Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Security IT

Researchers Say Flame and Stuxnet Share Common Authors 114

Trailrunner7 writes "Researchers digging through the code of the recently discovered Flame worm say they have come across a wealth of evidence that suggests Flame and the now-famous Stuxnet worm share a common origin. Researchers from Kaspersky Lab say that a critical module that the Flame worm used to spread is identical to a module used by Stuxnet.a, an early variant of the Stuxnet worm that began circulating in 2009, more than a year before a later variant of the worm was discovered by antivirus researchers at the Belarussian firm VirusBlokAda. The claims are the most direct, to date, that link the Flame malware, which attacked Iranian oil facilities, with Stuxnet, which is believed to have targeted Iran's uranium-enrichment facility at Natanz. If true, they suggest a widespread and multi-year campaign of offensive cyber attacks against multiple targets within that country."
This discussion has been archived. No new comments can be posted.

Researchers Say Flame and Stuxnet Share Common Authors

Comments Filter:
  • Yeah, no shit (Score:5, Insightful)

    by crazyjj ( 2598719 ) * on Monday June 11, 2012 @10:52AM (#40284429)

    If true, they suggest a widespread and multi-year campaign of offensive cyber attacks against multiple targets within that country

    What's next, researchers discovering that the recent spate of assassinations [cnn.com] of Iranian nuclear scientists are SOMEHOW connected?

    Anyone who hasn't realized (or *claims* not to have realized) by now that there has been an elaborate, multi-year shadow war by the CIA/Mossad trying to sabotage the Iranian nuclear program is either willfully-blind, retarded, or a shill. Christ, Mossad and the CIA barely even bother to *HIDE* it anymore. Everyone in their right mind knew what was really going on the second Stuxnet was dissected. And they certainly realized it the first time mysterious guys on a motorcycle attached a magnetic bomb to the car of a guy who just happened to also be a prominent nuclear scientist in Iran.

    Of course, some willfully-blind, retarded shill out there is going to reply to this and say that those scientists killed themselves and that Stuxnet and Flame were actually created by Iran in an incredibly convoluted attempt to gain world sympathy. Such is true delusion.

    • by Anonymous Coward

      Yet we ignore/deny the Iranian "not so shadow" war in Eritria, Somalia, Iraq, Afghanistan, Syria, Lebanon and Palistine?

    • by ColdWetDog ( 752185 ) on Monday June 11, 2012 @11:01AM (#40284577) Homepage

      Christ, Mossad and the CIA barely even bother to *HIDE* it anymore

      Wait. What?

      OK, the CIA and Mossad I get. Fine. That's what they do.

      But Jesus?

      What's he doing getting into electronic warfare? I thought he was supposed to be a nice guy, turn the other cheek and all that?

    • Re:Yeah, no shit (Score:4, Interesting)

      by jandrese ( 485 ) <kensama@vt.edu> on Monday June 11, 2012 @11:02AM (#40284601) Homepage Journal
      I don't think there are too many people who are overly skeptical of who made Stuxnet and Flame. The primary arguments seemed to be "Israel or the US, or Israel AND the US?" It seems pretty clear that both of these were a backdoor solution to a problem they felt could not be solved by diplomatic or economic means. Nuclear nonproliferation is something the world as a whole has been very bad at in the past, this could be one of the few success stories.
      • by Anonymous Coward

        Is there any evidence that this has done anything but slow them down a tad? I haven't actually seen the proof that we've been able to stop them or even have the capability of permanently stopping them short of overthrowing the leadership or wiping out the country.

        • Re:Yeah, no shit (Score:4, Informative)

          by jandrese ( 485 ) <kensama@vt.edu> on Monday June 11, 2012 @11:51AM (#40285417) Homepage Journal
          Slowing them down is more than the UN, NATO, economic sanctions, political posturing, or anything else has done. Slow down the program enough and maybe there will be time for political reform to bubble up from the bottom. The last elections in Iran drew a lot of anger from the populace, we can only hope that the latent anger eventually boils over and goes full Egypt given enough time. Direct military intervention (regime change) is just not practical, so you do what you can. Anything we can do to hold back the day when Jerusalem is a radioactive crater is a win in my book. Sure it's possible, and maybe even likely, that Mahmoud Ahmadinejad was just blowing smoke with his promises to wipe Israel off of the map, but it's a big gamble when you're talking about the lives of 7.5 million people are on the line.
          • Didn't the US do this to the Soviets during the cold war too? Something embedded into the hardware sold to the Russians that messed up a factory or plant for nuclear power/weapons?
            • Re:Yeah, no shit (Score:4, Informative)

              by ShanghaiBill ( 739463 ) on Monday June 11, 2012 @12:30PM (#40285983)

              Didn't the US do this to the Soviets during the cold war too? Something embedded into the hardware sold to the Russians that messed up a factory or plant for nuclear power/weapons?

