Stuxnet Analysis Backs Iran-Israel Connection 307
Trailrunner7 writes "Liam O'Murchu of Symantec, speaking at the Virus Bulletin Conference, provided the first detailed public analysis of the worm's inner workings to an audience of some of the world's top computer virus experts. O'Murchu described a sophisticated and highly targeted virus and demonstrated a proof of concept exploit that showed how the virus could cause machines using infected PLCs to run out of control. Though most of the conversation about Stuxnet is still based on conjecture, O'Murchu said that Symantec's analysis of Stuxnet's code for manipulating PLCs on industrial control systems by Siemens backs up both the speculation that Iran was the intended target and that Israel was the possible source of the virus. O'Murchu noted that researchers had uncovered the reference to an obscure date in the worm's code, May 9, 1979, which, he noted, was the date on which a prominent Iranian Jew, Habib Elghanian, was executed by the new Islamic government shortly after the revolution. Anti-virus experts said O'Murchu's hypothesis about the origins of Stuxnet were plausible, though some continue to wonder how the authors of such a sophisticated piece of malware allowed it to break into the wild and attract attention."
Symantec has also issued a lengthy and detailed dossier on Stuxnet (PDF).
Wait a minute. (Score:5, Insightful)
So the entire idea of the "Israel created this to attack Iran" idea is based on finding the date May 9, 1979 hidden in the code - and that because it's the first day the current theocratic asshats running Iran beheaded the first Jew of their despotic regime? Really?
This is like playing Nostradamus. Pluck something vague, go hunting, and see what you can say later to claim you "predicted it." For instance, in Eastern bloc countries, May 9 1945 is "Victory Day." I'm sure some prominent politician somewhere in there also died on May 9, 1979. A google search for that date came back with 196,000 results just on the precise phrase "May 9, 1979".
Ridiculous.
Re: (Score:2, Insightful)
So the entire idea of the "Israel created this to attack Iran" idea is based on finding the date May 9, 1979 hidden in the code
No, the idea is based on Israel having the motivation, the capability, and the demonstrated willingness to do things like this. (Not saying that it's true that the thing came from Israel *or* targeted Iran, mind you.)
Re:Wait a minute. (Score:5, Insightful)
Dozens of regimes have the motivation, capability and demonstrated willingness to do things like this.
Hell, thousands of hackers across the world have the motivation, capability, and demonstrated willingness to do things like this. And that's not even before we get to the professional virus-writers that are tied in with outfits like yakuza and russian mafia gangs these days operating various blackmail/extortion gambits.
It sounds more like the "idea" is based on someone who has some grudge against Israel and found a convenient outlet for it, just like all the other "waah the jews did it" conspiracy theories that always sprout up - including the dork who posted a "jews also did wtc" in the first post (thankfully probably trollmarked down to -1 by now) to this article.
Re: (Score:3, Interesting)
What would you say are the top five "regimes" that you believe have the "motivation, capability and demonstrated willingness" to perform a cyber-attack like this on Iran?
Re:Wait a minute. (Score:5, Insightful)
Hehe, mod parent up.
The "EU" as a "state actor" is rich. If there is anything that is farther from a "state actor" in the world today (excluding maybe the UN), it is the EU. They can't make a decision on how to tie their collective shoes together, much less conspire to attack a foreign country.
Look at the EU's "common position" on the Iran sanction proposals for the spine, resolution, unity and swift action the "state actor" has...
Re: (Score:2)
You're still operating under the faulty assumption it's against Iran.
Who else does Iran sell these PLC's to?
Don't you mean "who else uses these Siemens [wikipedia.org] PLCs"?
I'm interested in hearing how the worm targeted PLCs in one specific country? Generally PLCs are fairly simple devices that aren't location aware.
Re:Wait a minute. (Score:4, Informative)
There is plenty of reading material on the topic and I would specifically site the analysis released a few days ago. However, to me the largest factor involved is the three hop maximum infection fuse. This would indicate the deployment had a very specific location based target in mind. I have not paid particular attention to the PLC design portion, but I have mostly heard second hand the PLC logic it targeted resembled Irans configurations.
However, don't dare let me be the only source of information and flip through the available material.
