Powered by WebAds

Tuesday, September 28, 2010

Pentagon has no comment on Stuxnet

The Pentagon has said that it has no comment about the Stuxnet computer worm that is infecting many computer systems in Iran, apparently including Iran's nuclear facilities.
The Pentagon is refusing to comment on widespread accusations that it is responsible for coordinating a cyber-attack against Iran's nuclear facilities. Earlier this month the Iranians acknowledged the "Stuxnet Worm" had invaded software it uses at multiple nuclear production plants.

Pentagon Spokesman Col. David Lapan said Monday the Department of Defense can "neither confirm nor deny" reports that it launched this attack.
But in a lengthy post about the Stuxnet worm, Allahpundit points to a post by Jennifer Dyer, who argues that neither the United States nor Israel is behind the worm.
This frankly doesn’t sound to me like something the US or Israel would cook up. Besides being irresponsible, it’s inelegant, and dramatically increases the likelihood of detection before the worm can achieve its goal. It’s unnecessary – if the goal is sabotage.

The emphasis on eruptions in India, Indonesia, and Iran is also hard to explain. Why not two other nations and Iran? That it could be random seems very unlikely. One’s first thought would be that a set of similar USB drives was shipped to each country for some innocuous, probably even non-nuclear-related purpose. Siemens does business with all three, although if a set of drives was tampered with, the provenance wouldn’t have had to be Siemens. It would, however, have presumably been a company that does business with all three nations.

There is also the weird fact that in the alphabetical (English) list of world nations, India, Indonesia, and Iran occur one after the other in direct sequence. Silly as this seems, it’s a remarkable coincidence, and may lend weight to the theory about a shipment of altered drives. It’s hard to find another link between the nations that would make these three, and no others, overwhelmingly susceptible to the Stuxnet infestation.

Of the nations that could have pulled this off, however, there is one that might have a reason to target the three most-infected countries in particular, and that’s China. Although this week’s reports have all focused on the design of Stuxnet for industrial sabotage, it was clear in July that its design also suits it for industrial espionage. Some tenuous indications have been alluded to that suggest a Chinese link to the worm, but no concrete proof has been unearthed.

In their excitement over the undoubted sophistication of the worm, commentators seem to be missing the operational – as opposed to technical – fact that it has been detected and analyzed, but it hasn’t succeeded in shutting down Iran’s nuclear program, or even in materially hindering it. And now it isn’t going to. Spreading Stuxnet unnecessarily to so many computers doesn’t jibe with a goal of achieving a dastardly and decisive effect against Iran’s nuclear program. The more computers something proliferates to, the more likely it is to be detected somewhere – and detection ends Stuxnet’s career.

So I am unconvinced right now by the argument that the US or Israel designed this thing to attack Iran’s nuclear program. It would make more sense if China designed it to gather and update information on Siemens controllers, and to serve under limited and specific conditions as an executioner. But if Iran was the main target of such a project, that suggests a whole set of fresh analytical factors in the China-Iran relationship.
One other great quote from Allahpundit's post:
That’s one of many mysteries here — not only who rolled it out, but how long has it been around and what, precisely, is it up to? Rather than drone at you, let me instead recommend this useful primer about the worm at New Scientist explaining how it works and why it’s blowing the minds of cybersecurity experts who deal with it. In a nutshell, it’s fantastically sophisticated, hacking four previously unknown vulnerabilities of Microsoft Windows in order to gain entry to a system. It’s also fantastically specific, targeting industrial machinery operated by the German electronics company Siemens, which just so happens to run a bunch of Iranian nuclear infrastructure. And it’s potentially fantastically dangerous: Unlike most worms, which are used to gather information and spy, Stuxnet is aimed at messing up the timing of heavy industrial machines, which could lead to mechanical breakdowns or even explosions.
I'm going to stop right here because this entire subject is one on which a lot of time could be spent, and it's one about which I understand very little. But read the whole thing here and here and follow some of the links to understand a bit more.


At 3:31 AM, Blogger ais cotten19 said...

Jennifer Dyer thinks it's unlikely that Israel or the US is stupid enough to create a sabatoge virus that is just going to be detected anyways. Based on that logic, wouldn't it be even stupider for China to create a SPYING virus... that is just going to be detected anyways! And she is naively assuming that Iran is telling the truth when it says that Stuxnet hasn't caused any damage.

Honestly, Richard Silverstein is providing better analysis on Stuxnet.

At 3:40 AM, Anonymous Anonymous said...

The third message from heaven...

If any man worship the beast and his image, and receive his mark in his forehead, or in his hand, The same shall drink of the wine of the wrath of God, which is poured out without mixture into the cup of his indignation; and he shall be tormented with fire and brimstone in the presence of the holy angels, and in the presence of the Lamb: And the smoke of their torment ascendeth up for ever and ever: and they have no rest day nor night, who worship the beast and his image, and whosoever receiveth the mark of his name.


Post a Comment

<< Home