Stuxnet Was Designed To Subtly Interfere With Uranium Enrichment

ceswiedler writes "Wired is reporting that the Stuxnet worm was apparently designed to subtly interfere with uranium enrichment by periodically speeding or slowing specific frequency converter drives spinning between 807Hz and 1210Hz. The goal was not to cause a major malfunction (which would be quickly noticed), but rather to degrade the quality of the enriched uranium to the point where much of it wouldn't be useful in atomic weapons. Statistics from 2009 show that the number of enriched centrifuges operational in Iran mysteriously declined from about 4,700 to about 3,900 at around the time the worm was spreading in Iran."

The problem with computer sabotage...

[Anonymous Coward]

..is that you leave one hell of a forensic trail, and so lose the inevitable propaganda war that follows your activities....

Having said that, I still welcome our variable but rapidly spinning overlords...

Re:

[alphatel]

can i haz stuxnet? [nyte.com]

Re:

[drinkypoo]

..is that you leave one hell of a forensic trail, and so lose the inevitable propaganda war that follows your activities....

That's not a drawback, it's an opportunity. You make it look like it was someone else, and then you win.

Re:

[moonbender]

What are you talking about? The problem with computer network attacks is that they don't leave much usable evidence; or at least we have no ways of using the evidence they leave. It's often referred to as the attribution problem.

Re:

[daem0n1x]

is as stupid and short sighted as can possibly be.

No problem. It's just US foreign policy as usual.

Re:

[azalin]

Either make sure it doesn't spread to place where people would notice or have so many possibly targets it can't be traced to one specific mission.

Re:The problem with computer sabotage...

[kestasjk]

1) You can't write a virus that will spread only along the specific route that leads to a target, and even if you could that doesn't guarantee it wouldn't get noticed.

2) You can't write a virus that targets so many industrial systems that the one you're really targeting gets lost among the others, for economical, ethical and practical reasons.

3) Why would they care about the public finding out? They were very careful to make sure it wasn't found for as long as possible, but once the Iranians know about it why would they care who else knows about it?

Re:The problem with computer sabotage...

[Anonymous Coward]

"...3) Why would they care about the public finding out? They were very careful to make sure it wasn't found for as long as possible, but once the Iranians know about it why would they care who else knows about it?..."

Because international affairs are NOT like a Hollywood action film, where the hero blows the villain up in the last 15 minutes of action, and then rides off happily into the sunset with the girl. In real life actions have results. Look at the state the US got into on the international scene when all the stories about deception and torture in Iraq started coming out. Don't you think that the Iranians will present this as an act of war, and use it in every diplomatic conference for the next 20 years?

Re:The problem with computer sabotage...

[khallow]

Because international affairs are NOT like a Hollywood action film, where the hero blows the villain up in the last 15 minutes of action, and then rides off happily into the sunset with the girl. In real life actions have results. Look at the state the US got into on the international scene when all the stories about deception and torture in Iraq started coming out. Don't you think that the Iranians will present this as an act of war, and use it in every diplomatic conference for the next 20 years?

As I see it, if Iran whines about this in a diplomatic conference, they'll be laughed out of the room, not only because they don't know who did it, not only because it indicates great sloppiness on the part of the Iranians military program, but because the only people outside of Iran who will care will only be concerned that the sabotage wasn't more effective.

Re:

[vadim_t]

The others can laugh all they want, but the point of a diplomatic conference is negotiating agreements between parties. If you keep laughing at one of the parties it may well decide not to give you what you want.

Re:

[khallow]

The others can laugh all they want, but the point of a diplomatic conference is negotiating agreements between parties. If you keep laughing at one of the parties it may well decide not to give you what you want.

That's ok. They don't get what they want either, plus they'll have lowered their status in everyone else's eyes. And once they've developed nuclear weapons, they'll lose any credibility, if they keep whining about it.

Re:

[kestasjk]

You didn't answer my question/point. If the Iranians already know about it why would they care if the public know about it?

You seem to have answered why they would care that the Iranians know about it, but of course the Iranians are going to become aware of an attack on their systems eventually. So given that Iranians will know about it why would the attackers care if the general public also knows?

