"Conficker was a door kicker," said Bumgarner.

Quoted for poetry.
posted by chavenet at 11:00 PM on December 1, 2011 [15 favorites]

Ya think?
posted by bardic at 11:08 PM on December 1, 2011 [3 favorites]

Holy fuck. Suddenly even the most inspired hacker movies seem lacking in scope and ambition.
posted by esoterica at 11:09 PM on December 1, 2011 [2 favorites]

Nice! So can I sue someone for the loss of my last Windows laptop? No seriously, this was distressing. And I am careful.
posted by Katjusa Roquette at 11:12 PM on December 1, 2011 [1 favorite]

July 2010:

It's quite arguable that quelling Conficker would require nothing less than blockading the Internet itself. Nothing unidentifiable — nothing that didn't fall neatly under some definition of "legitimate" Internet behavior — could be allowed through. Such drastic action, undertaken by Internet providers at the behest of government, would be a surefire path to eliminating Conficker.

Enter the so-called PCNAA or "Internet kill switch" concept advancing through the legislature of the United States of America. If this power comes into law, it will give the President the exact power needed to clamp down on Internet communications in a "War on Conficker."

...

Simply stated, Conficker exists to facilitate the authoritarian suppression of personal autonomy in the same of security, a perfect cyber-mirroring of the "anti-terror" policymaking of the last decade.

The creators of Conficker will soon be revealed. They are the authoritarian idealogues who will benefit from the convoluted process of Conficker's destruction.

posted by crayz at 11:15 PM on December 1, 2011 [24 favorites]

*Starts stockpiling stamps and notepaper*
posted by infini at 11:21 PM on December 1, 2011 [3 favorites]

What a coincidence that the first worm was written by the son of the CTO of the NSA.

How things change.
posted by el io at 11:23 PM on December 1, 2011

Living in the future is weird sometimes
posted by Rinku at 11:24 PM on December 1, 2011 [7 favorites]

Occupy Hard Drive
posted by vverse23 at 11:28 PM on December 1, 2011 [5 favorites]

Well. I know John. I fought Conficker. Man, I really hope John is wrong.
posted by effugas at 11:31 PM on December 1, 2011 [1 favorite]

Are there any quotes of U.S. officials using Conficker as a boogieman to justify their Cyber-Command boondoggle?

Any mention of Cyberwar makes me giggle about the more common meaning of Cyber.
posted by jeffburdges at 11:34 PM on December 1, 2011 [1 favorite]

Weren't some politicians and the DoD going on a few months ago about how cyber attacks would be considered an act of war? Oh right, if we do it it's not an act of war.
posted by AElfwine Evenstar at 11:35 PM on December 1, 2011 [1 favorite]

If true (and evidence certainly seems to point towards it being so), this sets a precedent the magnitude of which cannot be overstated. This is a turning point in history in the magnitude of significance of dropping the atom bomb.
posted by esoterica at 11:38 PM on December 1, 2011 [4 favorites]

If it can be overstated, I think you just gave it a good shot.
posted by iotic at 11:42 PM on December 1, 2011 [56 favorites]

There doesn't seem to be much to this report. It's just one guy saying, "I think it was the Feds, but I can't show you any evidence because it's too secret."

So what, then? It's pretty much tinfoil hat territory.
posted by Chocolate Pickle at 11:42 PM on December 1, 2011 [4 favorites]

So what, then? It's pretty much tinfoil hat territory.

Yeah. That's what they want you to think...
posted by Jimbob at 11:44 PM on December 1, 2011 [2 favorites]

"Enter the so-called PCNAA or "Internet kill switch" concept advancing through the legislature of the United States of America. If this power comes into law, it will give the President the exact power needed to clamp down on Internet communications in a "War on Conficker.""

Is this something that I'd need to own a Windows PC to care about?

From elsewhere in crayz's link: "But what would Internet look like after it had been "saved" by a network blockade?"

A whole lot of OS X, Sun, Solaris, Linux, and assorted other machines (including the dying remnants of *BSD)?
posted by Pinback at 11:44 PM on December 1, 2011

This all assumes that Stuxnet was US/Israeli and intended to go after Iran:

--
Reuters) - A cyber warfare expert claims he has linked the Stuxnet computer virus that attacked Iran's nuclear program in 2010 to Conficker, a mysterious "worm" that surfaced in late 2008 and infected millions of PCs.
--

That's a popular theory, but there are a lot of reasons to doubt it. For instance, here's Bruce Schneier's essay on Stuxnet that addresses that theory.

Then there's the Ars Technica timeline... which summarizes a lot of the thinking but also is subject to exactly the think Bruce warns about (ie, once you think Stuxnet is X, it's easy to find evidence for X and not see the evidence for Y).
posted by dmz at 11:46 PM on December 1, 2011 [2 favorites]

Has he actually got any evidence for this, or is just a guess made by someone allegedly "well regarded by some in the security community"?
posted by Joe in Australia at 11:48 PM on December 1, 2011

Is this something that I'd need to own a Windows PC to care about?

