Skip

Weapons of the 21st Century?
November 30, 2010 8:07 PM   Subscribe

In June 2010, a bit of malware of unprecedented ability was discovered by a Belarussian security firm. Stuxnet had remained undetected for over a year. Security researchers have gradually learned more about this worm, which has led to much speculation about its origins and purposes. Though questions remain, it is clear that it is extremely advanced, and that it was designed to find a very specific hardware/software system and disrupt the operation of centrifuges, causing some to assert that it was built to sabotage Iran's nuclear facilities. Recently, Iran confirmed that its nuclear facilities had been seriously affected by Stuxnet. Some experts say that a worm of this level of sophistication could only have been designed by a nation-state. Previously.
posted by entropone (83 comments total) 31 users marked this as a favorite

 
When I first heard about Iran's admission about a computer program that had disabled their scientific apparatus, was I the only one would thought... LabView?
posted by fatllama at 8:13 PM on November 30, 2010 [24 favorites]


"a worm of this level of sophistication could only have been designed by a nation-state."

Or aliens. Don't forget aliens.
posted by micketymoc at 8:17 PM on November 30, 2010 [3 favorites]


was I the only one would thought... LabView?

Interesting, I thought... C++?
posted by underflow at 8:19 PM on November 30, 2010


I haven't been in a lab in ages. Could someone explain to me why you might want to hook a centrifuge up to the internet?
posted by inedible at 8:27 PM on November 30, 2010 [9 favorites]


micketymoc, everyone knows Alien/OS is full of holes. All you have to do is plug in a laptop running Win98 and you can destroy whole invasion fleets. Judging from how well they did on Independence Day, I don't think we have anything to fear from their cybersecurity teams.

More seriously, this is an immensely sophisticated virus, and it requires highly specialized knowledge. It's targeted at specific microcontrollers, and it induces a very particular bug in those microcontrollers that will only trigger at speeds used in centrifuges.

I don't think there's any way you can reasonably argue that it wasn't a nation-state. There's simply no other way to develop the depth of knowledge required for the very specific sabotage, much less get access to multiple zero-day exploits simultaneously.

Stuxnet is related to the trojan horses used by criminals in the way that an M1 Abrams is related to knights on horseback.
posted by Malor at 8:28 PM on November 30, 2010 [5 favorites]


Could someone explain to me why you might want to hook a centrifuge up to the internet?

So they can't put the blame on Iran, of course. NOT WITH MILLIONS OF HANDS ON THE BLADE!
posted by griphus at 8:29 PM on November 30, 2010


Symantec estimates that the group developing Stuxnet would have been well-funded, consisting of five to ten people, and would have taken six months to prepare. The Guardian, the BBC and The New York Times all reported that experts studying Stuxnet considered that the complexity of the code indicates that only a nation state would have the capabilities to produce it.

Only a nation state can hire ten people for six months? I mean, that's not exactly the Apollo program here.
posted by enn at 8:29 PM on November 30, 2010 [16 favorites]


I heard it was Zero Cool.
posted by Bonzai at 8:29 PM on November 30, 2010 [1 favorite]


Stuxnet: what a sexy name.
posted by clavdivs at 8:31 PM on November 30, 2010


Could someone explain to me why you might want to hook a centrifuge up to the internet?

Well, almost certainly their centrifuges are connected to an intranet/local network dealie, for storing recorded data, condition monitoring, and pushing software updates. Individual terminals are likely (unwisely) connected to the internet, and sophisticated viruses can gain access this way. Alternately, I don't think we can rule out an infiltrating agent.

I'm not a security or network expert or anything, just a layman.
posted by muddgirl at 8:32 PM on November 30, 2010


Could someone explain to me why you might want to hook a centrifuge up to the internet?

The "more about this worm" link says it spreads via USB sticks.
posted by enn at 8:34 PM on November 30, 2010 [2 favorites]


Could someone explain to me why you might want to hook a centrifuge up to the internet?

It's spread through USB drives, not through the internet.

Only a nation state can hire ten people for six months? I mean, that's not exactly the Apollo program here.

It's not the amount of labor, but rather the sophistication of the code as well as the info and intelligence on the systems it was targeting.
posted by entropone at 8:36 PM on November 30, 2010 [3 favorites]


Call me when they start offering super-capacity Aleph cyber-harddrives at Future Shop.
posted by KokuRyu at 8:37 PM on November 30, 2010


Only a nation state can hire ten people for six months? I mean, that's not exactly the Apollo program here

A nation-state could afford to buy host machines, in order to test code, as well as buy those machines without having to go to the black market or otherwise use the kind of subterfuge that a non-nation-state would have to employ.
posted by Blazecock Pileon at 8:40 PM on November 30, 2010 [1 favorite]


Yes, but having to employ subterfuge is not exactly a terribly high bar to meet when you're talking about people creating anti-nuclear-fuel-refinery worms. I would kind of expect the employment of subterfuge to go with the gig.

