Slashdot Mirror

← Back to Stories (view on slashdot.org)

Stuxnet/Cyberwar Documentary Reviewer: 'The U.S. Has Pwned Iran' (networkworld.com)

Posted by EditorDavid on from the war-games dept.

Slashdot reader alphadogg quotes an article from Network World: The new documentary about Stuxnet, "Zero Days", says the U.S. had a far larger cyber operation against Iran called Nitro Zeus that has compromised the country's infrastructure and could be used as a weapon in any future war. Quoting unnamed sources from inside the NSA and CIA, the movie says the Nitro Zeus program has infiltrated the systems controlling communications, power grids, transportation and financial systems, and is still ready to "disrupt, degrade and destroy" that infrastructure if a war should break out with Iran...

For the more technically inclined, the film contains some riveting interviews with researchers at Symantec who devoted their lives to unraveling the code line by line to figure out what it did, how it did it, who created it and what the target was. It was also a bit chilling in that after they figured out that governments were behind the worm they worried that the researchers themselves might be targeted to keep them silent. One Friday night, says Symantec researcher Eric Chien, he said to his research partner Liam O Murchu, "I'm not suicidal. If I should show up dead on Monday, it wasn't me."
In the film former NSA and CIA director Gen. Michael Hayden says "This stuff is hideously over classified."

21 of 138 comments (clear)

  1. Well, now we know... by Anonymous Coward · · Score: 4, Interesting

    ... why all those officals keep on derping about "cyber threats". They've scared themselves silly.

    So, knowing we too could be "pwned" at any time, why do we insist on running vulnerable systems everywhere? Why do we keep buying software from vendors who for the longest time explicitly didn't care about security anything, and now sit on a completely unfixably insecure software stack?

    1. Re:Well, now we know... by jellomizer · · Score: 3, Insightful

      You are aware that Linux had had some recent (within the few years) vulnerabilities that had been around for decades, that were recently found and patched. If the biggest open source OS can have decade old bugs what hope is there to be fully secure?

      --
      If something is so important that you feel the need to post it on the internet... It probably isn't that important.
    2. Re:Well, now we know... by AmiMoJo · · Score: 2

      Defence in depth is the only solution. If one vulnerability in your OS is enough to take over the whole system, or even the whole network, you don't have enough depth.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    3. Re:Well, now we know... by vtcodger · · Score: 2

      "what hope is there to be fully secure?"

      None whatsoever.

      However, unplugging your internet connection would provide a lot of relative security compared to your neighbors. You surely know that. ... and yet you're here using an internet message board that you know damn well is designed and implemented by folks whose mental state and technical competence seems at the very least a bit iffy. ... As am I

      --
      You can't see ANYTHING from a car, You've got to get out of the goddamned contraption and walk...Edward Abbey
    4. Re:Well, now we know... by AmiMoJo · · Score: 5, Interesting

      It's nothing to do with obscurity. It just means that a single vulnerability isn't very useful.

      Remember when Windows XP was so insanely insecure that it would be 0wned within seconds of being connected to the internet? That's because there was no depth. The user ran as admin all the time, so a single flaw in any application or service gave the attacker full control of the machine.

      First line of defence was to enable the firewall. Second line, run as a normal user account so that compromise only gets you user credentials. Third line, sandbox the browser. Forth line, enable ALSR. Fifth line, built in Windows Defender to block known malicious activity. Sixth line, protect critical OS files so that even administrators can't modify them. Seventh line, enable secure boot to check the integrity of boot files, drivers and the kernel.

      By the time you get to Windows 8.1 a single exploit isn't very useful. Say you can execute arbitrary code in a Chrome process. Congratulations, you now have access to one tab and the data in it. Your process is heavily sandboxed. You need multiple exploits to do anything useful, so you can escape the sandbox, bypass user account protection, bypass OS level protections, bypass Windows Defender... That's why most malware these days takes the form of a trojan, tricking the user into executing them willingly.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  2. Re:Just watched this by Anonymous Coward · · Score: 2, Informative

    Note that much of the most "incriminating" stuff in the film comes from an actress playing a "composite character" but they don't tell you that until the end, which is a bit of an ethical lapse, in my book.

  3. The fear by dbIII · · Score: 5, Insightful

    The fear of being knocked off by spooks looks more than a little bit ridiculous unless you understand that Mossad was in the mix. The "supergun" guy was assassinated by them but it's still a bit of a stretch that they would go after antivirus people that are only threatening exposure instead of being a threat themselves.

    1. Re:The fear by jabuzz · · Score: 2

      Really, Dr. Kelly clearly took his own life after he majorly bigged up his roll in the production of the dossier and this was just about to come out. Basically he threw his career down the toilet and was unable to live up to it. The idea that the UK state had him bumped off is plainly ridiculous. There was no need he was about to be utterly humiliated all of his own doing. People commit suicide for FAR FAR less.

  4. their lives? by Gravis+Zero · · Score: 5, Insightful

    researchers at Symantec who devoted their lives to unraveling the code line by line

    You know, when you "devote your life" to something it's usually for longer than a season of Game of Thrones. Mayhaps the claim is a bit hyperbolic?

    just sayin'.

    --
    Anons need not reply. Questions end with a question mark.
  5. Re:A route to world peace? by Opportunist · · Score: 3, Insightful

    It's not a lack of imagination, it's a lack of terror. Where's the scare when they do a computer attack? People are used to computers acting weirdly, they simply wouldn't care. It's also too easy to claim that it ain't terrorism, it's just "that weird computer stuff".

