Researchers Say Flame and Stuxnet Share Common Authors 114
Trailrunner7 writes "Researchers digging through the code of the recently discovered Flame worm say they have come across a wealth of evidence that suggests Flame and the now-famous Stuxnet worm share a common origin. Researchers from Kaspersky Lab say that a critical module that the Flame worm used to spread is identical to a module used by Stuxnet.a, an early variant of the Stuxnet worm that began circulating in 2009, more than a year before a later variant of the worm was discovered by antivirus researchers at the Belarussian firm VirusBlokAda. The claims are the most direct, to date, that link the Flame malware, which attacked Iranian oil facilities, with Stuxnet, which is believed to have targeted Iran's uranium-enrichment facility at Natanz. If true, they suggest a widespread and multi-year campaign of offensive cyber attacks against multiple targets within that country."
Yeah, no shit (Score:5, Insightful)
If true, they suggest a widespread and multi-year campaign of offensive cyber attacks against multiple targets within that country
What's next, researchers discovering that the recent spate of assassinations [cnn.com] of Iranian nuclear scientists are SOMEHOW connected?
Anyone who hasn't realized (or *claims* not to have realized) by now that there has been an elaborate, multi-year shadow war by the CIA/Mossad trying to sabotage the Iranian nuclear program is either willfully-blind, retarded, or a shill. Christ, Mossad and the CIA barely even bother to *HIDE* it anymore. Everyone in their right mind knew what was really going on the second Stuxnet was dissected. And they certainly realized it the first time mysterious guys on a motorcycle attached a magnetic bomb to the car of a guy who just happened to also be a prominent nuclear scientist in Iran.
Of course, some willfully-blind, retarded shill out there is going to reply to this and say that those scientists killed themselves and that Stuxnet and Flame were actually created by Iran in an incredibly convoluted attempt to gain world sympathy. Such is true delusion.
Re: (Score:1)
Yet we ignore/deny the Iranian "not so shadow" war in Eritria, Somalia, Iraq, Afghanistan, Syria, Lebanon and Palistine?
Re:Yeah, no shit (Score:5, Funny)
Christ, Mossad and the CIA barely even bother to *HIDE* it anymore
Wait. What?
OK, the CIA and Mossad I get. Fine. That's what they do.
But Jesus?
What's he doing getting into electronic warfare? I thought he was supposed to be a nice guy, turn the other cheek and all that?
Re:Yeah, no shit (Score:4, Funny)
OP was referring to the young brother Jeezus Christ, not the better known Jesus H. Christ.
Jesus vs. Jeezus [thepaincomics.com].
Re: (Score:2)
Re: (Score:3)
Re: (Score:1)
Well, he was a Jewish carpenter. You could look at the death and resurrection story as a simple spy extraction.
Re:Yeah, no shit (Score:4, Insightful)
Ignorance abounds. If turn the other cheek was an expression of defiance, what about the immediately following verse of giving your cloak too?
Re:Yeah, no shit (Score:4, Interesting)
Re: (Score:1)
Is there any evidence that this has done anything but slow them down a tad? I haven't actually seen the proof that we've been able to stop them or even have the capability of permanently stopping them short of overthrowing the leadership or wiping out the country.
Re:Yeah, no shit (Score:4, Informative)
Re: (Score:2)
Re:Yeah, no shit (Score:4, Informative)
Didn't the US do this to the Soviets during the cold war too? Something embedded into the hardware sold to the Russians that messed up a factory or plant for nuclear power/weapons?
Supposedly the CIA put a bug in some gas pipeline SCADA software that caused a major explosion in Siberia. There is some doubt about whether this really happened. More info here: Siberian Pipeline Sabotage [wikipedia.org].
Re: (Score:1)
Slowing them down is more than the UN, NATO, economic sanctions, political posturing, or anything else has done.
At what cost?
Re: (Score:2)
At what cost?
Since we are talking about acts of war, both in Iran's stated objectives wrt USA and other nations, and the USA led response of imposing war time embargos on trade with Iran, the cost needs to be measured in the context of war.
Number of dead from these attacks (including attackers, defenders, and collateral deaths): minimal.