I'm not saying it doesn't take a ton of resources to do something like this. I just seriously question whether it would really be beyond the resources of a major multinational firm.
posted by enn at 8:45 PM on November 30, 2010 [1 favorite]


Which is not to suggest, I should add, that such a firm did create it. I don't doubt that a government is a more likely candidate. I just thought these claims from the media were a little hyperbolic.
posted by enn at 8:47 PM on November 30, 2010 [1 favorite]


enn: Only a nation state can hire ten people for six months? I mean, that's not exactly the Apollo program here.

You're seriously underestimating the difficulty of the problem. First, they had to have the idea of attacking the Iranian nuclear program. Then they had to find out exactly how their centrifuges work, how they're controlled. That means they needed to know the exact hardware being used, and the exact software that's driving it.

Then they had to develop a sabotage that was subtle enough not to be noticed. Their specific sabotage put some kind of hook into the development environment, and invisibly added code that was generated for the microcontrollers to randomly induce damaging vibrations. That means they needed an enormous amount of expertise in precisely how centrifuges work, above and beyond the knowledge of the hardware being used to control those centrifuges.

THEN they had get multiple zero day compromises, AND access to a compromised key from a root signing authority.

And then they had to develop and test this entire configuration, and then plant it onto the Iranian network.

I'm sorry, but given what we know about Stuxnet, anyone arguing that it wasn't developed by a nation-state with a sophisticated nuclear program and extremely good intelligence is, in my estimation, a fucking idiot.
posted by Malor at 8:48 PM on November 30, 2010 [58 favorites]


What would be the motive for a multinational corporation to commit this sabotage? There's no profit to be seen and multinationals aren't exactly known for their humanitarian motives.
posted by TungstenChef at 8:49 PM on November 30, 2010


(The most likely candidates, of course, being Israel and the US. Given the assassinations of Iranian nuclear scientists a few days ago, my money's on Israel. It's kinda their style.)
posted by Malor at 8:51 PM on November 30, 2010 [2 favorites]


I wonder why anyone said anything about it, or why then antivirus software got enabled to remove it. I doubt the Iranians would have figured it out on their own.
posted by nervousfritz at 9:09 PM on November 30, 2010


What would be the motive for a multinational corporation to commit this sabotage? There's no profit to be seen and multinationals aren't exactly known for their humanitarian motives.

We're all dancing around the elephant in the room here.

Everyone knows the one corporation with both a deep understanding of mechatronics and half a century's experience and experimentation into sophisticated propaganda and mind-control techniques

A company whose stock would tank if there's a nuclear attack or exchange in the Middle East (or anywhere else), a company whose razor sharp instincts and cut throat business practices would positively compel them to eliminate this threat.

That's right, Disney.
posted by sebastienbailard at 9:15 PM on November 30, 2010 [31 favorites]


I don't have the articles handy but from what I've read over the last few months from a few sources it seemed like Stuxnet's primary attack vector was via USB thumb drives inserted in Windows workstations that would have likely been isolated in the lab and not connected to the internet at all. After infecting those isolated workstations it would then attack the microcontrollers involved with controlling the motors on the centrifuges, which are basically high precision electrical motors designed to output very specific RPMs. This damage occurred at precise overspeed/overload conditions in such a way as to very subtly damage them and render them useless as centrifuges before returning them to a state that tested as "normal" under normal testing conditions, which would have masked the damage and the vector of the attack for a long time.

So we're either looking at sheer idiocy involved in breaking a lab data/hardware quarantine -- or an we're looking at an inside job of sabotage where someone intentionally infected at least one work station and that infection was passed around from workstation to workstation, or someone or several someones intentionally infecting multiple workstations.

All that said, the subtlety and engineering knowledge required for Stuxnet to be effective is alarming. There have been hints there are code phrases or numbers that hint that it was written by Israel, which would have both the computer science and nuclear engineering know-how to write it, as well as the motivation and money. There's also some analysis that the main payload of the virus was written back in the 90s in anticipation of a nation like Iran trying to use this hardware to enrich uranium, which makes the whole thing even more fantastic and weird.