Re: (Score:3, Insightful)
That an anonymous coward will write-off another person's opinion, simply because they may be Jewish, is rather strange. Until you realize that the anonymous coward is an anti-Semite.
Up next: Anonymous coward insists some of his best friends are Jewish. Film at eleven.
Re:Wait a minute. (Score:5, Informative)
Who else does Iran sell these PLC's to?
Iran doesn't make and sell them, Siemens does.
Re: (Score:2)
What he really posted was "first 'they did wtc too' " (as in "we're talking about Jews so expect a bunch of 'they did the wtc' remarks"), and, due in part to the lack of ellipses afer the word "first", the moderators failed to detect the humor.
Re: (Score:2)
No, no, no. As was explained to me in the predecessor of this article, it would be impossible for independent hackers to do this because it's "too Hollywood." They would absolutely need the magical empowering guidance of a state intelligence agency, and at that point of course Israel is the obvious suspect. Duh.
Re:Wait a minute. (Score:4, Informative)
And how many independent hackers have access to SCADA? SCADA systems are not something that ends up just on any hacker's desk just like that.
One thing this incident shows is that SCADA security is inexistent when facing a modern "Internet Style" attack. It has all: buffer overruns, bad coding, idiotic design decision and total lack of security awareness in the admins who set up the networks. However, because it looks secure from the perspective of Joe Average Utility IT manager it is deemed secure.
After this incident this "secure" statement will be questioned quite a lot in most countries.
Re: (Score:3, Informative)
Hell, thousands of hackers across the world have the motivation, capability, and demonstrated willingness to do things like this.
So you're suggesting that thousands of hackers knew that Iran used Siemens PLCs, knew the specific equipment being controlled by those PLCs, knew how to modify the program code in those PLCs to damage that equipment, had multiple stolen certificates, and had apparently four zero day exploits cued up and ready to be blown on this. Even as a self-righteous slashdot-reading geek, I'm not buying it. This was government all the way. The bullshit dates were thrown in the code to add an intentional tinge of unp
Ah, yes, the world is a scary place isn't it (Score:5, Insightful)
Your arguments sound and awfull lot like people who argue 9/11 was a government plot. Why do they argue this? Because they are afraid and can't deal with a world were a random group of individuals can do such a complex thing.
This is especially amazing as a story running at the same time is about the leaked Intel key. And of course the ongoing story of the PS3 being cracked.
Random individuals are a lot more resourceful then some people are willing to give them credit for. But blaming a shadow government for it is far easier to cope with because that means at least someone is in charge. In control.
Those "stolen" certificates also mean nothing. They get "leaked" all the time. Case in point, the Intel key, which was a LOT more valuable then the keys in this worm.
As for hackers knowing about Siemens... that is so easy and trivial to explain I hard find it worth the effort. But it is PUBLIC knowledge who supplies Iran with its tools. Export bans and all make sure everything has to be declared.
No, I look deeper and look at the fact this worm was so quickly discovered and so handily easily decoded with all these handy clues pointing to Iran's enemies. Mmm, a virus outbreak in Iran that nobody else notices, spreads uncontrollably yet then is near instantly dissected and points towards Iran's standard scape goats.
Gosh, how convenient.
Zero day exploits are a dime a dozen, smart people the same. This is just a worm that worked its magic in a mono-culture. The moment I start thinking "government conspiracy" is when someone reveals anything about the data transferred.
WHY would Israel do this? They got far better methods available. And they don't need to disable a windows PC of a nuclear reactor office workers. They got reliable aircraft to do that that send a far stronger message. They got plenty of experience with it.
Re:Wait a minute. (Score:4, Funny)
You're starting from your bias and trying to justify your conclusion later. It doesn't work.
Works 100% of the time for me.....which is based on my bias against you being right, thus further supporting my stance.
Re:Wait a minute. (Score:5, Funny)
So are we claiming that development on Stuxnet started on 9/5/1979 in reaction to this execution? (Did Siemans even make industrial control computers in the 70s?) Or are we claiming that the "authors of such a sophisticated piece of malware" decided to plant a trail of clues, like some sort of cartoon villains?
They would have got away with it too, if it weren't for those meddling Symantec engineers.
Re:Wait a minute. (Score:5, Funny)
Now that's just being anti-Symantec.
