Slashdot Mirror

← Back to Stories (view on slashdot.org)

Buggy Win 95 Code Almost Wrecked Stuxnet Campaign

Posted by timothy on from the when-governments-attack dept.

mask.of.sanity writes: Super-worm Stuxnet could have blown its cover and failed its sabotage mission due to a bug that allowed it to spread to ancient Windows boxes, malware analysts say. Stuxnet was on the brink of failure thanks to buggy code allowing it to spread to PCs running older and unsupported versions of Windows, and probably causing them to crash as a result. Those blue screens of death would have raised suspicions at the Natanz nuclear lab.

51 of 93 comments (clear)

  1. funny... by garyisabusyguy · · Score: 2

    because it is buggy code that is written with poor security that allows things like this to spread in the first place

    --
    Wherever You Go, There You Are
    1. Re: funny... by Anonymous Coward · · Score: 1

      I'm shocked that your obviously high level of intellect and professionalism did not allow them to overlook your refusal to commit a felony on their behalf by lying to the FBI. Those bastards at MS are just so set in their evil ways.

    2. Re:funny... by Zontar+The+Mindless · · Score: 1

      He did say, "my old roommate", which could be taken to mean he doesn't have one any longer. And one might have a roommate for any numbers of reasons. Not that any of this makes me any more inclined to believe him, just that you seem to pick an odd point to dwell upon.

      --
      Il n'y a pas de Planet B.
  2. Windows !!! by denisbergeron · · Score: 2, Interesting

    WTF anti-american country use a OS developed in the US ?
    Why they didn't use Linux, BSD, even the Russia or RedFlag version ?

    --
    Ceci n'est pas une Signature !
    1. Re:Windows !!! by Shakrai · · Score: 5, Insightful

      Why they didn't use Linux, BSD, even the Russia or RedFlag version ?

      Ask Siemens. They designed the equipment the Iranians are using and wrote most of the control software to operate in a Windows environment. Not that it would have mattered, once you've got an agency with the resources of CIA or Mossad after you it's only a matter of time before they find a way in. Linux is not proof against malware delivered via HUMINT assets.

      --
      I want peace on earth and goodwill toward man.
      We are the United States Government! We don't do that sort of thing.
    2. Re:Windows !!! by Anonymous Coward · · Score: 1

      I don't like the United States of America, yet I still use Windows.

    3. Re: Windows !!! by Anonymous Coward · · Score: 1

      They're on Windows because the customer knows best and the customers for SCADA systems demand Windows. The vast majority of players in that business are primarily targetting Windows.

    4. Re:Windows !!! by cheater512 · · Score: 1

      On Linux the attack would have faced a lot more challenges though.
      No autoplay (which was the core attack vector) and you'd hope the SCADA software would run as it's own user under Linux which isn't possible with Windows.

    5. Re:Windows !!! by Shakrai · · Score: 1

      No autoplay (which was the core attack vector) and you'd hope the SCADA software would run as it's own user under Linux which isn't possible with Windows.

      ???

      --
      I want peace on earth and goodwill toward man.
      We are the United States Government! We don't do that sort of thing.
    6. Re:Windows !!! by Shakrai · · Score: 3, Interesting

      The problem is that it isn't the easiest or most obvious thing to do.

      Yeah, it's like three or four whole mouse clicks to make it happen....

      C'Mon people, Microsoft does enough shit wrong, we don't need to make crap up.

      --
      I want peace on earth and goodwill toward man.
      We are the United States Government! We don't do that sort of thing.
    7. Re:Windows !!! by Fire_Wraith · · Score: 4, Insightful

      No, you're thinking solely from a security perspective as a coder/engineer, and you're not the type that gets to make the decision of what to purchase. It's because their executives/managers were too cheap, and wanted the "cheap/easy" solution.

      Cost is a huge driver for these things, and is a large part of why Siemens and other SCADA/ICS manufacturers moved from entirely proprietary systems of the past, to using commercial off the shelf hardware for the Human-Machine Interface (HMI) and such.

      And what's the most common OS in business, the one that corporate is most familiar with, and the most likely for them to choose to put into pretty much anything? Why, Microsoft Windows.