It's most certainly not something that even a few dozen world class black hat hackers could have written in a few months or years, as it's not simply a trojan or a virus. It's not really a computer security issue, especially if it was an inside sabotage. The creators of Stuxnet had to have intimate working knowledge of specific types of hardware, microcontrollers and the centrifuge motors, as well as whatever proprietary communications protocols to control these industrial devices. They would have to have had in-depth experience with enriching uranium with very specific types of hardware.

We're not talking about something as simple as data loss or wiped hard drives. We're also not talking about Star Trek sparks flying from computers or machinery. We're not even talking about something as obvious as fire damage or blown fuses.

What we're talking about is using high end ultra-precise industrial process hardware to damage itself within very specific parameters at very specific times during their normal, nominal use that would remain nearly undetectable, while still causing enough mis-calibration to make useful uranium enrichment impossible with the damaged centrifuge hardware.

As I read it these centrifuge motors are capable of accurately rotating and maintaining a speed within hundredths or thousandths of an RPM, which is the kind of precision that would be required to sort slightly heavier uranium isotopes from ever so slightly less heavy, less reactive uranium isotopes. Which is why it takes thousands and thousands of these centrifuges all processing and reprocessing a stream of uranium to isolate the heavier, more radioactive isotopes from their nearly identical less heavy cousins.

Think about it. These centrifuges have to be so incredibly precise in their rotational speed that they can physically separate one nearly identical atom from another, the only difference being that one atom is the smallest fraction of a fraction heavier than the other because it has an extra neutron or two in the nucleus.

This virus would have to have been written with the help of a whole team of nuclear engineers knowledgeable about very specific nuclear enrichment hardware and processing. It's not a weapon like a shotgun or a cybernuke, it's a very precisely targeted payload that would be the equivalent of giving someone a shave with a laser... from the moon. The technical knowledge contained spans multiple complicated domains, each of which would require expert knowledge at each level.


The only thing I can't really figure out is why we're even hearing about it or why it's been found in the wild. That means either: A) Someone screwed up in a really spectacular fashion. Or B) It was intentionally released or designed to be released to the wild for bragging rights, as a show of force, or as a disinformation or smokescreen campaign.

My armchair analysis is that the infection was an inside job of sabotage accomplished by someone with security clearances to the labs in question -- and that it was released to the wild both as a smokescreen and a show of force.

That's one hell of a joe-job. It goes way beyond anything I've ever read in any cyberpunk fiction novel, or any industrial sabotage known to date.

And that's why so many computer security experts are fascinated with it. There are major portions that don't make any sense, especially considering the subtlety and inside knowledge required to pull it off.
posted by loquacious at 9:17 PM on November 30, 2010 [122 favorites]


I don't see why you would have to precisely control the speed. it seems like the faster you spin it, the faster the isotopes separate. The difficulty would come in getting the uranium into a liquid or gaseous state where it would actually sort and then siphoning off what you want all while the machine is whirring away.
posted by TheJoven at 9:28 PM on November 30, 2010




Might stuxnet have been released into the wild in the hopes that it would somehow get to the intended target? Or perhaps it was released unintentionally by some of the engineers in the targeted labs. People use USB drives a lot.
posted by wayland at 9:29 PM on November 30, 2010


I really want 4chan to have written this.
posted by mecran01 at 9:52 PM on November 30, 2010 [10 favorites]


(on topic)
RES: What is your occupation?
WD: Well, I am a producer of motion-picture cartoons.
RES: Mr. Chairman, the interrogation of Mr. Disney will be done by Mr. Smith.
posted by clavdivs at 9:54 PM on November 30, 2010 [1 favorite]


All of the above required knowledge is indeed required.

And then you have to QA the damn code, so all of this cost and effort isn't wasted because of an undeclared variable or some silly little thing. This here is also an Apollo-level effort.
posted by Cool Papa Bell at 9:56 PM on November 30, 2010 [1 favorite]


Damn you, Mendax!
posted by Jimbob at 9:59 PM on November 30, 2010


I don't see why you would have to precisely control the speed.

Because uranium enrichment probably doesn't work the way you think it does. It's not like trying to separate blood from plasma, you don't just stick gaseous uranium into a single centrifuge and spin it until it separates. In this example a blood cell and blood plasma have drastically different weights and separating them is also a process of viscosity and relative specific gravity, not just weight, and you're working with objects that can be seen with a plain old optical microscope. With uranium isotopes you're talking about two or more orders of magnitude smaller. The difference between U-235 and U-238 is literally 3 neutrons. How much does a neutron weigh?