(alt: anti-Siemantic. You pick.)
Re: (Score:3, Insightful)
Re: (Score:3, Insightful)
virtually all of the Israelis I have known have been racist and xenophobic
When all of your immediate neighbors want to kill you, it does tend to push you a bit toward xenophobia.
Re: (Score:3, Insightful)
So the entire idea of the "Israel created this to attack Iran" idea is based on finding the date May 9, 1979 hidden in the code
That, and the worm being targeted at Iranian PLCs. It's an incredibly sophisticated and specific attack with little avenue for direct profit, so it's unlikely to be either an extortion attempt by a criminal organisation or something produced by a blackhat hobbyist. That makes a government being behind it likely. Israel definitely has motive and means to be behind the worm.
some continue to wonder how the authors of such a sophisticated piece of malware allowed it to break into the wild and attract attention.
It took quite a while before researchers realised the payload was intended to mess with one specific brand of PLCs (they're hardly part o
Re:Wait a minute. (Score:5, Funny)
You better be careful. Rick Sanchez just said that Jews control all the ISPs and you might have your Internet connecti...{NO CARRIER}
Re: (Score:2)
New York Times [nytimes.com]
I still don't think it is enough to point the finger at Isreal though. It could very well be that someone put these references in the code to get people looking in a different direction or to actually see if they could stir up a fight between Iran and Isreal.
Re:Wait a minute. (Score:4, Funny)
Re: (Score:3, Insightful)
Re: (Score:3, Interesting)
I'd guess the odds are at least as good that it's the author's birthday.
Hang on.... (Score:2)
Assuming the author was born in 1979 AND was born on the 9th of May, you'd have a 1 in 1 chance. Even better odds!!! ;-)
Re: (Score:2)
Actually with multiple software engineers we can employ the birthday paradox.
The guestimates are somewhere between six and ten developers were used to bring this to fruition. With those base numbers we can further guestimate there is between a 4 and 12 percent chance that one of the developers had the same birthday as that date.
Re: (Score:3, Interesting)
I do consider it very likely that Israel is behind this. Israel has both the motivation and the capability to launch such an electronic attack at Iran.
Israel has the motivation and capability to launch a real attack at Iran! You know, with bombs dropped from planes and nuclear weapons launched from submarines. Not just some dorkiness that is only news for nerds. Could this be some competent Black Hat who lives in Israel and dislikes Iran? Sure, I can believe that - it's as likely as any other country. But why would a government screw around with something this lame, especially leaving clues behind? That makes as much sense as the WTC conspiracies.
Pl
Re:Wait a minute. (Score:5, Insightful)
http://gizmodo.com/5652032/the-secret-code-inside-the-supervirus-attacking-iran-nuclear-power [gizmodo.com]
Sounds like someone has found someone to blame, and are desperately searching for "evidence" to back it up
Re: (Score:3, Insightful)
Hey but wait! Today is October 1st that they "discovered" the May 9th reference. That's the day Alexander the Great defeated Darius III of Persia! That PROVES it was an attack against Iran, because Iran is Persia!
October 1 is also the day Germany annexed the Sudetenland... and the day the USS Grouper torpedoed the Lisbon Maru mistakenly... and the day the Israeli Air Force bombed the PLO headquarters in Tunis (too bad they didn't get Arafat back then!).
And this is the problem of trying to follow "date code"
Ya (Score:5, Interesting)
This is compounded by the problem that people are presupposing the answer. From the start, it seems people have assumed this MUST be an attack against Iran and thus done by the US or Israel. As such their thought process is "Find evidence of US or Israeli involvement," and not "Try to find out the source of the attack."
If you look hard enough for evidence of something, you'll often find it, even when there isn't any, particularly when the standard for evidence is low. Same kind of shit with all the 9/11 conspiracy. People doing 9s 11s and so on all over the place. Snopes did a great bit choosing another number and showing how that was all over the place too.
Sorry, but I'd require a significant amount for than this to be convinced. This isn't evidence, it is speculation at best and conspiracy mongering at worst.
Re:Ya (Score:5, Interesting)
Well let's make a list of the countries that have the resources to do this and the motivation.
1 The US.
2. Israel.
We know both of their motivations but I can think of a lot more.