Amount of war material drawn from stockpiles or inventory needed to support this attack: minimal.
Cost of disruption of civilian economic activities of these attacks: For the attackers
Re: (Score:2)
Well, stuxnet and Flame becoming public are really the first evidence that someone is putting teeth into the Nuclear Non-Proliferation Treaty (which is now something like 40 years old, with over 150 countries signing on to it).
If one or two more incidents like these happen over the next year or so, I think pragmatists in Iran's government and any other nation that is considering developing their own nuclear weapons program will make sure their governments do not waste any resources on an impossible objecti
well, DUH! (Score:2)
If the possibility existed and they didn't take advantage of it, then they'd wouldn't be doing their duty.
I take this as a rare sign that our guys are actually taking care of what needs to be done regardless of whatever manufactured distraction the politicians blather on about.
Re: (Score:3)
Doesn't evidence of a common developer on two different projects rule out the US government as a suspect?
Among the many reasons government software takes so long to build, the most painful to me as a programmer was that they still hadn't been required to consider code reuse.
Re: (Score:2)
Of course, some willfully-blind, retarded shill out there is going to reply to this and say that those scientists killed themselves and that Stuxnet and Flame were actually created by Iran in an incredibly convoluted attempt to gain world sympathy
This is possibly the most ridiculous strawman I've seen yet. Can you point to anyone who has claimed that Stuxnet was made by Iran?
Re: (Score:2)
Go into any thread from the early days of Stuxnet and you'll find people claiming this and many other silly theories (to dismiss the obvious conclusion). Another one of the more prominent theories is that Russia and/or Saudi Arabia made it. Russia--because it was Russian contractors who infected the first PLC's in Iran. And Saudi Arabia because they supposedly have more to lose than Israel if Iran goes nuclear. Anything to absolve the most glaringly obvious culprits, of course. I suspect there was/is more t
Re: (Score:3)
Trolls will do what trolls do, which is claim crazy theories to get attention and "argue" with people. It's better to ignore them (although the theory about Russia making it is certainly *possible*, just not likely).
Most people have realized from day 1 that the US and/or Israel was responsible, but their governments would never officially admit to it.
Re: (Score:2)
WAS certainly possible, given Obama's election year "leaks" it's pretty much definitely the US and Israel.
intelligment design: (Score:2)
You probably also don't believe that the matrix has become sentient and is using stuxnet to communicate with the space aliens.
What a sad, gray world you inhabit.
Re: (Score:1)
Re: (Score:2)
Heard it? I didn't even know it was an electric razor!
Re: (Score:2)
Go into any thread from the early days of Stuxnet and you'll find people claiming this and many other silly theories (to dismiss the obvious conclusion).
OK, here's an early story: http://it.slashdot.org/story/10/09/26/1736224/stuxnet-infects-30000-industrial-computers-in-iran [slashdot.org]
I looked at 40 comments rated 3 or higher, and not one mentioned that this was a false flag attack used to gain sympathy. About as close as it came was one person mentioning the possibility of dissidents within Iran.
Another one of the more prominent theories is that Russia and/or Saudi Arabia made it. Russia--because it was Russian contractors who infected the first PLC's in Iran. And Saudi Arabia because they supposedly have more to lose than Israel if Iran goes nuclear.
Now you're backpedalling. Those are at least plausible theories, unlike your ridiculous strawman: "Of course, some willfully-blind, retarded shill out there is going to repl
Re: (Score:1)
it wouldn't surprise me much of Britain was involved in this.
The thing which bothers me most is that people seem so happy to put a Western bow on this and call it quits. The fact is, most every nation around Iran has secretly gone to the US, France, and Britain to bomb the shit out of Iran to prevent them from becoming a regional nuclear power. We know this because of the leaks provided by Wikileaks. The fact is, its far, far more rational to believe this is a large multinational ploy by some dozen countries or so, whereby the US and Isreal just happen to be some of
Re: (Score:2)
Re: (Score:1)
Anyone who hasn't realized (or *claims* not to have realized) by now that there has been an elaborate, multi-year shadow war by the CIA/Mossad trying to sabotage the Iranian nuclear program is either willfully-blind, retarded, or a shill. Christ, Mossad and the CIA barely even bother to *HIDE* it anymore.