The way I understand it you have to keep re-centrifuging over and over again down through a line of centrifuges with tiny differences speeds. Each step leaves you with just a tiny bit more usable uranium, which goes into the next centrifuge to eliminate the less active isotopes.

If you just spun it as fast as you wanted to the weight differences are so small that you'd just end up with the same mix as you put into it, it wouldn't filter out anything - which helps explain how and why doing subtle damage to the centrifuges rendered them useless. You have to spin it at a very precise speed to get the merest fraction of low-weight isotopes out of the mix, and keep doing it over and over again until you end up with something much more concentrated and pure.

Lets put it another way. When they were enriching uranium during the Manhattan Project for fuel for the original atomic bombs they couldn't feasibly do it with mechanical means of centrifugal separation like this. No industrial hardware was precise enough, because they didn't have things like CAD/CAM and microcontrollers. There simply wasn't enough computing power and engineering skill to make it happen with modern enrichment techniques.

Among other techniques, at Oak Ridge they used what amounted to a cyclotron to accelerate the uranium atoms to effectively increase their mass, and then exploit the greater differences in mass between isotopes. At a certain "speed" less massive atoms with less neutrons would strike one set of traps, while more massive isoptopes would be collected in another set of traps. They spent a long time, a lot of electricity and a lot of money literally separating U-235 from U-238 on an atom-by-atom basis.

Is there an atomic physicist in the house? I'm now in way over my head.
posted by loquacious at 10:02 PM on November 30, 2010 [26 favorites]


If the virus is damage specifc and designed for nuclear plants would not its induction trip the system or cause a meltdown. If the Virus is "contained", how was it found, if it was found why was it placed if its purpose was stealth.
(rhetorical)
posted by clavdivs at 10:05 PM on November 30, 2010


I just wanted to point out that the hyperbole about sophistication of nation-state coding skills seems overblown. I've known more than a few ex-government programmers. One was even involved in anti-missile programming (not a good programmer, that last one, no surprise to me that those systems don't work well).

To a person, they weren't stellar programmers by any stretch of the imagination. Yes, not a representative sample, but I *seriously doubt* that government programmers, even those employed by three-letter-agencies, are on average any better than a good corporate or freelance programmer.

Any sophistication would be in setting up the test bed, imho. That would be an interesting challenge. Getting the knowledge to do so would take a lot of sophistication, probably nation-state level, or at least defense-contractor knowledge and sophistication. But really, it would mostly be a ton of testing in a great lab.
posted by Invoke at 10:09 PM on November 30, 2010 [2 favorites]


OK, that settles it. We're all living in William Gibson's brain. We should have figured it out when we learned a dead channel on a hi-def set shows a solid sky-blue. Coming next spring from Apple - iDeck.
posted by Slap*Happy at 10:10 PM on November 30, 2010 [4 favorites]


And then you have to QA the damn code, so all of this cost and effort isn't wasted because of an undeclared variable or some silly little thing. This here is also an Apollo-level effort.

Well, it sounds like a lot of work, and expensive, but my quick-and-lazy detour to Wikipedia sez that Apollo came in at $25 billion in 1975 dollars, and employed 400000 people at its peak. I feel like maybe this was not quite an Apollo-level effort.
posted by brennen at 10:13 PM on November 30, 2010 [5 favorites]


Do you have anything to add to the thread besides the ability to be willfully obtuse and pedantic about figures of speech?
posted by Cool Papa Bell at 10:23 PM on November 30, 2010 [4 favorites]


All of the above required knowledge is indeed required.

Apollo was very expensive and employed alot of people indeed. They almost had a MOL
posted by clavdivs at 10:26 PM on November 30, 2010


Symantec has a comprehensive dossier on the worm for those interested.

There are many gory technical details including interesting tidbits such as:
If this value is equal to 19790509 the threat will exit. This is thought to be an infection marker or a “do not infect” marker. If this is set correctly infection will not occur. The value may be a random string and represent nothing, but also appears to match the format of date markers used in the threat. As a date, the value may be May 9, 1979. This date could be an arbitrary date, a birth date, or some other significant date. While on May 9, 1979 a variety of historical events occured, according to Wikipedia “Habib Elghanian was executed by a firing squad in Tehran sending shock waves through the closely knit Iranian Jewish community. He was the first Jew and one of the first civilians to be executed by the new Islamic government. This prompted the mass exodus of the once 100,000 member strong Jewish community of Iran which continues to this day.”

