StuxnetARLINGTON, VA–There is a growing sentiment among security researchers that the programmers behind the Stuxnet attack may not have been the super-elite cadre of developers that they’ve been mythologized to be in the media. In fact, some experts say that Stuxnet could well have been far more effective and difficult to detect had the attackers not made a few elementary mistakes.

In a talk at the Black Hat DC conference here Tuesday, Tom Parker, a security consultant, presented a compelling case that Stuxnet may be the product of a collaboration between two disparate groups, perhaps a talented group of programmers that produced most of the code and exploits and a less sophisticated group that may have adapted the tool for its eventual use. Parker analyzed the code in Stuxnet and looked at both the quality of the code itself as well as how well it did what it was designed to do, and found several indications that the code itself is not very well done, but was still highly effective on some levels.

Parker wrote a tool that analyzed similarities between the Stuxnet code and the code of some other well-known worms and applications and found that the code was fairly low quality. However, he also said that there was very little chance that one person could have put the entire attack together alone.

“There are a lot of skills needed to write Stuxnet,” he said. “Whoever did this needed to know WinCC programming, Step 7, they needed platform process knowledge, the ability to reverse engineer a number of file formats, kernel rootkit development and exploit development. That’s a broad set of skills. Does anyone here think they could do all of that?”

That broad spectrum of abilities is what has led many analysts to conclude that Stuxnet could only be the work of a well-funded, highly skilled group such as an intelligence agency or other government group. However, Parker pointed out that there were a number of mistakes in the attack that one wouldn’t expect to find if it was launched by such an elite group. For example, the command-and-control mechanism is poorly done and sends its traffic in the clear and the worm ended up propagating on the Internet, which was likely not the intent.

“This was probably not a western state. There were too many mistakes made. There’s a lot that went wrong,” he said. ‘There’s too much technical inconsistency. But, the bugs were unlikely to fail. They were all logic flaws with high reliability.”

Parker said that Stuxnet may have been developed originally on contract and then once it was handed off to the end user, that group adapted it by adding the C&C infrastructure and perhaps one of the exploits, as well.

The mistakes weren’t limited to the operational aspects of Stuxnet, either. Nate Lawson, a cryptographer and expert on the security of embedded systems, said in a blog post Monday that the Stuxnet authors were very naive in the methods they used to cloak the payload and target of the malware. Lawson said that the Stuxnet authors ignored a number of well-known techniques that could have been much more effective at hiding the worm’s intentions.

“Rather than being proud of its stealth and targeting, the authors should be embarrassed at their amateur approach to hiding the payload. I really hope it wasn’t written by the USA because I’d like to think our elite cyberweapon developers at least know what Bulgarian teenagers did back in the early 90′s,” Lawson said. “First, there appears to be no special obfuscation. Sure, there are your standard routines for hiding from AV tools, XOR masking, and installing a rootkit. But Stuxnet does no better at this than any other malware discovered last year. It does not use virtual machine-based obfuscation, novel techniques for anti-debugging, or anything else to make it different from the hundreds of malware samples found every day.”

Lawson concludes that whoever wrote Stuxnet likely was constrained by time and didn’t think there was enough of a return to justify the investment of more time in advanced cloaking techniques.

Categories: Government, Malware, Web Security

Comments (90)

  1. David
    1

    Maybe time was of the essence in developing the system.  Perhaps there was a greater impact if the Iranian centrifuges were hit more quickly.  In the real world with its operational objectives and timelines and what-not, maybe there sometimes isn’t enough time to put the full polish on the final product to satisfy the Monday morning quarterbacks?   Or would you have preferred to have a nuclear-capable Iran earlier than 2015-ish?  @sharpesecurity

  2. Larry Seltzer
    2

    Jeez, have a little perspective. Not only did Stuxnet do what it was designed to do, it went unnoticed for about a year. I can believe it’s not perfect, but these analyses make it sound like a failure.

  3. Anonymous
    3

    Perhaps the Israeli desire wasn’t for the worm to succeed and what they really wanted was justification for their requests for U.S. made bunker-breaking bombs and permission to use them on Iran nuclear facilities.