              Supposedly the CIA put a bug in some gas pipeline SCADA software that caused a major explosion in Siberia. There is some doubt about whether this really happened. More info here: Siberian Pipeline Sabotage [wikipedia.org].

          • Slowing them down is more than the UN, NATO, economic sanctions, political posturing, or anything else has done.

            At what cost?

            • At what cost?

              Since we are talking about acts of war, both in Iran's stated objectives wrt USA and other nations, and the USA led response of imposing war time embargos on trade with Iran, the cost needs to be measured in the context of war.

              Number of dead from these attacks (including attackers, defenders, and collateral deaths): minimal.

              Amount of war material drawn from stockpiles or inventory needed to support this attack: minimal.

              Cost of disruption of civilian economic activities of these attacks: For the attackers

        • Well, stuxnet and Flame becoming public are really the first evidence that someone is putting teeth into the Nuclear Non-Proliferation Treaty (which is now something like 40 years old, with over 150 countries signing on to it).

          If one or two more incidents like these happen over the next year or so, I think pragmatists in Iran's government and any other nation that is considering developing their own nuclear weapons program will make sure their governments do not waste any resources on an impossible objecti

      • This is what we're paying the CIA for.
        If the possibility existed and they didn't take advantage of it, then they'd wouldn't be doing their duty.
        I take this as a rare sign that our guys are actually taking care of what needs to be done regardless of whatever manufactured distraction the politicians blather on about.
      • Doesn't evidence of a common developer on two different projects rule out the US government as a suspect?

        Among the many reasons government software takes so long to build, the most painful to me as a programmer was that they still hadn't been required to consider code reuse.

    • Obviously some sort of shadow war is going on here. But your assumptions about the agencies involved seems lacking. Both the US and Israel have relevant agencies other than the CIA and the Mossad. Similarly, it wouldn't surprise me much of Britain was involved in this.

      Of course, some willfully-blind, retarded shill out there is going to reply to this and say that those scientists killed themselves and that Stuxnet and Flame were actually created by Iran in an incredibly convoluted attempt to gain world sympathy

      This is possibly the most ridiculous strawman I've seen yet. Can you point to anyone who has claimed that Stuxnet was made by Iran?

      • Go into any thread from the early days of Stuxnet and you'll find people claiming this and many other silly theories (to dismiss the obvious conclusion). Another one of the more prominent theories is that Russia and/or Saudi Arabia made it. Russia--because it was Russian contractors who infected the first PLC's in Iran. And Saudi Arabia because they supposedly have more to lose than Israel if Iran goes nuclear. Anything to absolve the most glaringly obvious culprits, of course. I suspect there was/is more t

        • Trolls will do what trolls do, which is claim crazy theories to get attention and "argue" with people. It's better to ignore them (although the theory about Russia making it is certainly *possible*, just not likely).

          Most people have realized from day 1 that the US and/or Israel was responsible, but their governments would never officially admit to it.

          • WAS certainly possible, given Obama's election year "leaks" it's pretty much definitely the US and Israel.

            • You don't believe that Jayzus caused Stuxnet to spontaneously generate in the bowels of the intarwebs because Jehova 1 didn't want Iran nuking his chosen people?

              You probably also don't believe that the matrix has become sentient and is using stuxnet to communicate with the space aliens.

              What a sad, gray world you inhabit.
        • Those people have obviously never heard Occam's Razor.
          • by msauve ( 701917 )
            "Those people have obviously never heard Occam's Razor."

            Heard it? I didn't even know it was an electric razor!
        • by Raenex ( 947668 )

          Go into any thread from the early days of Stuxnet and you'll find people claiming this and many other silly theories (to dismiss the obvious conclusion).