Symantec cautions readers on drawing any attribution conclusions. Attackers would have the natural desire to implicate another party.
posted by RobotVoodooPower at 10:31 PM on November 30, 2010 [11 favorites]


CoolPapaBell
Imo, this is key and very apt. CPB, would you like to expand on the above. pick a point in the below comment and expand as loquacious has.

My armchair analysis is that the infection was an inside job of sabotage accomplished by someone with security clearances to the labs in question -- and that it was released to the wild both as a smokescreen and a show of force.
posted by clavdivs at 10:35 PM on November 30, 2010


below comment rather
posted by clavdivs at 10:35 PM on November 30, 2010


What I find even more amazing is how the DoD, NSA and DHS are using this to push for more power.

Assuming it was the US or Israel, which is a safe assumption. Here's what you do:

1. Develop highly advanced computer worm that targets Iran's nuclear program.
2. Use said worm to spread fear about the threat of a huge cyber attack facing the country. The solution to this threat? Why, more control over the Internet and more funding of course.

Brilliant really.

If it was a local police force running around on a crime spree, then claiming we need more police protection we'd rightly be outraged. But this goes unquestioned.

I'm not saying sabotaging Iranian enrichment doesn't serve our strategic interest, just that cynically using that to justify your power grab is pretty ballsy.
posted by formless at 10:39 PM on November 30, 2010 [3 favorites]


a monster in glass display box.
posted by clavdivs at 10:46 PM on November 30, 2010


and 3 Days of the Condor.
{whistles, kicks a peeble goes away}
posted by clavdivs at 10:50 PM on November 30, 2010 [1 favorite]


Use said worm to spread fear about the threat of a huge cyber attack facing the country.

And propose solutions like the "internet kill switch" which would do jack-all to prevent this kind of attack from happening.
posted by RobotVoodooPower at 10:50 PM on November 30, 2010 [2 favorites]


I'm sorry, but given what we know about Stuxnet, anyone arguing that it wasn't developed by a nation-state with a sophisticated nuclear program and extremely good intelligence is asking a serious question that deserves a serious, nuanced answer, not an offhanded insult.

FTFY, Malor (and removed your unnecessary insult at the same time, no extra charge).
posted by IAmBroom at 11:19 PM on November 30, 2010 [2 favorites]


"Farewell Dossier"
l
posted by hortense at 11:29 PM on November 30, 2010


Do you have anything to add to the thread besides the ability to be willfully obtuse and pedantic about figures of speech?

Do you have anything to add to the thread besides adding to the hyperbolic claims in the article, Cool Papa Bell?
posted by IAmBroom at 11:29 PM on November 30, 2010 [2 favorites]


Running the virus undetected for a long time is a huge benefit. Lots of equipment damaged, little or no progress towards creating HEU for bombs.

But having it get discovered eventually is also a benefit. Word is that the Iranian security people are running rampant through the project, accusing everyone and his brother of being a spy.

It's highly likely there's going to be a huge purge of people at all levels in the project, and that may be even more debilitating than was screwing up the centrifuges.

As to why changing the speeds was useful, one thing it was programmed to do was to run the centrifuge a lot faster than normal, just for a couple of seconds. That often wrecked the bearings and could even lead to the centrifuge tube flying apart, releasing uranium hexafloride all over the place.

And it caused all this ruckus without being obvious about how and why it happened. The Iranians never found this on their own.
posted by Chocolate Pickle at 11:35 PM on November 30, 2010 [2 favorites]


Then they had to find out exactly how their centrifuges work, how they're controlled. That means they needed to know the exact hardware being used, and the exact software that's driving it.

Wanted for questioning.
posted by uncanny hengeman at 11:36 PM on November 30, 2010


Invoke, not all gov't paid programmers are created equal. Actually the very first public internet worm with serious economic effects was created by the son of an NSA employee.
And to those who keep mentioning "a" nation-state: considering the thing very likely required input from microsoft and siemens that's at least two nation states involved already..
posted by 3mendo at 12:41 AM on December 1, 2010


Ah, this must be what was causing those unexplained RPM fluctuations in my Kitchen Aide. Damn, shouldn't have used that thumb drive with it.
posted by mach at 12:48 AM on December 1, 2010 [2 favorites]


So did the virus work? The Foxnews article at the top says that Iran is down to 3700 centrifuges from an original total of 9000, but they only stopped operating for a day. And that may have been because the centrifuge design was wonky to start with.
posted by Kevin Street at 1:20 AM on December 1, 2010


Also, that's my actual birth day!.