  4. Maharishi Swami Poobah
    4

    The worm did its job.  It’s that simple.  To criticize the effort with so many variables and unknowns is irresponsible and reeks of jealousy.  There is no way to know what the constraints may have been in the development of this code.  Let’s be comforted in the fact that the Iranian nuclear ambitions have been tossed a curve.

  5. Anonymous
    5

    Lets be comforted in the propaganda surrounding this worm has gave an opertunity for the NWO to crack down on the web even more with nice little things like

    Cybersecurity Act of 2010

    Internet ID

    Internet kill switch

     

    Don’t mind the puppet behind the curtain “physically inserting a USB stick in the computer”

    Come on Threatpost.  One more of these propaganda posts and I am out of here.  Let the retards play in your sandbox.

  6. matthiasr
    6

    So he’s saying that because Stuznet was so full of fail it couldn’t be done by a western state? Why should that be? Because the Good Guys never fail?

    Also: consider that Stuxnet was designed to hit within a certain environment, namely a “safe” closed network where virus/worm attacks were just not anticipated. Consider that Siemens STILL discourages changing the password on the possibly affected machines. Consider that it hit the target, deactivated itself due to an acute case of “Mission accomplished” and *still* went undetected for months.

    The spread to the Internet may or may not have been intended; it may well have been the primary attack vector: infect all of Iran and sooner or later someone will carry the infection where you want it to be. You don’t even need to bribe the janitor any more.

  7. Anonymous
    7

    I still can’t believe that people think the secret agencies are the uber people you see in the movies. To work for them you have to have either limited intelligence or a personality flaw. They just can’t get the best people.

  8. Anonymous
    8

    Plausible Deniability!  They wrote poor code and put in mistakes so they could deny the thing.  They wanted it to be seen as amateur so they wouldn’t get linked or wouldn’t show of their true capabilities.   

  9. Anonymous
    9

    Oh please. I’ll say “sony bmg rootkit” and I’ve said enough, I have. And if I haven’t, well, the higher the clearance, the less likely the code is any good. And that is just simple economics.

  10. The Story Behind the Story
    10

    The “story behind the story” on this one is probably that some black hat group is now peddling their StuxNet writing services to the 2nd & 3rd worlds, and they need to be discredited until the defenses against this kind of thing are more mature.

  11. Cow
    11

    They did just fine. Of course they could have done better, everything can always be done better. It would have been better if they were able to make the virus destroy everything in the plant, and program the president’s toaster to jump into his bathtub. But delaying mass murder by even a day is a giant success, and worth every penny and second.

  12. Anonymous
    12

    Perhaps Stuxnet is just a diversion….a red herring, if you will. While and elegently coded virus that would knock you socks off does the real heavy lifting.

  13. Tom
    13

    This was probably not a western state. There were too many mistakes made

    Ha ha, you utter zenophobe. Punch yourself in the face please.

  14. Anonymous
    15

    If in fact it was Stuxnet that out Iranian nuclear centrifuges the only important thing is that it did what it was supposed to do. Otherwise it is just being used as a prop to show how clever all these online detectives are..

  15. Anonymous
    16

    That’s what they want you to think…  The goal is impact without attribution, a couple purposefully implemented flaws and dated techniques = “can’t be a western intelligence service”…  Flawless.

  16. BritTim
    17

    This was probably not a western state. There were too many mistakes made.

    Au contraire: it was probably not the Russians, or another state with the best engineers working for them. Stuxnet is exactly what I would have expected from a Western security agency.  It had a huge budget and many people were involved.  Most of them were not particularly skilled, especially those allowed to know what it was for.

  17. Anonymous
    18

    …or maybe it WAS made by a super elite group who dumbed the code down, so if/when it was eventually discovered, it wouldn’t look like an elite group did it, thus deflecting accusations it came from the US.

  18. Anonymous
    21

    Stuxnet did what it was designed to do. What would have been gained from virtual machine-based obfuscation, or anti-debugging techniques? There was no need for that.

