Slashdot Mirror
Stuxnet Authors Made Key Errors
Trailrunner7 writes "There is a growing sentiment among security researchers that the programmers behind the Stuxnet attack may not have been the super-elite cadre of developers that they've been mythologized to be in the media. In fact, some experts say that Stuxnet could well have been far more effective and difficult to detect had the attackers not made a few elementary mistakes."
Ok! Ok! I must have, I must have put a decimal point in the wrong place or something. Shit. I always do that. I always mess up some mundane detail.
Vivin Suresh Paliath
http://vivin.net
I like
"There are a lot of skills needed to write Stuxnet," he said. "Whoever did this needed to know WinCC programming, Step 7, they needed platform process knowledge, the ability to reverse engineer a number of file formats, kernel rootkit development and exploit development. That's a broad set of skills. Does anyone here think they could do all of that?"
May I have a show of /. hands, please?
What one fool can do, another can. (Ancient Simian Proverb)
It's pretty safe to assume at this point that Stuxnet was developed as an Israel/USA military collaboration. Spokespeople from both countries smirk before saying "no comment" when asked about it. That being said, hackers have huge egos. The types of hackers that present at security conferences even more so. It's tremendously easy for them to pick apart the worm several months after it was discovered and say "oh ho ho, it doesn't encrypt it's command and control communications!!" like they're smarter than the people that built it.
For those who don't RTFAs, this one has something interesting, not mentioned in the summary. The analyst thought the worm might have started as something else and been re-purposed for sabotage. There might be two separate coder groups, one who made the original program and one who made it into a weapon. The latter group was apparently less skilled, though still would have needed a considerable breadth of knowledge.
Makes me wonder if the perpetrator might not be one of Iran's less advanced neighbours, instead of the US or Israel. After all, there are plenty of Middle Eastern nations who are worried about Iranian power and expansion. And there's two obvious suspects that would be blamed when it came to light.
Of course, it could also be that either American or Israeli coders were rushed, understaffed, over-compartmentalized or otherwise had the quality of their work reduced.
Erotic is when you use a feather. Exotic is when you use the whole chicken.
Screwed up details that reveal it could have been built better?
Well that proves a government was behind it!
"There is more worth loving than we have strength to love." - Brian Jay Stanley
This is the article worth pointing to on the subject: http://rdist.root.org/2011/01/17/stuxnet-is-embarrassing-not-amazing/, not the bullshit linkbait threatpost.com(MERCIAL) "article".
I'm guessing had it come out that it was of Chinese origin, we'd be inundated with articles about how the Chinese are so much smarter than everyone else because the code is just so darned perfect, only the scary Red Chinese could have pulled it off....and America's days are numbered....duck and cover.
But when it's the US/Israel? Meh...it's not that good.
1) From what I read, and I read a lot on that topic, Stuxnet is pretty damn awesome. The exploits alone are estimated to have been worth a seven to eight figure...
2) Secrecy might not have been a priority.
3) Maybe they wanted to be detected to drive a point home.
4) Mindgame question: What if Russia, China or someone else did it and wanted to frame the USA & Israel?
Is there a good source for a technically in-depth list of the mistakes, rather than the vague "ignored several known techniques" summary crap the article discusses?
The Sutxnet should have been developed using open source model. That way more experts would have seen the code and that would have eliminated all these errors. Maybe I should create a project in SourceForge.
It may very well be that the lack of proper cloaking was intentional, for at least two reasons : on the one hand, as long as the aim was reached, there was no need to reveal the full scope of expertise put behind it. Better keep still unknown cloaking techniques in case they may come handy in the future. On the second hand, stuxnet is certainly as much a psychological weapon as it is a technological one. What would be the interest to disrupt Iran's nuclear program if nobody knew what happened ? As such, it's a very good deterrent : any would be rogue third world country willing to go nuclear knows "someone" will take offense and knows that this "someone" has the abilities to bring their program down. But at this point, nobody can pinpoint who this "someone" may be with plausible certainty.
It's much easier to highlight someone else's mistakes than create something that would stand up to the same scrutiny yourself.
The comments within the article were more informative than the article itself. A number of commentators pointed out the context in which the Stuxnet developers were working and presumed tradeoffs in complexity behind covering their tracks versus achieving their objective. (Which by most accounts appears to have been successful at covering their tracks long enough to permanently damage the uranium centrifuges. Sounds like a solid achievement to me and not whatif conjecture on how good it could have been.) As usual the self-appointed /. experts assume that their "hive" hindsight knowledge could conquer the day. More likely you'd just flame one another over irrelevant technical details, and boast whose toolkit was bigger and more colourful.
