Stuxnet Was Designed To Subtly Interfere With Uranium Enrichment 334
ceswiedler writes "Wired is reporting that the Stuxnet worm was apparently designed to subtly interfere with uranium enrichment by periodically speeding or slowing specific frequency converter drives spinning between 807Hz and 1210Hz. The goal was not to cause a major malfunction (which would be quickly noticed), but rather to degrade the quality of the enriched uranium to the point where much of it wouldn't be useful in atomic weapons. Statistics from 2009 show that the number of enriched centrifuges operational in Iran mysteriously declined from about 4,700 to about 3,900 at around the time the worm was spreading in Iran."
The problem with computer sabotage... (Score:5, Insightful)
..is that you leave one hell of a forensic trail, and so lose the inevitable propaganda war that follows your activities....
Having said that, I still welcome our variable but rapidly spinning overlords...
Well that just leaves one question (Score:3, Insightful)
Re:Well that just leaves one question (Score:1, Insightful)
Who cares? At least this kind of thing is bloodless. Not like a country which says it's neighbor has no right to exist and then goes and builds nukes...
Re:Resources, will, and motive (Score:5, Insightful)
There are only two nations with the resources, will, and motive to attack Iran's nuclear ambitions in this way: America and Israel.
It figures that hegemony would lead either state to such an antagonistic stance.
While I agree that they are teh most likely candidates, I think Russia and China would be quite capable of doing this too if they turned their mind to it. Probably the UK, France, Gremany and maybe India. All have both nuclear and computer technology
BS (Score:1, Insightful)
I disagree. It is obvious that America and Israel have the motive, so I think others are taking advantage of this situation.It could be the Russians trying to trigger another arms race in the area... They do have a good track record with malware right?
Re:Resources, will, and motive (Score:4, Insightful)
I would not rule out Russia or China. Both have no interest in a strong Iran but every interest in an Iran that appears strong, since this ties and diverts US and Israeli attention and resources. It also sets a "benchmark" of aggression; as long as esp. China is less of a threat that Iran it can get away with quite a lot, barely noticed. A perceived Iranian nuclear threat can then also serve as justification for building missile defense systems and implementing other military measures that would previously have set off tensions with the Western nuclear powers.
A simple case of cui bono?.
Re:The problem with computer sabotage... (Score:1, Insightful)
Nice idea though. The implementation on the other hand is as stupid and short sighted as can possibly be.
Re:Resources, will, and motive (Score:3, Insightful)
I'm pretty sure there are others that have the capability as well.
Re:The problem with computer sabotage... (Score:2, Insightful)
Either make sure it doesn't spread to place where people would notice or have so many possibly targets it can't be traced to one specific mission.
Re:Resources, will, and motive (Score:3, Insightful)
Re:The problem with computer sabotage... (Score:1, Insightful)
What would've you done differently?
I don't know what the OP would have done differently. But the virus writers should have taken into account Stuxnet breaking out into the wild, given the bad situation with Windows and security (expecially in the industrial context, sadly).
So assuming they didn't want the ting to be discovered, a better decoupling between vector (the Windows infecting component) and payload (the SCADA manipulating part) would have been prudent.
Maybe they didn't mind being discovered (or maybe being discovered is part of the plan).
Re:Resources, will, and motive (Score:3, Insightful)
Is there any proof that the virus indeed runs on the facility? Is there any proof that the nuclear incident really did take place? Is there any proof that the number of operational centrifuges really went down (as opposed to e.g. bringing the "defect" centrifuges to a secret place, so even if the original place was physically attacked, they could continue with enrichment)?
Maybe it was the Iranian intelligence which created StuxNet (and in that case probably also a special protection system making sure it never hits its "target") in order to make everyone in the world think they are far behind in their nuclear program (and to have a plausible explanation for the reduction of operational centrifuges, so no one gets the idea to look for them elsewhere)?
And maybe George Bush ordered the 9/11 attacks...
Re:Resources, will, and motive (Score:3, Insightful)
Thank God, if it keeps Daniel Craig off the screen. I think I'd much rather we spent our money on viruses than an actor so wooden that he must worry about termites.
Re:Resources, will, and motive (Score:5, Insightful)
It's equally likely neither Russia nor China would be very happy to see a nuclear Iran, but not want to be visibly seen discouraging them on the international stage. Stuxnet, lets either of them slow Iran's nuclear program, test a new concept of warfare, and leave the US and Israel holding the bad as "most likely." For them it's a win-win-win. Beyond that, intelligence orgainizations in the West now have a small taste of what someone else can do. It's going to keep the West in knots for a few years, hardening against "the last threat," while they've got the next threat now, and are working on the one beyond that.