Actually, they hid their activities EXTREMELY well.
But the Obama administration made it public, probably as an election ploy.
Re: (Score:1)
Actually, they hid their activities EXTREMELY well.
No they didn't. Everyone with half a functioning brain knew that Mossad and the U.S. have been behind these activities from the beginning.
Re: (Score:1)
Actually, they hid their activities EXTREMELY well.
No they didn't. Everyone with half a functioning brain knew that Mossad and the U.S. have been behind these activities from the beginning.
You have obviously never dealt with people who still believe there's a difference between D and R, especially during an election year.
If R supporters think they can blame the D, no matter how insanely ridiculous the rationale, they will. Same goes for the inverse.
"Half a functioning brain" is giving them far too much credit.
Re: (Score:1)
The rest of us, i.e. those with a fully functioning brain, allow for multiple possible scenarios - at least until there's some proof to narrow them down.
Re: (Score:1)
The rest of us, i.e. those with a fully functioning brain, allow for multiple possible scenarios - at least until there's some proof to narrow them down.
And those of us with a fully functioning brain, an IQ above room temperature, AND knowledge of all the entities involved, KNOW this is Israel working in concert with the CIA.
What "proof" are you expecting to suddenly pop up out of nowhere that this CLANDESTINE operation is occurring and we are responsible?
Why in the world would China or Russia attack the Middle East and Iran specifically? Those are the only two other entities in the world capable of pulling off such an attack.
Use your brain.
Re: (Score:2)
Well, at least till security breaches in the US, there was at least plausible deny-ability...
Fscking govt. types in power today..have let enough information loose out there, pretty much destroy that.
What happened to the "loose lips sink ships" mentality to covert ops?
Re: (Score:1)
>Mossad and the U.S. have been behind these activities from the beginning.
*citation needed
you super-believing its true doesnt make it any less of an unfounded statement than anything else.
Re: (Score:2)
They are. Deal with it. Accept it.
Re: (Score:2)
Bullshit.
Israel is not a signatory to the Nuclear Non Proliferation Treaty. And these cyberwarfare attacks have all the earmarks of the NNPT nations putting some teeth into that treaty.
Think of the old Big Four who dominated world politics for 25 years after World War II: USA, Russia, Britain, and France. Together they have the capability of mounting this kind of cyberwarfare, it is in all their interests to do so, and they have the experience in clandestine operations to pull this off.
Israel could no
Re: (Score:2)
Re: (Score:1)
Those scientists killed themselves and Stuxnet and Flame were actually created by Iran in an incredibly convoluted attempt to gain world sympathy.
Re: (Score:1)
G.W., is that you?
Re: (Score:1)
The assassinations appear to be the Mossad + MEK.
http://rockcenter.msnbc.msn.com/_news/2012/02/09/10354553-israel-teams-with-terror-group-to-kill-irans-nuclear-scientists-us-officials-tell-nbc-news?lite [msn.com]
I would be surprised if the CIA was involved with the MEK directly. My guess the U.S. provides intel and support with drones and looks the other way while Israel does the dirty work with Stuxnet/Flame/Assassinations.
Israel even seems to want credit for Stuxnet:
http://www.theatlanticwire.com/global/2012/06/isr [theatlanticwire.com]
Re: (Score:1)
Can you explain to me again why these Iranian scientists "deserved" to be blown up in a fiery explosions in the middle of traffic, surrounded by thousands of other innocent souls who witnessed the murder? Last I checked, Iran has never attacked or invaded anyone. The U.S., on the other hand....
Re: (Score:2)
the first time mysterious guys on a motorcycle attached a magnetic bomb to the car of a guy who just happened to also be a prominent nuclear scientist in Iran.
And just happened to be a major internal opposition leader, and a university professor who was not involved in the country's nuclear program.
From folks inside Iran - yes, there are outside agencies doing targeted assassinations, and yes, the Iranian government is using it as cover to take care of some of their own 'problems' as well.