    8. Re:Windows !!! by Baloroth · · Score: 4, Insightful

      Stuxnet used multiple zero-day flaws across several different kinds of hardware (not all of which were even PCs). Once you get into that advanced an attack, the underlying OS becomes much less important: all software has flaws in it, and if you know where the flaws are, you can exploit them. And those flaws are there (remember Shellshock, anyone?), except in the most basic purpose-specific programming (and even then, there are often flaws). Using Windows opens you up to more generic attacks, especially if you deliberately lower (or don't use) Window's defenses for ease of use (much as using root for everything in Linux does), but against targeted well-funded attacks you should assume they're more or less equally vulnerable.

      --
      "None can love freedom heartily, but good men; the rest love not freedom, but license." --John Milton
    9. Re:Windows !!! by Lunix+Nutcase · · Score: 1

      Right click->Run as different user. Yeah, real difficult.

    10. Re:Windows !!! by Lunix+Nutcase · · Score: 1

      It's impossible? So when I right click and choose "Run as different user" do I have some magical version of Windows?

    11. Re:Windows !!! by Lunix+Nutcase · · Score: 1

      The one where you Right click the application and it's like the 3rd option in the context menu?

    12. Re:Windows !!! by garyisabusyguy · · Score: 1

      To be perfectly honest I spent most of the 90's installing software in Unix as root because, well, it eliminated any issues with permissions

      It wasn't until the late nineties that I had an employer who demanded that we build out implementation plans for each install that followed their tight security guidelines

      I would bet that more than a few *nix admins just do everything as root to avoid any hassle during install

      --
      Wherever You Go, There You Are
    13. Re:Windows !!! by garyisabusyguy · · Score: 2

      This^ ++isTrue

      --
      Wherever You Go, There You Are
    14. Re:Windows !!! by MobileTatsu-NJG · · Score: 1

      Why they didn't use Linux, BSD, even the Russia or RedFlag version ?

      For the same reason nobody wants to use Linux or OSX. Software.

      --

      "I like to lick butts!" by MobileTatsu-NJG (#32700246) (Score:5, Informative)

    15. Re:Windows !!! by Lunix+Nutcase · · Score: 1

      Sorry it's shift right-click in Windows 7.

    16. Re:Windows !!! by hairyfeet · · Score: 2, Interesting

      Sigh...Linux has more vulnerabilities than Windows by 3 to 1 in 2014, Windows beats iOS, OSX, and Linux in least number of vulnerabilities in 2014, and how to write a Linux virus in 5 easy steps targeting the same weakness that more than 90% of malware target, the user...HAND.

      --
      ACs don't waste your time replying, your posts are never seen by me.
    17. Re:Windows !!! by Gavagai80 · · Score: 1

      In the 90s, when you actually had to switch users to root to do any GUI root actions, I can see that happening. But these days few distros even allow a GUI login as root and sudo is the norm.

      --
      This space intentionally left blank
    18. Re:Windows !!! by Opportunist · · Score: 1

      I'd deem it unlikely that they're too stupid. But nobody pays a few millions for your team to spend 2 years to build a SCADA system which is then not even on par with one that they could simply buy.

      If you look for the reason for this failure, don't look at the engineers. They're not the one making economy decisions.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    19. Re:Windows !!! by Opportunist · · Score: 2

      But ... but ... IT'S CHEAP!

      Hard economy trumps sentimentalist patriotism any time. Or when did you see the last US-Flag-flying, "U - S - A" chanting redneck reach for something "made in the U.S.A" when there's a Chinese knockoff available that's 10 cents cheaper?

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    20. Re:Windows !!! by drinkypoo · · Score: 1

      C'Mon people, Microsoft does enough shit wrong, we don't need to make crap up.

      Ever enabling autorun was something they did wrong. And disabling it should have been a simple checkbox in the drive properties where it would make sense.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    21. Re:Windows !!! by MobileTatsu-NJG · · Score: 1

      Heh. You supported my point but phrased it as a rebuttal. Nice.

      --

      "I like to lick butts!" by MobileTatsu-NJG (#32700246) (Score:5, Informative)

    22. Re:Windows !!! by BadDreamer · · Score: 1

      If we are talking found and reported vulnerabilities, then yes, Linux has more. Although notably, even grouping together all Linux kernel vulnerabilities regardless of version the number of HIGH vulnerabilities is not higher than the number of HIGH vulnerabilities in Windows 8.1.

