Slashdot Mirror

← Back to Stories (view on slashdot.org)

Researchers Say Flame and Stuxnet Share Common Authors

Posted by samzenpus on from the who's-to-blame? dept.

Trailrunner7 writes "Researchers digging through the code of the recently discovered Flame worm say they have come across a wealth of evidence that suggests Flame and the now-famous Stuxnet worm share a common origin. Researchers from Kaspersky Lab say that a critical module that the Flame worm used to spread is identical to a module used by Stuxnet.a, an early variant of the Stuxnet worm that began circulating in 2009, more than a year before a later variant of the worm was discovered by antivirus researchers at the Belarussian firm VirusBlokAda. The claims are the most direct, to date, that link the Flame malware, which attacked Iranian oil facilities, with Stuxnet, which is believed to have targeted Iran's uranium-enrichment facility at Natanz. If true, they suggest a widespread and multi-year campaign of offensive cyber attacks against multiple targets within that country."

22 of 114 comments (clear)

  1. Yeah, no shit by crazyjj · · Score: 5, Insightful

    If true, they suggest a widespread and multi-year campaign of offensive cyber attacks against multiple targets within that country

    What's next, researchers discovering that the recent spate of assassinations of Iranian nuclear scientists are SOMEHOW connected?

    Anyone who hasn't realized (or *claims* not to have realized) by now that there has been an elaborate, multi-year shadow war by the CIA/Mossad trying to sabotage the Iranian nuclear program is either willfully-blind, retarded, or a shill. Christ, Mossad and the CIA barely even bother to *HIDE* it anymore. Everyone in their right mind knew what was really going on the second Stuxnet was dissected. And they certainly realized it the first time mysterious guys on a motorcycle attached a magnetic bomb to the car of a guy who just happened to also be a prominent nuclear scientist in Iran.

    Of course, some willfully-blind, retarded shill out there is going to reply to this and say that those scientists killed themselves and that Stuxnet and Flame were actually created by Iran in an incredibly convoluted attempt to gain world sympathy. Such is true delusion.

    --
    What political party do you join when you don't like Bible-thumpers *or* hippies?
    1. Re:Yeah, no shit by ColdWetDog · · Score: 5, Funny

      Christ, Mossad and the CIA barely even bother to *HIDE* it anymore

      Wait. What?

      OK, the CIA and Mossad I get. Fine. That's what they do.

      But Jesus?

      What's he doing getting into electronic warfare? I thought he was supposed to be a nice guy, turn the other cheek and all that?

      --
      Faster! Faster! Faster would be better!
    2. Re:Yeah, no shit by jandrese · · Score: 3, Interesting

      I don't think there are too many people who are overly skeptical of who made Stuxnet and Flame. The primary arguments seemed to be "Israel or the US, or Israel AND the US?" It seems pretty clear that both of these were a backdoor solution to a problem they felt could not be solved by diplomatic or economic means. Nuclear nonproliferation is something the world as a whole has been very bad at in the past, this could be one of the few success stories.

      --

      I read the internet for the articles.
    3. Re:Yeah, no shit by Anonymous Coward · · Score: 4, Funny

      OP was referring to the young brother Jeezus Christ, not the better known Jesus H. Christ.

      Jesus vs. Jeezus.

    4. Re:Yeah, no shit by Baloroth · · Score: 2

      Trolls will do what trolls do, which is claim crazy theories to get attention and "argue" with people. It's better to ignore them (although the theory about Russia making it is certainly *possible*, just not likely).

      Most people have realized from day 1 that the US and/or Israel was responsible, but their governments would never officially admit to it.

      --
      "None can love freedom heartily, but good men; the rest love not freedom, but license." --John Milton
    5. Re:Yeah, no shit by JuiceWagon · · Score: 2

      You insensitive clod!!! - I'm a willfully-blind, retarded shill

    6. Re:Yeah, no shit by jandrese · · Score: 3, Informative

      Slowing them down is more than the UN, NATO, economic sanctions, political posturing, or anything else has done. Slow down the program enough and maybe there will be time for political reform to bubble up from the bottom. The last elections in Iran drew a lot of anger from the populace, we can only hope that the latent anger eventually boils over and goes full Egypt given enough time. Direct military intervention (regime change) is just not practical, so you do what you can. Anything we can do to hold back the day when Jerusalem is a radioactive crater is a win in my book. Sure it's possible, and maybe even likely, that Mahmoud Ahmadinejad was just blowing smoke with his promises to wipe Israel off of the map, but it's a big gamble when you're talking about the lives of 7.5 million people are on the line.

      --

      I read the internet for the articles.
    7. Re:Yeah, no shit by ShanghaiBill · · Score: 3, Informative

      Didn't the US do this to the Soviets during the cold war too? Something embedded into the hardware sold to the Russians that messed up a factory or plant for nuclear power/weapons?

      Supposedly the CIA put a bug in some gas pipeline SCADA software that caused a major explosion in Siberia. There is some doubt about whether this really happened. More info here: Siberian Pipeline Sabotage.

    8. Re:Yeah, no shit by LordLimecat · · Score: 3, Insightful

      Ignorance abounds. If turn the other cheek was an expression of defiance, what about the immediately following verse of giving your cloak too?

    9. Re:Yeah, no shit by houghi · · Score: 2

      But Jesus? What's he doing getting into electronic warfare?

      I am not sure, but when I see how many politicians thank Him, I would guess a lot.

      --
      Don't fight for your country, if your country does not fight for you.
    10. Re:Yeah, no shit by Monchanger · · Score: 2

      Doesn't evidence of a common developer on two different projects rule out the US government as a suspect?