  19. scott
    22

    if the code is bloatware i’d think that a sure sign it was developed by a ‘western state’, bulgarian (or romanian, czech) teenagers would have been more efficient and lean as a matter of pride – maybe the base code was developed by the teenagers and handed off to the western state ‘cyberweapon developers’ who were responsible for packaging and deployment…wtf

  20. Anonymous
    23

    I was at that talk. I didn’t get the sense he was saying it was really crappy code, just that there are many places in the code where the hackers we are all familiar with would have done it differently, probably more cleanly. Based on experiences with code that the hackers we all know and love tend to write, we would not expect it to be any of them.

  21. Anonymous
    24

    Or…. some well chosen mistakes were “left” in place to make it look more amateurish and therefore provide reasonable deniability for an elite author group. I mean, come on, I am only looking one step beyond the obvious. What about 2, 3 or more steps.

  22. signalsnatcher
    25

    I agree with Brit Tim.  Different teams working on a “need to know” basis and no direct liaison develop different modules, which are glued together by another team with limited skills. 

    Intelligence agencies are not like the movies.  Most officers are of average intelligence and with limited technical skills.  The techies who develop equipment are often mediocre engineers and not always aware of the latest developments.  Outsourcing is the rule but budget restraints and internal turf wars restrict what can be purchased.

    Use your knowledge of human nature (assuming you get out at all)!  Have you ever seen elite coders deliberately dumb down what they produce? 

    The Pakistani-made P-1 centrifuges are known for rough running and frequent breakdowns.  I wonder if Stuxnet achieved anything at all.

  23. Anonymous
    26

    This article is so full of self-contradictions its almost unreadable.  But still, D’UH, I’d say its pretty obvious the conclusion they came to.

  24. bughunter
    27

    To me, the technical inconsistency, reliability despite flaws, lack of sophistication in some parts, and virtuoso expertise in others, is all very consistent with work done by US defense contractors, whose engineering leadership is fond of phrases like “better is the enemy of good enough,” who divide labor among people of varying capability, and who report to program managers who may or may not have expertise in the technical area at hand.   Its eccentricity doesn’t prove it was made in the West, but it certainly doesn’t rule it out, either.

  25. Erica Brigid
    28

    quote from Signalsnatcher:  “The Pakistani-made P-1 centrifuges are known for rough running and frequent breakdowns.  I wonder if Stuxnet achieved anything at all.”

    I’ve been thinking along the same line.  My theory is that the Stuxnet developers had an inside track to the Pentagon/CIA/Mossad, whatever, for getting them to buy their software, which was actually no better than what’s already on the market (happens all the time in the military-industrial market).  Then they just waited a year, until enough centrifuges died of natural causes, and claimed credit for their demise.  Now they make it public in order to draw more customers.

    I also doubt that the centrifuge control center was connected to the internet, which it would have to be in order to sneak a virus in.  It would be the first thing their security people would see to.  An enemy agent would have to sneak a disk, or similar device, physically into the control computer.

  26. Richard Steven Hack
    29

    “Let’s be comforted in the fact that the Iranian nuclear ambitions have been tossed a curve. ”

    WHAT “Iranian nuclear ambitions”?

    Read my lips: There is ZERO evidence that Iran has a nuclear weapons development and deployment program. There is ALMOST ZERO evidence that Iran has EVER had a nuclear weapons development and deployment program.

    Go to http://www.raceforiran.com to get the FACTS about US-Israel-Iran relations as covered by former US government analysts Flynt and Hillary Leverett.

    Hint: The facts are that this is a repeat of the Iraq “WMDs” scam.

  27. Whatwillbewillbe
    30

    Talking about double standards. What’d happened if a third world country created the stuxnet and infiltrated the US etc. People will be framed and arrested. It stinks. No wonder by 2012 the world will change – will toss out all the evils (politicians, spies, war industry etc). Waiting for the day.

  28. Anonymous
    31

    Please explain to me the amateur how the Iran computor was infected when it is not on line. Did a member of the Mossad break in and insert an infected computer stick ?

