Schneier Calls US Stuxnet Cyberattack a 'Destabilizing and Dangerous' Action

← Back to Stories (view on slashdot.org)

Schneier Calls US Stuxnet Cyberattack a 'Destabilizing and Dangerous' Action

Posted by timothy on Tuesday June 19, 2012 @01:24AM from the excuse-me-while-I-pluck-out-your-eye dept.

alphadogg writes "Revelations by The New York Times that President Barack Obama in his role as commander in chief ordered the Stuxnet cyberattack against Iran's uranium-enrichment facility two years ago in cahoots with Israel is generating controversy, with Washington in an uproar over national-security leaks. But the important question is whether this covert action of sabotage against Iran, the first known major cyberattack authorized by a U.S. president, is the right course for the country to take. Are secret cyberattacks helping the U.S. solve geopolitical problems or actually making things worse? Bruce Schneier, whose most recent book is 'Liars and Outliers,' argues the U.S. made a mistake with Stuxnet, and he discusses why it's important for the world to tackle cyber-arms control now."

33 of 351 comments (clear)

Min score:

Reason:

Sort:

Nonsense! by fuzzyfuzzyfungus · 2012-06-19 01:28 · Score: 5, Funny

How could contributing to the spread of clever computer-intrusion technologies(both with things like Stuxnet, and with the pernicious habit of doing business with the sort of slimy vulnerability-sellers whose customers want to exploit, not patch, them), possibly be a bad idea for a country whose citizens, businesses, government, and R&D capabilities are overwhelmingly dependent on computerized infrastructure?

That's crazy talk.
1. Re:Nonsense! by luis_a_espinal · 2012-06-19 02:05 · Score: 5, Insightful
  
  The astonishing thing is that anyone in the Obama administration was stupid enough to think that secrecy could be maintained on this indefinitely.
  
  Who says they were thinking that? Trying to keep it under wraps as long as possible (a reasonable strategy from a tactical/strategic POV) does not imply the belief it can be done so indefinitely.
  Your sentence makes a nice target against which to launch a tirade, but barring corroborating facts, it is one built on speculation.
Obama's Record by MyLongNickName · 2012-06-19 01:31 · Score: 5, Insightful

I voted for Obama based on two things: I hated how George Bush increased deficits recklessly and I hated how the Republican cavalierly meddled in other country's affairs using military might.
I feel like a fool.

--
See my journal for slashdot ID's by year. Mine created in 2005. http://slashdot.org/journal/289875/slashdot-ids-by-year
1. Re:Obama's Record by Mitchell314 · 2012-06-19 01:41 · Score: 5, Interesting
  
  Normally I'd agree with you, but in this case bytes is better than bullets, IMO. If the future of warfare is more about breaking machines and less about killing people, well it is a step up.
  
  --
  I read TFA and all I got was this lousy cookie
2. Re:Obama's Record by poetmatt · 2012-06-19 01:52 · Score: 4, Insightful
  
  The only difference between machines and bullets is that it's easier to affect a far more widespread amount of machines in a more discriminate fashion.
  Disable pacemakers? Shut down a hospital's equipment? These things will kill people too.
3. Re:Obama's Record by Anonymous Coward · 2012-06-19 01:59 · Score: 4, Informative
  
  This program started under Bush.
4. Re:Obama's Record by Kidbro · 2012-06-19 02:02 · Score: 4, Insightful
  
  This is possible, but at least it hasn't happened yet. While I'm not particularly happy about the Stuxnet attack, I couldn't accuse it of murdering hospital patients & civilians.
  The same can not be said for the gun using meat space branch of the American war machine.
  
  --
  May we live long and die out
5. Re:Obama's Record by MyLongNickName · 2012-06-19 02:07 · Score: 4, Informative
  
  You realize that Obama has increased troops to Afghanistan and only removed troops from Iraq when forced to by their government? Gitmo is also still open.
  