3. India. A nuclear Pakistan is bad enough without a Nuclear Iran.
4. Russia. Blow up some stuff sell them new stuff. Repeat until rich. Plus Russia has no real desire to have a nuclear Iran on it's door step.
5. Saudi Arabia. They have the money and no Love for Iran.
6. France. They where allies with Iraq durring the Iraq Iran war. They don't want Iran to be a member of the Nuclear Club.
7, Germany. The PLC where made by a German company. They have no desire to see Iran have nukes.
In fact you can put all of Europe down as have both the motivation and the ability "Okay maybe not Luxembourg" to pull off this attack.
And most of the Middle East as well has motivation and a team of CS majors with a hacking talent can not be that hard to find.
8. China. They are now a world power. They do not need Iran trying to stir up trouble.
9. The UK. I mean really that should be a given.
So about the only nations with a large industrial base and high levels of education that I would rule out are.
Canada, Australia, New Zealand, Japan, South Africa and Brazil. And frankly any one of them could have done it just to defuse the issue and try to stop a nuclear war in the middle east.
Frankly I don't think that Israel or the US would have put a date in pointing to Israel.
Now Russia on the other had I could see doing it. But it is all guess work with no proof at this point.
It's called circumstantial evidence (Score:5, Insightful)
Taking all that together, I think it's fairly reasonable to limit the list of suspects to those countries with a reason to be wary of Iran's nuclear program - of which there are, admittedly, quite a few. However, Israel does have a track record for being decidedly unsubtle when it is being proactive about such things, viz the 2007 air raid [wikipedia.org] on one of Syria's nuclear facilities, or the murder of Mahmoud_al-Mabhouh. [wikipedia.org]
Re: (Score:2)
"June 24, 2012" Hey, yer right, isn't this close to the date on the Mayan Calendar when ... when ... err ... something really, really BIG will happen. Coincidence? I think not.
Re:It's called circumstantial evidence (Score:5, Funny)
admittedly a bit of a stretch as you note, there are also references to "Myrtus" within a path left in the code. Myrtus, a type of myrtle, is possibly a biblical reference to the Book of Esther (Esther was originally called Hadassah - similar to the Hebrew word for myrtle)
So now we're working off the "this word sounds like this word which is another word for this word" theory?
Lessee. "May" is a synonym with "shall"... which sounds a lot like "challa"... which is a lovely tasty breadstuff usually eaten by... JEWS! AAAUGH! RUN FOR YOUR LIVES!
Of course, that's the point of all this meaningless bullshit. You're looking for obscure connections trying to "prove" your own biases. Nothing more.
Re: (Score:3, Funny)
there are also references to "Myrtus" within a path left in the code. Myrtus, a type of myrtle,
Which is very close to Yertle the Turtle.
OH
MY
GOD
Dr Seuss authored the virus from beyond the grave!!!!
Re: (Score:2)
You'd think that if Israel were behind the attack, they would realize they'd be the prime suspect, but I can't fathom why they would want to advertise it. A blackhat hobbyist might, because they're looking for some sort of "look at how smart I am" personal credit, whereas that seems less likely for a government to do.
The embedded references could just as easily have been planted by someone unaffiliated with Israel, who also knew that Israel would be the prime suspect, and wanted to lead some trail to them.
Re: (Score:2)
The embedded references could just as easily have been planted by someone unaffiliated with Israel, who also knew that Israel would be the prime suspect, and wanted to lead some trail to them.
This leads me *away* from thinking it was Israel, because presuming the "clues" are deliberate, any number of parties besides the Israeli government have motivation for planting evidence pointing to Israel.
Granted, that line of reasoning can get circular real quick, and I wouldn't be at all surprised if the Israeli government was indeed the source. Still, without further info, this circumstantial evidence provides more questions than answers. And I'm not buying that it was necessarily a state action.
Whoever
Re: (Score:2)
You'd think that if Israel were behind the attack, they would realize they'd be the prime suspect, but I can't fathom why they would want to advertise it.
Deliberate ambiguity.
A blackhat hobbyist might, because they're looking for some sort of "look at how smart I am" personal credit, whereas that seems less likely for a government to do.
Probably less likely as the hobbyist will likely face severe criminal charges.
