Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
The Military Worms

New York Times Reports US and Israel Behind Stuxnet 406

Posted by timothy
from the alleged-shooter dept.
Oxford_Comma_Lover writes "Confirming heavy speculation in the Slashdot community, the New York Times reports that joint US-Israeli efforts were almost certainly behind the recent Stuxnet attack on Iran's nuclear program." The article stops just short of saying in so many words that Israeli is the doer, but leaves little doubt of its conclusion.
This discussion has been archived. No new comments can be posted.

New York Times Reports US and Israel Behind Stuxnet

Comments Filter:
  • Still Speculative. (Score:4, Insightful)

    by Quick Reply (688867) on Saturday January 15, 2011 @10:23PM (#34894246) Journal

    They probably "almost certainly" did, but the NYT article is still just speculation. The haven't confirmed anything.

    • Indeed- all they have confirmed is that people think the US and Israel did it...

      The only new bit in the article (to me) was that they think Israel successfully managed to set up a bunch of P1 style centrifuges and test the worm...

      • by timeOday (582209) on Saturday January 15, 2011 @11:29PM (#34894612)
        Did you actually finish the article?

        And the American expert in nuclear intelligence, who spoke on the condition of anonymity, said the Israelis used machines of the P-1 style to test the effectiveness of Stuxnet.

        The expert added that Israel worked in collaboration with the United States in targeting Iran, but that Washington was eager for "plausible deniability."

        How much more direct could a confirmation be? The only question is the veracity of the anonymous source.

        • Re: (Score:2, Insightful)

          How much more direct could a confirmation be? The only question is the veracity of the anonymous source.

          They haven't gotten anyone who knows to confirm it... only people who are also speculating.

          Note that "an American expert in nuclear intelligence" would specifically not be someone who works in the gov't- If they could claim an anonymous official source they would.

          • by FooAtWFU (699187) on Sunday January 16, 2011 @12:52AM (#34894920) Homepage
            I think the whole case is one of "We can't prove it, but honestly, it doesn't take a genius to figure it out." Means, motive, and opportunity: what more are you looking for?
            • "We can't prove it, but honestly, it doesn't take a genius to figure it out."

              Yes, but thats been known since the start.

              what more are you looking for?

              With a headline like this, cold hard evidence would be nice.

          • by grcumb (781340) on Sunday January 16, 2011 @01:43AM (#34895120) Homepage Journal

            Note that "an American expert in nuclear intelligence" would specifically not be someone who works in the gov't- If they could claim an anonymous official source they would.

            That doesn't follow. The way in which an anonymous source is characterised is negotiated by the journalist and the source. The journalist typically wants to make the identity (or more to the point, the validity) of the source as clear as possible. The source wants to hide any detail that can identify them. In this case, because we're talking about a level of secrecy that, if breached, would almost certainly get someone killed, the source clearly didn't want any information released except that they knew what they were talking about.

            This part of the intelligence world is very, very small, and the number of people who act as intermediaries between, for example, the IAEA and intelligence circles is even smaller.

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      Exactly this.

      The new york times editors "almost certainly" rape little children on weekends.

      I guess this only goes to show, as long as it is a slow news day, they have no issues with me reporting that "fact" online for all to see.

      • by rtb61 (674572) on Sunday January 16, 2011 @12:56AM (#34894934) Homepage

        Want real speculation, how about this. Will M$ bring all of it's legal, investigative and it's ability to provide cash incentives to seek fiscal redress for the way in which access the source code was used to publicly destroy the image of it's operating system security.

        Many countries have recently announced their intent to drop the Windows Operating system due to the security weakness and exploitability as demonstrated by the Stuxnet virus, this will likely end up costing M$ billions of dollars in lost income. If M$ can prove access to it's source code was exploited by government to break the security of the program, regardless of the damage done to the public's perception of the security of the program, than M$ is fully entitled to damages done by the purposeful and malevolent attack upon one of it's core revenue streams.

        • If M$ can prove access to it's source code was exploited by government to break the security of the program, regardless of the damage done to the public's perception of the security of the program, than M$ is fully entitled to damages done by the purposeful and malevolent attack upon one of it's core revenue streams.

          I doubt they will be able to, even if it's true. Such activity would almost certainly be regarded as a State Secret and shielded as such.