  --
  See my journal for slashdot ID's by year. Mine created in 2005. http://slashdot.org/journal/289875/slashdot-ids-by-year
6. Re:Obama's Record by vawwyakr · 2012-06-19 02:23 · Score: 4, Insightful
  
  The problem is here in the US, we're faced with a set of false choices. Both sides are lying backstabbing scum bags, it really doesn't matter who you vote for at this point. Obama just doubled down on the proof of this. People who point fingers at one side of the other are just missing the reality of the situation and getting caught up in the gamesmanship that is going on.
7. Re:Obama's Record by luis_a_espinal · 2012-06-19 02:23 · Score: 5, Insightful
  
  So let me get this straight, you thought any US administration was just going to sit by and let Iran gain nuclear capabilities.
  Apparently that is his/her line of thinking, and for that, humanity weeps.
  I don't understand what in Baal's name these ignoramuses expected when they voted for Obama, that he was going to kumbaya his way to the Ayatollah's hearts, that Bin Laden was going to repent and kill himself out of remorse, that all the jobs that went to China will come back (and with a pay increase to boot), and that all the shit that permeates international reality was going to magically turn into Pandora's bioluminescent flowers and hexapodal bunnies with cute emerald eyes, with Thinkerbell pixie dust poured from over a rainbow in peaceful anarchic harmony?
  Uninformed, delutional ideological thinking (be it left or right leaning), that is the stuff nightmares are made of.
  I didn't vote for Obama in 2008, but I can't really say he is doing a terrible job, or that he lied. I actually like him more than what the GOP (the party I'm registered for) has to offer, and he has done a decent job considering all current factors.
  People who now feel betrayed for voting for him are as stupid as the people who think Obama is the root cause of all evil and that shit will turn to honey once they vote a Repub back into the presidency (specially if he believes Darwin's "On The Origin of Species" is a work of fiction.)
  Stupidity of the most grotesque kind permeates both sides of the political spectrum. Such is the ethos of the at-will uneducated simpleton masses.
So, they have found the proof? by Robert+Zenz · 2012-06-19 01:31 · Score: 3, Interesting

Is there really proof that it was the U.S.? I mean besides that awesome author who has 7 sources which want to stay hidden and that "Of course it was the U.S.!" attitude...
1. Re:So, they have found the proof? by crazyjj · 2012-06-19 01:36 · Score: 5, Informative
  
  Would you liked a signed letter from the CIA and NSA directors talking about their top secret program? Because, obviously vetted sources in the most reputable newspaper in the U.S., a Congressional investigation into the leak, a Presidential denial of the leak, etc. aren't enough to convince you. So I'm assuming that we need to get Leon Panetta to come over to your house and read you in on the program.
  
  --
  What political party do you join when you don't like Bible-thumpers *or* hippies?
2. Re:So, they have found the proof? by AHuxley · 2012-06-19 01:46 · Score: 4, Interesting
  
  http://www.theatlanticwire.com/global/2012/06/israeli-spies-want-credit-stuxnet/53354/
  Others want their expertise to rank with the NSA it seems :)
  
  --
  Domestic spying is now "Benign Information Gathering"
3. Re:So, they have found the proof? by Maximum+Prophet · 2012-06-19 01:59 · Score: 5, Insightful
  
  A friend of mine was in the Air Force in the '50s, stationed in France. While he was there, several Soviet generals were invited to tour the facilities, and inspect the bombers. My friend stated that if he had disclosed this information, he'd have been hanged, but here they were giving it away.
  
  Of course, this was a controlled release of info, excluding critical operational details. Deterrence only works if the other side thinks that you have better weapons and will use them. So, yes, sometimes you do have to leave a calling card. The thing is, sometimes it looked like the US Government and the Soviet Government were in a conspiracy against their own respective peoples.
  
  --
  All ideas^H^H^H^H^Hprocesses in this post are Patent Pending. (as well as the process of patenting all postings)
4. Re:So, they have found the proof? by Maximum+Prophet · 2012-06-19 04:10 · Score: 4, Interesting
  
  Deterrence is a weasel word. The word you're looking for is "Fear"...
  No, Arthur C. Clarke talked about this w.r.t. technology. There are fears that are destabilizing, and fears that stabilize. If your "enemy" thinks that you are going to come to him and take his stuff, that fear destabilizes, weapons escalation is destabilizing. If your "enemy" has good intelligence, and knows that your weapons are secure and non-mobile, that fear is stabilizing, he knows he's safe now, but if he attacks those weapons are available.
  To paraphase Mr. Clarke, more nuclear bombs, destabilizing. More spy satellites, stabilizing.
  
  That sad part of the human existence, is that if your "enemy" doesn't fear you in the least, and has no reason to believe you will oppose him, he *will* come and take your stuff.
  