Nevermind the elaborate, mystifying, conspiracy-rich, fascinating story. Symantec has used my birthday to illustrate a hypothetical point. MIND. BLOWN.
posted by like_neon at 1:48 AM on December 1, 2010 [2 favorites]


Does anyone besides Fox news claim the worm actually damaged the centrifuges? I'd hope the centrifuges are damaged of course, but that Fox news article reads like cheerleading, and Fox news has a reputation for just making shit up.
posted by jeffburdges at 3:38 AM on December 1, 2010


I haven't been in a lab in ages. Could someone explain to me why you might want to hook a centrifuge up to the internet?

Stuxnet didn't use the Internet, it traveled by USB stick. Just plop the USB stick in and open any of the files on the stick and it should install.

I think ordinary people could have written this worm. The tricky part comes in with the fact that they, obviously, would have needed the hardware themselves in order to test it.

And Why would anyone but a nation state have any interest in creating a slow-burn worm that only affects spindle motors operating at a specific frequency range, or even think to do it?
I'm sorry, but given what we know about Stuxnet, anyone arguing that it wasn't developed by a nation-state with a sophisticated nuclear program and extremely good intelligence is, in my estimation, a fucking idiot.
Again, I don't think it's a question of capability, but rather motivation. Only a nation state would actually bother doing something like this. Although Iranian insiders are also a possibility, but that seems unlikely. This isn't anywhere near Apollo-level as some people are saying.
posted by delmoi at 3:58 AM on December 1, 2010


If the existence of this worm was intentionally made public, my assumption is that there is another attack ready to deploy.
posted by Kirth Gerson at 4:23 AM on December 1, 2010


The "more about this worm" link says it spreads via USB sticks.

Note that in the US, we nominally do not allow anyone to use a USB stick on any government computer. I wonder if engineers and technicians will start to take the restrictions more seriously now that there is a widely-publicized case of a targeted virus spreading this way.
posted by muddgirl at 5:50 AM on December 1, 2010


The name just keeps reminding me of Lodgenet. The crappy hotel entertainment system.

B
posted by Homemade Interossiter at 6:04 AM on December 1, 2010


What would be the motive for a multinational corporation to commit this sabotage?

Nuclear war in the mideast would be bad for business in lots of sectors.

Then they had to find out exactly how their centrifuges work, how they're controlled. That means they needed to know the exact hardware being used, and the exact software that's driving it.

Strictly speaking, they didn't have to do that. If there were only a relative few target centrifuges, the authors of the malware could simply have released versions that targeted each of them. Or the malware could have been written with subroutines that targeted multiple kinds of centrifuges that then deleted the irrelevant portions of themselves once they found out what kind of centrifuge they'd been connected to.
posted by ROU_Xenophobe at 6:18 AM on December 1, 2010


OK, that settles it. We're all living in William Gibson's brain.

If X had kept that chip he found in Sandii's passport in Zurich, all of this would go away.

Also, like Fox says: "Po-tay-to, po-tah-to, you know. Government, corporation, it's the same thing."
posted by valkane at 6:21 AM on December 1, 2010


It is amazing how one day, the government is so powerful as to be the only people capable of writing this virus, and the next we don't trust them with anything.

It's a virus. Capable of being written by practically anyone with sufficient interest.
posted by gjc at 6:47 AM on December 1, 2010


It's a virus. Capable of being written by practically anyone with sufficient interest.

Some of the available info about Stuxnet points out that it doesn't just require sufficient interest, but also sufficient resources to acquire specific intel.

I certainly don't know one way for the other - I'm a layperson. If you take the experts who say this at their word, it leads to some very interesting speculation.
posted by entropone at 6:58 AM on December 1, 2010


muddgirl wrote: "Note that in the US, we nominally do not allow anyone to use a USB stick on any government computer."

It seems like running a secure operating system that doesn't automatically execute programs residing on said USB stick would be sufficient. That, of course, presumes the USB bus enumeration code isn't exploitable. (see: PSJailbreak)
posted by wierdo at 7:07 AM on December 1, 2010


The worm was going to be discovered and removed eventually. So it can fuck with the data, and that can slow Iran's nuclear program down, but not stop it. Someone's going to reverse the damage eventually (probably at great expense).

So this worm is just buying time for something. I wonder what?
posted by LogicalDash at 7:56 AM on December 1, 2010


What Iran really needs is someone that can understand the binary language of moisture vaporators atomic centrifuges.
posted by norm at 8:25 AM on December 1, 2010 [2 favorites]


"So this worm is just buying time for something. I wonder what?"