        • by ultranova (717540)

          If M$ can prove access to it's source code was exploited by government to break the security of the program,

          How could the government possibly do that? Did it have submit privileges to Microsoft's code control system?

          Or did you perhaps mean "expose existing security problems" by "break the security"? Because if that counts as "breaking" security nowadays, things could get pretty nasty.

        • Yeah, right. Too bad Microsoft can't sue itself, their OS has been broken since they started calling NT something else! Are you shitting me? Microsoft has no case, even if what is claimed is true, what happened there and everywhere their OS is used is, apparently, expected behavior for that OS, a design intended to promote their product "Windows Defender." For all we know the attack vector was Windows Automatic Update and/or Genuine Advantage.
    • by epine (68316) on Saturday January 15, 2011 @11:58PM (#34894744)

      The haven't confirmed anything.

      I think your typing speed and your reading speed are linked together.

      The article does a great job of laying out means and motive and avenues of military conspiracy, and furthermore, documents that the means are exceptionally esoteric and that the motives precisely align with recent policy statements on the parts of the alleged conspirators, who I might add have a brazen rap sheet, but who now seem to increasingly fear "three strikes and you're a lout".

      Where the article fails hopelessly is explaining what a three year delay actually buys us. What's the leverage point? Is this just a bunch of politicians playing "not on my watch" or will the Risk board change in some interesting way over the short hiatus?

      Will the Ahmadinejad faction wane as a result? Will it cause the Iranians a crisis of confidence in foreign technology procurement? This bit the Russians hard after the Siberian pipeline thing. Will the Americans sew things up in Iraq over that time period to enable them to better address the Iran situation when the pot finally boils?

      These are the real questions the article fails to address.

      Concerning the slow news day knee jerk, I don't understand why the jury convicted Hans Reiser. It was nothing but informed conjecture about an arrogant prick until he cracked post sentencing.

      • by AHuxley (892839) on Sunday January 16, 2011 @12:18AM (#34894814) Homepage Journal
        Where the article fails hopelessly is explaining what a three year delay actually buys us.
        It buys 3 years of defectors, active targeting of people and locations, export deal mindgames, hardware tracking, 3 more years of US aid, 3 years of stocking up on next generation US weapons. Politically it keeps the vision of 'evil' alive - Iran is building, only a strong unified political structure can do what it needed.
        Iran cannot trust MS or the basic EU hardware and will have to spend up big trying to buy parts and build at home.
        Iran is now playing the import game and is again wide open to more software issues.
        • It also kicks the can down the road to whoever is (re)elected in 2012. Maybe it's just me but I get the feeling Israel didn't have much faith in President Obama having the will to step up and take action or even back Israeli action if it became necessary.
      • by plover (150551) *

        Three years is a long time for an unpopular government run by radicals, thieves, and thugs. That's 10% of the lifetime of Iran's revolution. A lot could happen between now and then. Or perhaps nothing will change. But three more years of a bombless Iran can't be a bad thing.

      • by phantomfive (622387) on Sunday January 16, 2011 @03:45AM (#34895520) Journal
        Assuming it actually does buy us three more years, that is an excellent thing. Keep finding more ways to delay, and three years becomes a decade. A lot of things can happen in a decade; Iran is not exactly a stable country politically. Delaying violence

        The only thing that surprises me about the article is that the US has a group that is actually capable of such a thing. Especially with all the calls recently saying how we need to be prepared for cyberwar. If this is true, we are more than prepared for it: we are doing it.
  • by countertrolling (1585477) on Saturday January 15, 2011 @10:23PM (#34894250) Journal

    It will considered an act of war resulting in the real thing, of course.

    • by gman003 (1693318)
      It still just might cause a war. Sure, Iran can't fight a war with the US, but it can (and probably will) fight Israel. THAT would be nasty.
      • by Sun (104778) <shachar@shemesh.biz> on Sunday January 16, 2011 @12:58AM (#34894948) Homepage

        It still just might cause a war. Sure, Iran can't fight a war with the US, but it can (and probably will) fight Israel. THAT would be nasty.