  --
  All ideas^H^H^H^H^Hprocesses in this post are Patent Pending. (as well as the process of patenting all postings)
No this is where the U.S. made a mistake with Iran by crazyjj · 2012-06-19 01:31 · Score: 5, Insightful

The U.S. made a mistake with Iran with that stupid "Axis of Evil" speech. I'm still not sure why that speech isn't recognized as one of the biggest diplomatic blunders in recent history. First of all, lumping Iran and North Korea in with Iraq (who Bush planned to invade) served no good purpose. It was basically an open threat to Iran and North Korea that we were going to invade them next. And, not surprisingly, both responded by ramping up their nuclear weapons programs to a feverish pace (since nukes are basically the only way to ensure that the U.S. can't invade).
Iran was actually getting pretty moderate before that speech, even sending open condolences and holding vigils after 9-11, with fairly moderate leadership. After the speech we get Ahmadinejad and and full-on nuke program. Smart move, George.

--
What political party do you join when you don't like Bible-thumpers *or* hippies?
I Think You Missed the Point by eldavojohn · 2012-06-19 01:35 · Score: 5, Interesting

How could contributing to the spread of clever computer-intrusion technologies(both with things like Stuxnet, and with the pernicious habit of doing business with the sort of slimy vulnerability-sellers whose customers want to exploit, not patch, them), possibly be a bad idea for a country whose citizens, businesses, government, and R&D capabilities are overwhelmingly dependent on computerized infrastructure?
I have to disagree with you here. To ensure that your businesses and citizens and government and infrastructure are sound, you should always be investigating modes for attacks and publishing them. My logic is that if the United States Government is able to develop this, then so is China's, Russia's, India's, etc so get it out in the open already. In fact, your claim almost seems to advocate security through obscurity. If you want to ensure that people aren't pilfering data without your knowledge, publish your exploits and what you see as "contributing to the spread of clever computer-intrusion technologies" could just as well be seen as "telling SCADA and other makers to pull their heads out of their asses and fix this." Also, your statements can apply to every single country now, even third world countries are largely dependent on networking hardware to function.

The reason this is a "destabilizing and dangerous" action was because it was effective -- not because the US Government secretly given hackers a bunch of ways to hack every computer ever made. Also, the US kind of lost the "moral high ground" now when someone hacks their nuclear facilities with the intent of disabling our capabilities. Use an effective cyber attack against a nation state that does not have similar capabilities ... "destabilizing and dangerous" is a definition of what you can expect the repercussions to be.

--
My work here is dung.
1. Re:I Think You Missed the Point by fuzzyfuzzyfungus · 2012-06-19 01:52 · Score: 5, Interesting
  
  I apologize if I wasn't clear; but my point was that possessing electronic offense and improving electronic defense are directly at odds with one another(and, as you note, we are hardly the only country with a supply of adequately smart geeks.)
  
  If you want to use an attack, you need a vulnerability. If you want to use an attack against a really clueful adversary, you may need a really juicy vulnerability, a set of zero-days(as with Stuxnet) or that nifty code-signing trick with Flame, or the like. This is where the trouble starts:
  
  Your attack people now have a direct interest in keeping certain vulnerabilities unfixed. Since much of the world's software is widely used, and has a reasonably publicly visible update process, there is no viable way to sneak out some kind of 'Important vulnerability fix for Win32 systems in the US only'. Either you keep the bug secret, leaving your own people vulnerable, in the hopes that you can hit the other guy before he discovers the problem, or you protect everyone from that vulnerability by getting it fixed.
  
  Having US 'national security' types researching vulnerabilities is a good thing; but only if they do so with the intent of getting them fixed(US-CERT vulnerability reporting, for instance, makes us stronger.) That is how you 'get it in the open'. Things like Stuxnet and Flame were based on vulnerabilities that were kept in the dark(during which time they could have been used against us) for as long as possible.
  
  It's not that I advocate security through obscurity(quite the opposite, in fact), it's that in order to possess good offensive tools you must, necessarily, have knowledge of vulnerabilities that you are concealing. You had to discover them in order to build your attack system, you have to hide them in order to preserve its effectiveness. That's the problem. Possession of useful offensive capabilities implies that you are condemning everyone, your own people included, to security-by-obscurity.
2. Re:I Think You Missed the Point by tqk · 2012-06-19 02:56 · Score: 4, Insightful
  
  I see this as a valid reprisal against Iran's refusal to cooperate with UN weapon inspections or whatever.
  Sadaam Hussein was fighting UN weapons inspectors tooth and nail, yet he didn't even have WMDs. Perhaps he just didn't want his adversaries to know how weak he was? Considering all the sabre rattling the US's done recently, I'd be holding my cards close to my chest too were I Iran.
  