Re:

[aliquis]

Installed IE6 in the process. THAT WOULD HAD SHOWN THEM!

Re:

[Anonymous Coward]

What would've you done differently?

Oh, how about sitting down and just talking with them?

Maybe we could do something, get something accomplished.

Like, say, peace in our time.

Re:

[TheKidWho]

Thousands of years of human history say no.

Re:The problem with computer sabotage...

[El Torico]

I'm not sure if you're trying to be funny or are just hopelessly naive. You used the phrase "peace in our time" which is very close to what Neville Chamberlain said after allowing Hitler to annex the Sudetenland.

Well that just leaves one question

[Chrisq]

Well that just leaves one question: Was it the Jews or the Yanks?

Re:

[Skrapion]

Was it the Jews or the Yanks?

Clearly it's the answer to the Manhattan Project: it's called the Lower East Side Project?

probably the commies

[Trepidity]

They're ideologically opposed to enrichment.

Re:

[Malc]

Or was it one of their competitors trying to stir the pot?

There are many (more interesting) questions left

[kestasjk]

• It contains code written in Visual Studio 2005 and 2008, compiled long times apart.
• It required the theft of two digital certificates from offices of electronics manufacturers in Korea.
• It would have needed a lot of expertise on a very particular type of industrial controller.
• It is found most widely in Iran, and has countdown timer to reduce the spread of infected machines, so was probably launched there (and I can't imagine it's easy to hop over on a plane from Israel to drop off a bunch of infected thumbdrives in Iranian offices)

On the other hand the project name was apparently "myrtus", an east-Mediterranean flower, and a hard-coded value for the disable-flag was the date of an atrocity Iranians perpetrated against some Jews (I can't remember the details off-hand, but it's all in Symantec's fascinating report)

It's all totally speculative of course, and probably the least technically interesting thing about this worm is the question of the author. But even besides that the effort and diverse skillsets that must have gone into this thing I feel somehow diminishes the importance of asking "was it country A or B?"


If you think the only question left is was it Yanks or Jews here's a couple that I would raise:
Is there a lesson here about putting too much faith in signed drivers? How about asking what SCADA systems closer to home might be vulnerable? If this thing hadn't been so picky about which controllers it altered what could it have done?

Re:

[AHuxley]

Who cares? At least this kind of thing is bloodless ...
We know this code is safe running on MS?
We know some overrun or faulty system or version beta hack wont be seen by the next version of this code as the target?
Why should 'some' countries get to flood the world with factory/system destroying code?
In the cold war every country backed by the KGB and CIA got to send out 'gifts' to troublesome exiles.
Why should we risk massive disruptions on MS quality code and some states skills to write "bloodless"

This story

[Anonymous Coward]

This story made my head spin. Slowly at first, but then faster, than slower again.

Re:This story

[BeardedChimp]

Yeah this story is total bullshit, it is almost entirely spin.

frequency converter drives ?

[viralMeme]

What do these frequency converter drives actually do in relation to uranium enrichment?

Re:frequency converter drives ?

[dattaway]

AC motors require these drives to get their speed. 60Hz would be about 1800 or 3600 rpm, depending how its wound. Most industrial drives can be programmed for 400Hz, which will spin the armature quite fast. Enrichment is like spinning glassware on a dentist's drill. Those frequencies at that high of voltage (480 volts typical) has a very high switching rate that requires exotic transistor designs. Given that these controllers aren't very common, say for a juice mixer, they can be tracked and sabotaged by the distributor quite easily.

Re:

[BZ]

In 1944 they used a three-stage process involving several very large facilities; the tail end of http://en.wikipedia.org/wiki/S-50_(Manhattan_Project) [wikipedia.org] has details and links.

The interesting part is that setting up that sort of process would make it very difficult to claim you're just interested in power generation... Reactor-grade uranium is a few percent (3-4 according to http://en.wikipedia.org/wiki/Enriched_uranium [wikipedia.org]) U-235; weapons-grade is closer to 80+% U-235 (85% for Little Boy according to the first l

Re:

[jeyk]

They control the speed of the centrifuges that extract the enriched uranium. From TFA:

Stuxnet targets specific frequency converter drives — power supplies that are used to control the speed of a device, such as a motor.