I think staving off nuclear war is its own reward, for most more stable governments. However, to answer more directly: more time for peace talks, more time for your military to prepare if they fail, more time for the regime to run itself out and change perspectives... there are too many advantages to staving off more nuclear instability to list them all.
posted by gilrain at 8:32 AM on December 1, 2010


I've joked about "living in the future" quite a lot in the last few years, but reading the specifics of this attack, this might be the first time I've really felt like we're moving into the kinds of times that Stephenson and Gibson were writing about.

Crazy,
posted by quin at 9:19 AM on December 1, 2010


I've joked about "living in the future" quite a lot in the last few years

Oh man that's one of my favorite in-jokes with my friends. Usually when I'm super drunk.
posted by thsmchnekllsfascists at 9:44 AM on December 1, 2010


Does anyone know someone working on cyberwarfare for the US government? Or any government, for that matter?

Clearly the US must be developing cyberwarfare capability. It'd be insane not too. I'm 37, and in my life have met a lot of people who'd be good at building weapons that target computer networks. Grey hat hackers, computer science geniuses, good programmers. But I don't think I know anyone working on cyberwarfare. Certainly I don't know anyone who admits it. But I also can't think of any good hackers who've gone quiet, who are working for some benign government agency and don't talk much about their work. Maybe I just don't have the right connections or I'm blind. OK, fine. So where are our cyberwarriors coming from?

Stuxnet is fascinating, I've been following the story very closely. It's quite a sophisticated piece of technology. The infection vector used two (or three) previously unknown exploits. The payload is a precisely tuned bit of sabotage that targets some specific, obscure industrial hardware. I know people with the skills to write such attacks, but it takes a lot of time. And I don't know anyone with access to the targeted Siemens machinery.

Between Stuxnet and this week's assassinations in Iran, it's obvious some state has decided to delay Iran's nuclear program by any means necessary. Israel is the obvious actor, they're quite willing to assassinate foreigners and they have the computer science capability to develop Stuxnet. But no doubt they're acting with US approval, if not direct assistance.

I guess what fascinates me about all this is that it's so visible. And in a technology domain I understand.
posted by Nelson at 9:59 AM on December 1, 2010


I think staving off nuclear war is its own reward, for most more stable governments.

Why would you think Iran having nuclear weapons would lead to nuclear war? The US has literally tons of nuclear weapons.

I've joked about "living in the future" quite a lot in the last few years, but reading the specifics of this attack, this might be the first time I've really felt like we're moving into the kinds of times that Stephenson and Gibson were writing about.

I felt the same way last week, when I saw a fat man in robot clothes running with a wiener dog while a spandex-clad rollerblader whizzed by.
posted by mrgrimm at 10:36 AM on December 1, 2010


"Why would you think Iran having nuclear weapons would lead to nuclear war? The US has literally tons of nuclear weapons."

And it led to nuclear war once already, yes. Or have we forgotten Nagasaki and Hiroshima?

I firmly believe that a weapon, once created, will eventually be used. It may take a while, but just wait for the right, desperate moment.
posted by gilrain at 11:02 AM on December 1, 2010 [1 favorite]


Nuclear war in the mideast would be bad for business in lots of sectors.

Sure, and agreed. But it would be a major change in attitude for a major corporation to start treating a public good -- like a nuclear-war-free world to do business in -- as something they need to do something about. It reeks of altruism.

It'd be kind of cool if that was actually the attitude at work, but I'm skeptical. If you told the boards of directors of most companies that they had to either spend millions of dollars today or there'd be a nuclear war in six months, my gut feeling is that they'd just shrug and tell everyone not to hang onto their training budget until the last minute next year.

There's nothing about Stuxnet that strikes me as being beyond the capability of any of a dozen US defense contractors (I agree that the test setup would be the expensive / hard part) except that none of them generally do stuff like that without being well paid for their trouble.

I'd like it if that were the case, though.
posted by Kadin2048 at 11:25 AM on December 1, 2010


weirdo: It seems like running a secure operating system that doesn't automatically execute programs residing on said USB stick would be sufficient.

Are you talking about AutoRun? Windows has never had AutoRun enabled for flash drives by default. You have to click on an option in a dialog in order to execute the AutoRun action after you instert the flash drive. According to the F-Secure article, it used a vulnerability in Explorer to spread via USB.
posted by zixyer at 11:31 AM on December 1, 2010


I wonder how different the designs of the North Korean centrifuges might be.
posted by rongorongo at 12:23 PM on December 1, 2010


Does anyone know someone working on cyberwarfare for the US government? Or any government, for that matter?