  --
  "Tongue tied and twisted, just an Earth bound misfit ..." -- Pink Floyd.
Re:No this is where the U.S. made a mistake with I by Anonymous Coward · 2012-06-19 01:44 · Score: 5, Insightful

Smart move, George.
Intentional move, with successful outcome. The POTUS needs an outside enemy so the people will forget to debate internal issues.
You Are Spreading Lies by eldavojohn · 2012-06-19 01:48 · Score: 4, Informative

Iran was actually getting pretty moderate before that speech, even sending open condolences and holding vigils after 9-11, with fairly moderate leadership. After the speech we get Ahmadinejad and and full-on nuke program. Smart move, George.
You are flat out wrong. The candle light vigils held for 9-11 victims were entirely citizen events and had nothing to do with the government. I have two Iranian citizens as good friends and they are completely different people than Ahmadinejad and, worse, their nutjob supreme leader. Your insinuation that Iran the nation state sent open condolences and held vigils after 9-11 is laughable and erroneous -- some of the leadership did condemn the attacks but that's as far as it went. Hate the nation not the national. Hate the religion not the religious.

Your blame on George is also largely misplaced. They had deals with Russia to improve their nuke program long before him and the leaders have always wanted the ultimate weapon. I know life would be simpler if everything was George W. Bush's fault but, unfortunately for you, we must face reality.

--
My work here is dung.
1. Re:You Are Spreading Lies by crazyjj · 2012-06-19 01:58 · Score: 3, Insightful
  
  If you had read my statement more carefully, you would note that I said "Iran was actually getting pretty moderate before that speech", that means the people as well as the government. Yes, before that speech the people held vigils and the government sent condolences. It was only afterwards that they ramped up their dormant nuke *weapons* program and elected nutjob (by a 62% margin) to lead the country.
  Before dipshit got up and made his "Axis of Evil" speech, the people were quite sympathetic to the U.S. and their leader was Mohammad Khatami, a reformer and moderate. Guess what happened to him after W. had his "We're coming for you next, Iran" cowboy moment?
  
  --
  What political party do you join when you don't like Bible-thumpers *or* hippies?
Nobel Peace Prize winner by MobyDisk · 2012-06-19 01:52 · Score: 3, Funny

I wonder if that Nobel Peace Prize burns in his hand yet.
1. Re:Nobel Peace Prize winner by Hatta · 2012-06-19 03:18 · Score: 3
  
  Two options: take military action against Iran to prevent them destabilizing the region
  Since when is a sovereign nation developing defensive capability "destabilizing"? Attacking a sovereign nation when it exercises its right to defense is far more destabilizing.
  
  --
  Give me Classic Slashdot or give me death!
No enforceable treaty is possible on this. by anwyn · 2012-06-19 01:52 · Score: 3, Interesting

There is no way to prove whether a nation is engaged in offensive cyber warfare. It will always be possible to say those things were done by criminals and malefactors. "The secretary will disavow all knowledge of your actions." If those leaks had happened in China, the leakers would be shot and their families billed for the bullets. Therefore, if a treaty is signed, it will be a one-way treaty partially enforceable in the West only.
It would be colossally foolish to sign such a treaty.
I can not imagine such a treaty being ratified.
Therefore, baton down the hatches a storm is coming.
Nobody ever won a war by following rules by Overzeetop · 2012-06-19 01:54 · Score: 4, Interesting

The pacific portion of WWII ended because we annihilated two cities - civilians and all - and threatened to to turn the island of Japan into a wasteland. War sucks, and shouldn't need to exist, but it does. Good? Bad? Think of it this way - do you want to be the country that doesn't have nuclear weapons because they're "against the rules," or do you want to have them because - rules or not - people are much less likely to fuck with you if they know you can destroy them?

--
Is it just my observation, or are there way too many stupid people in the world?
1. Re:Nobody ever won a war by following rules by crazyjj · 2012-06-19 02:40 · Score: 4, Insightful
  
  The pacific portion of WWII ended because we annihilated two cities
  Yeah, except there is just one problem with that Iran = WWII-Japan analogy. Iran never attacked us, isn't at war with us, and has absolutely no imperial ambitions. But other than that, sure, Iran is exactly like Imperial Japan in 1945.
  