  29. Expatriated American Patriot
    32

    The idea that USA couldn’t do Stuxnet this is very sound. In fact the USA has not successfully completed a single military-themed hardware or software project in the last decade, despite astronomical Pentagon budgets! F-22 Raptor product run cut to 1/4th due to plane maintenance problems and huge cost overrun, F-35 still doesn’t serve, EFV aquaplaning USMC battle tank cancelled as too futuristic, B-747 mounted anti-Scud laser cannon cancelled, RAH-66 stealth scout helicopter cancelled, etc.

    (The only good exception is the Super Hornet plane, but that was not entirely new, just a fairly simple scale-up of the existing and long-serving F-18C/D Hornet fighter bomber.)

    On the other hand the zionist entity has a long track record of successful independent weapon development, combined with a large dose of ruthlessness. Now we know from the NY Times article that Stuxnet was written and trialled at the Dimona A-bomb factory, using an ex-libyan P-1 gas centrifuge set for test rig.

  30. CyberWarrior
    33

    I feel like you should consider the fact that what you have pointed out in this article may have been done on purpose so people like you would write reports like this.

  31. Anonymous
    34

    Eh, you know this stuff evolves as teams tighten up. If you want to see this exact play in action go revisit all of the Office 0-days from like 2006-2007, all of those targeted attacks. What made them impressive (as someone who reversed them on the receiving end) were two-fold. The first was the tenacity, you work enough 100 hour weeks in a row and anyone folds. The second was the rate of evolution in the attacks; theres of course reasons for that, for instance compare your samples from this time period from other similar samples sourced from different but similar organizations (that were targeted).

    For instance, take one of the earlier actual office 0-days in 2006, my timeline is skewed from the public timeline so im not sure how to refer to it; but at any rate, you’re looking for the first one that actually cleaned the exploit payload in the office document as part of its shellcode and then respawned office opening the modified document. Point being this was an interesting technique to watch evolve, as the first ones opened garbled $foreign text that looked like it might have been recycled due to some references (id est 1953). I remember thinking to myself ‘as neat as that was, what was the point if you were just gonna open a doc with $foreign text? why not just put “lolowned”?’

    As the technique became cleaner, it eventually evolved into a process where it would end opening a document that matched what the user expected to received, none the wiser their instance of office had just crashed.

    Now, consider the source of those attacks. Don’t give governments too much credit and forget that it’s just people, probably that many of us know.  I bet you the next time we analyze the calling card it will be a little less sloppy; patience ;]

     

  32. Anonymous
    35

    It seems unlikely that whoever wrote Stuxnet made errors on purpose just to throw the media off. Can’t imagine that was on their minds at the time.

  33. Yephora
    36

    Article read like a dispassionate analysis to me. I detected no jealousy, no ‘Monday morning quarterbacking” or similar nitpicks as claimed by some of the backbenchers here. Nice job.

  34. Anonymous
    37

    quote: “That’s a broad set of skills. Does anyone here think they could do all of that?”

     

    Please, out of that list there is only one that I haven’t done, and I personally know people in the professional workforce that would find all of these items a joke.  It’s more common than you think, but those I know are all good people.  I wonder if being good or bad actually has an effect on how good or bad you are at doing things.

  35. Anonymous
    38

    quote: “That’s a broad set of skills. Does anyone here think they could do all of that?”

     

    Please,
    out of that list there is only one that I haven’t done, and I
    personally know people in the professional workforce that would find all
    of these items a joke.  It’s more common than you think, but those I
    know are all good people.  I wonder if being good or bad actually has an
    effect on how good or bad you are at doing things.

  36. Anonymous
    39

    Sounds like a case of Monday moring QBs analizing the home team on how they could have won better! Give me a break! A win is a win and if Iran’s nuclear program is delayed this is a good thing. There will be a huge capital investment to repair the damage. Combine this with the economic woes of Iran the impact could be much greater. I say a win for the good guys.

  37. Anonymous
    40

    It might be that it’s just a ruse to make them think they’ve got control of the problem when in fact there are others …way better?