[...] the centrifuges need to spin at a precise speed for long periods of time in order to extract the pure uranium. If those centrifuges stop to spin at that high speed, then it can disrupt the process of isolating the heavier isotopes in those centrifuges . . . and the final grade of uranium you would get out would be a lower quality.

Too good to be true.

[johncadengo]

Can't wait for the movie adaptation. I heard they got a book in the works too???

Re:Too good to be true.

[Ihmhi]

Hackers 4: One Half-Life To Live

Starring Shia LeBeouf, Robert Pattinson, Michael Cera, Nicole "Snooki" Polizzi, and Megan Fox

Re:

[kestasjk]

Yeah; a bunch of software developers and reverse engineers working in an office on a worm for a few months, then they launch it (probably by scattering a few USB dongles around or something), it spreads to Iran and reduces their enrichment capacity before they start slowly clearing up the mess, allowing another year of tedious negotiations in the UN. It'll be huge.

Re:

[kestasjk]

Seriously though from a technical standpoint it is fascinating, but it is heart wrenching to come to slashdot and just see "hmm I think Botswana did it!! they use coal and see nuclear as a threat" "no no no it was yugoslavian seperatists!!"

I don't know whats more worrying...

[Viol8]

... the emergence of this type of worm or the fact that a consumer OS as security poor as Windows is being used in nuclear plants. And no, I don't think Linux or OS/X would be much of an improvement. OpenBSD maybe. But surely for operations such as this where a fault really could lead to numerous people dying in unpleasent ways a tested, secure real time OS from somewhere like Green Hills would be used? OK , in Iran I realise this wouldn't be possible but Windows isn't just used over there in important industrial applications.

You wouldn't want Windows (or Linux or OS/X) flying your Airbus so why the hell do people think its ok to run indistrial sites with it??

Re:

[vegiVamp]

I seem to recall we have DOS flying space shuttles.

Re:

[Viol8]

I don't know if thats true or not, but astronauts are fully aware of the risks they're taking when they sign up. People who live within a few miles of a high risk industrial or nuclear plant didn't sign up for anything.

Re:

[vegiVamp]

Depends on wether they or the plant was there first.

Re:

[AJWM]

I seem to recall we have DOS flying space shuttles.

Then you recall wrongly. The Shuttle flight computers have their own OS (actually two of them; the fifth of the five parallel computers runs a totally different software set, as an emergency backup in case of a systemic software problem with the main four). The machine architecture isn't compatible with what most people think of as DOS. (It might be a DOS, but it sure isn't MS-DOS or DOS/360 or any of the other off-the-shelf disc operating systems that h

Re:I don't know whats more worrying...

[Viol8]

Well thats ok then. as long as its only CONTROLLED by it. Perhaps we should put Windows in avionic packages then, after all, it will only CONTROL the flaps and engines. Would could possibly go wrong?

Comment removed

[account_deleted]

Comment removed based on user account deletion

And that....

[balaband]

....is how Shai Hulud was born.

well

[Charliemopps]

hey, it's better than an invasion right? I'm sure Symantec are happy with themselves discovering this, but I hope the realize that if Iran hadn't already figured it out, Symantec just informed them, and brought them a little closer to getting the shit bombed out of them by either the US or Israel.

More details

[jimmyswimmy]

There's a lot more detail in the symantec virus "dossier" [symantec.com]. A very interesting and detailed read.

Re:

[tayhimself]

http://spectrum.ieee.org/podcast/telecom/security/how-stuxnet-is-rewriting-the-cyberterrorism-playbook [ieee.org] has a good overview published a month ago.

I dont see the downside to stuxnet

[voss]

It cost no lives, it significantly slowed down a fanatical dictators quest for the nuclear bomb and didnt require military action,
the sacrifice of american troops or billions of dollars spent.

I'm putting my money on Pakistan

[anss123]

Why not? They know they'll never get the blame.

Lies, damn lies and speculation.