  --
  What political party do you join when you don't like Bible-thumpers *or* hippies?
Re:Yes, and? by Darth+Snowshoe · 2012-06-19 02:42 · Score: 4, Funny

Schneier goes commando! Every day!
Re:Yes, and? by Hatta · 2012-06-19 03:07 · Score: 4, Insightful

And if you see a vulnerability in scum like Kim Barking Mad Teapots North Korea or Ahmadinejad's Iran then we should be doing our best to take them out now whilst we still can.
Which is exactly the mind set that got us into this position. Neither Iran nor North Korea would be such a big problem for us now if we hadn't sponsored a coup in one, and used the other as a proxy during the Cold War.
The way we deal with them today will set the stage for the next 50-100 years. We can keep fucking with them, or we can work on decreasing tensions.

--
Give me Classic Slashdot or give me death!
Re:Yes, and? by Glarimore · 2012-06-19 03:38 · Score: 3, Insightful

I wish I had mod points. A million times this.

The US regularly commits acts that if committed against us would cause a full-scale war. It's unacceptable. If you're in power and you abuse those around you, guess what happens when you start losing power and they gain it?

"With great power comes great responsibility." The US over the past 60 years has demonstrated the responsibility of a small child.

As a young person, I'm just trying to be optomistic the future -- because I really do think this country is fucked.
Re:Yes, and? by Psyborgue · 2012-06-19 04:07 · Score: 4, Funny

That's assuming tensions can be decreased. That's assuming if we decrease pressure, Iran or North Korea would back down. The problem with your assumptions is it assumes everybody is rational and by the same things. In case you haven't noticed, not everybody is. In Iran's case, religion is a big factor. Mutually assured destruction, to people who regularly strap explosives to their chests, is not a deterrent but rather an incentive. In North Korea's case, you have a teenager in charge who has been brought up his whole life as some sort of Messiah. I would trust Rick Santorum or Sarah Palin with ICBMs before I would trust those two.
Re:Yes, and? by GodfatherofSoul · 2012-06-19 04:22 · Score: 4, Interesting

That's not entirely the modern problem. We had relations relatively stabilized under Clinton. When Bush II adopted the PNAC world view, severed our relations with NK and Iran, declared his axis of evil, then scaled his foreign policy based on access to nuclear weapons, that basically told every two-bit dictator on the planet that a nuclear arsenal is "U.S. Invasion"-bane. That completely contradicted the message we've been trying to communicate to 3rd world countries for 50 years; nuclear weapons are expensive, hard to secure, dangerous, incite regional arms races, and an irreversible strategic choice.
The new mantra (as perceived around the world) is the US wants nukes and doesn't want you to have them just in case we want to change your leadership. This is all a part of the horrible damage to our image that probably won't ever be righted.

--
I swear to God...I swear to God! That is NOT how you treat your human!
Re:Yes, and? by DesScorp · 2012-06-19 04:36 · Score: 5, Informative

And if you see a vulnerability in scum like Kim Barking Mad Teapots North Korea or Ahmadinejad's Iran then we should be doing our best to take them out now whilst we still can.
Which is exactly the mind set that got us into this position. Neither Iran nor North Korea would be such a big problem for us now if we hadn't sponsored a coup in one, and used the other as a proxy during the Cold War.
The way we deal with them today will set the stage for the next 50-100 years. We can keep fucking with them, or we can work on decreasing tensions.
This is absolutely astonishing. We "used" North Korea as a proxy? Really? Crawl out of your political cocoon for a minute, and look at the facts: North Korea is a pariah because it attempted an invasion of South Korea in 1950, supplied and backed by the Soviet Union and Maoist China. The Norks were a proxy, all right, but a proxy used as a weapon against the West and emerging Asian democracies by Stalin and Mao.You DO know this, right? Or are we going to get a conspiracy theory about it? And ever since, they've periodically attacked the South or US forces stationed there. The regime is infamous for kidnapping South Korean citizens for reasons as varied as the need for political prisoners to Kim Jong Il having the hots for a actress he saw in the South. The Norks are as institutionally brutal, corrupt, and totalitarian as any regime in history, and they got that way all on their own. Every time we try to "decrease tensions" with the North... giving them aid, etc... they abuse it, renege on their agreements, and inevitably attack the South in some manner. Did you forget that they sank a ship of the SK Navy a few years ago, literally because they could get away with it? That they just woke up one day and decided to shell South Korea last year?
You can debate the Iranian situation (though I think an Islamist government was inevitable no matter what policy we followed), but to somehow blame us for North Korea is the very height of what Jeanne Kirkpatrick used to call the "Blame America First" syndrome.

--
Life is hard, and the world is cruel