      But then, it's a lot easier to get fewer vulnerabilities when dropping support for one of the most used OS'es on the planet. Although XP is only on about 14% of all PC's now, it appears. And now support for Windows 8.1 is dropped as well. That seems to be the way Microsoft keeps vulnerabilities in supported systems down; by simply dumping older OS'es.

    23. Re:Windows !!! by Jack+Griffin · · Score: 1

      Why they didn't use Linux, BSD, even the Russia or RedFlag version ?

      Because their UI is shit? I mean it's 2015, and Linux still hasn't made any headway onto the desktop...

    24. Re:Windows !!! by cheater512 · · Score: 1

      Which is not how system services are designed to be invoked at all.

    25. Re:Windows !!! by cheater512 · · Score: 1

      You are clearly clueless about how Linux does it, and yes Windows can not do it.

      On my servers, the DNS server runs under it's own user. It can't touch anything it isn't supposed to. The mail server runs under it's own. The web server runs under it's own. Hell even the server monitoring software runs under it's own user.

      This is by default with nothing further to do - No service can muck with stuff it isn't allowed to, and even if there was autoplay on USB sticks, nothing on that USB stick could touch any of the services.

      How does Windows compare again?

    26. Re:Windows !!! by hairyfeet · · Score: 1

      How many vulnerabilities is there in Ubuntu 6? Debian Sid? Windows XP is FIFTEEN YEARS OLD and was designed to run on a Pentium II 400MHz with 128MB of RAM. If they are too damned cheap to upgrade or replace a PC that is a decade plus old why should that be MSFT's problem? Apple doesn't support the G3s and G4s either but you don't see anybody trying to claim that as any "proof" of anything.

      As for your other point its nothing but moving the goalposts and therefor meaningless, because we both know if the numbers were reversed the FOSSies wouldn't be arguing about what "level" the vulnerability is, which just FYI means exactly jack and shit as we have seen with tricks like the "WTF" virus you can use a low level vulnerability (in that case unprivileged user ID spoofing allowing the attacker to send a message) to then effect a higher level attack (user thinks message is legit, clicks on link provided which takes user to a page filled with zero day attacks) so the idea of "levels" really doesn't mean shit anymore.

      --
      ACs don't waste your time replying, your posts are never seen by me.
    27. Re:Windows !!! by BadDreamer · · Score: 1

      How many vulnerabilities is there in Ubuntu 6?

      39 total vulnerabilities, 7 high severity, 27 medium severity, 5 low severity.

      http://www.gfi.com/blog/most-v...

      Debian Sid?

      Couldn't find that. It's in NVD though, if you're really interested.

      https://nvd.nist.gov/

      Windows XP is FIFTEEN YEARS OLD

      No it's not. It's still under development, and there is almost nothing left of the codebase from the original XP when you have patched up an XP install.

      Otherwise Linux is TWENTYFOUR YEARS OLD, but you know, writing that in all caps as if it means something just seems silly. Because it is.

      And hardly any of the Linux vulnerabilities allow a web client attack, like a whole slew of the Windows ones do. Because Linux does not have a web browser with kernel access. Therefore, the low level vulnerabilities in Linux are not like the low level vulnerabilities you are used to.

    28. Re:Windows !!! by denisbergeron · · Score: 1

      Do you consider the Windows interface with 2 desktops paradigm better than Mate or Cinnamon than have ± the same interface of XP or do you consider the OsX with a dock copied from early Sun/CDE desktop better, design retaked by Gnome or Unity but with a better use of the wide screen ?

      --
      Ceci n'est pas une Signature !
    29. Re:Windows !!! by toddestan · · Score: 1

      As compared to the UI regressions on the Windows and Mac side over the past few years? Granted, some of the popular Linux desktops also have similar problems, but at least in the Linux world you have a choice as to what desktop you want to use.

  3. Bug in their bug by tomhath · · Score: 3, Insightful

    We've noticed that the slide showing the Stuxnet disassembly doesn't support Werner and Leder's comments regarding the worm and Windows 9x

    It appears they misunderstood the code they were looking at. But another quote earlier in the story is more relevant anyway:

    either the worm couldn't find any old Windows boxes, or perhaps the Iranian boffins were used to Windows 95 and 98 falling over anyway

    Really, who would be surprised by a blue screen from a Windows 95 box?