Every country, and a lot of corps could do this

[OeLeWaPpErKe]

The sad thing is just about every country has the resources to do this. Siemens is based in Belgium too, so why couldn't it be Belgium ? I wonder what kinds of problems even a country like Luxenbourg would encounter in doing this. All it takes is budget, hiring a few capable Siemens engineers and throwing a few millions at it. Hell, a lot of publicly traded companies could do this by themselves.

So at the very least, every single country could do it. It would probably be the easiest to do for Iran itself, ha

Re:

[Amorymeltzer]

I'm with you 90% of the way but you can't criticize racism yet say we should sabotage "all muslim countries in general", you really can't. Iran may be a dark place, practicing Islam, but Islam didn't make it that way and their flavor isn't representative of the religion as a whole.

Re:Every country, and a lot of corps could do this

[mlts]

The key here is knowledge. The knowledge to write Stuxnet is extremely hard to get (the holes in operating systems, the ability to jump from Windows to SCADA systems, knowing what speed the uranium was spinning), but this may not be impossible for someone who has a lot of connections, perhaps someone whose family has nuclear process engineers.

There are a lot of people and organizations who don't like either Iran or Israel, and who would happily eat popcorn as both countries went to war with each other. It could be a guy in someone's basement who gets amusement from it the same way someone gets amusement from cracking root and rm-ing / on a university system.

Re:

[chrb]

more people should sabotage countries like Iran, or all muslim countries in general, for the simple reason that their handling of minorities can only be described as "genocidal".

Iran's proud but discreet Jews: [bbc.co.uk] "the father of Iran's revolution, Imam Khomeini, recognised Jews as a religious minority that should be protected." "Imam Khomeini made a distinction between Jews and Zionists and he supported us," says [Jewish community leader] Mr Hammami."

Persian Jews: [wikipedia.org] "Jews are protected in the Iranian constitution."

Righteous Among the Nations: Muslims Who Saved Jews from Holocaust: [huffingtonpost.com] "The Righteous Among Nations are gentile rescuers who make up 'a small minority who mustered extraordinary

Re:Resources, will, and motive

[Chrisq]

There are only two nations with the resources, will, and motive to attack Iran's nuclear ambitions in this way: America and Israel.

It figures that hegemony would lead either state to such an antagonistic stance.

While I agree that they are teh most likely candidates, I think Russia and China would be quite capable of doing this too if they turned their mind to it. Probably the UK, France, Gremany and maybe India. All have both nuclear and computer technology

Re:

[mikael_j]

I'm pretty sure there are others that have the capability as well.

Re:

[dunkelfalke]

What exactly seems to be so difficult in understanding the words "will and motive"?

Re:

[Anonymous Coward]

It is not difficult to understand the words "will or motive". What is difficult is understanding what the motive and will is of every county/faction in the world that is capable of somthing like this. Are you saying you understand the movtive of ecery faction in China?

Re:Resources, will, and motive

[dpilot]

It's equally likely neither Russia nor China would be very happy to see a nuclear Iran, but not want to be visibly seen discouraging them on the international stage. Stuxnet, lets either of them slow Iran's nuclear program, test a new concept of warfare, and leave the US and Israel holding the bad as "most likely." For them it's a win-win-win. Beyond that, intelligence orgainizations in the West now have a small taste of what someone else can do. It's going to keep the West in knots for a few years, hardening against "the last threat," while they've got the next threat now, and are working on the one beyond that.

Re:Resources, will, and motive

[sigxcpu]

I concur,
Also note that whoever wrote the virus had very specific knowledge of the target.
It would only act if more than 33 devices of one of two manufacturers were linked to one controller.
It would act one way if the majority of the devices were from one manufacturer and do something else if there were from the other kind.
I would guess that someone that worked there or someone that supplied parts to the project had a major hand in this.
My guess would be that this is at least to some extent an inside job.

Re:

[marcello_dl]

hmmmmm but with this episode you risk an escalation between Iran and Israel/US, which may move. And then you have to come to the defense of Iran or lose even that country to westerners. And then you have problem with westerners.