          OK, here's an early story: http://it.slashdot.org/story/10/09/26/1736224/stuxnet-infects-30000-industrial-computers-in-iran [slashdot.org]

          I looked at 40 comments rated 3 or higher, and not one mentioned that this was a false flag attack used to gain sympathy. About as close as it came was one person mentioning the possibility of dissidents within Iran.

          Another one of the more prominent theories is that Russia and/or Saudi Arabia made it. Russia--because it was Russian contractors who infected the first PLC's in Iran. And Saudi Arabia because they supposedly have more to lose than Israel if Iran goes nuclear.

          Now you're backpedalling. Those are at least plausible theories, unlike your ridiculous strawman: "Of course, some willfully-blind, retarded shill out there is going to repl

      • by Anonymous Coward

        it wouldn't surprise me much of Britain was involved in this.

        The thing which bothers me most is that people seem so happy to put a Western bow on this and call it quits. The fact is, most every nation around Iran has secretly gone to the US, France, and Britain to bomb the shit out of Iran to prevent them from becoming a regional nuclear power. We know this because of the leaks provided by Wikileaks. The fact is, its far, far more rational to believe this is a large multinational ploy by some dozen countries or so, whereby the US and Isreal just happen to be some of

        • Doubtful. Flame was in a lot of the neighboring countries not just Iran, which helps rule out most Middle-Eastern countries as being involved. Moreover, intelligence agencies don't like to spread things around that much because it makes leaks much more likely. The US and Israel would almost certainly not be willing to do that much with the various Islamic countries agencies simply because they won't trust them much. The technical capability involved in both Stuxnet and Flame are immense and it isn't clear t
    • by Anonymous Coward

      Anyone who hasn't realized (or *claims* not to have realized) by now that there has been an elaborate, multi-year shadow war by the CIA/Mossad trying to sabotage the Iranian nuclear program is either willfully-blind, retarded, or a shill. Christ, Mossad and the CIA barely even bother to *HIDE* it anymore.

      Actually, they hid their activities EXTREMELY well.

      But the Obama administration made it public, probably as an election ploy.

      • Actually, they hid their activities EXTREMELY well.

        No they didn't. Everyone with half a functioning brain knew that Mossad and the U.S. have been behind these activities from the beginning.

        • Actually, they hid their activities EXTREMELY well.

          No they didn't. Everyone with half a functioning brain knew that Mossad and the U.S. have been behind these activities from the beginning.

          You have obviously never dealt with people who still believe there's a difference between D and R, especially during an election year.

          If R supporters think they can blame the D, no matter how insanely ridiculous the rationale, they will. Same goes for the inverse.


          "Half a functioning brain" is giving them far too much credit.

        • by MrNJ ( 955045 )
          Perhaps those with "half a functioning brain" do in fact treat their assumptions as facts. Especially when the assumptions agree with their prejudices.

          The rest of us, i.e. those with a fully functioning brain, allow for multiple possible scenarios - at least until there's some proof to narrow them down.
          • The rest of us, i.e. those with a fully functioning brain, allow for multiple possible scenarios - at least until there's some proof to narrow them down.

            And those of us with a fully functioning brain, an IQ above room temperature, AND knowledge of all the entities involved, KNOW this is Israel working in concert with the CIA.

            What "proof" are you expecting to suddenly pop up out of nowhere that this CLANDESTINE operation is occurring and we are responsible?

            Why in the world would China or Russia attack the Middle East and Iran specifically? Those are the only two other entities in the world capable of pulling off such an attack.

            Use your brain.

        • No they didn't. Everyone with half a functioning brain knew that Mossad and the U.S. have been behind these activities from the beginning.

          Well, at least till security breaches in the US, there was at least plausible deny-ability...

          Fscking govt. types in power today..have let enough information loose out there, pretty much destroy that.

          What happened to the "loose lips sink ships" mentality to covert ops?

        • by Anonymous Coward

          >Mossad and the U.S. have been behind these activities from the beginning.

          *citation needed

          you super-believing its true doesnt make it any less of an unfounded statement than anything else.

          • They are. Deal with it. Accept it.

            • Bullshit.

              Israel is not a signatory to the Nuclear Non Proliferation Treaty. And these cyberwarfare attacks have all the earmarks of the NNPT nations putting some teeth into that treaty.