I don't know whats more worrying... (Score:4, Insightful)
... the emergence of this type of worm or the fact that a consumer OS as security poor as Windows is being used in nuclear plants. And no, I don't think Linux or OS/X would be much of an improvement. OpenBSD maybe. But surely for operations such as this where a fault really could lead to numerous people dying in unpleasent ways a tested, secure real time OS from somewhere like Green Hills would be used? OK , in Iran I realise this wouldn't be possible but Windows isn't just used over there in important industrial applications.
You wouldn't want Windows (or Linux or OS/X) flying your Airbus so why the hell do people think its ok to run indistrial sites with it??
Re:Resources, will, and motive (Score:3, Insightful)
Actually I would suspect Russia. They are the ones who loses out selling iran nuclear fuel when iran produces it's own.
Combine that with the fact that someone had to get detailed information about what hardware was present at those plants and the USA, isn't really welcomed there. Don't forget that Russia has lots of hackers, and whomever just test fired a weaponized hack.
Re:The problem with computer sabotage... (Score:4, Insightful)
2) You can't write a virus that targets so many industrial systems that the one you're really targeting gets lost among the others, for economical, ethical and practical reasons.
3) Why would they care about the public finding out? They were very careful to make sure it wasn't found for as long as possible, but once the Iranians know about it why would they care who else knows about it?
well (Score:3, Insightful)
Re:Loudmouths (Score:4, Insightful)
I would think that Iranians would have noticed their Nuclear chief's resignation (and the possible nuclear incident) themselves.
Re:Resources, will, and motive (Score:5, Insightful)
I would not rule out Russia or China. Both have no interest in a strong Iran but every interest in an Iran that appears strong, since this ties and diverts US and Israeli attention and resources. It also sets a "benchmark" of aggression; as long as esp. China is less of a threat that Iran it can get away with quite a lot, barely noticed. A perceived Iranian nuclear threat can then also serve as justification for building missile defense systems and implementing other military measures that would previously have set off tensions with the Western nuclear powers.
A simple case of cui bono?.
Ugh.. This assumes that
I am just at a loss.. It really is like each response after the next is competing to think of a more convoluted, absurd way that someone you don't suspect could be involved in it.
I fully expect to scroll down and see some justification for why it's internal industrial sabotage of one Siemens subdivision versus another, or Iran launching it against themselves to get international sympathy.
Every country, and a lot of corps could do this (Score:3, Insightful)
The sad thing is just about every country has the resources to do this. Siemens is based in Belgium too, so why couldn't it be Belgium ? I wonder what kinds of problems even a country like Luxenbourg would encounter in doing this. All it takes is budget, hiring a few capable Siemens engineers and throwing a few millions at it. Hell, a lot of publicly traded companies could do this by themselves.
So at the very least, every single country could do it. It would probably be the easiest to do for Iran itself, having obviously maximum access to the systems to be sabotaged, and then they'd blame the enemy "du jour", mostly America, protestors, or Israel, or women, gays (I forgot: gays don't exist in Iran, except of course on pictures of their execution), or ...
At the very least, add it to your list of likely candidates : America, Israel, Iran, and all other nations permanently on the security council : China, Russia, France, UK. These countries all have policy that military intervention (even if very low-level at the moment) is justified to prevent Iran from acquiring nuclear weapons. And Iran itself, is genocidally insane and obsessed with their, equally genocidal, religion. Additionally Iran's government is very, very afraid of losing power. So afraid, that they marched several hundred thousand children into minefields to prevent it (google "plastic key to heaven"), just 20 years ago.
Frankly, more people should sabotage countries like Iran, or all muslim countries in general, for the simple reason that their handling of minorities can only be described as "genocidal". If we are to have any pretense of actually opposing racism, attacking countries with racist laws, and even attacking religions with racist laws, should be standard policy. Of course, for American politicians "racism" is just a meaningless 6-letter word that you shout at whatever political opponents you have to get special treatment for "special" racial groups.
Say, special treatment depending on race, wasn't that the definition of racism just 10 years back ? It still is, of course, the definition of racism, but now democrats and republicans claim words have no meaning and we should help the "poor victims". Apparently, we should help "them" through becoming more racist.
Re:Resources, will, and motive (Score:2, Insightful)
It is not difficult to understand the words "will or motive". What is difficult is understanding what the motive and will is of every county/faction in the world that is capable of somthing like this. Are you saying you understand the movtive of ecery faction in China?
