Slashdot Mirror

← Back to Stories (view on slashdot.org)

Stuxnet Authors Made Key Errors

Posted by CmdrTaco on from the sorry-about-that dept.

Trailrunner7 writes "There is a growing sentiment among security researchers that the programmers behind the Stuxnet attack may not have been the super-elite cadre of developers that they've been mythologized to be in the media. In fact, some experts say that Stuxnet could well have been far more effective and difficult to detect had the attackers not made a few elementary mistakes."

27 of 228 comments (clear)

  1. Mundane detail by vivin · · Score: 4, Funny

    Ok! Ok! I must have, I must have put a decimal point in the wrong place or something. Shit. I always do that. I always mess up some mundane detail.

    --
    Vivin Suresh Paliath
    http://vivin.net

    I like
    1. Re:Mundane detail by chinakow · · Score: 4, Informative

      This is not some mundane detail Michael!

  2. Criticism is easy by mewsenews · · Score: 4, Insightful

    It's pretty safe to assume at this point that Stuxnet was developed as an Israel/USA military collaboration. Spokespeople from both countries smirk before saying "no comment" when asked about it. That being said, hackers have huge egos. The types of hackers that present at security conferences even more so. It's tremendously easy for them to pick apart the worm several months after it was discovered and say "oh ho ho, it doesn't encrypt it's command and control communications!!" like they're smarter than the people that built it.

    1. Re:Criticism is easy by fuzzyfuzzyfungus · · Score: 4, Interesting

      Easy; but not always invalid. Encrypted command and control communications have been standard in the better purely monetary botnets for at least a few years now.

      Everything is easier from the peanut gallery; but the notion that you have to be at least as good at your game as is a public-ally known strain of criminal in order to be considered for "super-spy" status seems like a very fair rule of thumb.

    2. Re:Criticism is easy by peragrin · · Score: 4, Interesting

      Smirking isn't a sign of guilt, but merely enjoying the outcome anyways.

      Besides Russia has as much to lose. Think how many billions Russia loses if iran can make it's own fuel for the reactors Russia helped to build?

      --
      i thought once I was found, but it was only a dream.
    3. Re:Criticism is easy by timeOday · · Score: 4, Insightful

      What I fail to see in the article is how the virus would have been any more effective had they used the entire bag of tricks. You use what you must, and save the rest for next time.

    4. Re:Criticism is easy by OverlordQ · · Score: 3, Interesting

      but the notion that you have to be at least as good at your game as is a public-ally known strain of criminal in order to be considered for "super-spy" status seems like a very fair rule of thumb.

      How about good enough to make people think you're not good enough so they underestimate you?

      --
      Your hair look like poop, Bob! - Wanker.
    5. Re:Criticism is easy by aaaaaaargh! · · Score: 4, Interesting

      I agree with the OP and want to mention another issue.

        Common encryption algorithms can be detected heuristically with high accuracy. Moreover, the original implementation/source code of the encryption can usually be identified. Perhaps the developers did not want the adversary to find out which implementation they used and for obvious reasons didn't want to use their own implementation. Also, when you use encryption, keys on the C&C endpoints are linked to the malware in a way that cannot plausibly denied -- not very desirable either.

    6. Re:Criticism is easy by I8TheWorm · · Score: 4, Funny

      So I can clearly not choose the wine in front of me.

      --
      Saying Android is a family of phones is akin to saying Linux is a family of PCs.
  3. Fascinating... by RsG · · Score: 4, Interesting

    For those who don't RTFAs, this one has something interesting, not mentioned in the summary. The analyst thought the worm might have started as something else and been re-purposed for sabotage. There might be two separate coder groups, one who made the original program and one who made it into a weapon. The latter group was apparently less skilled, though still would have needed a considerable breadth of knowledge.

    Makes me wonder if the perpetrator might not be one of Iran's less advanced neighbours, instead of the US or Israel. After all, there are plenty of Middle Eastern nations who are worried about Iranian power and expansion. And there's two obvious suspects that would be blamed when it came to light.

    Of course, it could also be that either American or Israeli coders were rushed, understaffed, over-compartmentalized or otherwise had the quality of their work reduced.

    --
    Erotic is when you use a feather. Exotic is when you use the whole chicken.
  4. Just point to the root.org paper by Spyware23 · · Score: 5, Informative

    This is the article worth pointing to on the subject: http://rdist.root.org/2011/01/17/stuxnet-is-embarrassing-not-amazing/, not the bullshit linkbait threatpost.com(MERCIAL) "article".