    1. Re:Bug in their bug by Shakrai · · Score: 5, Funny

      Really, who would be surprised by a blue screen from a Windows 95 box?

      The giveaway was probably when the blue screen was replaced with CIA's logo and the text "All your base are belong to us."

      --
      I want peace on earth and goodwill toward man.
      We are the United States Government! We don't do that sort of thing.
    2. Re:Bug in their bug by Zero__Kelvin · · Score: 1

      I remember W95 well, and I can tell you it would raise a lot more suspicions if it didn't bluescreen regularly. Serioulsy, I recall having to recover from BSODs multiple times per day (no exaggeration.)

      --
      Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
    3. Re:Bug in their bug by Smask · · Score: 1

      You could lower the crashiness in Win95 by removing everything, hardware and software, marked with "Creative Labs". My last sound card made by Creative was Soundblaster 16.

    4. Re:Bug in their bug by Cro+Magnon · · Score: 1

      Yeah, I remember. At one point, it got so bad I counted the BSODs. The record was 15, in an 8 hour day.

      --
      Slow down, cowboy! It has been 4 hours since you last posted. You must wait another few hours.
    5. Re:Bug in their bug by r_jensen11 · · Score: 1

      Really, who would be surprised by a blue screen from a Windows 95 box?

      The giveaway was probably when the blue screen was replaced with CIA's logo and the text "All your base are belong to us."

      Ah yes, the precursor to "I'm all about that bass." Damn you - now I can't get that techno out of my head!

  4. Re:Holy redundancy, Batman! by redwraith94 · · Score: 1

    It's also a misnomer; 'code' is being rather generous.

    --
    I art more snarky, and terse than thou. I art Slashdot!
  5. Canary in a coal mine by roc97007 · · Score: 4, Insightful

    That hadn't occurred to me before -- keep a Windows 95 box on the network as a canary, expecting it to crash if there is an intruder on the network.

    Only problem might be too many false positives.

    --
    Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
    1. Re:Canary in a coal mine by Anonymous Coward · · Score: 2, Informative

      Get Windows 3.11 then. It's still on MSDN!
      Don't forget DOS 6.22 to go with it.
      Relive the wonders of AUTOEXEC.BAT and CONFIG.SYS hell.

      Opera 3 works as a browser.

    2. Re:Canary in a coal mine by cnettel · · Score: 1

      My attacker is very regular. He kicks my canary machine down every 49.7 days.

  6. bottle deposit machines by roc97007 · · Score: 1

    This hadn't occurred to me before. I wonder if viruses are the reason those stupid bottle deposit machines are always out of order. I swear to Fudd, I've seen them reboot, usually just as I'm dumping in the last bag of soft drink cans, and they display the Windows 98 splash screen.

    --
    Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
  7. Re:Less buggy than Windows 7 by jones_supa · · Score: 1

    Generally Windows 7 is extremely stable, so let's see if you are not bullshitting. Can you tell how to reproduce those bugs?

  8. Re:Holy redundancy, Batman! by Opportunist · · Score: 1

    It makes sense if you read it as a German. "Code" is a homonym for the German "Kot". And that makes a LOT of sense.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  9. They have this backwards by hyades1 · · Score: 1

    If a Win 95 box failed to produce at least a few BSODs a week, especially when something really important was being done with it...now that would have been suspicious.

    --
    I've calculated my velocity with such exquisite precision that I have no idea where I am.
  10. Funny word for a "cyberattack" by TheCarp · · Score: 1

    Its the term the people who did this would use if it happened to them.... funny calling it a campaign when, by their own definitions, it was an attack. Shit, if they did similar, it might even be trumped up as an act of war.

    --
    "I opened my eyes, and everything went dark again"
  11. Re:Less buggy than Windows 7 by jones_supa · · Score: 1

    And what is this "profilic driver"?

  12. Hmmm by Hognoxious · · Score: 1

    If it's the choice between a blue screen and a brown mushroom...

    --
    Confucius say, "Find worm in apple - bad. Find half a worm - worse."
  13. Re:Holy redundancy, Batman! by redwraith94 · · Score: 1

    Yes, that makes only sense ;)

    --
    I art more snarky, and terse than thou. I art Slashdot!