It might have something to do with assassinating the former democratic leader of Iran and installing an autocrat in his place, in addition to American belligerence in the area. See Mohammad Mosaddegh and the wars in Iraq and Afghanistan. If I were the Iranians, I would want nuclear weapons, too.
SSC
Every news story in /. seems to conclude something wasn't really that good. Or at least, their users do.
"Science can amuse and fascinate us all, but it is engineering that changes the world. " - Asimov.
Right, because all of those who think the US or Israel was behind it have to be raving lunatic conspiracy theorists and anti-Semites. Whether they did it or not, the US and Israel certainly have the motive, and the Israelis have been speaking openly about military action. It is not merely the NYT who suspects the Israelis and Americans; officials from both countries have had smirks when asked about Stuxnet, which has fueled speculation. I'm undecided, but one doesn't have to be mad to list the US and Israel as possible suspects.
SSC
Suggesting it "failed" suggests that there is only one possible outcome, and it's the one you want. And that's not diplomacy.
Please consider this account deleted, I just can't be bothered with the spam anymore.
And they probably skipped beta testing too. Oh, look, those same /. hands are still up...
Quidnam Latine loqui modo coepi?
Decades? Decades ago Iran was on our side. We were selling them weapons and intel. We installed a leader for them. There was no need for a 'diplomacy' decades ago.
2011 - 1979 = 32, that is over 3 decades, Jimmy Carter was president.
Perhaps you are confusing Iran and Iraq. We supported Saddam Hussein in Iraq with weapons and intel because we viewed Iran as the enemy.
I know your post was intended for humor, but I have a more serious question that maybe someone can answer...
Did the modifications to the centrifuge control serve to damage the centrifuge, the contents of the centrifuge, or both? If the point was to damage the centrifuge, then the solution is determining why the centrifuges failed, correcting that, and ordering new centrifuges. If the point was to damage the nuclear material so that it isn't good enough to be used in a bomb, then the solution is to, again, determine why the centrifuges failed, and to figure out if it's possible to reprocess the material a second time to get it right, and if not, to start on a new batch of material. If the point was to do both, then not only do the centrifuges need to turn out bad product, but they have to do it subtly enough to not attract attention while the centrifuges slowly damage themselves, leading to a lot of bad product and a lot of bad centrifuges at the same time. Solution, determine the source of the problem, then replace the centrifuges and start processing again.
I would think that the goal would be to make the Iranians involved *think* that they were getting the grade of Uranium Hexafluoride that they had planned on while instead delivering to them substandard product, so when they built weapons they had Uranium that either would reach critical mass or else wouldn't be nearly as efficient and would cause a much smaller boom. Achieving this would require not damaging the centrifuges yet damaging what they produce. This would allow an adversary of Iran to take this in to account in both diplomatic circles (being willing to push Iran harder despite the threat of a nuclear exchange) and in military ones (actively planning strategy considering nuclear fizzles), and if that's the case, this worm's discovery means that it's only a short-term problem for the Iranians, not a long-term problem that would allow for strategic thinking. The discovery means that Iran is set back, not thwarted as it would have been if the worm had gone on undetected for years and years, and while expensive for Iran (even if they can reprocess existing product that wasn't processed right the first time), it's not damning to the long term goals.
Do not look into laser with remaining eye.
Oh please — you Blame America First types are making me sick.
Look, WE didn't put all of that delicious oil under their land, GOD did. So if you wish to cast your lot with those that blasphemed Our Lord by denying us access to his mildly inconveniently placed bounty, then go right ahead, sinner. I will pray for your unworthy soul as I fill my tank with His Love.
"I guess the moral of the story is, don't paint your airship with rocket fuel." -- Addison Bain
I think it also useful to point out that
It will be interesting to see what other malware is found in Iran. For it seems very unlikely that stuxnet was the only arrow in the quiver. It seems much more likely that it is just the first of several products to be discovered.
Will
Exactly. I have heard so many times, especially by Americans, that the solution is to overthrow the Iran government and establish a "democracy"... Read some friggin' history! The whole mess started BECAUSE the US overthrew the first good democratic government that Iran ever had, to protect the British petroleum interests (Operation Ajax). If I was an Iranian and had suffered the last 60 years because of that, I would be REALLY pissed, and possibly turn to religion, hate the West, need nuclear weapons to counter the ones provided to Israel, etc etc.
Violence is the last refuge of the incompetent. Polar Scope Align for iOS
They do have a history of interfering, probably with good intentions, but things never usually work out how you want them.
Get your own free personal location tracker
They do have a history of interfering, probably with good intentions, but things never usually work out how you want them.
I guess you can define "good" as serving your own purposes with complete disregard of the rest of the world and absolutely no contemplation on the long run effects that could be worse than your short term gains.
Violence is the last refuge of the incompetent. Polar Scope Align for iOS