        Iran is already fighting Israel. They do most of it by financing, supplying weapons (and using it to gain influence on) Hammas, but sometimes they use a direct agent (Hizbullah). If Israel is behind Stuxnet (no personal knowledge, but it makes sense that it is), then this is not "just cause for war". It is merely a battle in a war that is already ongoing (as is Iran's disregard for signing the no dissemination treaty, and so on and so forth).

        Shachar

    • by mother_reincarnated (1099781) on Saturday January 15, 2011 @10:31PM (#34894296)

      In this case whoever did it seems to have averted war at least for a few years.

    • You do realize that things like this are attempted against the US *all the time,* right? And sponsored by various governments, no less. You have the whole thing backwards. If Iran is led to believe that it was the US (NYT is not a good source for this kind of information information), *they* will consider it an act of war.

  • Color me impressed (Score:5, Interesting)

    by moogied (1175879) on Saturday January 15, 2011 @10:30PM (#34894290)
    You really have to hand it to Israel, they continue to be the very best at cloak and dagger style work. Yes, I consider this C&D due to its ingenious nature. Spread a massive virus across as many systems as you can, and nestle a chunk a code in it to only activate on the correct system. This not only requires the method to spread it, but far more impressive is the fact that it required the correct code for there machines. This means they do 100% have spys inside of Iran's nuclear systems and gives a butt load more credit to the statements made by Israel and America about Iran's nuclear goals. Well done
    • by drolli (522659) on Saturday January 15, 2011 @10:48PM (#34894394) Journal

      Or you have to have spys in the Companies providing the parts. Siemens does not have a strong culture of being paranoid, especially not against western/pro-western secret services, with which they probably collaborate anyway when it comes to identifying industrial espionage from other services. I am pretty sure that the BND (German secret service) can ask them for plans and details quite openly (i guess you don't produce parts relevant for nuclear technology or military infrastructure without having liaison officer assigned to you), and probably also for the source code of the embedded SPS modules. For sure the same holds true for the manufacturer of the turbines. Since the Western secret services collaborate on an less prominent, informal level (see e.g. the BND agents in Baghdad during the war which reported back to the NATO headquarters, where obviously - no records exist - they helped clearing military targets in Iraq, despite Germany no being officially involved in the war).

      I would guess that actually several secret services collaborated in this, but the "Cui Bono?" points to Israel.

    • by SheeEttin (899897)

      This means they do 100% have spys inside of Iran's nuclear systems

      Uh, no. This means they do 100% have people who studied the systems Iran is using. (Which I doubt would be too hard to figure out, if you just do a little asking around and/or research into some purchases or shipping.)
      Spying in the sense of "having someone on the inside" is overrated these days. You're either using informants or telecommunications (Internet or otherwise).

    • Insertion (Score:5, Interesting)

      by lseltzer (311306) on Saturday January 15, 2011 @11:06PM (#34894486)
      There are a few important aspects of the story that didn't get covered by the NYT. One is that there was no mention of the origin of the 4 zero-day Windows vulnerabilities and another is the insertion method. Obviously Stuxnet wasn't just blasted out on botnets. Someone got it very close, probably into a facility or more than one facility, or perhaps into a government office or contractor. That's one of the aspects of this that always told me it was a state actor with quality human intelligence capabilities. Actually, my wild guess before is that a contractor from Siemens or someone like that spread it. Which brings up another aspect of this: This story can't be good news for Siemens's customer relations, especially with their government customers.
      • by AHuxley (892839)
        Siemens? They helped with "Nokia Siemens" via the ability to monitor, control, and read local telephone calls.
        The only issue was the use of Mircosoft. Never let Mircosoft near any of your real world systems.
        • Re:Insertion (Score:5, Informative)

          by plover (150551) * on Sunday January 16, 2011 @02:07AM (#34895208) Homepage Journal

          Ummm... no. Flaws in Siemens' software (including exploiting default passwords in their package, and great difficulty in changing the passwords once deployed) were an important component in the worm's ability to insert the actual command codes into the industrial control systems. And if you'd have read TFA, you'd have seen that in 2008 Siemens met with Department of Homeland Security officials to go over the security of the SIEMATIC PCS 7 industrial control systems. The DHS had the most intimate knowledge of the weakness of Siemens' systems possible, having been asked to evaluate them for security flaws!