Re:Resources, will, and motive (Score:3, Insightful)
You know, people always say that, but what happens if you don't harden against the last threat? It gets used on you again, that's what. Just because if was the last threat doesn't mean that a bad guy isn't going to contemplate using it, should he see the vulnerability. Just because ID thefts over the internet are a fashionable new crime doesn't mean that locking your door when you leave your house is now pointless.
Re:Resources, will, and motive (Score:3, Insightful)
someone you don't suspect could be involved in it.
like the spanish inquis..... nevermind, im above that
Re:Loudmouths (Score:2, Insightful)
we're in an ongoing conflict with some very nasty people.
Are you talking about Iranians, or Americans? 'cuz I'm sure the Iranians share your thoughts, just in the opposite direction.
Re:The problem with computer sabotage... (Score:5, Insightful)
"...3) Why would they care about the public finding out? They were very careful to make sure it wasn't found for as long as possible, but once the Iranians know about it why would they care who else knows about it?..."
Because international affairs are NOT like a Hollywood action film, where the hero blows the villain up in the last 15 minutes of action, and then rides off happily into the sunset with the girl. In real life actions have results. Look at the state the US got into on the international scene when all the stories about deception and torture in Iraq started coming out. Don't you think that the Iranians will present this as an act of war, and use it in every diplomatic conference for the next 20 years?
Re:Resources, will, and motive (Score:3, Insightful)
"economic wars by China over a prisoner taken by Japan from a disputed island, etc"
If you mean Senkaku, they are firmly in Japanese control China can dispute it all they want, but they don't own the islands in any sense.
Also, the 'prisoner taken by Japan' was the captain of a boat that rammed two Japan Coast Guard ships. In retaliation, China took four hostages for 'trespassing' where there was no posting. Basically, they snatched these four and said "You can't have them back until we get our guy back." They are childish, and couldn't find their collective ass in broad daylight with both hands and a mirror. I do not think for one second that China is capable of something so robust and intricate.
That leaves pretty much the US or Russia. As Russia is the hacker capital of the world, I would put my money on them. Even the US government is too bumbling to ever get something like this right.
Re:Resources, will, and motive (Score:3, Insightful)
I am just at a loss.. It really is like each response after the next is competing to think of a more convoluted, absurd way that someone you don't suspect could be involved in it.
I did not say it is likely. I said I would not rule it out. You take it for granted that
In the case at hand I would consider the most obvious suspects, but not rule out other possibilities. In general I am afraid that you give people too much credit. During the Cold War there were quite some situations that led us to the brink of an all-out atomic O.K. Corral simply because one side did over- or underestimate their opponent's determination, power and level of military intelligence. I recommend Herman Kahn's On Thermonuclear War for an explanation of the issues involved with judging what "the other side" may or may not do.
Re:Every country, and a lot of corps could do this (Score:3, Insightful)
I'm with you 90% of the way but you can't criticize racism yet say we should sabotage "all muslim countries in general", you really can't. Iran may be a dark place, practicing Islam, but Islam didn't make it that way and their flavor isn't representative of the religion as a whole.
Re:Resources, will, and motive (Score:4, Insightful)
"economic wars by China over a prisoner taken by Japan from a disputed island, etc"
If you mean Senkaku, they are firmly in Japanese control China can dispute it all they want, but they don't own the islands in any sense.
I didn't say they owned the islands in any sense, I said they are disputed.
I do not think for one second that China is capable of something so robust and intricate.
That leaves pretty much the US or Russia. As Russia is the hacker capital of the world, I would put my money on them. Even the US government is too bumbling to ever get something like this right.
Yes the Chinese aren't robust or intricate, and the US is bumbling, but don't Russians drink vodka?
And the UK are too gentlemanly, and Africans don't have computers, so that's them out of the equation.
Damn, who in this world of stereotypes and ignorance could have done it?
Re:The problem with computer sabotage... (Score:3, Insightful)
The others can laugh all they want, but the point of a diplomatic conference is negotiating agreements between parties. If you keep laughing at one of the parties it may well decide not to give you what you want.
That's ok. They don't get what they want either, plus they'll have lowered their status in everyone else's eyes. And once they've developed nuclear weapons, they'll lose any credibility, if they keep whining about it.
Re:The problem with computer sabotage... (Score:3, Insightful)
Thousands of years of human history say no.
Re:The problem with computer sabotage... (Score:4, Insightful)
I'm not sure if you're trying to be funny or are just hopelessly naive. You used the phrase "peace in our time" which is very close to what Neville Chamberlain said after allowing Hitler to annex the Sudetenland.