Mexico's Banking Sector (Score:2, Funny)
Based on an anagram of "Flame and Stuxnet", I expect the next target to be Mexico's banking sector: Tamale Funds Next.
Re: (Score:3)
Dumping my shares of The Tamale Funds now.
Too bad because they were pretty hot!
Re: (Score:2)
The two big differences... (Score:3)
...between germ warfare and malware warfare is that the anthrax bombs tested out in Scotland never affected areas outside the impact crater and it costs a lot to genetically modify a bacterium.
In contrast, most of the world's true psychopaths have access to coders capable of modifying Stuxnet or Flame to do things never intended by the original author, and both have been found globally.
Re: (Score:2)
I'll list your inanites. I won't bother replying to them, since you're too braindead to comprehend.
1. Since when are the competent hackers in government?
2. Since when are paranoid populaces immune to wanting to do something destructive?
3. Since when have to-source disassemblers (been around for 20+ years) magically vanished?
4. Since when have competent assembly coders needed disassemblers anyway? (20 megs is very small - a couple week's work with no distractions)
5. Since when have Black Hats ever given a da
Re: (Score:2)
Can't argue with most of what you've written, but ...
1. Since when are the competent hackers in government?
There are, and a lot of 'em who are working for gov are very competent
Can't tell you how I know, tho
Could it be an entity with a TLA? (Score:2)
Could it be an entity with a TLA?
Obviously (Score:3)
They all copied the code from Oracle. They'd better be prepared for a huge fine or a sales ban.
Re:Obviously (Score:5, Funny)
They all copied the code from Oracle. They'd better be prepared for a huge fine or a sales ban.
No they didn't. Stuxnet and Flame actually work.
QED.
US Government connection (Score:3)
It seems that a lot of people are trying to pin Stuxnet firmly on the US Government, current administration. So far it seems to be mostly "unnamed knowledgable sources" which could be BS - but things could get more credible.
At some point our friends in Iran are likely to decide that Stuxnet cost them millions of dollars and years of work and the US is responsible. If, or when, they come to this conclusion I would expect something quite overt from Iran to show up. Possibly as a retalitory cyber attack, possibly something as crude as blowing up a few buildings full of people. Something that is assured to cost the US more than a few million dollars. Obviously there is very little that can be done to stop such an attack - especially if it came in the form of something like Weather Bug with people clamoring to figure out how to install it in spite of what ever controls, warning and blocks put in their way. Ever seen someone in a business with all locked-down users (no Admin rights) call the help desk to ask if they could have someone install Weather Bug for them? Yeah, like that.
My guess is that the US isn't backpedaling fast enough to convince the world that it isn't responsible for Stuxnet... so I'd expect retaliation before the end of the year. What would be the point of doing it to a lame-duck president? So probably before November. Of course Iran might decide that Obama is preferrable to Romney and wait until after the election assuming (rightly so) that a successful attack would bring down the government.
Re: (Score:2)
It seems that a lot of people are trying to pin Stuxnet firmly on the US Government, current administration. So far it seems to be mostly "unnamed knowledgable sources" which could be BS - but things could get more credible.
Somebody lock you in the closet again? It's been out for weeks [www.cbc.ca].**
Possibly as a retalitory cyber attack, possibly something as crude as blowing up a few buildings full of people. Something that is assured to cost the US more than a few million dollars. Obviously there is very little that can be done to stop such an attack - especially if it came in the form of something like Weather Bug with people clamoring to figure out how to install it in spite of what ever controls, warning and blocks put in their way. Ever seen someone in a business with all locked-down users (no Admin rights) call the help desk to ask if they could have someone install Weather Bug for them? Yeah, like that.
You do realize that there are many, many folks - in the US, in Israel, in Saudi Arabia and all over the world who are simply drooling with pleasure over the mere thought of an Iranian first strike. That opens the floodgates for all sorts of nastyness and it will be all the fault of the Iranians. In fact, if one were so disposed, one could argue that all of the posturing and bluffing we're doing is largely to get Iran to frizzle bad enough t
Re: (Score:2)
This is the problem with government too big for its britches. You can't entirely blame Obama. Bush and Cheney made a focused effort to rig the security structure for twenty years... Huge numbers only have their jobs because Bush pulled strings and they only got them by being "true believers". The President gets the options the armed forces give him... The "whole truth" is only what you can prove.