              Think of the old Big Four who dominated world politics for 25 years after World War II: USA, Russia, Britain, and France. Together they have the capability of mounting this kind of cyberwarfare, it is in all their interests to do so, and they have the experience in clandestine operations to pull this off.

              Israel could no

    • You insensitive clod!!! - I'm a willfully-blind, retarded shill
    • Those scientists killed themselves and Stuxnet and Flame were actually created by Iran in an incredibly convoluted attempt to gain world sympathy.

    • by Maudib ( 223520 )

      The assassinations appear to be the Mossad + MEK.

      http://rockcenter.msnbc.msn.com/_news/2012/02/09/10354553-israel-teams-with-terror-group-to-kill-irans-nuclear-scientists-us-officials-tell-nbc-news?lite [msn.com]

      I would be surprised if the CIA was involved with the MEK directly. My guess the U.S. provides intel and support with drones and looks the other way while Israel does the dirty work with Stuxnet/Flame/Assassinations.

      Israel even seems to want credit for Stuxnet:
      http://www.theatlanticwire.com/global/2012/06/isr [theatlanticwire.com]

      • Can you explain to me again why these Iranian scientists "deserved" to be blown up in a fiery explosions in the middle of traffic, surrounded by thousands of other innocent souls who witnessed the murder? Last I checked, Iran has never attacked or invaded anyone. The U.S., on the other hand....

    • the first time mysterious guys on a motorcycle attached a magnetic bomb to the car of a guy who just happened to also be a prominent nuclear scientist in Iran.

      And just happened to be a major internal opposition leader, and a university professor who was not involved in the country's nuclear program.

      From folks inside Iran - yes, there are outside agencies doing targeted assassinations, and yes, the Iranian government is using it as cover to take care of some of their own 'problems' as well.

  • by Anonymous Coward

    Based on an anagram of "Flame and Stuxnet", I expect the next target to be Mexico's banking sector: Tamale Funds Next.

    • by sycodon ( 149926 )

      Dumping my shares of The Tamale Funds now.

      Too bad because they were pretty hot!

      • There's another interpretation, and based in that, I'm eagerly awaiting a new NeXT. I may even learn Spanish if I have to.
  • ...between germ warfare and malware warfare is that the anthrax bombs tested out in Scotland never affected areas outside the impact crater and it costs a lot to genetically modify a bacterium.

    In contrast, most of the world's true psychopaths have access to coders capable of modifying Stuxnet or Flame to do things never intended by the original author, and both have been found globally.

  • Could it be an entity with a TLA?

  • by StripedCow ( 776465 ) on Monday June 11, 2012 @11:14AM (#40284805)

    They all copied the code from Oracle. They'd better be prepared for a huge fine or a sales ban.

  • by cdrguru ( 88047 ) on Monday June 11, 2012 @11:24AM (#40284959) Homepage

    It seems that a lot of people are trying to pin Stuxnet firmly on the US Government, current administration. So far it seems to be mostly "unnamed knowledgable sources" which could be BS - but things could get more credible.

    At some point our friends in Iran are likely to decide that Stuxnet cost them millions of dollars and years of work and the US is responsible. If, or when, they come to this conclusion I would expect something quite overt from Iran to show up. Possibly as a retalitory cyber attack, possibly something as crude as blowing up a few buildings full of people. Something that is assured to cost the US more than a few million dollars. Obviously there is very little that can be done to stop such an attack - especially if it came in the form of something like Weather Bug with people clamoring to figure out how to install it in spite of what ever controls, warning and blocks put in their way. Ever seen someone in a business with all locked-down users (no Admin rights) call the help desk to ask if they could have someone install Weather Bug for them? Yeah, like that.

    My guess is that the US isn't backpedaling fast enough to convince the world that it isn't responsible for Stuxnet... so I'd expect retaliation before the end of the year. What would be the point of doing it to a lame-duck president? So probably before November. Of course Iran might decide that Obama is preferrable to Romney and wait until after the election assuming (rightly so) that a successful attack would bring down the government.

    • It seems that a lot of people are trying to pin Stuxnet firmly on the US Government, current administration. So far it seems to be mostly "unnamed knowledgable sources" which could be BS - but things could get more credible.