I don't use Windows, but Windows PCs running nuclear power plant systems are something I care about, particularly when they are so easily compromised. I hope others care, too, whatever they use.
posted by Blazecock Pileon at 11:50 PM on December 1, 2011 [4 favorites]

Yeah. I'm as suspect as anyone of the US gov't cyber motives, which seem to be squarely focused on creating new regulation of the internet (in both the name of copyright and cyber security, because we all know hackers in China and Russia can cause mid air collisions and water pump failures with nothing more than the push of a button), but this seems like pretty thin gruel. Hunches just don't carry water for me. But it would be incredible if this were true.
posted by to sir with millipedes at 11:53 PM on December 1, 2011

That's a popular theory, but there are a lot of reasons to doubt it. For instance, here's Bruce Schneier's essay on Stuxnet that addresses that theory.

I know that no one officially ever copped to it, but I thought at this point the consensus was that Stuxnet was a joint venture of Israel and the United States.
posted by to sir with millipedes at 12:02 AM on December 2, 2011 [3 favorites]

Then there's the Ars Technica timeline... which summarizes a lot of the thinking but also is subject to exactly the think Bruce warns about (ie, once you think Stuxnet is X, it's easy to find evidence for X and not see the evidence for Y).

I would say it's 100% confirmed that Stuxnet was created to attack Iran's centrifuges. Then you're left with a pretty tiny list of countries who would want to, and had the ability to create Stuxnet. While I think some of the "evidence" is weak, it's most likely it was a USA and/or Israel effort.
posted by ymgve at 12:11 AM on December 2, 2011 [3 favorites]

Seems pretty speculative.
posted by delmoi at 12:14 AM on December 2, 2011 [1 favorite]

My snarkily-made point being that (a) the stuff in crayz's link and quote is a load of unsupported conjecture, and (b) there's a lot more to the internet than machines running Windows, which are the only ones susceptible to Conficker.

The link between Conficker & Stuxnet (which does affect things other than Windows - namely, Siemens PLCs) seems to be guesswork based on nothing more than the fact that they share an attack vector.
posted by Pinback at 12:18 AM on December 2, 2011 [2 favorites]

This is bullshit.

> In March 2009, Bumgarner says, the attackers released a new, more powerful version of Conficker that started the next phase of the attack on April 1 by downloading Stuxnet onto the targeted PCs. After it completed that task, Conficker's mission on those machines was complete.

The entire reason Conflicker was interesting from a research perspective is it's complex command and control channel. It used some pretty reasonably advanced crypto, and had an pretty innovative approach to initial command and control. In it's latest version, its gone peer-to-peer.

If it's only purpose was to find machines to infect with Stuxnet, why go through so much trouble to make sure it couldn't be dismantled? Why the "end of the internet" date? Why draw considerable attention to it by implementing MD6, and other reasonably advanced crypto? Why install a spam bot, and scareware? Additionally, Stuxnet and it's likely relative Duqu both used 0-days to infect machines, why didn't Conflicker?

Just about the only thing they have in common is they're both reasonably advanced pieces of malware. Considering the reasonable amount of evidence to tie Conflicker to the Ukraine (didn't infect Ukranian computers, had evidence of Ukranian keyboard layout, has downloaded payload from the Ukraine), and considering the Ukraine's history of advanced worms (Storm), this just seems like complete bullshit.
posted by yeahwhatever at 12:47 AM on December 2, 2011 [18 favorites]

Bumgarner believes the attackers picked that date to send a message to Iran's leaders. It marked the 30th anniversary of the declaration of an Islamic republic by Ayatollah Khomeini after a national referendum.

He also identified two other signals hidden in the Stuxnet code, based on the dates when key modules were compiled, or translated from programming text into a piece of software that could run on a computer.

One coincided with a day when Iranian President Mahmoud Ahmadinejad said his nation would pursue its nuclear program despite international objections, and another with the day that he made a highly controversial appearance at Columbia University in New York.

