Slashdot Mirror

← Back to Stories (view on slashdot.org)

Was Russia Behind Stuxnet?

Posted by Soulskill on from the from-russia-with-root dept.

An anonymous reader writes "Despite the U.S. and Israel being widely assumed to be responsible for Stuxnet, Russia is the more likely culprit, says U.S. Air Force cyber analyst. The nuclear gangsterism of the past 20 years gives it plenty of motive. Quoting: 'So what better way to maintain Russian interests, and innocence, than to plant a worm with digital U.S.-Israeli fingerprints? After all, Russian scientists and engineers are familiar with the cascading centrifuges whose numbers and configuration – and Siemen’s SCADA PLC controller schematics – they have full access to by virtue of designing the plants. ... the observers of the virus could alert the Iranians before full nuclear catastrophe struck. The Belarusian computer security experts who 'discovered' the code seemingly played that role well. They didn't seem too preoccupied with reverse engineering the malicious code to see what it was designed to do.'"

32 of 281 comments (clear)

  1. Government responsible says, 'Look, commies'. by Anonymous Coward · · Score: 5, Insightful

    Let's all trust the U.S. propaganda machine. It was the Russians.

    1. Re:Government responsible says, 'Look, commies'. by Anonymous Coward · · Score: 5, Funny

      But they took out the TSA in Modern Warfare, so that makes them the good guys in my book.

    2. Re:Government responsible says, 'Look, commies'. by arglebargle_xiv · · Score: 5, Funny

      Let's all trust the U.S. propaganda machine. It was the Russians.

      Damn straight it was the Russians! It's all part of the Russian infiltration, Russian indoctrination, Russian subversion and the international Russian conspiracy to sap and impurify all of our precious bodily fluids. Stuxnet is without a doubt the most monstrously conceived and dangerous Russian plot we have ever had to face.

    3. Re:Government responsible says, 'Look, commies'. by hairyfeet · · Score: 5, Interesting

      Besides didn't some Israeli general upon retirement say something to the effect of "LOL I helped kick some ass with Stux didn't I?". The whole thing smelt like Mossad to me. Frankly I honestly don't blame the Iranians for wanting the bomb as pretty much everyone in that region that hasn't kissed US bankster ass or have a bomb has been stomped on, they have the US Navy practically sitting off their coast and US drones buzzing overhead.

      As has been said many times its not paranoia if they really are out to get you and the Neocons made it clear years ago that Iran was on their hit lists. If Iran says something like "We won't accept dollars for oil, only gold" like old MoMo did they'd probably be invaded before the year was out. pretty much the only way to not get stomped on by the US military anymore is to have the bomb. Kinda sad, but that's reality, the MSM is happy to dance to any tune their masters tell them to and its too easy to get the average citizen to believe anything the TV tells them to, just look at that poll where 40%+ thought we went into Iraq over 9/11.

      Iran knows the clock is ticking and if they don't have the bomb some neocon is gonna come into power and squash them like a bug, if for no other reason than they don't get along with Israel and too many neocons are of the "Jesus won't come back if there aren't Jews in Zion! Come back Jesus come back!" variety. i don't know what is scarier, the Mullahs wanting a bomb or the fact that one of the most highly weaponized countries in the west have a large power base that believes the ME policy should be based on 1800 year old words written on a sheep's ass by goat herders about some 2000+ year old dead guy and how he needs a certain race in a certain place so he has a spot to park his fluffy white cloud.

      --
      ACs don't waste your time replying, your posts are never seen by me.
    4. Re:Government responsible says, 'Look, commies'. by Lord+Duran · · Score: 4, Interesting

      Your rant is pure demagoguery.

      What you seem to disregard is that Iran is now ruled exclusively by a religious leader, and that his dog Ahmadinejad doesn't just not get along with Israel, but calls out for the destruction of Israel pretty much any time there's an open microphone nearby. He does so even though Israel has never done anything bad to Iran and the two countries even had strong military relations prior to 1979.