      Somebody lock you in the closet again? It's been out for weeks [www.cbc.ca].**

      Possibly as a retalitory cyber attack, possibly something as crude as blowing up a few buildings full of people. Something that is assured to cost the US more than a few million dollars. Obviously there is very little that can be done to stop such an attack - especially if it came in the form of something like Weather Bug with people clamoring to figure out how to install it in spite of what ever controls, warning and blocks put in their way. Ever seen someone in a business with all locked-down users (no Admin rights) call the help desk to ask if they could have someone install Weather Bug for them? Yeah, like that.

      You do realize that there are many, many folks - in the US, in Israel, in Saudi Arabia and all over the world who are simply drooling with pleasure over the mere thought of an Iranian first strike. That opens the floodgates for all sorts of nastyness and it will be all the fault of the Iranians. In fact, if one were so disposed, one could argue that all of the posturing and bluffing we're doing is largely to get Iran to frizzle bad enough t

    • This is the problem with government too big for its britches. You can't entirely blame Obama. Bush and Cheney made a focused effort to rig the security structure for twenty years... Huge numbers only have their jobs because Bush pulled strings and they only got them by being "true believers". The President gets the options the armed forces give him... The "whole truth" is only what you can prove.

      So much of what the US security structure is paranoid about exists only in their own minds. They have SO MANY bla

      • by Nidi62 ( 1525137 )

        This is the problem with government too big for its britches. You can't entirely blame Obama. Bush and Cheney made a focused effort to rig the security structure for twenty years...

        Uhh, if you're going back 20 years, then you're forgetting a name in there. I'll give you a hint: it starts with C and chases about as many women as Hugh Heffner

  • I'm not actually much concerned about Iran's nuclear program. Deterrence and MAD actually worked pretty well during the Cold War, and if Iran had nukes (which there isn't any evidence they are actually developing, but there's just enough of a hint of that to have some possible deterrent effect) the chance of Israel launching a war of aggression would be less.

    But it scares the shit out of me to think that Iran is running WINDOWS on sensitive installations, for Uranium processing (even for reactors it is not

    • Re: (Score:2, Insightful)

      by i.r.id10t ( 595143 )

      MAD only works when all parties involved are relatively sane, and when there is proper security to keep the goodies out of the hands of folks who aren't sane...

      IOW, I don't think that MAD is a good deterrent for an extremist religious fundie...

      • by cpu6502 ( 1960974 ) on Monday June 11, 2012 @11:46AM (#40285323)

        To describe 10 million Iranians as "insane" smacks of anti-persian racism. It's the same kind of nonsense people said about blacks during WW2 ("They are not sane or intelligent enough to handle big equipment like tanks or planes.").

        • by Anonymous Coward

          I thought he was referring to the leadership, not every single citizen of the country. But hey, your prejudice can blind you just as much as anyone else.

          • I thought he was referring to the leadership, not every single citizen of the country.

            Does that make his ignorance less profoundly stupid? Does it make him less of a government tool?

        • You think it takes 10 million agreeing to do something for it to happen? Why 10 million? How do you think they'll pick them?

          I guess in your strange fantasy world where it takes the agreement of 10 million people for anything to be done, then sure nothing is likely to happen. In the real world though there's a handful of religious leaders at the top and a handful of military leaders under them who can do things without getting 10 million people to agree.

          • Except the leaders (both the president and the higher-level Ayatollah) have both started they have no interest in attacking Israel..... probably because they know it would be suicide (mutually assured destruction). We also have religious people running Pakistan and India, but I don't see them nuking one another. The MAD Stalemate works.

          • In the real world though there's a handful of religious leaders at the top and a handful of military leaders under them who can do things without getting 10 million people to agree.

            So basically, just like the United States.

        • To describe 10 million Iranians as "insane" smacks of anti-persian racism.

          Could you list a few of the suicide bombings that black Americans carried out in WW2, including against the United States? Any like the Beirut bombing? - The 1983 Marine Barracks Bombing: Connecting the Dots [heritage.org]

          Iran’s End Times Documentary [frontpagemag.com]

          It's the same kind of nonsense people said about blacks during WW2 ("They are not sane or intelligent enough to handle big equipment like tanks or planes.").

          92nd Infantry Division [coax.net], 784th Tank Battalion [784th.com], 761st Tank Battalion [761st.com], , [wikipedia.org] 858th Engineer Aviation Battalion [coax.net]

          Tuskegee Airmen [af.mil]

      • MAD only works when all parties involved are relatively sane, and when there is proper security to keep the goodies out of the hands of folks who aren't sane...