Unless of course you have a plan like this: you have everything blowing up and stupid sheep dies while the powerful have their bunkers with their seeds and their patents, their anti radiation therapy, some years later they come out as gods for the cavemen that somehow survived.
A pret

Re:

[Nyder]

It's equally likely neither Russia nor China would be very happy to see a nuclear Iran, but not want to be visibly seen discouraging them on the international stage. Stuxnet, lets either of them slow Iran's nuclear program, test a new concept of warfare, and leave the US and Israel holding the bad as "most likely." For them it's a win-win-win. Beyond that, intelligence orgainizations in the West now have a small taste of what someone else can do. It's going to keep the West in knots for a few years, hardening against "the last threat," while they've got the next threat now, and are working on the one beyond that.

i don't think russia cares, seeing as it helped get it working.

http://en.wikipedia.org/wiki/Bushehr_Nuclear_Power_Plant [wikipedia.org]

Re:

[dpilot]

And of course "Russia" is a giant monolithic thing, with a single motivation and mindset. Just like the US, IBM, or Microsoft.

Re:

[ScentCone]

It's going to keep the West in knots for a few years, hardening against "the last threat," while they've got the next threat now, and are working on the one beyond that.

You know, people always say that, but what happens if you don't harden against the last threat? It gets used on you again, that's what. Just because if was the last threat doesn't mean that a bad guy isn't going to contemplate using it, should he see the vulnerability. Just because ID thefts over the internet are a fashionable new crime d

Re:

[mevets]

I vote for Iceland. They would like to embarrass Iran for giving I-countries such a bad name, during an era when I-anything sells like, well, ipods. Iceland don't want to tip anybody off to their Dr Evil-like powers.

Iceland wrote the malware, then re-implemented it to look like russian code disguised as israeli-american viruses and dispatched it under cover of the last volcanic cycle. Crafty bastards.

Re:

[Anne Honime]

Don't forget the Russian federation, which have a huge interest in selling enriched uranium they produce already.

Re:

[kestasjk]

Uranium enriched to levels needed for use in power-plants is really cheap (much cheaper than coal per unit of energy it contains, it's just the nuclear plant that's very expensive).

And it's not like Stuxnet was ever going to make Iran give up on enriching uranium and decide to buy from Russia anyway.

Re:Resources, will, and motive

[silanea]

I would not rule out Russia or China. Both have no interest in a strong Iran but every interest in an Iran that appears strong, since this ties and diverts US and Israeli attention and resources. It also sets a "benchmark" of aggression; as long as esp. China is less of a threat that Iran it can get away with quite a lot, barely noticed. A perceived Iranian nuclear threat can then also serve as justification for building missile defense systems and implementing other military measures that would previously have set off tensions with the Western nuclear powers.

A simple case of cui bono?.

Re:Resources, will, and motive

[kestasjk]

I would not rule out Russia or China. Both have no interest in a strong Iran but every interest in an Iran that appears strong, since this ties and diverts US and Israeli attention and resources. It also sets a "benchmark" of aggression; as long as esp. China is less of a threat that Iran it can get away with quite a lot, barely noticed. A perceived Iranian nuclear threat can then also serve as justification for building missile defense systems and implementing other military measures that would previously have set off tensions with the Western nuclear powers.

A simple case of cui bono?.

Ugh.. This assumes that

• Intelligence agencies will ignore other superpowers because they are distracted by Iran,
• That continuing to enrich uranium is somehow more aggressive than ships sunk by North Korea, hostages taken by Somalian pirates, economic wars by China over a prisoner taken by Japan from a disputed island, etc, etc, etc
• That Russia or China are smart enough to set this intricate double-trap just so that they can raise the "benchmark of aggression" but that other powers aren't smart enough to just continue to monitor other powers as always,
• That China and Russia are secretly using Iran as a reason to build controversial missile defense systems when until recently that's exactly what the US was going do openly,
• And that by launching this attack they are somehow keeping Iran weak while it still looks strong, when Iran's enrichment facilities are the subject of such intense scrutiny that when the attack occurred the "weakening" of Iran was apparent long before anyone in the public even knew of the attack

I am just at a loss.. It really is like each response after the next is competing to think of a more convoluted, absurd way that someone you don't suspect could be involved in it.
I fully expect to scroll down and see some justification for why it's internal industrial sabotage of one Siemens subdivision versus another, or Iran launching it against themselves to get international sympathy.

