of the imagination. Everyone knows Israel did it. They broadcast the code all over the world. "Cloak and dagger" implies some degree of stealth or misdirection.
2) If Israel had a spy in Iran's nuclear systems, why would Stuxnet have leaked out? Why wouldn't all the centrifuges just quietly self-destruct? It didn't take espionage to get the technical specs on Iran's centrifuges. They were reported to the IAEA. Sure, it's not impossible, but seems unlikely.
3) For the US, war is basically a right-wing welfare program, so there is constant pressure for lucrative new targets. Israel is perpetually engaging in economic warfare against basically everyone. The scare-mongering with respect to Iran's nuclear power program is just typical, sabre-rattling, lies exactly like those told about Saddam to drum up the Iraq invasion. An energy-independent Iran poses the same threat as Saddam's pricing oil in Euros and state gas subsidies: hastening the end of petrodollars and cheap oil for the US.
"I assumed blithely that there were no elves out there in the darkness"
1. its illegal for you to marry a non-'common sense american'
2. you are not allowed to work
3. your house/apartment has been taken from you and you live in a walled ghetto
4. your money has been 'kept for safety' by a special bank for 'common sense americans' only
5. your place of worship got burned down last year
6. several of your friends are dead
7. within 6 years, everyone you ever knew or loved will be a skull in a mass grave
8. you live in a one party state without any elections, with one single labor union controlled by the state, a massive military industry based on slave labor, and a dictatorial leader who has corrupted the entire court system, and replaced the constitution with laws that specifically single out 'common sense' americans for death or imprisonment
yes. i can see very much how being a "common sense american" is JUST LIKE being a german jew in 1939.
People who are seriously religiously insane tend to spend their time at the Mosque praying. Even if there's some multiple personalities involved, at least one of the guy's personalities has to be pretty calculating to have got to the level of power he has got to in the place he got there.
=~ s,(.*),<sarcasm>$1</sarcasm>,g if any_point_you_wish();
That has already happened with the Sony rootkit.I think it was f-secure that had heated discussions with Sony for about a week before releasing the information to the press and their virus definition - and that may have only been because there was a non-commercial fix by then. All of the others were silent but some were reported as corresponding with Sony on the issue. The company that did release information to the press had most definitely been asked to enter a "gentleman's agreement".
Actually almost all process control vendors participate to some extent with National Lab. Nothing secret about it, go to the webpage and sign up for a 5 day red team/blue team session on how to hack scada equipment.: http://www.inl.gov/scada/training/index.shtml
If you are a process controller vendor and you haven't sent your security staff to Idaho then you are out of the game. Because the rest of the process control world will break into your systems while laughing their asses off.
Well it seemed very likely to be from Israel. They had means and motivation. Furthermore, there were hints to suggest it was from the virus creators and deployers themselves. Israeli motivations would be to let everyone know who did it, but deny proof. Sort of like a kid in a class winking at a teacher who knows they were the one that threw something, but didn't actually see it.
But the question was more whether it was only Israel that did this, or whether there was US involvement. That the article suggests the US were also involved, is a shame. Israel has been wagging to dog for way too long now, and their behaviour has long been more antagonistic than it would be, if everyone didn't view the US as their pet attack dog. I've mixed dog metaphors horribly. You know what I mean.
Aide-toi, le Ciel t'aidera - Jeanne D'Arc.
Has Struxnet actually made the situation any better though? It may have set the Iranian nuclear program back a year or two but it has also strengthened their resolve and given them even more reason to want to develop nuclear weapons. Israel (and maybe the US) have basically declared cyber-war on Iran by attacking its infrastructure and energy production.
At best this will hold Iran back for a year or two but what happens after that? Diplomacy is much harder when you are at war with the other guy.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
To me, this looks like some reporters decided on a conclusion ( "The U.S. and Israel did it!") and then went and dug up a bunch of information that kind of supports their conclusion but doesn't actually prove it but didn't examine any other possible ideas, then published it as "We can't prove it but this is exactly what happened, honestly, it the truth!"
It is even quite likely that Ahmedinejad is looking for an attack in order to complete the nuclear program. It is unlikely that the religious leadership would want to allow him to complete a nuclear bomb: it would put him above them. If Iran really wanted a nuclear weapon they would have one by now, they have vastly more resources than were available to the Manhattan project in the 40s. Another possibility is that Iran does already have a nuclear bomb but is unable to declare it since that would lead to an immediate attack etc.
In either case it would make perfect sense for Ahmedinejad to incite an Israeli attack which would provide a pretext for withdrawal from the NPT and become a declared nuclear power within a short interval.
A war between Israel and Iran would be a war of attrition with each side aiming to rack up as many civilian deaths as possible. Israel cannot win that game and it would be stupid of them to try. The mullahs have shown themselves quite capable of accepting a million casualties in a war.
The Times report itself says nothing new and nothing that can be believed. All that we know is that there is are sources in US/Israeli intelligence that want to take credit for Stuxnet. We do not even know if the source would even have knowledge of such an operation if it existed.
The motives for wanting to take credit are rather obvious. But if you look at what the attack achieved or was likely to achieve it is very hard to see how it would be in the interests of either to burn major intelligence assets for an act of minor vandalism.
We know that the attack involved four zero days, was written in a modular fashion, probably by multiple authors and had references that might have been intended to lead to a certain conclusion. What we really don't know much about is the payload code. We do not even know for certain what the target was.
For several weeks we were discussing media reports that 'confirmed' that the virus was Chinese on the basis of some 'expert' who had seen an algorithm in Chinese code and erroneously considered it to be uniquely Chinese. The press will repeat any nonsense that is said to them by someone who is convinced they are right.
If the target was indeed the Iranian centrifuges or the Iranian power plant then the only way that it could have possibly been expected to work would be with very deep knowledge of the design and deployment of a top secret Iranian facility. There are only two ways that knowledge could be available to the attacker - if they designed the plant or if they had a source with access.
Looking at the likely result of this attack I cannot possibly see how anyone would wish to let the Iranians know about the intelligence source for the sake of some minor inconvenience to the Iranian program.
A much more likely explanation in my view is the idea that the Russians wrote Stuxnet to damage the nuclear plant they designed and thus require Iran to buy additional services from Russia to repair the damage and to accept the reprocessing proposal (which they did). Such shakedown tactics were common during the Soviet era.
Russia would not have an incentive to take credit for the attack in such circumstances. But some of the US/Israeli hawks would even knowing that the claim was false.
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
It's more dynamic than that. Iran is racing to acquire weapons-grade nukes before their economy collapses from the sanctions. In the US Government's view, pushing the clock gives the sanctions a better chance of succeeding.
Also, as the story points out, there's a second attack coded in the worm - one that hasn't played out yet. So, in theory, the clock might still be pushed back further.
"Diplomacy is much harder when you are at war with the other guy."
You Don't Make Peace with your Friends, You Make Peace with your Enemies
-- "In order to have power, I must be taken seriously." -Mojo Jojo