So much of what the US security structure is paranoid about exists only in their own minds. They have SO MANY bla
Re: (Score:2)
This is the problem with government too big for its britches. You can't entirely blame Obama. Bush and Cheney made a focused effort to rig the security structure for twenty years...
Uhh, if you're going back 20 years, then you're forgetting a name in there. I'll give you a hint: it starts with C and chases about as many women as Hugh Heffner
You scapegoating is out of date (Score:1)
Re: (Score:2)
The really scary thing (Score:2)
I'm not actually much concerned about Iran's nuclear program. Deterrence and MAD actually worked pretty well during the Cold War, and if Iran had nukes (which there isn't any evidence they are actually developing, but there's just enough of a hint of that to have some possible deterrent effect) the chance of Israel launching a war of aggression would be less.
But it scares the shit out of me to think that Iran is running WINDOWS on sensitive installations, for Uranium processing (even for reactors it is not
Re: (Score:2, Insightful)
MAD only works when all parties involved are relatively sane, and when there is proper security to keep the goodies out of the hands of folks who aren't sane...
IOW, I don't think that MAD is a good deterrent for an extremist religious fundie...
Re:The really scary thing (Score:4, Insightful)
To describe 10 million Iranians as "insane" smacks of anti-persian racism. It's the same kind of nonsense people said about blacks during WW2 ("They are not sane or intelligent enough to handle big equipment like tanks or planes.").
Re: (Score:1)
I thought he was referring to the leadership, not every single citizen of the country. But hey, your prejudice can blind you just as much as anyone else.
Re: (Score:1)
I thought he was referring to the leadership, not every single citizen of the country.
Does that make his ignorance less profoundly stupid? Does it make him less of a government tool?
Re: (Score:2)
You think it takes 10 million agreeing to do something for it to happen? Why 10 million? How do you think they'll pick them?
I guess in your strange fantasy world where it takes the agreement of 10 million people for anything to be done, then sure nothing is likely to happen. In the real world though there's a handful of religious leaders at the top and a handful of military leaders under them who can do things without getting 10 million people to agree.
Re: (Score:2)
Except the leaders (both the president and the higher-level Ayatollah) have both started they have no interest in attacking Israel..... probably because they know it would be suicide (mutually assured destruction). We also have religious people running Pakistan and India, but I don't see them nuking one another. The MAD Stalemate works.
Re: (Score:1)
In the real world though there's a handful of religious leaders at the top and a handful of military leaders under them who can do things without getting 10 million people to agree.
So basically, just like the United States.
Re: (Score:1)
You may not be aware, but they hate us (non-muslims, Westerners). I don't necessarily blame them - I've seen photos of the Middle East. It looks like it sucks balls over there. If I lived there, I'd be pissed off all of the time too.
I thought all the dumb asses quit spouting the "they hate us for our freedoms" bullshit years ago. Now it's "they hate us for our trees and water"?
What a fucking moron.
Maybe you should look at MORE pictures of the "Middle East" some time. It's not just one big desert. There is a shitload of spots over there that are wonderful places to live.
Again:
What a fucking moron.
Re: (Score:2)
To describe 10 million Iranians as "insane" smacks of anti-persian racism.
Could you list a few of the suicide bombings that black Americans carried out in WW2, including against the United States? Any like the Beirut bombing? - The 1983 Marine Barracks Bombing: Connecting the Dots [heritage.org]
Iran’s End Times Documentary [frontpagemag.com]
It's the same kind of nonsense people said about blacks during WW2 ("They are not sane or intelligent enough to handle big equipment like tanks or planes.").
92nd Infantry Division [coax.net], 784th Tank Battalion [784th.com], 761st Tank Battalion [761st.com], , [wikipedia.org] 858th Engineer Aviation Battalion [coax.net]
Tuskegee Airmen [af.mil]
Re: (Score:2)
MAD only works when all parties involved are relatively sane, and when there is proper security to keep the goodies out of the hands of folks who aren't sane...