      You also forget that Iran spends millions of oil dollars every year funding terrorist organizations whose sole purpose is to harm and kill American and Israeli civilians.

      What your last paragraph is basically saying is that it's OK for Iran to destroy Israel (even if we assume that they could), because Christianity is false. Even if Christianity is false, nobody has the right to destroy another country the way Iran wants to destroy Israel.

    5. Re:Government responsible says, 'Look, commies'. by Yvanhoe · · Score: 5, Interesting

      Any conspiracy theory about stuxxnet has to explain this fact : http://www.net-security.org/secworld.php?id=10596

      An Israelian general claims to have worked on Stuxxnet.

      --
      The Wise adapts himself to the world. The Fool adapts the world to himself. Therefore, all progress depends on the Fool.
    6. Re:Government responsible says, 'Look, commies'. by postbigbang · · Score: 5, Insightful

      A controlling minority in Iran is doing really stupid things. That justifies bombing them back into the Stone Age? I think the Stux virus is a stroke of genius. Whether Conficker was the delivery vehicle, or a USB drive, I don't care. It did the job peacefully of screwing up Iran's fueling program. What's to say it can't be done again? Why spend all of the weaponry when it can be done inside, without the loss of life, without a huge cost?

      The Persian people still have a chance of overthrowing their repression.

      If you use nukes, you open up a Pandora's Box that you probably won't be able to close. You'll give every terrorist idiot a reason to become martyrs using equal or uglier tactics.

      The regime in Iran, if they were to use nuclear weapons, would probably point them towards Israel. It would be the last thing they ever did. Instead, they want to play politics, and taste the power that comes by being India, Pakistan, etc. It's all about their sense of power, and respect, and ego.

      --
      ---- Teach Peace. It's Cheaper Than War.
    7. Re:Government responsible says, 'Look, commies'. by Runaway1956 · · Score: 5, Insightful

      Hah. As a veteran, yeah, the Russians WERE the "bad guys". I guess a lot of adults today are to young to remember the Cold War.

      But, today, no. The Russians are no longer the "bad guys". But, neither are we the "good guys". Today, we're just assholes, and the Chinese stand at a crossroads, where they could be the new "bad guys" or the new "good guys". Russia? Let's wait for their next revolution before we decide what the hell they are.

      --
      "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
    8. Re:Government responsible says, 'Look, commies'. by Runaway1956 · · Score: 4, Insightful

      Uhhhh - you put Pakistan on the same list as India? Odd. India has it's share of inbred tribals, they have their share of corruption, and they have their share of idiots in office. But, Pakistan? They are nothing BUT a bunch of inbred tribals! Power? They know nothing of power, outside of sword rattling.

      And, I strongly suspect that the US military knows exactly how to take out each and every one of Pakistan's weapons, in the event that Pakistan finally rolls over, and allows the Taliban to take control. Pakistan simply doesn't have any real power.

      Today's Iranian government might stand shoulder to shoulder with Pakistan, but they don't have a prayer of joining ranks with India.

      --
      "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
  2. Full Nuclear Catastrophe? From a centrifuge? by douglips · · Score: 4, Insightful

    Centrifuges can't cause a catastrophe, other than of the "oh shit my centrifuge just came apart and shredded my lab" kind. There is not a nuclear chain reaction to go out of control here.

    --
    My amazing wife - Artist, Author, Philosopher - Laurie M
  3. I blame it on Cthulhu by BLToday · · Score: 4, Funny

    That's the only logical explanation.

  4. Re:Full Nuclear Catastrophe? From a centrifuge? by MrQuacker · · Score: 4, Informative

    Well, the centrifuge itself doesnt. But if it somehow infects a critical PLC, like say the one that controls reactor rods, or ventilation, or whatever.

    Point being, something other than centrifuges could get infected, and that something could be bad.