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  6. Movie link? by Anonymous Coward · · Score: 2, Informative

    TFA does not list one either. Is it bad form to link to IMBD? Here it is http://www.imdb.com/title/tt5446858/

  7. Re:Just watched this by arglebargle_xiv · · Score: 5, Informative

    Not only that, but they also seem to have ripped a lot of it off "Countdown to Zero Day", an even bigger ethical lapse.

  8. Why do we keep buying *COMPUTERS* from... by Anonymous Coward · · Score: 3, Informative

    vulnerable MANUFACTURERS and DESIGNERS?

    Seriously, anyone who is not extremely concerned by Intel/AMD/ARM ring 0 management processors should really read up on what they are capable of, how little they have been independently audited, and the full ramifications if a nation-state actor had that level of access to your computer system. This isn't just a rootkit you *MIGHT* get online, this is the rootkit you buy and pay for with no way to remove, short of replacing it with an older system that hopefully is simple enough to not contain similiar capabilities, and bug free enough to not allow other easier and perhaps just as well documented compromises of your system.

    We are at a point in the Information age where it will either liberate, or enslave us. And unlike the pendulum swinging, this is more like a dam in drought season flowing away your rights, never to be returned.

  9. Sadly by lapm · · Score: 2

    Problem is, industrial systems are weakly protected. And stuxnet proved how easy it is to attack them, now everyone knows it. It even proved that targeted attack like this can spread all over the world very very easily... I think its only matter of time before we see terrorist use this sort of stuff instead of suicide bombs. Why kill docent people when you can poison thousands by messing water purification systems.... Whats even more worrying is people dont realise those industry systems need protection...

  10. Europe is broke, apparently? by profke · · Score: 2

    I've been trying for 30 minutes now to watch this legally. http://theoatmeal.com/comics/g... Europe does not have any money, or whatever... according to: - Amazon - google play - youtube - 30+ minutes in... I quit. I will start my bittorrent client now... Thank you, international movie-business, for saving me money!

  11. Re:Symantec help hackers say Feds by Anonymous Coward · · Score: 2, Interesting

    well, it's true.
    because the products are so much shitty. if they were installed on iranian systems they would be an attack route.

    however, this seems like a lot of bullshit just to hype up a few security researchers. the software itself, stuxnet in this case, is trivial. what is not trivial is bridging the airgap and getting some sod to install it on actual machines.

    HOWEVER.. there would be this practical reason to keep the stuxnet government affair secret: FINANCIAL LIABILITY, since stuxnet made it into the wild and if it was known who exactly wrote it, there would be financial and criminal liabilities. never mind the little matter of usa declaring exactly this kind of stuff as an act of war and then committing it without aproval from congress. .

    so is such an attack an act of war or not? is it illegal or not? only makes it further complicated if iran makes it to the same trade tables with international liabilities as usa.

  12. Re:A route to world peace? by swb · · Score: 2

    Who says it would have to be a computer attack?

    I'm only guessing, but I think a planned and coordinated physical sabotage of power systems could cause chaos on a regional level if the right substations and pylons were knocked out. Knock out some primary feeds, get some secondary ones to overload and go offline and you've got a regional blackout that could days or longer to repair, as not all of the transformers and switchgear could necessarily be just swapped out (depending on the nature of the sabotage).

    Most of that stuff is guarded at best by chain link fences, high voltage power lines aren't guarded at all.

    It's always struck me as odd that we haven't seen that kind of sabotage here. Either the systems are too hard to decipher (thus increasing the risk that the attack would be ineffective at scale) or the actors involved aren't sophisticated enough to run an op like that in a foreign country.

  13. Re: This is not propaganda. by Type44Q · · Score: 3, Insightful

    For Americans so we feel like we have our hand at the button

    American, huh. We say "hand on the button..."

  14. Lawsuit by jasper160 · · Score: 2

    I wonder how much of a chance the government of Iran would have in suing the US gov in a US or in the international courts?

    --
    No good deed goes unpunished.
  15. Re:This is not propaganda. by cayenne8 · · Score: 3, Insightful

    After all, the US government also benefits if Iran just _thinks_ they're pwned. If they rip out perfectly fine infrastructure that could not be infected, and replace it with new stuff, that creates a chance for the CIA to smuggle in new malware. It also costs them money and distracts them from other efforts.

    Well, it appears that once Stux got out in the open and it was discovered and analyzed and tested on the same controllers that Iran used...it seems to have been proven successful.

    The problem, it seems...is that Israel fucked up and on their own, made it much more aggressive and Stuxnet (aka Olympic Games, or OG) then jumped out an infected on a global scale, calling attention to itself, whereas it has earlier been successful, but still covert and confined it appears to only the Iranian targets.

    I think this act by Israel explains a LOT about why obama has been so cold towards them....

    And..I'm guessing the Iranian retaliation on the US infrastructure led to the crappy deal the US took with regard to the nuclear deal with Iran. I'm thinking Iran scared the US enough to take this horrible deal which will essentially let Iran become a weaponized nuclear power in about 8+ years....

    --
    Light travels faster than sound. This is why some people appear bright until you hear them speak.........
  16. Re:This is not propaganda. by HornWumpus · · Score: 2

    http://www.telegraph.co.uk/new...

    --
    John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'