    I thought the fact it propogated on the internet interesting, allowing media attention.

  38. Mike
    41

    When someone criticizes code I also think of Weinberg’s classic book “The Psychology of Computer Programming”. He did a study that points out that programmers tend to meet their objectives. If you give 5 teams the same program to write with 5 different objectives, e.g., maximizing runtime efficiency, maximizing readability, maximizing adherence to a certain style or methodology, etc., each team will meet its objectives. But the team could always have had other objectives, so you need to be very careful with criticisms. The author of this article simply wasn’t careful enough.

  39. Anonymous
    43

    Did the author ever contemplate that it is likely whoever did this did not want to reveal their total abilities knowing that as soon as it (Stuxnet) was discovered the target of Stuxnet would be writing code to prevent such an attack again…

    Hit the enemy to see their reaction, hit them again to see where they built up defenses, hit them to test the defense, strategize, then hit them with everything you got.

    I would guess Stuxnet Version 2.0 is ready and wating.

    Sheese.

  40. Jim Jupiter
    44

    I think it’s fairly obvious that this was a test of a “cyber-weapon”.  True, it’s likely nation-state funded.  True, it’s the work of individuals that were specifically targetting these systems.  However, I believe that part of the motive for assebling it in the way it was done, using the technology and techniques that were used, was done in part to find out how long it would go undetected, and what the community response was.  The nation-state behind this would not have played all their cards immediately against the intended target.  The advanced technologies for obfuscation would only be used when really needed – like when there’s an actual “war” going on.

  41. Anonymous
    46

    “A good plan implemented today is better than a perfect plan implemented tomorrow.”

    Gen. George S. Patton, Jr

  42. leo
    48

    I don’t know who this guy is,  Passing as an expert. Anyone in IT knows that no program is perfrct. besides  stuxnet did what it’s supposed to do. delayed and crippled the Iranian program at least for few years.  If this is not enough for this guy, I would like him to write a better program. 

  43. Anonymous
    49

    Perhaps it was the intent of the Stuxnet authors to write the code in such a way as to not appear all that sophisticated for the very reason that it wouldn’t draw attention to its origins.  After all, it didn’t need to be elegant, just effective, as it apparently was.

  44. Anonymous
    50

    What the researcher fails to understand is that the “code” was not for the typical PC, but for the PLC (Progammable Logic Controller).  These devices do not change much: a PLC card from Rockwell made in 1998 is the same as one off the shelf today, save some basic firmware updates (software) and perhaps a revision, but other than that not much.

    The fact that ALL industrial processes run around some degree of automation and the heart being the PLC would lead one to ask, “who makes these things”. Rockwell and GE being some of the larger have been banned from selling products to Iran (well, we know GE will “do” what they want, right?). The Japanese groups are too complex and the instructions are pathetic. This leaves Siemens as the last item-and one of the worlds largest, if not The largest.

    Knowing this, would it not be a ridiculous approach by our government to request the root code and assembley language from Siemens? Some of their largest engineering groups are in the US. Working with these engineers to develop the core that would hunt and seek the specific bits needed to infiltrate the Iranian structure without inflicting serious issues in other applications, such as water works, power distribution, etc (so as to not reveal an immediate issue), would this company, Siemens, see it as their duty and a means to seriously test the integrity of their product?

    This weapon (yes, it is) has a sole purpose to infiltrate the VFD (Variable Frequency Drive) of a rotating element, and not just any rotating element, but the element that spins and sorts out the specific Uranium needed in both type and distribution profile. Too high or too low is not good. This now makes sense how Iran was going ga-ga over installing new centrifuges; they could not produce the right profile and, stupidly, went on the path to install more.

    Notice how StuxNet also appeared in Pakistan, China, and Russia? Surprised? This virus gets passed easily. It is code. It is not like the software you install or use.

    So, yes there are some simple areas, yet the most dangerous weapon is usually the simplest around as that is the one “thing” a defender ever anticipates. Get rid of guns and your killers may use a ponted stick to stab you with-easily available, difficult to detect, yet results in the same outcome.