  5. Really? by Acapulco · · Score: 5, Insightful

    Beyond the obvious fact that we will never know for sure who actually created it, it seems pretty naive to think a US 'cyber analyst' would say or even think anything different. After all Israel is a close US ally so it isn't like they would be interested in "telling the truth". It's like the boy who punches the other boy behind the teacher's back, of course he is not going to rat itself.

    So how is this a credible source? Maybe if it came from a team of international security researchers with evidence or something I would deem it a valuable piece of analysis.

    I kinda see this "research" as the ones conducted by Microsoft to evaluate IE, or Google to do so with Chrome and, oh surprise, they always come ahead. More like a political thing to say than any actual useful information or analysis being brought to light.

    --
    Slashdot. Unreadable news to annoy nerds. - wonkey_monkey
    1. Re:Really? by MimeticLie · · Score: 5, Insightful

      Except that this guy is a US Air Force analyst.

      So it's not a case of assuming a US citizen couldn't speak ill of the US; more a case of assuming that if the military is paying him to say this, it wants this version of events propagated (note that the piece doesn't provide any evidence pointing to the Russians. His argument is basically, "Well, they could have. And if we make a bunch of assumptions, they might have wanted to as well".).

    2. Re:Really? by Archtech · · Score: 5, Insightful

      Considering Slashdot is slight more anti-American than the Taliban that's obviously not true.

      Sorry, but I won't sit still for that. As a European who has always tried very hard to be cosmopolitan - a citizen of the world, and a member of the human race, rather than any kind of nationalist - I find that Slashdot is quite sophisticated technically, a bit less so politically, and actually exhibits a quite noticeable pro-American bias.

      Of course there are exceptions: I'm one of them. And there are a few people who blame everything on America. But what I'm saying is that, even among apparently sensible, well-educated, reasonable Slashdotters I find that, on average, there is a slight but very definite US "home team advantage". And that is quite natural, seeing how many Slashdotters are American; there's nothing wrong with patriotism and pride in your country.

      --
      I am sure that there are many other solipsists out there.
  6. I live in Russia by Anonymous Coward · · Score: 5, Interesting

    And it's unlikely the government could be bothered with this elaborate conspiracy, the modus operandi seems to be to take Iranian money and just never finish the projects since off the record Russia doesn't really like Iran anymore than anybody else does. Probably what really happened is that USA or Israel tracked down some Russians working on the project and gave them some giant piles of money in order to do plant some virus they'd made. After this went through a lot of Russian scientists got scared because Iran was interrogating everyone to try and find out who was responsible.

    Having said that a lot of people think Iran wont nuke Israel because that'd kill arabs too, or that they're not insane or that USA/Russia has nukes too so it's no different. The main difference is someone like Putin is primarily interested in being a crime boss, he has no inherent desire to wipe some places he doesn't like such as Washington DC off the map. Iran on the other hand does when not slaughtering their own people does foreign policy things that don't really make sense like bombing some Jews in Argentina which had no practical benefit for Iran. They're rather juvenile as can be seen by the way they make their cute little American flag with skulls instead of stars last week. I think it's more likely they'd try to detonate a bomb through the Lebanese border to make things look more ambiguous than launch a traceable missile from Tehran. Yes that'd kill a lot of muslims too, but so did their chaining soldiers together and forcing them to march into gas attacks strategies during the war with Iraq.

    1. Re:I live in Russia by shutdown+-p+now · · Score: 4, Informative

      Having said that a lot of people think Iran wont nuke Israel because that'd kill arabs too

      Iran couldn't care less about what happens to the Arabs. Iranians are different ethnically, culturally and religiously (Shia vs Sunni), and there's no love lost between the two. Indeed, it is debatable whether Israel is really Iran's enemy #1 (other than in propaganda), or whether their neighboring Sunni majority countries are that.

  7. Occam's Razor by cosm · · Score: 5, Insightful

    No.

    --
    'We are trying to prove ourselves wrong as quickly as possible, because only in that way can we find progress.' RPF
    1. Re:Occam's Razor by mr100percent · · Score: 4, Interesting

      Well, the NYTimes reports proof that it was tested in Israel, which makes Russia unlikely.