Re:Resources, will, and motive

[TapeCutter]

"It really is like each response after the next is competing to think of a more convoluted, absurd way that someone you don't suspect could be involved in it."

It was Boris in the library with a commodore 64.

Re:

[Combatso]

someone you don't suspect could be involved in it.

like the spanish inquis..... nevermind, im above that

Re:

[MacGyver2210]

"economic wars by China over a prisoner taken by Japan from a disputed island, etc"

If you mean Senkaku, they are firmly in Japanese control China can dispute it all they want, but they don't own the islands in any sense.

Also, the 'prisoner taken by Japan' was the captain of a boat that rammed two Japan Coast Guard ships. In retaliation, China took four hostages for 'trespassing' where there was no posting. Basically, they snatched these four and said "You can't have them back until we get our guy back." The

Re:Resources, will, and motive

[kestasjk]

"economic wars by China over a prisoner taken by Japan from a disputed island, etc"

If you mean Senkaku, they are firmly in Japanese control China can dispute it all they want, but they don't own the islands in any sense.

I didn't say they owned the islands in any sense, I said they are disputed.

I do not think for one second that China is capable of something so robust and intricate.

That leaves pretty much the US or Russia. As Russia is the hacker capital of the world, I would put my money on them. Even the US government is too bumbling to ever get something like this right.

Yes the Chinese aren't robust or intricate, and the US is bumbling, but don't Russians drink vodka?
And the UK are too gentlemanly, and Africans don't have computers, so that's them out of the equation.

Damn, who in this world of stereotypes and ignorance could have done it?

Re:

[silanea]

I am just at a loss.. It really is like each response after the next is competing to think of a more convoluted, absurd way that someone you don't suspect could be involved in it.

I did not say it is likely. I said I would not rule it out. You take it for granted that

1. Western agencies do not drop their guard and
2. Western politicians in charge of setting public policy actually listen to those agencies; and
3. the Russians and/or Chinese believe this, too, and therefore would not undertake such a risky gamble.

In the case at hand I would consider the most obvious suspects, but not rule out other possibilities. In general I am afraid that you give people too much credit. During the Cold War

Re:

[notaspy]

You're going to love the Belgium theory.

Re:

[maxwell demon]

i would rule out russia - because russians were involved in building Busher's nuclear power plant, and they'd have no interest sabotaging something they are responsible to complete by the contract terms...

But according to TFA, the target wasn't Bushehr's nuclear power plant, but the Natanz nuclear facilities. Unless Russia was involved there, too, that makes your argument moot.

Re:

[Charliemopps]

"Symantec still has not determined what specific facility or type of facility Stuxnet targeted, but the new information lends weight to speculation that Stuxnet was targeting the Bushehr or Natanz nuclear facilities in Iran as a means to sabotage Iran’s nascent nuclear program. "

Re:Resources, will, and motive

[Ihmhi]

[Hypothetical Russian Contractor]:"Well, this Stuxnet worm is nasty stuff, so obviously it's going to cost a lot of money for us to clean it up. Of course, an event like this was not covered in our contract so we will need additional funding to proceed."

Yeah, what motivation could Russia possibly have?

Re:

[kestasjk]

[Hypothetical Russian Contractor]:"Well, this styrofoam someone threw in the reactor 3 months before launch is nasty stuff, and will cost a lot of your precious Iranian dollars to fix. (Thank goodness we thought of that before we wrote the most complex worm ever written. With the Iranian maintenance and repair fees Russia can finally conquer the world!)"

Re:

[peragrin]

Actually I would suspect Russia. They are the ones who loses out selling iran nuclear fuel when iran produces it's own.

Combine that with the fact that someone had to get detailed information about what hardware was present at those plants and the USA, isn't really welcomed there. Don't forget that Russia has lots of hackers, and whomever just test fired a weaponized hack.

Re:

[Errol backfiring]

And a few thousand private lunatics at least.