  45. Anonymous
    51

    ” I say a win for the good guys.”

     

    If only I could werk out who the good guys are!    Are the ones with hundreds, thousands or ten of thousands of nuclear wmds..??? Those fighting at least one war where ONE MILLION children, women and men were most likely killed because of clever lies..??  Those guys..??

     

    Or is it that “other place”  where the CIA killed their president and installed some type of king…[Shah] so as to enable low cost removal of their oil and special deals for friends. 

    A place that gives support to those whose country, most of which was “given away” by the U.N. and and those who got the free “most of” are busy trying to take the rest with guns and bombs , walls and  checkpoints where a disproportunate number of pregnant women seem to die…..  Those guys..??  Try:

    http://lawrenceofcyberia.blogs.com/news/2009/03/one-shot-two-kills-its-not-just-a-slogan-on-a-tshirt-2.html

    http://news.sky.com/skynews/Home/World-News/Israeli-Army-T-Shirts-Mock-Killing-Palestinian-Women-And-Children-During-Gaza-Offensive/Article/200903315245946

    http://lawrenceofcyberia.blogs.com/news/2009/03/one-shot-two-kills-its-not-just-a-slogan-on-a-tshirt-2.html 

  46. Mr D
    52

    A truly ignorant article… followed by lots of ignorant comments. The stuxnet attack was an act of terrorism. For the author to talks as if he knows how it could’ve been more efficient show just how ignorant he really is. However, it looks like his main aim is to divert your attention way from thinking that western intelligence agencies were involed. In which case the author is just another of those zionist rent-boys that pollute the web with their propaganda. Wise up you morons!

  47. Anonymous
    53

    The software did what it was designed to do. The experts can mock the effort now, but it only makes them look silly.

  48. Anonymous
    54

    What if the Israeli Gvmt purchased the Win Cracking tools from a team of pros (who wouldn’t have finished the work because Israel would not have wanted them to know where the payload was going) and then had the IDF hackers (typically a bunch of 18-21 year-olds) wrote some wrappers and the system-specific code they would have required

  49. Anonymous
    55

    With their program in jeopardy of failing miserably, it is quite probable that Iran introduced this themselves, knowing that the Great and Small Satans would receive the blame throughout the world.

  50. Anonymous
    56

    Are you kidding?  This was extremely successful.  If it just destroyed 984 centrifuges and stayed a secret, there would be no reason to be distrustful of their German vendors.

    Now who do they turn to for technology?  The Russians?  Talk about trust issues…

  51. Anonymous
    57

    “Notice how StuxNet also appeared in Pakistan, China, and Russia”

     

    Sounds like the virus came out of India, at least partially.  It was probably a collaborative project involving several countries, assembled and launched in India.

  52. Jeff
    59

    Has nobody here been informed that the stuxnet virus was ordered by G.W. Bush during his term?  The guy was alot smarter than libs ever gave him credit for.

  53. brasstown
    60

    Nobody has mentioned the amount of paranoia that has been introduced into the human system by this worm. The security folks are going through the whole Iranian scientific establisment like a laxitive. I’m sure that a lot of the tech people are clamming up and not furnishing any info due to fear and confusion. This is a deadly byproduct of a dictatorship who impose their paranoia on the lower level workers who will play along but in the end do everything they can do to cover themselves. There may even be some false accsuations inside to gain some advantage.

    I would not be surprised if there were another more subtle trojan waiting in the wings or even in operation now. While everyone (the Iranians) is concentrating on cleansing their environment of Stuxnet they could be missing another more deadly bug which probably be of a higher order of technology which will be even harder to detect and prevent.

     

     

  54. Neo
    61

    Perhaps the “flaws” were done purposely, so a second or third wave would be harder to detect.

  55. Anonymous
    62

    I have worked in classified programs and one of the biggest problems we have is finding people with the right skills that can also get a security clearance.    The higher the security clearance required, the harder it is to qualify for it.     I am guessing that they had some pretty good people with the right clearances available to work on Stuxtnet, but probably not the most knowledgable and/or experienced people that you might want.    So, they made do with what they had and what they could find out in books and on the web.     After all, they could not post “Help Wanted” ads for this project.     