The embedded references could just as easily have been planted by someone unaffiliated with Israel, who also knew that Israel would be the prime suspect, and wanted to lead some trail to them.
Certainly. But at this level of game theory such predictions become useless, and we have to rely on the original evidence. Everything atop of that is speculation.
Re:It's called circumstantial evidence (Score:5, Informative)
there are also references to "Myrtus" within a path left in the code.
Considering the virus targets the PLCs [wikimedia.org] in SCADA [wikimedia.org] systems where RTUs [wikimedia.org] are standard system components, I'm willing to bet that "myrtus" is short for something like "My RTU Source" rather than an obscure reference to guavas. [palomar.edu]
Re: (Score:3, Insightful)
Nope, I'm pretty sure it's a reference to guavas, considering the complete path was:
b:\myrtus\src\objfre_w2k_x86\i386\guava.pdb
Re:It's called bullshit evidence (Score:2)
Other than a James Bond movie, CSI episode, or Dan Brown novel, I can't think of any circumstance in which your arguments could be called evidence.
Actually, all the bits pointing to Israel should be assumed to be evidence *against* a conspiracy starting in Israel.
Bits in code aren't like pollen or clay that get accidentally stuck to the culprit's clothing and shoes. It's not like software written in Israel would have any tendency to pick obscure references to Jewish culture.
Therefore, if there are some unne
Re: (Score:2)
"myrtus"? as in, for example, "my RTUs"? Jewish language, you say?
Re: (Score:3, Insightful)
Ridiculous.
What's more ridiculous is people who think the State of Israel can do no wrong, or that Israeli interests are the same thing as American interests.
The virus was targeted towards Iranian PLCs. The date is supporting evidence of that, but may be a coincidence anyway.
What's not a coincidence is that Israel has been threatening to attack Iran, but still refuses to sign the Non Proliferation Treaty as Iran has and subject themselves to inspections. Israel doesn't want to play by anyone's rules but their own, and
Why o why (Score:2, Informative)
would Israel threaten to attack Iran? Oh, that's right: Iran is a state sponsor of terrorism and has threatened to attack Israel.
Re: (Score:3, Insightful)
While the support for Hizbolla is real, consider that the rockets used are 40 years old or more and probably were about to be thrown out. If Iran really wanted to hurt Israel to the point where they would be handing it to Syria on a platter they would send more money and newer rockets.
Iran doesn't directly attack Is
Re: (Score:2)
No, from TFA, there are several bases for that:
1) Israel having the motive in its stated interests,
2) The facilities affected in Iran,
3) The sophistication of the code and Israel's capacity in that regard,
4) Various reference in the code and file
Re: (Score:2)
Re: (Score:2)
Oh give me a break. Israel has the biggest hard on for Iran, of course it was them. They've been hyper little kids, jumping up and down on the couch for years now yelling, IRAN, IRAN, IRAN more than Guiliani refers to 9/11. I suppose it's possible it was the US. But really, six in one hand, half a dozen in another. The rest of the world simply doesn't give a shit about Iran.
Re: (Score:2, Funny)
That's exactly what I would expect a pedophile terrorist puppy-kicker to say.
Re: (Score:3, Funny)
Careful. What if that's what they want you to think?
Re: (Score:3, Insightful)
Damn, people, you're beginning to sound like the whackos that find "biblical references" that "predict" everything that happened since (in hindsight, of course).
If you believe that Israel is behind the attack, fi
Re: (Score:3, Insightful)
Even more reason why the clues are most likely planted.
Very soon we will find an ASCII star of david planted in one of the binaries.
Re: (Score:3, Insightful)
Have you ever heard of an Israeli project, military or otherwise, named after a Greek word when a Hebrew one is available?
And I am not talking about translations by non-Hebrew media.
Re: (Score:2)
Proof??? (Score:5, Insightful)
Re: (Score:2)
This.
It's not like Israel is the only country / group / whatever in the world who doesn't like Iran.
I know that if I were writing something that targetted a group, I'd add in at least a few things that pointed to "someone other than me", if only to confuse the matter / feed the conspiracy theorists.
Like, if I were targetting Israel with something, I'd have to slap in something about Mel Gibson being the source.