Re:

[maxwell demon]

Is there any proof that the virus indeed runs on the facility? Is there any proof that the nuclear incident really did take place? Is there any proof that the number of operational centrifuges really went down (as opposed to e.g. bringing the "defect" centrifuges to a secret place, so even if the original place was physically attacked, they could continue with enrichment)?

Maybe it was the Iranian intelligence which created StuxNet (and in that case probably also a special protection system making sure it ne

Re:

[Chrisq]

Is there any proof that the virus indeed runs on the facility? Is there any proof that the nuclear incident really did take place? Is there any proof that the number of operational centrifuges really went down (as opposed to e.g. bringing the "defect" centrifuges to a secret place, so even if the original place was physically attacked, they could continue with enrichment)?

Maybe it was the Iranian intelligence which created StuxNet (and in that case probably also a special protection system making sure it never hits its "target") in order to make everyone in the world think they are far behind in their nuclear program (and to have a plausible explanation for the reduction of operational centrifuges, so no one gets the idea to look for them elsewhere)?

And maybe George Bush ordered the 9/11 attacks...

Iran did it

[mangu]

Their experimental uranium enrichment wasn't working as expected, so the scientists invented this virus in order to shift the blame.

Re:

[Yvanhoe]

Don't make me laugh. It does take a budget to launch such an attack, but a small one, probably in the 500k - 1M range (2 zero day to buy and one stolen certificate + a few days of development). There are thousands of organizations with that much resources, and Iran isn't loved by many people.

Re:

[gl4ss]

hard part would be to actually know what to target and for that you'd need to have some understanding of what technology they're using in iran. pretty deep understanding as it turns out.

I don't think this was bought with 'just money', before even thinking up the original idea for this you'd already would have had to be somehow in the know what they've based their plant automation on.

Resources??? Like.. a laptop???

[brunes69]

I am with you on the will and motive part, but the "resources" it takes to make a virus like this and unleash it into the wild in the middle east is probably $20K-$100K tops.

Even if you wanted to TEST it, you don't need nuclear weapons to do so, all you need is access to enrichment equipment, which most countries that have nuclear plants have. Basically any country in the Western would could have done this, so could India, Japan, Pakistan, AU, Brazil, the list goes on and on.

But like you said, only Israel

Re:

[ArcherB]

There are only two nations with the resources, will, and motive to attack Iran's nuclear ambitions in this way: America and Israel.

It figures that hegemony would lead either state to such an antagonistic stance.

You forgot all or Europe, India, and much of the Arab world. Very few want to see a nuclear Iran. For that matter no one wants to see any country in that area of the world become a nuclear power. The US and Israel are the only ones who are not too pansy to say anything about it.

Re:

[gtall]

Yep, it would certainly be a good thing if the U.S. and Israel stopped trying to stop Iran from building a bomb so the rest of the mid-east and s. asia can get on with the job of arming themselves with nuclear weapons. They have very stable societies and well-adjusted governments.

Re:Resources, will, and motive

[ciderbrew]

Budget cuts in Britain would put a stop to that sort of thing. We can't even get a James Bond film off the ground with American money!

Re:

[ledow]

Thank God, if it keeps Daniel Craig off the screen. I think I'd much rather we spent our money on viruses than an actor so wooden that he must worry about termites.

Re:

[GameboyRMH]

He's a "gritty reboot" James Bond, he's supposed to be wooden! :P

Re:

[AndGodSed]

In Britain it would not get off the ground due to bureaucracy, in Germany it would cause endless voting and opting out a-la google streetview and given France's military history they would probably end up infecting their own systems and losing control. Then, they would surrender to themselves.

Re:

[maxwell demon]

But the specificity means you need a lot of information about your target. You must know what the targeted facility looks like, and what can be used to distinguish it from other facilities. So the question is: Who did have that information at the time Stuxnet was written?

Re:Resources, will, and motive

[makomk]

I doubt that you would really need that many resources to do something like this.

Aside from the problem that maxwell demon points out with the huge amount of secret internal information required, the attackers also obtained and used several zero-day vulnerabilities and driver signing certificates from two different hardware manufacturers. That's hardly trivial.