Marketing departments worry about meaningful dates to "send a message". And conspiracy theorists. And while arguably terrorists, terrorists pick meaningful dates to actually inflict terror. Not meaningful dates to compile code. ("I picked the anniversary of the invasion as THE DAY to buy duct the tape! Making the bomb will take another two weeks, though. We'll show them!")
posted by yeloson at 12:49 AM on December 2, 2011 [5 favorites]

I don't think it was a cooperative venture. We haven't heard any leaks about whoever made it (and obviously neither has the author of the FPP article) so it must have been confined to a very, very, secretive group. Any cooperative venture will necessarily have more opportunities for leaks, even if it's just someone asking who ordered houmous on all the pizzas for the programmers. If I had to guess between Israel and the USA I'd pick the USA - it's a bigger country with more resources, more connections, and a greater chance of accessing these zero-day exploits.
posted by Joe in Australia at 12:50 AM on December 2, 2011 [2 favorites]

Oh yeah, and the water pump wasn't hacked from mother Russia.
posted by yeahwhatever at 12:50 AM on December 2, 2011

Also, post is tagged with 'staxnet', not 'stuxnet'. Not sure if this is the right place to report this, but whatevs. Moderate away, if needed.
posted by yeahwhatever at 12:55 AM on December 2, 2011

Staxnet would be a pretty cool virus -- your entire music library would be deleted and replaced with Booker T & the MGs songs.
posted by BitterOldPunk at 1:07 AM on December 2, 2011 [14 favorites]

fixed it.
posted by taz at 1:37 AM on December 2, 2011

Who were the terrorists again? Over and over again?
posted by CautionToTheWind at 1:51 AM on December 2, 2011

I heard from someone pretty well regarded that all Viagra spam is actually sent by the NSA. It is simply a known plaintext to allow them to do known plaintext attacks against IPSEC. Think about it, would be stupid enough to buy Viagra from a spam email, it is the perfect cover.
posted by Ad hominem at 2:30 AM on December 2, 2011 [2 favorites]

fixed it.

Holy crap, you fixed Conficker?!

(Oh, the tag. Well, that's good, too!)
posted by dirigibleman at 2:35 AM on December 2, 2011 [3 favorites]

Marketing departments worry about meaningful dates to "send a message". And conspiracy theorists. And while arguably terrorists, terrorists pick meaningful dates to actually inflict terror. Not meaningful dates to compile code. ("I picked the anniversary of the invasion as THE DAY to buy duct the tape! Making the bomb will take another two weeks, though. We'll show them!")

This was pretty much exactly my thoughts, too. That's really fluffing a point to try to make a connection. Makes me a lot less insecure about the fact that I only have the thin, store-brand tinfoil in my house with which to make my hat.
posted by MexicanYenta at 5:03 AM on December 2, 2011

CautionToTheWind: Who were the terrorists again? Over and over again?

You know, I completely get where you're coming from. This sort of cyber-attack is probably hypocritical and definitely illegal, and I wouldn't say it's something the US should be proud of.

And yet, it seems to have achieved genuinely useful military goals not merely bloodlessly, but totally non-violently. I can't bring myself to condemn that very harshly. Compared to so many other things we Americans have been party to in the last decade, that looks downright benevolent.
posted by Western Infidels at 6:12 AM on December 2, 2011 [2 favorites]

If it's only purpose was to find machines to infect with Stuxnet, why go through so much trouble to make sure it couldn't be dismantled?

I think you're the only person drawing the conclusion that this was its only purpose.
posted by esoterica at 6:18 AM on December 2, 2011

I can't bring myself to condemn that very harshly.

Couldn't agree more that in the context of war and when taken as an isolated war event, this would be relatively benign, and arguably benevolent.

However, it would also be first known instance in history of a government engaging in cyber warfare, which is an enormous precedent and a slippery enough slope by itself. But add to that the fact that this not only provides a template for how it's done, but sets a baseline for collateral damage in essentially every other unrelated sovereign nation in the world (with the end being the sole justification for the means) and the latent impact is monumental.
posted by esoterica at 6:50 AM on December 2, 2011

I don't know what is more amazing, that Microsoft still can't make a secure version of Windows, or that the majority of people still don't get that Microsoft still can't make a secure version of Windows.
posted by jabah at 7:11 AM on December 2, 2011

This article is terrible. It contains no actual evidence for the claim, just a bunch of dramatic hand-waving about how this Vey Smart Guy has some Secret Data that shows a link. Oh yeah, and the date April 1 is significant because it's the anniversary of the current Iranian republic (as opposed to, you know, April Fool's day). Trying way too hard to make a connection.

The claim that is interesting is that Stuxnet was delivered via Conficker infections. IIRC there's still some mystery on just how Stuxnet spread so well and in such a targeted manner. But that doesn't mean the folks behind Stuxnet also were behind Conficker; they could have just subverted the botnet and piggybacked on it.

If you want more hard information, SRI wrote a great analysis of Conficker in 2009. They don't really come to a conclusion on who was behind it but have some circumstantial evidence pointing to Ukraine, specifically a malware company called Baka Software. Of course that may be just what NSA wants you to think; false flag operations are easy enough to do on the Internet. But if you look at the breakdown of Conficker infections by country it was pretty much a global infection.
posted by Nelson at 7:21 AM on December 2, 2011 [2 favorites]

The article is terrible. […] The claim that is interesting is that Stuxnet was delivered via Conficker infections.