  5. If the NY Times had just revealed it was Chinese.. by matty619 · · Score: 3, Insightful

    I'm guessing had it come out that it was of Chinese origin, we'd be inundated with articles about how the Chinese are so much smarter than everyone else because the code is just so darned perfect, only the scary Red Chinese could have pulled it off....and America's days are numbered....duck and cover.

    But when it's the US/Israel? Meh...it's not that good.

  6. Yeah, sure... by RichiH · · Score: 4, Interesting

    1) From what I read, and I read a lot on that topic, Stuxnet is pretty damn awesome. The exploits alone are estimated to have been worth a seven to eight figure...
    2) Secrecy might not have been a priority.
    3) Maybe they wanted to be detected to drive a point home.
    4) Mindgame question: What if Russia, China or someone else did it and wanted to frame the USA & Israel?

    1. Re:Yeah, sure... by jmorris42 · · Score: 4, Insightful

      > If the US had a less hostile foreign policy....

      Bull. International relations ain't kindergarten. Our opponents have goals that are incompatible with ours, thus we are called opponents. Russia dreams of empire lost. China dreams of empire to come. Iran dreams of dominating the Middle East and restoring the glory of Persia as an atomic power. Meanwhile madmen in North Korea and Venezuela dream their mad dreams of power and glory. We have valid reasons to be working to thwart, slow and otherwise hinder those plans.

      So tell me mr enlightened one, which one of those country's plans should we either get out of the way of or encourage. Or more bluntly, which of our allies should we throw under the bus to appease them. All of Eastern Europe? NATO? Taiwan? Israel? South Korea and Japan?

      Meanwhile India and Brazil also are taking a larger place on the world's stage and we don't really mind. Hell, if you ask me carrying the 'White Man's Burden' is getting to not be worth it and we could use some other halfway sane players to step up and take an active role putting out diplomatic fires and cleaning up after natural disasters.

      --
      Democrat delenda est
    2. Re:Yeah, sure... by DeadCatX2 · · Score: 4, Insightful

      You're right, international relations isn't kindergarten. Of course, it doesn't help that the US has a long history of being the school bully.

      Iran Contra sound familiar?

      Even further back...the Shah of Iran?

      The mujahideen of Afghanistan?

      Selling Saddam the chemical weapons that we had him hanged for using?

      The list goes on, but somehow I doubt that any revelation about the crazy fucked up shit we did to other nations will do anything to change your mind.

      --
      :(){ :|:& };:
    3. Re:Yeah, sure... by Jah-Wren+Ryel · · Score: 4, Insightful

      There are no pure good or pure evil actors or actions.

      However there is lots and lots of hypocrisy and we've built up a big steaming pile of it since WWII.

      --
      When information is power, privacy is freedom.
    4. Re:Yeah, sure... by Smiths · · Score: 4, Interesting

      I love how when

      its 'North Korea and Venezuela' they 'dream their mad dreams of power and glory'
      but the USA...
        we're just 'putting out diplomatic fires and cleaning up after natural disasters.'

      and this gets modded Insightful?....groan

      There is plenty of lessons in history to show what happens when you have a dim view of the world such as

      'Our opponents have goals that are incompatible with ours'

      groan....

      This has all been worked out before. Its why international laws and respect for other nations sovereignty is important.

      mondoweiss dot net

  7. So what were the mistakes...? by Jahava · · Score: 4, Interesting

    Is there a good source for a technically in-depth list of the mistakes, rather than the vague "ignored several known techniques" summary crap the article discusses?

  8. Open source by u19925 · · Score: 3, Funny

    The Sutxnet should have been developed using open source model. That way more experts would have seen the code and that would have eliminated all these errors. Maybe I should create a project in SourceForge.

  9. conspiracy 101 by Anne+Honime · · Score: 5, Interesting

    It may very well be that the lack of proper cloaking was intentional, for at least two reasons : on the one hand, as long as the aim was reached, there was no need to reveal the full scope of expertise put behind it. Better keep still unknown cloaking techniques in case they may come handy in the future. On the second hand, stuxnet is certainly as much a psychological weapon as it is a technological one. What would be the interest to disrupt Iran's nuclear program if nobody knew what happened ? As such, it's a very good deterrent : any would be rogue third world country willing to go nuclear knows "someone" will take offense and knows that this "someone" has the abilities to bring their program down. But at this point, nobody can pinpoint who this "someone" may be with plausible certainty.

    1. Re:conspiracy 101 by rm999 · · Score: 4, Insightful

      Yes, Israel WANTS the world to know what happened, and they want the world to know they were involved. This is why Mossad has been gleefully and publicly showing off that Iran's nuclear weapon development has been pushed back years.