    2. Re:Occam's Razor by martin-boundary · · Score: 4, Insightful
      No, Occam's Razor suggests that the obvious enemies of Iran are the obvious culprits, namely US/Israel.

      Inventing fairytales about Russian double indirection to damage America is way too complicated, and believing an American intelligence analyst about the fairytale existence of a double indirection by Russia just to attack America's reputation (ie not even a real attack) is even more complicated.

      KISS.

  8. Re:Full Nuclear Catastrophe? From a centrifuge? by FrozenFood · · Score: 5, Interesting

    its entirely possible to run an entire nuclear power plant from the control rod insertion to button that opens the front gate off a single Siemens PLC, e.g. their S7-400 with a big CPU. off the CPU comes Profibus which can go directly to input sensors, pnumatic valves, HMIs. The profibus is quite a safe thing, becasue it is just RS485 underneath. The new thing that siemens is touting is profiNET, which as the name implies is just the profibus protocol over ethernet. with control systems running off ethernet is fine, but siemens also do DIN mount 100mb/s ethernet switches where anyone can plug a laptop in and stop/start/upload more code to the entire network with their prodave application.

  9. Propaganda by da8add1e · · Score: 5, Insightful

    all i needed to see was "An anonymous reader writes:" and the-diplomat.com, this is blatant propaganda -100 score It has no newsworthy merit is inaccurate in many ways as has already been pointed out by others (centrifuge's causing meltdown???) i know america is pissed about getting caught red handed with this, and also about the missile shield debacle http://www.reuters.com/article/2011/11/24/us-russia-medvedev-missiledefence-idUSTRE7AN1NE20111124 that's currently ongoing but how is aggravating Russia going to help in either matter?

    1. Re:Propaganda by Dails · · Score: 4, Insightful

      I'm pretty sure that nobody was caught with a hand of any color, which is basically why stuxnet was such a significant piece of work. You negate your own credibility by calling this inaccurate propaganda when you, in one poorly-constructed sentence, make inaccurate and baseless accusations.

  10. Re:Full Nuclear Catastrophe? From a centrifuge? by Anonymous Coward · · Score: 4, Interesting

    Except that's not how you do it. If your PLC is controlling vital equipment you A) use a password . B) Have the PLC set so that online (means when the PLC is running) program changes are not allowed and C) run redundant PLCs so if there is ever a switch of code in one of them (by a worm etc.) that PLC is locked out and measures taken. However when controlling a Centrifuge one probably wouldn't use redundant PLCs. When it comes to profibus vs. Profinet I would say that the fieldbus has very little to do with security. Most modern PLCs have an ethernet connection for talking to higher level systems anyways no matter which bus you use at the field level. Also anyone WHO can write a virus for a PLC is capable of buying one of the many different devices for connecting to a Profibus or MPI port of a Siemens PLC. /Industrial-programmer (not in nuclear area)

  11. Why assume a nation-state is behind this? by Darth+Cider · · Score: 5, Interesting

    It's just assumed that Stuxnet is SOOOO advanced that only a nation-state could devise this zero-day infiltration into the centrifuge system of Iran.

    Why assume that nation-states are behind it, and not corporations? A lot of companies would be hard hit if Iran became a threat to stability. Even major defense contractors, who profit from building weapons, would see little upside in a conflict with Iran.

    The news and the internet buzz all say that it has to be a government backed thing, but what if it is simpler than that? It is far simpler to imagine that a private concern is behind it. They can pay for the talent. They have as much at stake as any government.

  12. Re:Full Nuclear Catastrophe? From a centrifuge? by SuricouRaven · · Score: 4, Informative

    It is. For a start, the centrifuges aren't full of uranium. They are full of uranium hexafluoride, a gas. No possibility of it going critical. The worst case scenario would be that containment is ruptured and the gas escapes - it's nasty stuff, about a ten on the flesh-melt-o-meter, and will quite happily burn though walls and boil the skin off of anyone who gets in it's way. If that happens it'll kill a few workers and completly destroy the centrifuge, but that's all. No boom.

