New York Times Reports US and Israel Behind Stuxnet

Oxford_Comma_Lover writes "Confirming heavy speculation in the Slashdot community, the New York Times reports that joint US-Israeli efforts were almost certainly behind the recent Stuxnet attack on Iran's nuclear program." The article stops just short of saying in so many words that Israeli is the doer, but leaves little doubt of its conclusion.

Color me impressed

[moogied]

You really have to hand it to Israel, they continue to be the very best at cloak and dagger style work. Yes, I consider this C&D due to its ingenious nature. Spread a massive virus across as many systems as you can, and nestle a chunk a code in it to only activate on the correct system. This not only requires the method to spread it, but far more impressive is the fact that it required the correct code for there machines. This means they do 100% have spys inside of Iran's nuclear systems and gives a butt load more credit to the statements made by Israel and America about Iran's nuclear goals. Well done

OpenBSD IPsec

[Mysteray]

Jason Wright, the OpenBSD developer funded by NETSEC to work on IPsec (and allegedly put in backdoors for the FBI) went to work at the DHS cyber security lab that the NYT is saying helped do Stuxnet http://nyti.ms/grd51X [nyti.ms] http://bit.ly/feB9ZV [bit.ly]

SecTor 2008 gives his speaker bio http://www.sector.ca/speakers2008.htm [sector.ca]

Jason Wright is a cyber security researcher at the Idaho National Laboratory working with SCADA and Process Control system vendors to secure critical infrastructure assets. He is also a semi-retired OpenBSD developer (also known as a "slacker") responsible for many device drivers and layer 2 pieces of kernel code.

I am not making this up.

I'll have to put it in a blog post this evening. See homepage link.

Insertion

[lseltzer]

There are a few important aspects of the story that didn't get covered by the NYT. One is that there was no mention of the origin of the 4 zero-day Windows vulnerabilities and another is the insertion method. Obviously Stuxnet wasn't just blasted out on botnets. Someone got it very close, probably into a facility or more than one facility, or perhaps into a government office or contractor. That's one of the aspects of this that always told me it was a state actor with quality human intelligence capabilities. Actually, my wild guess before is that a contractor from Siemens or someone like that spread it. Which brings up another aspect of this: This story can't be good news for Siemens's customer relations, especially with their government customers.

Re:Still Speculative.

[epine]

The haven't confirmed anything.

I think your typing speed and your reading speed are linked together.

The article does a great job of laying out means and motive and avenues of military conspiracy, and furthermore, documents that the means are exceptionally esoteric and that the motives precisely align with recent policy statements on the parts of the alleged conspirators, who I might add have a brazen rap sheet, but who now seem to increasingly fear "three strikes and you're a lout".

Where the article fails hopelessly is explaining what a three year delay actually buys us. What's the leverage point? Is this just a bunch of politicians playing "not on my watch" or will the Risk board change in some interesting way over the short hiatus?

Will the Ahmadinejad faction wane as a result? Will it cause the Iranians a crisis of confidence in foreign technology procurement? This bit the Russians hard after the Siberian pipeline thing. Will the Americans sew things up in Iraq over that time period to enable them to better address the Iran situation when the pot finally boils?

These are the real questions the article fails to address.

Concerning the slow news day knee jerk, I don't understand why the jury convicted Hans Reiser. It was nothing but informed conjecture about an arrogant prick until he cracked post sentencing.

Re:When this happens to the US or its allies

[theNAM666]

You, are unfortunately, incorrect.

Iraq feel because it was neither prepared nor ready for war. Iran has been preparing for war for close to a decade, apace. War with Iran will be no walk in the cake, it will be real war, with real consequences, including the likelihood of casualty numbers that the United States has not seen since the Second World War. Don't kid yourself.

P.S. My friends from the 101st assure me that your characterization of the narrow nature of US forces and their training and preparation is also largely a pile of poop; US Armed Forces are also one of the largest and most prepared humanitarian response forces, as well.

Re:Still Speculative.

[rtb61]

Want real speculation, how about this. Will M$ bring all of it's legal, investigative and it's ability to provide cash incentives to seek fiscal redress for the way in which access the source code was used to publicly destroy the image of it's operating system security.

Many countries have recently announced their intent to drop the Windows Operating system due to the security weakness and exploitability as demonstrated by the Stuxnet virus, this will likely end up costing M$ billions of dollars in lost income. If M$ can prove access to it's source code was exploited by government to break the security of the program, regardless of the damage done to the public's perception of the security of the program, than M$ is fully entitled to damages done by the purposeful and malevolent attack upon one of it's core revenue streams.

Re:From the No-**** Department...

[Zeinfeld]

It is really rather obvious that both the Iranian and Israeli leadership would rather like to have a war but they need the other side to be seen to start it. Iran has gained tremendously from the Bush invasion of Iraq, not only has the US eliminated Iran's major regional rival, the war has allowed Iran to establish an essentially unbroken sphere of influence in the Shi'ia world.

It is even quite likely that Ahmedinejad is looking for an attack in order to complete the nuclear program. It is unlikely that the religious leadership would want to allow him to complete a nuclear bomb: it would put him above them. If Iran really wanted a nuclear weapon they would have one by now, they have vastly more resources than were available to the Manhattan project in the 40s. Another possibility is that Iran does already have a nuclear bomb but is unable to declare it since that would lead to an immediate attack etc.

In either case it would make perfect sense for Ahmedinejad to incite an Israeli attack which would provide a pretext for withdrawal from the NPT and become a declared nuclear power within a short interval.

A war between Israel and Iran would be a war of attrition with each side aiming to rack up as many civilian deaths as possible. Israel cannot win that game and it would be stupid of them to try. The mullahs have shown themselves quite capable of accepting a million casualties in a war.

The Times report itself says nothing new and nothing that can be believed. All that we know is that there is are sources in US/Israeli intelligence that want to take credit for Stuxnet. We do not even know if the source would even have knowledge of such an operation if it existed.

The motives for wanting to take credit are rather obvious. But if you look at what the attack achieved or was likely to achieve it is very hard to see how it would be in the interests of either to burn major intelligence assets for an act of minor vandalism.

We know that the attack involved four zero days, was written in a modular fashion, probably by multiple authors and had references that might have been intended to lead to a certain conclusion. What we really don't know much about is the payload code. We do not even know for certain what the target was.

For several weeks we were discussing media reports that 'confirmed' that the virus was Chinese on the basis of some 'expert' who had seen an algorithm in Chinese code and erroneously considered it to be uniquely Chinese. The press will repeat any nonsense that is said to them by someone who is convinced they are right.

If the target was indeed the Iranian centrifuges or the Iranian power plant then the only way that it could have possibly been expected to work would be with very deep knowledge of the design and deployment of a top secret Iranian facility. There are only two ways that knowledge could be available to the attacker - if they designed the plant or if they had a source with access.

Looking at the likely result of this attack I cannot possibly see how anyone would wish to let the Iranians know about the intelligence source for the sake of some minor inconvenience to the Iranian program.

A much more likely explanation in my view is the idea that the Russians wrote Stuxnet to damage the nuclear plant they designed and thus require Iran to buy additional services from Russia to repair the damage and to accept the reprocessing proposal (which they did). Such shakedown tactics were common during the Soviet era.

Russia would not have an incentive to take credit for the attack in such circumstances. But some of the US/Israeli hawks would even knowing that the claim was false.