          Given the sophistication of the worm, and the determination of the attackers, it's quite likely that it would have been written to infiltrate whatever systems they were running. Windows XP just happened to be very easy to target. But had it been a UNIX or Mac system, they would probably have found a way to get their malware installed anyway.

    • considering that 1. Massive numbers of Jews left Russia to go to Israel in the past 20 years 2. Massive numbers of those Russians know a shitload about computers and 3. Massive numbers of them keep contact with their buds in Russia and 4. Russia has been helping Iran with its 'civilian' nuclear program for a long time. Now, 4 is probably at the behest of the CIA, who pays the Russians big bucks to go "help" Iran. Thank god, is all I have to say, because of the Russians weren't inside Iran's program wat
    • 1) While technically impressive, this is not "cloak and dagger" by any stretch of the imagination. Everyone knows Israel did it. They broadcast the code all over the world. "Cloak and dagger" implies some degree of stealth or misdirection.

      2) If Israel had a spy in Iran's nuclear systems, why would Stuxnet have leaked out? Why wouldn't all the centrifuges just quietly self-destruct? It didn't take espionage to get the technical specs on Iran's centrifuges. They were reported to the IAEA. Sure, it's no

  • You'll never be able to trust anything more complex than a simple light switch ever again. Wait till all this crap gets into your "smart grid". It'll be comedic to say the least.

    • by brusk (135896)
      Why would you trust a light switch? It could, for example, be made of a memory alloy designed to deform under certain conditions and change the state of the circuit--or perhaps to zap you the next time you touch it.
  • OpenBSD IPsec (Score:5, Interesting)

    by Mysteray (713473) on Saturday January 15, 2011 @10:54PM (#34894418) Homepage

    Jason Wright, the OpenBSD developer funded by NETSEC to work on IPsec (and allegedly put in backdoors for the FBI) went to work at the DHS cyber security lab that the NYT is saying helped do Stuxnet http://nyti.ms/grd51X [nyti.ms] http://bit.ly/feB9ZV [bit.ly]

    SecTor 2008 gives his speaker bio http://www.sector.ca/speakers2008.htm [sector.ca]

    Jason Wright is a cyber security researcher at the Idaho National Laboratory working with SCADA and Process Control system vendors to secure critical infrastructure assets. He is also a semi-retired OpenBSD developer (also known as a "slacker") responsible for many device drivers and layer 2 pieces of kernel code.

    I am not making this up.

    I'll have to put it in a blog post this evening. See homepage link.

  • Confirming? (Score:4, Insightful)

    by MikeV (7307) on Saturday January 15, 2011 @11:01PM (#34894460)

    Since when is the media considered factual confirmation? "Hey, let's all go out and look at the Inquirer to get proof that aliens exist!" While it is almost certain that the attack did originate from the suspected nations, a better wording would be, "supporting /* speculation" rather than "confirming" seeing as NYT is certainly not the fount of truth and honesty in reporting and fact-finding. Now excuse me while I go study on Wikipedia...

    • seeing as NYT is certainly not the fount of truth and honesty in reporting and fact-finding

      Oh, c'mon now, it's not like Jayson Blair over at one of Murdoch's rags. Oh, wait...

  • by meerling (1487879) on Saturday January 15, 2011 @11:08PM (#34894496)
    I have to agree with those that think this article was a bunch of innuendo and unsubstantiated statements.

    "...when it began circulating around the world, unexplained, in mid-2009. .."

    I found it extremely funny when they mentioned that the worm had no explanation of it's purpose, as if that were somehow indicative of a covert and malicious nature.
    So, does anybody out there know of any worm, virus, trojan, or other malware that actually comes with a manifesto to explain it's existence/purpose?

    By the way, all the pundits saying it would take the resources of a government to create that worm know very little about what it actually takes to make one. It did however take very intimate knowledge of the code running on those systems, so the creator probably has a copy of the source code on those machines, or the equivalent. (I'm pretty sure it's too large to be memorized by a single person.)
    • by careysub (976506)

      ... By the way, all the pundits saying it would take the resources of a government to create that worm know very little about what it actually takes to make one. It did however take very intimate knowledge of the code running on those systems, so the creator probably has a copy of the source code on those machines, or the equivalent. (I'm pretty sure it's too large to be memorized by a single person.)

      How about the part where they actually test it to see if it works on real controllers hooked up to gas centrifuges?