    I seriously doubt that someone really experienced in Hacking and creating Malware would ever be able to get a security clearance at the sort of level that Stuxnet was probably developed.       How could you trust them ?

     

  56. Anonymous
    63

    So let me get this straight… the author of this article couldn’t run his ‘super sexy author decoder ring’ to figure out who wrote the code because it was ‘too run of the mill’ and he thinks it’s a giant fail???

    Facts:  1) Iranian centifuges burned up.  2) Even your author decoder ring was unable to figure out who wrote it. 

    Success…. in fact, you’ve even gone so far as to say the number one suspect couldn’t have done it… ergo -> double success.

    Pure genius.

  57. Erica Brigid
    64

    Quoting an anonymous post:

    “Notice how StuxNet also appeared in Pakistan, China, and Russia?” 

    Right about the time Stuxnet was supposedly put into action, the Sayano-Shushensk hydroelectric station in Russia was destroyed when a turbine went into extreme RPM and burst the penstock, fooding the generators and rendering the whole power plant useless for months.  There are only two countries who want to do destroy Russia, and they also happen to be the two that want to destroy Iran.

  58. Jeff
    65

    The virus was successful and did what it was intended to do…quit already with the Monday morning quarterbacking.

  59. justavoter
    66

    I have a question and keep in mind, this is coming from less than a novice in the computer hacking/worm department but isn’t installing this worm on another nations computers actually also handing them the worm.

    Hence, to use such a cyber weapon, don’t they have the blueprint for the weapon on their systems now?

  60. Brzinznov
    67

    Interesting article, and some good critical analysis.  I would however have appreciated less haughty tone – when is the last time the author wrote a piece of code that stopped a megalomaniac countries uranium enrichment centrifuges dead in their tracks?

  61. DougBuchanan.com
    69

    Consider thinking objectively to the humans.

    A computer virus, worm or any such program constitutes the creation of a damaging contradiction to the original reasoning-based, useful intent for computer activity.

    The same concept, in biological disease, physical attacks or mistakes that damage humans constitutes a contradition to the original reasoning-based design of humans.

    The human mind (hardward and operating sytem) is a contradiction identification and resolution device of obviously remarkable and advancing abilities based on YOUR mind’s desire to make the human condition “better” (advance human knowledge).

    Now therefore, what original design demarcation or damage to the human mind would cause it to devise damages or create contradictions to its own contradiction identification and resolution process that is otherwise useful to humans?

    The reference term or program name for the answer to the question is the “power-damaged mind”, which has been flawlessly identified, described and verified to the extent that the biological computer program “virus” or damaging program can be corrected to preclude, among other things, any damaging computer program ever again being introduced.

    The mind is just a computer capable of identifying its complete functional design or operating system, for the mind’s ability to use that design however it wants.

    Now easily imagine why no government or other institution wants to get even close to the knowledge that precludes their institutional “power” to damage “the enemy” (the other guy), by design of the power-damaged mind, much to your amusement.

    Oh, and if any serious computer programmer wants to synthesize any computer program with the complete functional design of the human mind, for dramatic, world-changing results, the opportunity is available.

    Respectfully,  DougBuchanan.com

     

     

  62. Andrew
    71

    We know who made it, we know why they made it and we know how they made it.

     

    We released the full information to our web site last year and was linked from one of Bruce Schneier’s blog posts.

     

    It was however completely overlooked and you guys are still going with a U.S Government conspiracy.

     

    Stuxnet was a lot to do with the Lockerbie bomber being released and was a lot to do with BP.

     

    The code was written in different parts of the world, the people behind the code weren’t told what they were working on.

     

    The code was finally brought together using a dedicated tool to coordinate the builds from the different developer teams.

     

    I removed the full report from our web site because people seemed to be offended that the worm was created because of the Lockerbie bomber release and the explosion in the Gulf of Mexico.