Re:Proof??? (Score:4, Interesting)
Rosario Dawson did it (Score:3, Insightful)
If someone wants to sign their code with a date, the most logical pick would be their birthdate [wikipedia.org]
If you want to make a veiled threat, you wouldn't pick something that gets hundreds of thousands results in Google [google.com]. You would try to make your threat clear but deniable [wikipedia.org]
Re: (Score:2)
>They were smart enough to write and deploy a complex virus, but stupid enough to include a reference to an obscure execution date of a prominent Iranian Jew; the first
Right because no tech genius is ego driven or has enough common sense to let his/her feeling get in a way of the job.
Re: (Score:2)
The stupidity of including a self-implicating date reference gives everything away. Obviously the whole virus is a plot by Iran to implicate Israel, so they have a good excuse for launching a "retaliatory" strike against Israel once their nuke program has produced a weapon.
But wait! The sophistication of the virus shows that the authors must have
It's public intentionally, duh. (Score:4, Interesting)
Why are they surprised that it broke out? That's probably part of the whole idea: seed the target area (presumably Iran) with flash drives with the worm on it, then sit back and wait. When world + dog gets infected, you know *someone* in your targeted area picked up the flash drives, so there's a very high likelihood that someone at your target site infected their PC.
Doing it this way allows the attacker to know that they've succeeded (and presumably to take whatever follow-up measure they had planned) without giving away who they are. Since *everyone* knows that the worm exists, there's no secret signal path to trace back to the author.
Significant Dates.. (Score:2)
It's possible to attach significance to any given date in the past 60+ years to an important, though obscure, event that occurred in the Middle East. Someone dies, someone is born, or elected, or deposed, or a protest is held, etc.
I wouldn't be surprised if Israel really DID organize Stuxnet, and the date hidden in the code DID mean something, but whoever put it in there was referring to a completely different obscure historical event.
KGB ! (Score:3, Funny)
Really fails the smell test. (Score:4, Interesting)
Iran still has several thousand Jews living in Tehran and Isfahan. To refer to the execution of Elghanian is to invite the execution of some other scapegoat out of the Jewish community. The Mullahs of Iran are very, very easy to offend, tease, tweak, et cetera. There are plenty of ways to put insults aimed at them into this virus without pointing at the Jewish community, and rest assured any Israeli hacker knows plenty.
Also, Elghanian could not have been the only one. (Score:2)
A google search for "executed in Iran" and "May 9, 1979" doesn't turn up any other names, but if I recall correctly, by that time Tehran's Evin Prison was already an abbatoir, with many more victims killed. Can any Iranian chime in on this ? By May, weren't the Islamists already massacring the leftists?
Re: (Score:2)
No actually. The leftists were anti-American so the regime kept them around
I've seen this episode before (Score:3, Interesting)
It was Star Trek Next Generation - The Vengence Factor [memory-alpha.org]. Only one in a million Acamarians have the DNA which this virus was designed to kill.
Yeah, Right... (Score:4, Insightful)
Of course, that explains it all.
Re: (Score:3, Insightful)
There is no saying that the virus was stuffed with fake clues pointing to Israel. Who knows where it came from but this is either a read herring (most likely) or someone trying to start a war. Its a very interesting subject you could turn it into a book or movie plot.
Really?!? This is front-page quality? (Score:5, Insightful)
Technical analysis aside, all these Israel claims are based on huge assumptions and zero concrete evidence. Even if Israel did create this virus why would they put references in the code that led back to them?
Re:Really?!? This is front-page quality? (Score:5, Insightful)
Re: (Score:2)
Think back to USS Liberty, Wrath of God and Spring of Youth and this post 911 talk show comment http://www.youtube.com/watch?v=o_V9seW4W38 [youtube.com]
How? (Score:3, Interesting)
Anti-virus experts said O'Murchu's hypothesis about the origins of Stuxnet were plausible, though some continue to wonder how the authors of such a sophisticated piece of malware allowed it to break into the wild and attract attention.
Seriously? We refer to this kind of programs by names like "worm" and "virus" because they resemble their biological namesakes in that they get into all kinds of places and reproduce. Who wonders about shit like this?