      Among the many reasons government software takes so long to build, the most painful to me as a programmer was that they still hadn't been required to consider code reuse.

  2. Mexico's Banking Sector by Anonymous Coward · · Score: 2, Funny

    Based on an anagram of "Flame and Stuxnet", I expect the next target to be Mexico's banking sector: Tamale Funds Next.

    1. Re:Mexico's Banking Sector by sycodon · · Score: 2

      Dumping my shares of The Tamale Funds now.

      Too bad because they were pretty hot!

      --
      When Fascism comes to America, it will call itself Anti-Fascism, and tell you to give up your guns.
  3. The two big differences... by jd · · Score: 2

    ...between germ warfare and malware warfare is that the anthrax bombs tested out in Scotland never affected areas outside the impact crater and it costs a lot to genetically modify a bacterium.

    In contrast, most of the world's true psychopaths have access to coders capable of modifying Stuxnet or Flame to do things never intended by the original author, and both have been found globally.

    --
    It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
  4. Obviously by StripedCow · · Score: 2

    They all copied the code from Oracle. They'd better be prepared for a huge fine or a sales ban.

    --
    If Pandora's box is destined to be opened, *I* want to be the one to open it.
    1. Re:Obviously by ColdWetDog · · Score: 4, Funny

      They all copied the code from Oracle. They'd better be prepared for a huge fine or a sales ban.

      No they didn't. Stuxnet and Flame actually work.

      QED.

      --
      Faster! Faster! Faster would be better!
  5. US Government connection by cdrguru · · Score: 2

    It seems that a lot of people are trying to pin Stuxnet firmly on the US Government, current administration. So far it seems to be mostly "unnamed knowledgable sources" which could be BS - but things could get more credible.

    At some point our friends in Iran are likely to decide that Stuxnet cost them millions of dollars and years of work and the US is responsible. If, or when, they come to this conclusion I would expect something quite overt from Iran to show up. Possibly as a retalitory cyber attack, possibly something as crude as blowing up a few buildings full of people. Something that is assured to cost the US more than a few million dollars. Obviously there is very little that can be done to stop such an attack - especially if it came in the form of something like Weather Bug with people clamoring to figure out how to install it in spite of what ever controls, warning and blocks put in their way. Ever seen someone in a business with all locked-down users (no Admin rights) call the help desk to ask if they could have someone install Weather Bug for them? Yeah, like that.

    My guess is that the US isn't backpedaling fast enough to convince the world that it isn't responsible for Stuxnet... so I'd expect retaliation before the end of the year. What would be the point of doing it to a lame-duck president? So probably before November. Of course Iran might decide that Obama is preferrable to Romney and wait until after the election assuming (rightly so) that a successful attack would bring down the government.

  6. Re:The really scary thing by cpu6502 · · Score: 3, Insightful

    To describe 10 million Iranians as "insane" smacks of anti-persian racism. It's the same kind of nonsense people said about blacks during WW2 ("They are not sane or intelligent enough to handle big equipment like tanks or planes.").

    --
    My AC stalker: " I personally agree with your posts most of the time, but that won't keep me from modding you troll"
  7. Kaspersky by FlynnMP3 · · Score: 3, Interesting

    Isn't anybody else besides Kaspersky discovering these things? On the one hand, it is in their best interest to find out as much as they can about this new kind of virus. On the other hand, I get a bit nervous when there appears to be only 1 source for information.

    1. Re:Kaspersky by Mia'cova · · Score: 2

      It was hiding in plain sight. It was signed with valid certificates which essentially white listed it.

  8. Re:The really scary thing by bobbied · · Score: 2

    But it scares the shit out of me to think that Iran is running WINDOWS on sensitive installations, for Uranium processing (even for reactors it is not exactly *safe* material) or other important security/safety functions. If this stupidity exists elsewhere in the world, we live in a VERY SCARY world (like most of the people in the world, probably, I don't live that many miles from a nuclear plant).

    Iran is free to use Windows for what ever they choose and it's fine by me. Just don't run Windows to control the nuke plant in my backyard.

    The really scary thing is that folks actually believe that MAD (a Cold War stance) is a good strategy for dealing with Iran... The US generally already has the ability to turn the bulk of Iran in to glass and it doesn't seem to be bothering them. Now you are suggesting that we simply allow them to develop the ability to do the same to the US? Doesn't seem like a good idea to me, given their rhetoric (not to mention their actual activity) in the region and the US's obvious disinterest in engaging IRAN beyond just disrupting their nuclear progress.

    But who are we kidding... Iran is destine to be as relevant as North Korea if the sanctions now in place are continued for a few years. (A big IF). Yea, it would be a huge mess if a war started, but could the outcome be in question? The longer we can keep sanctions working, the less of a mess it becomes, so while I'm not a MAD proponent, I am a "wait and see" advocate, assuming Iran doesn't do something stupid, like shooting at some aircraft carrier going though the straights or trying to shutdown oil shipping.

    I think the Iranians know that a full out war with the US would not end well for them, so they have so far only threatened to escalate the conflict. The wild card here is Israel. If Israel decides that the risk of a nuclear blast over Tel Aviv is getting to great for them, you can bet that Iran will soon loose the ability by direct strikes if necessary. The risk being that the whole middle east would come apart at the seams and the US would get drawn into a wider conflict. This is my greatest worry, not that they choose to run Windows based computers

    --
    "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
  9. Coincidence? by Anonymous Coward · · Score: 2, Funny

    A primary focus for Bill Gates in years just prior to his retirement: Windows vulnerabilities. Bill Gates retired from Microsoft in June 2008 at the ripe old age of 52. Stuxnet and Flame were released shortly afterward. What did he know and when did he know it?