Slashdot Mirror

← Back to Stories (view on slashdot.org)

Stuxnet Authors Made Key Errors

Posted by CmdrTaco on from the sorry-about-that dept.

Trailrunner7 writes "There is a growing sentiment among security researchers that the programmers behind the Stuxnet attack may not have been the super-elite cadre of developers that they've been mythologized to be in the media. In fact, some experts say that Stuxnet could well have been far more effective and difficult to detect had the attackers not made a few elementary mistakes."

5 of 228 comments (clear)

  1. Just point to the root.org paper by Spyware23 · · Score: 5, Informative

    This is the article worth pointing to on the subject: http://rdist.root.org/2011/01/17/stuxnet-is-embarrassing-not-amazing/, not the bullshit linkbait threatpost.com(MERCIAL) "article".

  2. conspiracy 101 by Anne+Honime · · Score: 5, Interesting

    It may very well be that the lack of proper cloaking was intentional, for at least two reasons : on the one hand, as long as the aim was reached, there was no need to reveal the full scope of expertise put behind it. Better keep still unknown cloaking techniques in case they may come handy in the future. On the second hand, stuxnet is certainly as much a psychological weapon as it is a technological one. What would be the interest to disrupt Iran's nuclear program if nobody knew what happened ? As such, it's a very good deterrent : any would be rogue third world country willing to go nuclear knows "someone" will take offense and knows that this "someone" has the abilities to bring their program down. But at this point, nobody can pinpoint who this "someone" may be with plausible certainty.

  3. Re:Does anyone here think they could do all of tha by nonguru · · Score: 5, Insightful

    The comments within the article were more informative than the article itself. A number of commentators pointed out the context in which the Stuxnet developers were working and presumed tradeoffs in complexity behind covering their tracks versus achieving their objective. (Which by most accounts appears to have been successful at covering their tracks long enough to permanently damage the uranium centrifuges. Sounds like a solid achievement to me and not whatif conjecture on how good it could have been.) As usual the self-appointed /. experts assume that their "hive" hindsight knowledge could conquer the day. More likely you'd just flame one another over irrelevant technical details, and boast whose toolkit was bigger and more colourful.

  4. Re:true by Bemopolis · · Score: 5, Funny

    Oh please — you Blame America First types are making me sick.

    Look, WE didn't put all of that delicious oil under their land, GOD did. So if you wish to cast your lot with those that blasphemed Our Lord by denying us access to his mildly inconveniently placed bounty, then go right ahead, sinner. I will pray for your unworthy soul as I fill my tank with His Love.

    --
    "I guess the moral of the story is, don't paint your airship with rocket fuel." -- Addison Bain
  5. Re:Does anyone here think they could do all of tha by Will.Woodhull · · Score: 5, Insightful

    I think it also useful to point out that

    1. In this kind of one-shot job, the code does not have to be good. It only has to be good enough. It would seem that stuxnet was good enough.
    2. There is a certain elegance in not getting any fancier than what will do the job. If the writers of stuxnet had followed the ancient advice of "know your enemy", which apparently they did, they would have known what level of obfuscation was needed, and may have purposefully chosen to code stuxnet to that level.

    It will be interesting to see what other malware is found in Iran. For it seems very unlikely that stuxnet was the only arrow in the quiver. It seems much more likely that it is just the first of several products to be discovered.

    --
    Will