        It worked against Stalin and Mao. I think it's a fairly high burden of proof to claim that a national leader is crazier and/or more evil than those two.

      • >>>I don't think that MAD is a good deterrent for an extremist religious fundie...

        We have "extremist religious fundies" running Pakistan and India, but I don't see them nuking one another. You claim the MAD Stalemate does not work in that case, but clearly it's working just fine.

    • we live in a VERY SCARY world

      You're just coming to this conclusion now?

      Did your doctor stop one of your meds or something?

    • But it scares the shit out of me to think that Iran is running WINDOWS on sensitive installations, for Uranium processing (even for reactors it is not exactly *safe* material) or other important security/safety functions. If this stupidity exists elsewhere in the world, we live in a VERY SCARY world (like most of the people in the world, probably, I don't live that many miles from a nuclear plant).

      Iran is free to use Windows for what ever they choose and it's fine by me. Just don't run Windows to control the nuke plant in my backyard.

      The really scary thing is that folks actually believe that MAD (a Cold War stance) is a good strategy for dealing with Iran... The US generally already has the ability to turn the bulk of Iran in to glass and it doesn't seem to be bothering them. Now you are suggesting that we simply allow them to develop the ability to do the same to the US? Doesn't seem like a good id

  • They keep plugging these systems into the internet.

    • Although it's possible their nuclear centrifuges weren't physically airgapped from the internet, Stuxnet was also designed to spread via removable media. There was an article in the Weekly Standard a couple years ago that presented a theory I find more likely, which is that infected USB flash sticks were planted in/around Iran, and one of those (or a drive that had subsequently become infected) made its way to the nuclear facility and was plugged into a machine there.
  • Kaspersky (Score:4, Interesting)

    by FlynnMP3 ( 33498 ) on Monday June 11, 2012 @12:04PM (#40285647)

    Isn't anybody else besides Kaspersky discovering these things? On the one hand, it is in their best interest to find out as much as they can about this new kind of virus. On the other hand, I get a bit nervous when there appears to be only 1 source for information.

    • by Anonymous Coward

      I would imagine that it was to do with the fact that Kaspersky is a Russian company. If you were a country with a malware infestation that wasn't on friendly terms with the US you probably would not want to bring an American company in to look at the problems you're having.

    • by Anonymous Coward

      Soon after 9/11 I remember some thread on a virus by the FBI based on code from a rogue virus (I forgot the name but may be Magic or Lantis or something like that). At that time several major companies like Norton and McAfee were asked to ignore it.

      They may have received similar requests regarding the latest viruses. Think of how many alternative methods are still unused or unactivated. It would be unusual for the people behind Flame to disable it without having several back-up plans.

      In the coming years our

    • by Alarash ( 746254 )
      What I'm wondering about is: if one of the component of Flame was a known variant of Stuxnet, why didn't the Kaspersky AV engine, or anybody else's that sell AV or IPS to the affected countries, detect it?
      • It was hiding in plain sight. It was signed with valid certificates which essentially white listed it.

        • by Alarash ( 746254 )
          So even a known signature, as long as it's digitally signed, will not be blocked? Interesting.
      • by Magada ( 741361 )

        One component of one early variant of Stuxnet is also a component of a variant of Flame.

        There is no time for people to analyze all the malware anymore. Instead, there are automated detection and signing routines.

        When you read about the earliest variants of Stuxnet dating from 2008, that is not the time at which they were written, it is the time when a virus signature was added to a database by someone's detection engines.

        So, a particular file was tagged at that time as "virus". No one looked further into it

  • As noble as the underlying motives might be, I simply find it hard to believe that bullying souvereign nation states or their governments can have positive net effects in the long turn.

  • by Anonymous Coward

    A primary focus for Bill Gates in years just prior to his retirement: Windows vulnerabilities. Bill Gates retired from Microsoft in June 2008 at the ripe old age of 52. Stuxnet and Flame were released shortly afterward. What did he know and when did he know it?

  • Man... how awesome was this picture [imgfarm.com] for the meme world? He's going all "Prometheus" on that side of a dock!

    Thank you to the news staffers who decided to insert that image!

The best things in life are for a fee.

Working...