      This isn't a botnet or credit card info swiping program - you have to have access to hardware that only people with 9 digit budgets and up can acquire.

      So I'd say you know very little about it actually takes to make one that does its job successfully.

    • by plover (150551) * on Sunday January 16, 2011 @02:26AM (#34895268) Homepage Journal

      By the way, all the pundits saying it would take the resources of a government to create that worm know very little about what it actually takes to make one. It did however take very intimate knowledge of the code running on those systems, so the creator probably has a copy of the source code on those machines, or the equivalent. (I'm pretty sure it's too large to be memorized by a single person.)

      Did you RTFA? It claims Israel acquired some of the centrifuges that Iran is using, got them working, then tested the worm's effect on them. That's a lot more than the resources of Joe Hacker. Not just anyone can run down to Pakistani-Centrifuges-R-Us and buy a dozen of them to test with.

      When you look at the instructions Stuxnet was sending to the centrifuges, they're brilliantly designed exactly to cause them to fail. After lurking for a couple weeks, they over-speed them for a few minutes, then drop them down to almost stopped speed, then bring them back to a fairly normal operating speed. The overspeed period stresses the already stressed components, occasionally beyond the breaking point. The underspeed periods act like a mixer, stirring up any U-238 that had already been spun out of suspension. Returning them to normal speed allayed suspicion that they were faulty.

      There is no way one guy is going to know exactly what values it would take to create such a precise scenario. It takes massive resources to pull that off.

  • by Johnny Fusion (658094) <zenmondo@g m a i l . com> on Saturday January 15, 2011 @11:22PM (#34894566) Homepage Journal
    Now albeit through anonymous sources that government powers are developing malware, how will it be either through legislation, treaty or "gentleman's agreement" that anti-virus software manufacturers will have to look the other way for certain payloads? Is this already happening? Certainly the Third Amendment tells us we don't have to use our homes to quarter soldiers, but will the government use its citizenry's hard drives and bandwidth to host a weapon?
    • Government taking my hard drive?

      From my cold, dead hands!

    • The big thing in this article that stuck out for me was that Siemens participated with the Idaho National Lab to do a security audit of their software.

      We now know that cooperating with the US Government in this regard is giving up your customers to them, effectively.

      What if the Siemens gear were a few generations ahead and automatically updated itself online? Would they be barred from issuing some fixes? Did Siemens even get a full report of what was found? Was their participation in this exercise a requ

      • by simp (25997)

        Actually almost all process control vendors participate to some extent with National Lab. Nothing secret about it, go to the webpage and sign up for a 5 day red team/blue team session on how to hack scada equipment.: http://www.inl.gov/scada/training/index.shtml [inl.gov]

        If you are a process controller vendor and you haven't sent your security staff to Idaho then you are out of the game. Because the rest of the process control world will break into your systems while laughing their asses off.

    • "gentleman's agreement" that anti-virus software manufacturers will have to look the other way for certain payloads?

      That has already happened with the Sony rootkit.I think it was f-secure that had heated discussions with Sony for about a week before releasing the information to the press and their virus definition - and that may have only been because there was a non-commercial fix by then. All of the others were silent but some were reported as corresponding with Sony on the issue. The company that did r

  • ...you need to build all your own shit, from the ground up.

    For now, anyhow. Maybe, in the future, it will be OK to buy your infrastructure off of Craig's List and eBay... (or various Euro conglomerates) but for now, if you want the job done right, do it yourself.

    In this case, I think a Simpson's quote, from Nelson would be appropriate - "Ha Ha".
  • What would you rather have, Israel and the US bombing Tehran, or the CIA and Mossad making a computer virus to disable centrifuges? I think I'll open door #2, thank you very much.

    Either way, you have collateral damage; I just think the world is better off with fried OS installations than fried humans.

  • ...that NYT does all this work on StuxNet and so little on the current US administration and its allies?

    • by Jeremi (14640)

      Gee Loopy, didn't you read the part in the article about how Stucnet was developed by the current Administration and its allies?

  • I'm sure they wish they had a refuge from this deluge of centrifuge subterfuge.

Riches: A gift from Heaven signifying, "This is my beloved son, in whom I am well pleased." -- John D. Rockefeller, (slander by Ambrose Bierce)

Working...