     

    Andrew

     

    Founder of n3td3v

  63. Anonymous
    72

    The silly political stuff is beside the point. What Lawson and Parker are saying is that this could have been much worse and we probably would’ve never heard of this thing if the code had been a little better. It has nothing to do with conspiracy theories or any of that.

  64. Simon Peter
    73

    I believe that it did its job, most likely one group paid very good people to develop a shell worm just like sword fish, they get it with particular features and functions and you can plug into it any defined task and it will accomplish it, the flaw was in the person who defined its particular purpose but its original code would be solid.

    In a fresh bought, i agree with some of you when you say that the original authors could just be peddling excellent coding skills for hire, imagine Picaso’s best painting hangs in ones private collection 500Metres below the ground, how would Picaso feel ??????

     

  65. jwnoord
    76

    This is why open source trumps private industry for standards.

    Oracle buys Sun (how and why this could happen and be allowed by the FTC, I don’t know).  shouldn’t be possible for several legal reasons.

    Trouble is that it did, and there is nothing you can do to change it, as the company (Oracle in this case) is out to make money, and apparently RoR is not a revenue generator.

    Support open source, and this problem ceases to be.

    sun was a Harsware company, they lost their roots and became a software company.  They paid for it by “going away”.  Oracle has and is a database company.  they have stuck wit this since day one.  the liekly wanted Suns IP for multiple things, who knows.

    If you want to avaoind going down “wrong paths” i.e. Ruby on Rails” in th efuture, take the reigns yourself and develop and Open source Alternative.

    The community will support you if it is a good idea.

     

  66. Anonymous
    77


    The posts are as entertaining and informative as the
    article. I tend to agree, it did its job, the job needed to be publicized -
    Iran would never admit it happened, the base code is probably being adapted by
    multiple teams for their own boutique attacks, and we better get our cyber
    house in order, cause it’s coming and we all know it.

  67. Anonymous
    79

    No kidding.  The fact remains its written for complex infastructure which almost always runs a critical system.  Also, what if they simply wrote some poor code to throw off people?  Not beyond thought, especially since they could assume what implications writing in specific manners had.  Afterall, this is still the most sophisticated malware ever, requiring a massive skill set.

    Another thing, like a previous post, no one cares about “algorithmic correctness” if there is high reliability when you’re trying to break a critical system, not keep it running.  The real-world distorts many idealized methods in software development to simply make things work.  Can’t write this one off folks!

  68. Anonymous
    80

    Mass murder? As if a nuclear-capable Iran was any more dangerous than a nuclear-capable USA/Israel… stop watching Fox News.

  69. elixelx
    81

    Those schmucks in the “Zionist Entity” really stuck it to those “shondools” (same thing, only much much smaller!) in the “Persian Entity”, didn’t they, Expat?! How you must be enjoying that! Hell, I certainly am!

  70. Anonymous
    85

    Pretty interesting, especially in light of this week’s article in the NYTimes.  Given its problems, its amazing that this thing worked.  Sounds as though the Iranian nuclear scientists are a heck of a lot more sophisticated than their software developers.

  71. b7ohs
    86

    Fox News is light years more accurate than all other ‘news agencies’

    combined.  Are the millions that watch Fox and help it get #1 ratings

    that stuped or duped ?????  Sounds like another ‘lefty’ scorned…..

  72. Swami Poobah
    87

    Are you trying to tell me that an Iran with nuclear capabilities would be as responsible as Russia, China, US, etc?  Put the crack pipe down.    You’ve had too much.

  73. Monty53
    89

    Preload my ****

    Common preload rutines are well covered (easy to screen for). Simplicity rulz.

     

     

  74. Anonymous
    90

    You don’t know much about this virus, do you?  It was designed to spread from simply connecting an infected device to the network.  There was no need to sneek in, you just need an authorized person to plug a single device into the network.  Drop a few thumb drives in the parking lot, infect airport terminals, perhaps infect a few Iranian employees home computers…. there are many ways to get an infected device inside without having an insider.

Comments are closed.