If Stuxnet was designed by a hostile state to damage Iranian industry, it's quite possible that, lacking any good way to deploy it inside Iran, it was released into the wild in hopes that it would find its way in on its own. Even states like the US and Israel, who probably have at least some operatives inside Iran, would probably prefer to take this approach than to risk compromising their inside operatives.
While Israel and the US are the most likely nation-state actors, it's worth considering that there are any number of NGOd that are hostile to Iran and would have the resources to hire programmers to build a worm -- if they didn't already have some in-house. It's also possible that this is the work of a lone individual: the idea that it would take a state actor to create a worm is even more laughable than SCO's contention that Linus Torvalds couldn't have possibly written a kernel by himself. And finally, Iran has plenty of competitors and outright enemies in the Islamic world. Pakistan in particular has the technical personnel, a nuclear monopoly within the Islamic world to defend, and an ongoing struggle with Iran over influence in Afghanistan. If I was forced to bet on the question, I'd put my money on Israel, but at the same time, I wouldn't be at all surprised if I lost the bet. Iran has lots of enemies, internal and external. It's almost like one of those cliched murder mysteries where a broadly disliked person is murdered and everyone he knew is a suspect.
The May 9, 1979 reference (Score:4, Informative)
Export 16 first checks that the configuration data is valid, after that it checks the value “NTVDM TRACE” in the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\MS-DOS Emulation
If this value is equal to 19790509 the threat will exit. This is thought to be an infection marker or a “do not in- fect” marker. If this is set correctly infection will not occur. The value appears to be a date of May 9, 1979. While on May 9, 1979 a variety of historical events occured, according to Wikipedia “Habib Elghanian was executed by a firing squad in Tehran sending shock waves through the closely knit Iranian Jewish community. He was the first Jew and one of the first civilians to be executed by the new Islamic government. This prompted the mass exodus of the once 100,000 member strong Jewish community of Iran which continues to this day.” Symantec cautions readers on drawing any attribution conclusions. Attackers would have the natural desire to implicate another party.
Next, Stuxnet reads a date from the configuration data (offset 0x8c in the configuration data). If the current date is later than the date in the configuration file then infection will also not occur and the threat will exit. The date found in the current configuration file is June 24, 2012.
But really, May 9, 1979 being Rosario Dawson's birthday puts this back on the teenager in his basement path to me.
Nice job (Score:2)
If I had mod point, I'd try to mod you up to 100.
See what he did there people? He found something else that fit the rather vague data, that weakly points to a totally different theory. This is even assuming the number there is meant to be a date.
That is precisely why shit like this is useless: If you look hard enough you will find evidence, even when there is none. I'm sure with a bit of searching, you could find a whole bunch of other shit that happened on that day. Of course you could probably find other
My theory on the September 5th, 1979 reference: (Score:2)
May 9th 1979. This is the anniversary of the US & USSR signing the Salt 2 treaty, limiting nuclear weapons.
Thus, the worm is OBVIOUSLY the cooperative work of disaffected former nuclear weapons designers in the US and Russia. They're angry that Iran is trying to build a bomb, and the sanctions on Iran won't let them make lots of money helping them like Abdul Qadeer Khan did.
And Myrtus is a religious reference to the practice of women wearing myrtle garlands in their hair during the Roman Veneralia festi
Make it glow (Score:2)
Different techs and directors then get on the phones/emails within Iran and start getting/requesting more info and better reports.
Israel Army’s intelligence Unit 8200/Urim then sits back and watches Iran glow with new connections and sites.
http://cryptome.org/eyeball/ilsig/ilsig-eyeball.htm [cryptome.org]
unabomber (Score:3, Interesting)
Re:unabomber (Score:4, Informative)
May 9, 1979 is also the anniversary of the second unabomber attack.
Correction, May 9, 1979 was the date of the second unabomber attack. The anniversaries are the subsequent May 9ths in the years following.
Re: (Score:2, Informative)
On the contrary, they made damn sure that the payload would only be triggered under very specific circumstances, the specifics of which are unknown to the general public. (Probably the only people who do know are the attackers and the target, and they aren't talking.)
If you want a car analogy: Stuxnet isn't a Time Machine that triggers at 88 MPH. It's not even a Time Machine that only trips if it's installed in a DeLorean doing 88 MPH. You only see s
Re: (Score:2)
but none of the collateral damage scenarios did happen, so does that change your slippery slope speculation and accusations?