Personally, no. I have seen some spy-movie-like PowerPoint briefs about specific foreign nationals with bios, capabilities, locations, etc. along with some of the things we are doing in that area.

Sometimes I'm shocked at the kind of thing just anyone with a siprnet logon and a bad case of boredom/curiosity can read. I mean, JCS daily briefs? You'd think that kind of thing would be a little more controlled. At least, I would.
posted by ctmf at 1:22 PM on December 1, 2010


loquacious: The only thing I can't really figure out is why we're even hearing about it or why it's been found in the wild.

Well, it's designed to spread virulently and be almost completely invisible, right? So just one person, one time, taking a USB stick home from work (even without any classified data at all) would infect the family computer, and then as soon as someone plugged another stick in, the payload is in the wild.

From what I recall, they figured it had been released at least a year before the antivirus companies noticed it, maybe two. That's consistent with a targeted release and a slow spread from an initial infection point in public computers, especially considering that it was almost always found in Iran. It was being transmitted by sneakernet, so it only spread through social networks, rather than physical ones.

Fortunately, the virus is so targeted that it would do close to zero damage on any machine that wasn't running the development software for the Siemens microcontrollers, and even if a machine WAS, the actual payload only triggered at RPM rates much higher than you see in normal industry. So even if Iranian industry, and thus Siemens chips all over Iran, were massively infected, the bug simply wouldn't trigger in 99.9% of installations.

Eventually, it probably spread to a machine run by someone extremely technical, where it was noticed and reported to antivirus companies.
posted by Malor at 1:53 PM on December 1, 2010


Again, I don't think it's a question of capability, but rather motivation. Only a nation state would actually bother doing something like this.

delmoi, why are you dismissing the possibility that rogue groups would do this? A software programmer with experience in the nuclear field realizes that Stuxnet can be made, and suggests it to his higher-ups. They refuse. He & some buddies build it, and test it on the target equipment (cleaning up afterwards, of course).

(I've just loosely described the plot to about a thousand spy novels, BTW.)

The only stumbling block is how they get it into Iran. But everything can be done by a few people with the right access; such people exist.
posted by IAmBroom at 2:19 PM on December 1, 2010


^ Yes, a Belarusan security company called VirusBlokAda. They're a pretty sketchy outfit, but they struck PR gold with this discovery.

From what I've been reading (just speculation), Stuxnet has been changing over time. Infected machines had two methods of updating themselves: control servers in Holland and Malaysia, and peer to peer exchange. Apparently it was released into the internet first, and didn't acquire the ability to spread through USB sticks until March. So it's not just a virus; there was somebody behind the virus constantly modifying it to be as effective as possible.
posted by Kevin Street at 2:29 PM on December 1, 2010 [1 favorite]


Sorry, that was a reply to Malor.
posted by Kevin Street at 2:29 PM on December 1, 2010


But having it get discovered eventually is also a benefit. Word is that the Iranian security people are running rampant through the project, accusing everyone and his brother of being a spy.

Very true. If you were a devious government agency, as well as planting the worm you'd do your best to make sure that Iran's intelligence agency stumbled across some things which appeared to point to some of their key people: what better outcome could there be than seeing the Iranians torturing their own best scientists.
posted by reynir at 2:55 PM on December 1, 2010


Does anyone know someone working on cyberwarfare for the US government?
Sure. The cool kids refer to this as just "cyber" and the US spends a prodigous amount on both offensive and defensive cyber. No one who actually knows anything can or will tell you anything in detail, but if you google something like cyber contract award, it is pretty easy to find the major players in the US market. The fact that we spend on it and general details are not classified.
posted by Lame_username at 4:19 PM on December 1, 2010


Try this article: http://www.informationweek.com/news/government/security/showArticle.jhtml?articleID=228500061
posted by Lame_username at 4:21 PM on December 1, 2010


Last week I asked Does anyone know someone working on cyberwarfare for the US government?. The answer id "duh, United States Cyber Command. It's NSA run and coordinates groups from all the military branches and also, presumably, NSA itself.
posted by Nelson at 8:29 AM on December 7, 2010 [1 favorite]


Just fyi, "cyber" has another even more prodigous meaning, not sure how often congress get's them confused.
posted by jeffburdges at 6:11 AM on December 13, 2010


« Older Research, exchange, and online portal   |   The beautiful, broken song of Leonard Cohen Newer »


This thread has been archived and is closed to new comments



Post