      It is odd that a mission that was 100% successful (something even Iran won't deny) is being criticized for not being good enough. Maybe some researchers just wanted their names in the newspaper?

  10. Re:Does anyone here think they could do all of tha by nonguru · · Score: 5, Insightful

    The comments within the article were more informative than the article itself. A number of commentators pointed out the context in which the Stuxnet developers were working and presumed tradeoffs in complexity behind covering their tracks versus achieving their objective. (Which by most accounts appears to have been successful at covering their tracks long enough to permanently damage the uranium centrifuges. Sounds like a solid achievement to me and not whatif conjecture on how good it could have been.) As usual the self-appointed /. experts assume that their "hive" hindsight knowledge could conquer the day. More likely you'd just flame one another over irrelevant technical details, and boast whose toolkit was bigger and more colourful.

  11. Re:true by zach_the_lizard · · Score: 4, Insightful

    It might have something to do with assassinating the former democratic leader of Iran and installing an autocrat in his place, in addition to American belligerence in the area. See Mohammad Mosaddegh and the wars in Iraq and Afghanistan. If I were the Iranians, I would want nuclear weapons, too.

    --
    SSC
  12. Re:Obvious really by zach_the_lizard · · Score: 4, Insightful

    Right, because all of those who think the US or Israel was behind it have to be raving lunatic conspiracy theorists and anti-Semites. Whether they did it or not, the US and Israel certainly have the motive, and the Israelis have been speaking openly about military action. It is not merely the NYT who suspects the Israelis and Americans; officials from both countries have had smirks when asked about Stuxnet, which has fueled speculation. I'm undecided, but one doesn't have to be mad to list the US and Israel as possible suspects.

    --
    SSC
  13. Re:Hell of a unit test by TWX · · Score: 4, Interesting

    I know your post was intended for humor, but I have a more serious question that maybe someone can answer...

    Did the modifications to the centrifuge control serve to damage the centrifuge, the contents of the centrifuge, or both? If the point was to damage the centrifuge, then the solution is determining why the centrifuges failed, correcting that, and ordering new centrifuges. If the point was to damage the nuclear material so that it isn't good enough to be used in a bomb, then the solution is to, again, determine why the centrifuges failed, and to figure out if it's possible to reprocess the material a second time to get it right, and if not, to start on a new batch of material. If the point was to do both, then not only do the centrifuges need to turn out bad product, but they have to do it subtly enough to not attract attention while the centrifuges slowly damage themselves, leading to a lot of bad product and a lot of bad centrifuges at the same time. Solution, determine the source of the problem, then replace the centrifuges and start processing again.

    I would think that the goal would be to make the Iranians involved *think* that they were getting the grade of Uranium Hexafluoride that they had planned on while instead delivering to them substandard product, so when they built weapons they had Uranium that either would reach critical mass or else wouldn't be nearly as efficient and would cause a much smaller boom. Achieving this would require not damaging the centrifuges yet damaging what they produce. This would allow an adversary of Iran to take this in to account in both diplomatic circles (being willing to push Iran harder despite the threat of a nuclear exchange) and in military ones (actively planning strategy considering nuclear fizzles), and if that's the case, this worm's discovery means that it's only a short-term problem for the Iranians, not a long-term problem that would allow for strategic thinking. The discovery means that Iran is set back, not thwarted as it would have been if the worm had gone on undetected for years and years, and while expensive for Iran (even if they can reprocess existing product that wasn't processed right the first time), it's not damning to the long term goals.

    --
    Do not look into laser with remaining eye.
  14. Re:true by Bemopolis · · Score: 5, Funny

    Oh please — you Blame America First types are making me sick.

    Look, WE didn't put all of that delicious oil under their land, GOD did. So if you wish to cast your lot with those that blasphemed Our Lord by denying us access to his mildly inconveniently placed bounty, then go right ahead, sinner. I will pray for your unworthy soul as I fill my tank with His Love.

    --
    "I guess the moral of the story is, don't paint your airship with rocket fuel." -- Addison Bain
  15. Re:Does anyone here think they could do all of tha by Will.Woodhull · · Score: 5, Insightful

    I think it also useful to point out that

    1. In this kind of one-shot job, the code does not have to be good. It only has to be good enough. It would seem that stuxnet was good enough.
    2. There is a certain elegance in not getting any fancier than what will do the job. If the writers of stuxnet had followed the ancient advice of "know your enemy", which apparently they did, they would have known what level of obfuscation was needed, and may have purposefully chosen to code stuxnet to that level.

    It will be interesting to see what other malware is found in Iran. For it seems very unlikely that stuxnet was the only arrow in the quiver. It seems much more likely that it is just the first of several products to be discovered.

    --
    Will