Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Security Worms

Anonymous Claims Possession of Stuxnet Worm 234

An anonymous reader writes "Last night, a member of hacker group Anonymous announced on Twitter that the group was in possession of the Stuxnet worm. Recently, Anonymous has been in the news for its high profile attacks on software security firm HBGary, after Aaron Barr, the CEO of HBGary's sister firm HBGary Federal, claimed to have acquired the names of senior Anonymous members and threatened to release them to the public. This is where the possibility for Anonymous getting its hands on Stuxnet increases."
This discussion has been archived. No new comments can be posted.

Anonymous Claims Possession of Stuxnet Worm

Comments Filter:
  • by thomasdz ( 178114 ) on Sunday February 13, 2011 @09:39AM (#35192092)

    Yeah, so? I have a copy of the Code Red and Nimda somewhere in my office. Am I dangerous? No. Because they are known viruses and the holes the exploits used have been patched shut now.

    • Re: (Score:3, Funny)

      by alphatel ( 1450715 ) *
      But are you code red reseller? Anonymous is now an official Stuxnet Gold affiliate [nyte.com]
    • I'd have thought the real danger would be of Anonymous using the virus to discover-- or perhaps to claim to have discovered-- the origin of the Stuxnet virus, or information about what was being planned with Stuxnet by those Anonymous obtained it from.

  • Is Anonymous planning to deploy Stuxnet on, um, hacked sites? Stuxnet is really bad for people who tend to collect centrifuges, but it's just another virus when it comes to people with PC's. Doesn't every AV application check for this yet?
  • by Anonymous Coward

    it's been available for ages.

    It's a great PR move by Anon in that it's garners a stack of press due to the combinations of:

    "shadowy hackers"
    "stuxnet"

    Well played anon.

    What is actually more significant is the upcoming http://anonleaks.ru
    The potential for them to claim the popular mindshare that wikileaks has had is very real.
    None of the other groups have managed (openleaks, crowdleaks, abcleaks, xyzleaks, 123leaks, etc etc etc).

    • "The potential for them to claim the popular mindshare that wikileaks has had is very real."
      Really? I'd have thought that, given your last sentence, it's less so. To your average person anon is a bunch of kids DDoSing websites, and I'm not sure they're viewed in any better light in techy circles. I really don't see what anon has done to build up confidence in the sort of trust you'd need to be a successful *leaks.

      To over-stretch the military analogy, they're much more the light infantry than the intell
      • by lennier ( 44736 )

        To over-stretch the military analogy, they're much more the light infantry than the intelligence corps.

        I would have thought 'the crazed LSD freak tossing live frag grenades into the barracks at random between shooting own toes with shotgun' would have been a more appropriate analogy. Has Anonymous ever actually done *anything* constructive and useful, or do they just create mayhem?

      • by muridae ( 966931 )
        That a security leak is usually a person who thinks that the information they have is being misused, or that the public is being mislead, and is more likely to not see things the same way the average person does. Anon, having just taken on the FBI, a record of speaking out against CoS, and an aura of anarchy makes them a visible place to leak information. Remember, a security leak wants the information they have to be seen and Anon offers a very tempting public face; even if that face is just a mask.
    • by hey! ( 33014 ) on Sunday February 13, 2011 @10:51AM (#35192454) Homepage Journal

      "shadowy hackers"

      With each passing year of hacking I've become so increasingly shadowy that by now I'm not just *shadowy*, I'm positively *shady*. On summer days people position themselves so that I'm between them and the sun.

      I prefer to think of myself as "attractive". When my daughter entered the science fair, I used my attractiveness to help her win. Her rival was explaining the Cavendish experiment, but I sabotaged his demonstration by standing next to the apparatus.

      Some people say I'm self centered. They say I've lost touch with the outside world. But look at it from my point of view: I've been hacking so many years that my arms are now shorter than my Schwartzchild radius. I'm not fat, though. They say if you're not fat if you can see your feet. Thank $deity for gravitational lensing.

    • by c0lo ( 1497653 )

      it's been available for ages.

      Even HBGary has had one. I'm surprised that everybody concentrates on "What Anons would be able to do with it" rather than "How the Anons got their copy".

      The article quoted by TFA [forbes.com]:

      A source from Anonymous says that most of the new e-mails from Hoglund are still unchecked and it is unclear who will be most liable when the information is made public, but added that briefly skimming the emails had revealed “three different malware archives, two bots, an offer to sell a botnet, a genuine stuxnet copy, and various malware lists.” Not entirely surprising given that HBGary is a security firm, but the source speculates that botnets aren’t typically rented out for “research.”

  • Anonymous found out who produced the stuxnet worm, and the other parties are trying to threaten anonymous to keep silent ...
  • Same Anonymous? (Score:2, Insightful)

    by Ynot_82 ( 1023749 )

    This can't be the same Anonymous (off-shoot of 4chan) that thinks writing an aggressive Windows GUI ping program is "hacking"

    Some proper organised crime group has usurped the name, surely.