It worked against Stalin and Mao. I think it's a fairly high burden of proof to claim that a national leader is crazier and/or more evil than those two.
Re: (Score:2)
>>>I don't think that MAD is a good deterrent for an extremist religious fundie...
We have "extremist religious fundies" running Pakistan and India, but I don't see them nuking one another. You claim the MAD Stalemate does not work in that case, but clearly it's working just fine.
Re: (Score:2)
we live in a VERY SCARY world
You're just coming to this conclusion now?
Did your doctor stop one of your meds or something?
Re: (Score:3)
But it scares the shit out of me to think that Iran is running WINDOWS on sensitive installations, for Uranium processing (even for reactors it is not exactly *safe* material) or other important security/safety functions. If this stupidity exists elsewhere in the world, we live in a VERY SCARY world (like most of the people in the world, probably, I don't live that many miles from a nuclear plant).
Iran is free to use Windows for what ever they choose and it's fine by me. Just don't run Windows to control the nuke plant in my backyard.
The really scary thing is that folks actually believe that MAD (a Cold War stance) is a good strategy for dealing with Iran... The US generally already has the ability to turn the bulk of Iran in to glass and it doesn't seem to be bothering them. Now you are suggesting that we simply allow them to develop the ability to do the same to the US? Doesn't seem like a good id
The funny thing is (Score:1)
They keep plugging these systems into the internet.
Re: (Score:1)
Kaspersky (Score:4, Interesting)
Isn't anybody else besides Kaspersky discovering these things? On the one hand, it is in their best interest to find out as much as they can about this new kind of virus. On the other hand, I get a bit nervous when there appears to be only 1 source for information.
Re: (Score:1)
I would imagine that it was to do with the fact that Kaspersky is a Russian company. If you were a country with a malware infestation that wasn't on friendly terms with the US you probably would not want to bring an American company in to look at the problems you're having.
Re: (Score:1)
Soon after 9/11 I remember some thread on a virus by the FBI based on code from a rogue virus (I forgot the name but may be Magic or Lantis or something like that). At that time several major companies like Norton and McAfee were asked to ignore it.
They may have received similar requests regarding the latest viruses. Think of how many alternative methods are still unused or unactivated. It would be unusual for the people behind Flame to disable it without having several back-up plans.
In the coming years our
Re: (Score:2)
(I forgot the name but may be Magic or Lantis or something like that).
You're talking about http://en.wikipedia.org/wiki/Magic_Lantern_(software) [wikipedia.org]
Re: (Score:1)
Re: (Score:3)
It was hiding in plain sight. It was signed with valid certificates which essentially white listed it.
Re: (Score:1)
Re: (Score:2)
One component of one early variant of Stuxnet is also a component of a variant of Flame.
There is no time for people to analyze all the malware anymore. Instead, there are automated detection and signing routines.
When you read about the earliest variants of Stuxnet dating from 2008, that is not the time at which they were written, it is the time when a virus signature was added to a database by someone's detection engines.
So, a particular file was tagged at that time as "virus". No one looked further into it
Doesn't work though (Score:2)
As noble as the underlying motives might be, I simply find it hard to believe that bullying souvereign nation states or their governments can have positive net effects in the long turn.
gravity's sundae (Score:2)
I simply find it hard to believe that bullying souvereign nation states or their governments can have positive net effects in the long turn.
But
Bananas are an excellent source of vitamin B6, soluble fiber, and contain moderate amounts of vitamin C, manganese and potassium. [wikipedia.org]
Coincidence? (Score:2, Funny)
A primary focus for Bill Gates in years just prior to his retirement: Windows vulnerabilities. Bill Gates retired from Microsoft in June 2008 at the ripe old age of 52. Stuxnet and Flame were released shortly afterward. What did he know and when did he know it?
Killing it with fire! (Score:2)
Man... how awesome was this picture [imgfarm.com] for the meme world? He's going all "Prometheus" on that side of a dock!
Thank you to the news staffers who decided to insert that image!