  13. Re:Full Nuclear Catastrophe? From a centrifuge? by buchner.johannes · · Score: 4, Informative

    Sorry if I am wrong here, but are you not just producing wild theories here? Surely you don't know what Stuxnet intended to do, so how could you rule that it could not have caused a nuclear catastrophe?

    There was an analysis by German researchers that he bases his information on.
    http://www.wired.com/threatlevel/2011/07/how-digital-detectives-deciphered-stuxnet/all/1
    http://www.ted.com/talks/ralph_langner_cracking_stuxnet_a_21st_century_cyberweapon.html

    --
    NB: The message above might reflect my opinion right now, but not necessarily tomorrow or next year.
  14. Re:Jihadis are as dangerous as Kamikazes by rainmouse · · Score: 5, Insightful

    If the US wanted to, they could have nuked the entire Muslim world after 9/11, given the popular mood in the country.

    Not without facing enforced disarmament and decades of sanctions from the rest of the developed world. This is a very bad American stereotype you are bandying around here. 'We can do what we want because we got the bomb and people should be grateful we don't just nuke them into the stone age..' There is a whole world out there and America becoming a rogue nuclear state would not go down well with the rest of it.

  15. Not exactly Russians... by genka · · Score: 4, Interesting

    ... but Russian immigrants living in and working for Israel. The name "Stuxnet" can be transliterated to "will rot" in Russian. Which was exactly what the Iranian equipment did.

  16. Are they rational actors, or not? by swb · · Score: 5, Interesting

    It all kind of depends on how rationally the mullahs operate.

    I'm pretty sure that the concept has been communicated to the Iranians, either semi-directly through back channels or through other third parties that any use of a nuclear weapon against the US or its "close allies" will result in overwhelming nuclear retaliation, the kind that might cause one to question the future of Persian culture centered around Iranian geography.

    It's long been rumored that the Israelis have indirectly communicated that any NBC attack will result in nuclear retaliation against all Arab capitals and major Islamic religious sites, allowing for a certain group restraint among Arab countries not wishing to see their capital vaporized should a neighbor's anti-Israeli action get too heated.

    And don't think for a second that the Soviets or the Chinese would say a word -- poking a stick at the US via Iran is valuable to the Soviets and the Chinese, but it's not worth trading nuclear strikes with the US.

    One would think that Iranian leaders would take this into account when doing the calculus on nuclear weapons. Are they even worth having, outside of defensive use within their own immediate political theater? Would the cost of development be better spent on something else -- a home-grown cruise missile, long-range missile, some other expenditure?

    That being said, the mullahs may not be rational -- they may be given to magical thinking and have some kind of literal belief in religion that might cause them to not care. We've certainly seen enough rank-and-file religious nuts blow themselves up.

  17. Why would they? by Anonymous Coward · · Score: 4, Insightful

    It doesn't make the slightest sense. A strong Iran is in Russia's interest. If Russia wanted to keep Iran from building a bomb they could just stop supplying nuclear fuel and know-how. Or they could sabotage those plants in much more direct ways because they have access.

    And if the Israeli military is not involved they're certainly playing their role well. They seem to be quite proud of Stuxnet -- rightfully so, except that they should have concealed it longer. That "the US defence and intelligence communities" might have been "caught with their pants down" is not an argument. Not everything Israel does is vetted by the US. Frankly, if I were an Israeli official I would prefer not to involve US agencies, because they have little to contribute and are a security risk.

  18. CLASSIFEID INTELLIGENCE NEWS by Jeremiah+Cornelius · · Score: 4, Funny

    "Trust us! We'll give you 25% MORE smoke and mirrors that the other brand of perception management!"

    --
    "Flyin' in just a sweet place,
    Never been known to fail..."