Re: (Score:2)
well apparently deepwater horizon also had siemens computers, although it is assumed that stuxnet didn't cause the spill.
Re: (Score:2)
The British Isles are about 55 times larger than Rhode Island.
Re: (Score:3, Informative)
Britain isn't that much larger than Rhode Island but has over a quarter of the population of the entire United States.
Not to be picky, but Britain is a little over 80,000 square miles in area, while Rhode Island is around 1,200 square miles. Not even in the same ballpark.
Re:Whoever did release this (Score:4, Informative)
Britain isn't that much larger than Rhode Island but has over a quarter of the population of the entire United States.
Nope.
Rhode Island area = 1,214 square miles [wikipedia.org]; Great Britain area = 84,600 square miles [wikipedia.org] - more than 60 times greater.
Great Britain population = ~60 million (mid 2009); United States population = ~310 million [wikipedia.org] (mid 2010) - more than 5 times greater.
Re: (Score:2)
Too be fair his initial claim that Britain is densely populated still holds given that Britain is about ten times as densely populated at the US.
Re: (Score:2)
That's funny, I always thought the UK was about the size of Wyoming ... http://en.wikipedia.org/wiki/List_of_us_states_by_size [wikipedia.org] and http://en.wikipedia.org/wiki/United_Kingdom [wikipedia.org]
Now if you only mean England, then we can talk about http://en.wikipedia.org/wiki/England [wikipedia.org] and the size of Alabama ... which is pretty remarkable.
Spiffy, compare the flags of the state and the country...
Re: (Score:2)
The Arabs are building nukes in Iran? Someone needs to tell the Iranian government about this I'm sure they're going to be just as shocked as everyone else.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
C'mon, no one it their right mind thinks taking out any surface structures supporting Iran's nuclear activity is going to prevent them from building the Shi'ite Peace Maker Bomb of Allah. Neither the U.S. nor Israel thinks this is possible. All the "leaks" are just rattle Iran's cage. There's no taking out Iran's nuclear ability and everyone knows it. Everything from here on out is either attempting to delay their ability to produce their pathetic attempt at showing they aren't a bunch of Big Swinging Dicks
Re: (Score:2)
Neither the U.S. nor Israel thinks this is possible.
Why wouldn't Israel think this? They took out Saddam's surface facility, and he never got the bomb.
Re: (Score:2)
Baloney. Israel has had nuclear weapons for decades and the whole region knows it. Heck, the Israeli government has unofficially admitted it. If you're going to blame anyone for an arms race, blame Israel. Maybe we should blame the US for turning a blind eye to Israel's nuclear program. The US ambassidor to Israel during the 60's and 70's said that his job was to make sure the President didn't have to act on Israel's nuclear issue; "The President did not send me there to give him problems. He does not want
Re: (Score:2)
Re: (Score:2)
Iran has not broken the laws. They have not broken the Nuclear Non-Proliferation Treaty, and even offered to sign the additional protocols under the last President Khatami (I still blame Bush/Cheney for completely ignoring the offer). They did break their word when they said they wouldn't do anything unannounced and then went and built the Qom plant, but no laws broken. That means Israel is attacking another country illegally.
Re:Israel vs arab nukes (Score:4, Insightful)
I don't understand how a person can respect hypocrisy. Why is it ok for Israel to have nukes, but not Iran? Why is it ok for them to attack their neighbors and when anyone else does it, it's a crime?
Re: (Score:2, Informative)
There are Arab Israelis, I went drinking with a bunch of Christian Arabs in Jerusalem one night.
http://en.wikipedia.org/wiki/Arab_citizens_of_Israel [wikipedia.org]
Also met a super friendly family of Druze.
Re: (Score:2)
So it's the new craze now, trying to get news outlets to listen to you using political/racial fear mongering virus news!
It's not quite a craze yet, but it is spreading ;-)
Re: (Score:2)
I saw a video of a generator set that was tested to see if the primary safety equipment could save a generator from intentional attempts to cause damage. The youtube video of the test is still online.
http://www.youtube.com/watch?v=fJyWngDco3g [youtube.com]