Comment removed (Score:5, Insightful)
I dont see the downside to stuxnet (Score:3, Insightful)
It cost no lives, it significantly slowed down a fanatical dictators quest for the nuclear bomb and didnt require military action,
the sacrifice of american troops or billions of dollars spent.
Re:The problem with computer sabotage... (Score:1, Insightful)
Not true. Computer sabotage is inherently anonymous; the victim may be able to tell that sabotage was done, but they are very unlikely to ever find out who was responsible. And in this case, while some are claiming that Israel is the most likely party, there are lots of countries which are just as capable and just as motivated to do it, and no evidence to indicate which it was.
Re:The problem with computer sabotage... (Score:1, Insightful)
Israel has a LOT of enemies outside of Iran, and even the mainstream in a lot of countries distrusts them. This just adds to the list if creepy shit they're willing to do in their little holy war, and it adds more credence to everyone who claims that they willfully ignore the sovereignty of every other country but themselves and completely disregard international law as a matter of course.
Re:Every country, and a lot of corps could do this (Score:5, Insightful)
The key here is knowledge. The knowledge to write Stuxnet is extremely hard to get (the holes in operating systems, the ability to jump from Windows to SCADA systems, knowing what speed the uranium was spinning), but this may not be impossible for someone who has a lot of connections, perhaps someone whose family has nuclear process engineers.
There are a lot of people and organizations who don't like either Iran or Israel, and who would happily eat popcorn as both countries went to war with each other. It could be a guy in someone's basement who gets amusement from it the same way someone gets amusement from cracking root and rm-ing / on a university system.
Re:Resources, will, and motive (Score:3, Insightful)
it's hard yes and needs you to have the right connections, but it's hardly something that is much in the way of 'resources' - money or materials isn't the key there.
The thing is, in this case having the right connections is a big deal. Remember, we're talking about having access to someone inside the ultra-secretive Iranian enrichment program who's willing to leak information that could get them killed. On top of that, you need people inside Realtek and the other hardware company willing to risk going to jail by leaking company secrets or someone able to break into the companies without getting caught.
Then in order to make use of this, you need some zero-day vulnerabilities in your back pocket - which probably took a lot of resources to acquire - and a smallish team willing to develop the exploit.
Each of these on its own may not be that tricky, but combine them all in one operation and you've got something that only national intelligence agencies have the resources for. Of course, many of the resources are actually people, but...
Re:Resources, will, and motive (Score:3, Insightful)
And of course "Russia" is a giant monolithic thing, with a single motivation and mindset. Just like the US, IBM, or Microsoft.
Re:Do you want economic collapse? (Score:4, Insightful)
That is in no way antisemitism. It is a simple statement of fact. It does not say 'all Jews.' It does not ascribe any evil motives to them: they wish to protect their ancestral homeland, nothing wrong with that. It does not claim they control or dominate American politics, or spread any other false and malicious rumors about Jews. Who wouldn't want someone else to pay for their safety? If you can convince someone in an open and free society to pay for your defense, more power to you.
Just as an interesting aside, do you know why a lot of Christians want to protect Israel? The Jews have to be there on Judgment day. No Jews, no Jesus. And the Jews die. Evangelicals want them there to die and ensure the return of their savior.
Me, I wish them the Jews the best of luck protecting their country from the assholes surrounding them that wish them nothing but death. The kind of "Oh my God they're coming to get us!" thinking that is ridiculous bullshit when we Americans do it is absolutely true over there.
But I am DONE paying for it. I am done paying for the world's police force. The world doesn't need that many cops, and someone else can take a turn anyway.
Re:Do you want economic collapse? (Score:3, Insightful)
do you know why a lot of Christians want to protect Israel? The Jews have to be there on Judgment day. No Jews, no Jesus. And the Jews die. Evangelicals want them there to die and ensure the return of their savior.
I've seen this bandied about, but it's really not a common viewpoint. I grew up around evangelical Christians. I'm surrounded by them at work. I went to a Christian elementary school that featured more explicit religious instruction than my wife's Catholic elementary school. (For those who know, they used A Beka books - you learn to diagram sentences such as "God does wonderful things for us every day.") And I've never heard that view expressed. I have heard some generic anti-Muslim sentiment - the enemy of my enemy is my friend (and yes, I know where that saying comes from). I've heard that Jews have a covenant with God that predates Christianity - that they are his chosen people, and that as long as they follow the original agreement, they are to be saved. Mostly, they don't think about it much: most typically, they think the Jews are in Israel, they're getting bombed and rocketed by the same crazy people that took the embassy in Iran, and therefore we should (at least) lean toward their side.