Posted on 10/03/2010 8:09:37 AM PDT by GVnana
The computer worm Stuxnet broke out of the tech underworld and into the mass media this week. Its an amazing story: Stuxnet has infected roughly 45,000 computers. Sixty percent of these machines happen to be in Iran. Which is odd. What is odder still is that Stuxnet is designed specifically to attack a computer system using software from Siemens which controls industrial facilities such as factories, oil refineries, and oh, by the way, nuclear power plants. As you might imagine, Stuxnet raises big, interesting geo-strategic questions. Did a state design it as an attack on the Iranian nuclear program? Was it a private group of vigilantes? Some combination of the two? Or something else altogether?
But its worth pausing to contemplate Stuxnet on its own terms, and understand why the tech nerds were so doomsday-ish about it in the first place. We should start at the beginning.
A computer worm is distinct from a virus. A virus is a piece of code which attaches itself to other programs. A worm is a program by itself, which exists on its own within a computer. A good (meaning really bad) worm must do several things quite subtly: It must find its way onto the first machine by stealth. While a resident, it must remain concealed. Then it must have another stealthy method of propagating to other computers. And finally, it must have a purpose. Stuxnet achieved all of these goals with astounding elegance.
(Excerpt) Read more at weeklystandard.com ...
It was that Lee harvey Oswald, he’s one smart bastard.
Oh come on... it’s pretty obvious and I might say rather ingenious.
Betcha it propagated via a ghosted update link for Siemens PLC equipment. IOW, hacked their update site (redirected update inquiries) and downloaded the worm along with legitimate updates taken from the real update URL. Would take a while to happen, but would get many many places if fake update emails were sent to Siemens PLC users.....check the prior emails.....
I agree. I sit around and listen and read people asking, “What is Isreal waiting for?”
They are not waiting.
And they got under all that rock above the labs.
This is both amusing and extremely interesting.
All hail to them (unless they point it at us!).
Does its discovery and the resulting patches mean it is no longer a threat?
Was it discovered before it could do any harm other than the cost to remove it or install the patches to make it inactive?
That Dale Peterson guy is everywhere now.
Well, that pretty much rules out all governments as creator of Stuxnet. Start looking at gauche, bespectacled misfits in parental basements.
It was written and executed by a nation. No other virus has ever had 4 zero day exploits and a rootkit of this sophistication. No other virus I have seen has a kill date built in either......2012 IIRC...
>>> This is both amusing and extremely interesting
Interesting definitely, amusing no.
First, consider a parallel with AIDS. It didn’t stay in Africa. Natural or digital, virus’ spread, and this is already spreading beyond Iran.
Secondly, there are countries with proficient hackers who can use this as a model and send new variants to our own systems. Iran can easily pay for this to be done, and it would cost a fraction of their nuke program.
The US is the world’s most computerized economy. We have the most to lose. This will get nasty.
If you wanted to destroy a system such as Iran’s nuke facility, wouldn’t it be designed to spread and activate quickly before it could be discovered and countered? Any information when it was supposed to activate? Was it based on just finding the “right” system or was a date also required?
It's sweet to believe they used their marvelous minds. As old Solly from the deli next door would have said, "Bunker busters? Watch, we'll get in there with a noodle!"
This was way back in the mid-1970s.
Seems he could call up modems at CIA's Langley headquarters and make them deliver the goods (so to speak).
I can only imagine that 35 years of R&D has improved everyone's skill levels!
My company made using USB thumb drives a firing offense months ago. I wonder how much security discipline the Iranians have? Middle eastern (and other IIIrd World) countries are not famous for their discipline. Remember CIA director John Deutch mishandling classified information. That’s SOP in the third world. The bosses don’t believe the rules apply to them.
Wish I could say that we had a hand in it...but actually, I would expect that Israel was the culprit...thank goodness.
I just hope that this prevents the all out war that seems to be brewing between Israel and several of the other states surrounding it.
Of course, this only delays the inevitable so Israel still may have to kick their butts again...
The Cuckoo’s Egg by Clifford Stoll was an excellent account of early hacking.
That would be hilarious, if suddenly a crater were to appear in some Iranian desert and an Israeli pilot just happened to have video of it, sort of like the flotilla flick. One more Jewish media coup for Rick Sanchez to lament, LOL.
Simply changing "timing" on minor programs ought to be enough to corrupt everything.
They'd have a doggone difficult time finding such a thing. Best of all ~ if you already had your virus sub system on their backups they'd never get rid of it.
A thimble full of powdered molybdenum would be sufficient for a recurring disruption of everything. It would work by impacting ordinary electrical connections in devices, or even wall outlets. Totally undetectable.
You could import it into a facility on the bottoms of your shoes ~ a little bit every day and next thing you know the whole place is messed up.
Assuming that conventional wisdom is correct, the wide spread of Stuxnet probably also reveals which bastards are assisting or interacting with the the Iranians. I would expected that those traces have already been cached in detail and it's all been echoed back to a recoverable data drop location.
With today's electronic listening capabilities I wouldn't be surprised also if some of this mysterious code isn't set to create a unique noise pattern or other identifiable signal using the internal components of the mainframes and work stations. I've read that it's even possible to cause a monitor "sing" at a specific frequency.
I wouldn't want to be a night janitor at one of these nefarious facilities.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.