But that claim is the entire hypothesis of the article. Of course evidence is circumstantial. If whomever created Conficker had made fewer mistakes, we might never have known about its existence at all — contrary to what anti-malware companies might have you believe, their software is not infallible. There's no reason to believe that there aren't botnets out there that we simply don't know about. And if nothing else, it's an extremely compelling case that it was a botnet that delivered Stuxnet.

But that doesn't mean the folks behind Stuxnet also were behind Conficker; they could have just subverted the botnet and piggybacked on it.

To me the distinction sounds largely academic. Either way would have required a huge amount of engineering, and clearly anyone who intends on subverting the botnet knows what it's doing, which makes the ramifications of subverting vs. building largely indistinguishable.
posted by esoterica at 8:23 AM on December 2, 2011 [1 favorite]

it would also be first known instance in history of a government engaging in cyber warfare

Uh, hardly. And cyberspying has been around for a couple of decades now. Most experts agree this is inevitable.

with the end being the sole justification for the means

Do you understand what war is at all?
posted by dhartung at 8:42 AM on December 2, 2011 [1 favorite]

A DDOS attack is not cyber warfare. At least not the kind of cyber warfare that the Richard Clarks of the world have been talking about. He has used the thread of kinetic warfare waged in cyberspace to attempt to push through crazy legislation that could rebuild the internet from the ground up. The only verified incident of a cyber attack with meat space consequences, the only one I can think of is Stuxnet.

A DDOS attack like the ones waged on Georgia and Estonia are an inconvenience, and they can have detrimental effects on speech and commerce, but the scope is incredibly limited and incredibly temporary. Once they are stopped, no information is destroyed or even compromised.

In the case of espionage, it should be taken seriously, and it should be protected against, but it's hardly comparable to the alleged acts that have been used to justify some more extreme rhetoric about "cyber warfare."

Do you understand what war is at all?
posted by to sir with millipedes at 9:34 AM on December 2, 2011

April 1, 2009. Never Forget

...that I missed lunch that day because someone turned off Windows updates on 3,000 PCs and we missed the patch.
posted by Nonsteroidal Anti-Inflammatory Drug at 10:16 AM on December 2, 2011 [1 favorite]

their software is not infallible

To the extent that antivirus software gets installed on the same compromised PCs it's supposed to be checking, it is inherently fallable. It's like checking out whether a criminal is guilty by carefully asking them to confess: surprisingly successful, but it's obviously not going to work on the smartest offenders.

There's no reason to believe that there aren't botnets out there that we simply don't know about.

Network scanning software, on the other hand, can be run on uncompromised systems, heterogenous systems, and just plain too-simple-to-infect systems. The fact that nobody has seen network traffic corresponding to a significant unknown botnet isn't proof that no such botnet exists, but it's at least weak evidence.

Maybe that just means I'm not being paranoid enough?

if (connection_attempts_all_failing()) {
IT_discovered_us();
write_for_them_to_find(CONFICKER_BOTNET_FILE_LIST);
delete_all_of(THE_REAL_BOTNET_FILE_LIST);
exit(0);
}

posted by roystgnr at 11:40 AM on December 2, 2011

esoterica: ...it would also be first known instance in history of a government engaging in cyber warfare, which is an enormous precedent and a slippery enough slope by itself.

I guess I look at it this way: There is one nation that has arguably been a pioneer in the fields of industrial warfare, international proxy/cold warfare, space-based espionage and warfare, and which remains the world's sole practitioner of nuclear warfare: the USA.

It's pretty much a given that the US will be an early adopter of any new types of war we humans can invent. It is not realistic to hope that the US will keep its hands clean of [insert new 21st century battlefield here]. Maybe that's deplorable, but I think it's nevertheless true.

At least this type of war doesn't spill any blood.

In a sensible world, the reaction to this attack would be a renewed concern with systems security. If Stuxnet got into "secured" networks through a flash drive, then it could have been stopped with a few no-brainer system policy changes, the sort of thing you should already have done to your home PC anyway. It's possible (although I'm not counting on it) that Stuxnet will go down in history as the first and the last great cyber-battle.
posted by Western Infidels at 12:10 PM on December 2, 2011

esoterica: "This sort of cyber-attack is probably hypocritical and definitely illegal, and I wouldn't say it's something the US should be proud of. And yet, it seems to have achieved genuinely useful military goals not merely bloodlessly, but totally non-violently."

I think Machiavelli put it much more eloquently, even if he didn't actually say the quote attributed to him…

^{(Remember, guys, The Prince may be a HOWTO - but it's a HOWTO on being an utterly duplicitous, untrustworthy bastard, albeit a successful one.)}
posted by Pinback at 3:51 PM on December 2, 2011