Re:

[gl4ss]

it's hard yes and needs you to have the right connections, but it's hardly something that is much in the way of 'resources' - money or materials isn't the key there.

I'd look for someone who worked in the supply chain and was unhappy about what he was involved with. that would've been the safest route for the attacker too, to not get others involved.

Re:

[makomk]

it's hard yes and needs you to have the right connections, but it's hardly something that is much in the way of 'resources' - money or materials isn't the key there.

The thing is, in this case having the right connections is a big deal. Remember, we're talking about having access to someone inside the ultra-secretive Iranian enrichment program who's willing to leak information that could get them killed. On top of that, you need people inside Realtek and the other hardware company willing to risk going to jail by leaking company secrets or someone able to break into the companies without getting caught.

Then in order to make use of this, you need some zero-day vulnerabil

Re:BS

[SandFrog]

So, are we talking Stuxnet, or Iocane powder?

Re:BS

[PatPending]

You fell victim to one of the classic blunders - The most famous of which is "never get involved in a land war in Asia" - Rizzini

And you fell victim to one of the classic blunders - the most famous of which is incorrectly attributing this quote to someone besides "Vizzini."

Re:

[Ihmhi]

Yes, we all believe it, western and/or israeli intelligence are so advanced and subtle to make a virus that reduces the quality of the enrichment. Wow, what an achievement!!

Looks like these intelligence services are so desperate to have some 'success' stories and coverage of their awesomeness in the press that they are inventing stories about a malware.

Really, everyone in Iran is worried about sneaky malwares now.

Coverage of any kind is sort of against the mission statement of an intelligence agency, wouldn't you say?

Re:Loudmouths

[oji-sama]

I would think that Iranians would have noticed their Nuclear chief's resignation (and the possible nuclear incident) themselves.

Re:

[wannabgeek]

we're in an ongoing conflict with some very nasty people.

Are you talking about Iranians, or Americans? 'cuz I'm sure the Iranians share your thoughts, just in the opposite direction.

Re:Do you want economic collapse?

[spun]

That is in no way antisemitism. It is a simple statement of fact. It does not say 'all Jews.' It does not ascribe any evil motives to them: they wish to protect their ancestral homeland, nothing wrong with that. It does not claim they control or dominate American politics, or spread any other false and malicious rumors about Jews. Who wouldn't want someone else to pay for their safety? If you can convince someone in an open and free society to pay for your defense, more power to you.

Just as an interesting aside, do you know why a lot of Christians want to protect Israel? The Jews have to be there on Judgment day. No Jews, no Jesus. And the Jews die. Evangelicals want them there to die and ensure the return of their savior.

Me, I wish them the Jews the best of luck protecting their country from the assholes surrounding them that wish them nothing but death. The kind of "Oh my God they're coming to get us!" thinking that is ridiculous bullshit when we Americans do it is absolutely true over there.

But I am DONE paying for it. I am done paying for the world's police force. The world doesn't need that many cops, and someone else can take a turn anyway.

Re:

[demonlapin]

do you know why a lot of Christians want to protect Israel? The Jews have to be there on Judgment day. No Jews, no Jesus. And the Jews die. Evangelicals want them there to die and ensure the return of their savior.

I've seen this bandied about, but it's really not a common viewpoint. I grew up around evangelical Christians. I'm surrounded by them at work. I went to a Christian elementary school that featured more explicit religious instruction than my wife's Catholic elementary school. (For those who know, they used A Beka books - you learn to diagram sentences such as "God does wonderful things for us every day.") And I've never heard that view expressed. I have heard some generic anti-Muslim sentiment - the enemy of

Re:

[DavidTC]

I actually entirely agree with you, but you shouldn't present it that way, as it will be taken as antisemitism, and isn't fair to ascribe to 'Jews'. Jews in the US are actually mostly on the left, and antiwar.

This mistaken belief that 'Jews' support Israel doing whatever it wants is due to the Israeli lobby in US, which like to claim that all Jews think the way it does. Which isn't true in the US or Israeli.

Most Jews, in both the US and Israel, are nowhere near as hostile to Muslim countries as the Israel