    "Hey, we announce ourselves as Anonymous, then all these script kiddies, who just DOS websites and leave blazingly obvious trails for authorities to follow, get sent down for our criminal deeds"

    • This can't be the same Anonymous (off-shoot of 4chan) that thinks writing an aggressive Windows GUI ping program is "hacking"

      I always thought it was the media who came up with that in order to try to explain to Neanderthals what a DDOS is.

      Now I wonder who came up with "Hacktivism"

    • by JamesP ( 688957 )

      ... that thinks writing an aggressive Windows GUI ping program is "hacking"

      Well, I thought that was brilliant.

      A non-anonymizing DoS program flooding big names with identifiable aggressor information;

      lamer magnet

    • Anonymous' reputation for quality has been sullied, eroding its brand equity! Heads will roll at its corporate headquarters!
    • by Dan541 ( 1032000 )

      Aren't all criminals anonymous? At least the ones who get away with it.

  • That's like having possession of the ultimate supervirus, which will KILL ALL HUMANS who have blond hair, brown eyes, a beard, and a vagina.
    The thing is so damned specific it's useless.

  • by mseeger ( 40923 ) on Sunday February 13, 2011 @10:14AM (#35192234)

    In other news: Iran claims posession of the Stuxnet virus as well

  • They could have the source or not, the vulnerabilities that it used to spread could have been patched already (starting with the disabled autorun). Was safe to spread it at the very start because the specific hardware for that payload wasnt very used afaik, and all the techniques that it used to hide itself should now known by security products vendors.

    So, it will should be able to damage only the windows users without updates nor running antivirus? Is the target of this announcement people that can't tel

  • by AftanGustur ( 7715 ) on Sunday February 13, 2011 @10:18AM (#35192262) Homepage
    This has to be one of the dumbest posts on /. since I started reading it (and that was a loooong time ago)

    Anyone can get a copy of the Stuxnet worm, just create an account on the right security forums and download a copy.

    • The quality of the articles really has been in the toilet lately, and Slashdot's editorializing is more sensational than ever. Just look at another one of today's headlines: "Two Huge Holes In the Sun Spotted".

      This nonsense is ridiculous, immature, and intellectually insulting. It's getting to the point where I only check the site out of habit, and because it has a decent rank on my awesomebar. This can't last.

  • That's the most hilarious thing I've read in a while!

    • That's the most hilarious thing I've read in a while!

      I read your comment and immediately looked below the text for the "LIKE" button.

  • by SmallFurryCreature ( 593017 ) on Sunday February 13, 2011 @10:23AM (#35192292) Journal

    If you are talking about the Anonymous from 4chan, then there isn't any group like that. That implies to much organisation, a hierachy, an organization.

    The idea originally was related but NOT the same to "I am Spartacus". And many people don't even understand that statement.

    The "I am Spartacus" statement is this: "I hereby declare that I am the person you are seeking and accept all responsibility for my actions." If you state this, you BECOME Spartacus, you are it and LOOSE yourself with it. You can't say, "I smallfurrycreature represent Spartacus", you surrender yourself to the cause and become it. In the movie, the people all nailed up, are ALL Spartacus and by doing so the idea of Spartacus if not the person becomes invincible. No matter how many Spartacusses you nail to a cross, there is always one more just around the corner. It is the undying hero, the person dies but the idea goes on.

    This doesn't sit well with our individual culture.

    Anonymous takes this even further, if people understood it. You cannot state "I am Anonymous" for this is silly. The moment you tie yourself to this concept, you are no longer anonymous. You can speak with a thousand voices, you can at best be one voice representing a thousand but never a thousand. You cannot be anonymous only be a non-significant part of it.

    The real idea behind it all on 4chan was to give a name to the movements/actions that were observed. It is like watching the migration patterns of animals and calling them Bob. Just because it now sounds like a person doesn't mean that a wildebeast migrating represents Bob or is controlled by the motives of Bob.

    Does any of this rant matter

    Yes. The Muslim brotherhood, are they the protesters in Egypt? Some western "news" stations would have you believe this. BUT this has NOT been an Islamic revolution. It might or might not become one but the protests where NOT guiden or orchastrated by them... some PROTESTERS might have been but not the "protest". It can be hard to grasp the difference. It is the difference between the resentment of the masses and individual grievances. Same as the protests in Tunesia were not about a closed vegetable stand or in Egypt about the beating of a youth or in France about cake or in the USA about tea.

    Anonymous is not a group that exists on 4chan in /b/. If anything it is the behavior of individual but unknown people who use the web to do something in a minimally organised way to have a far reaching effect. It is the mob effect on the internet.

    That means that there is no point in ousting its leaders. You can get the leaders of one mob and might even be cheered for that by the mob next to it. Anonymous cheers cat killers and hunts them down. It is not a singleton, it is a class. You can spawn things from it but almost by its nature, the moment you do that is ceases to be the idea and it becomes Anonymous XYZ the group.

    Anonymous doesn't have its hands on anything and has its hands on everything because we can all be Anonymous and we all aren't.

    But media doesn't grasp that since they need to put a face to the name. But ultimately this means that Anonymous will just get more legenday. Strike one group down and another will take its place. Just as killing a few hundreds protestors, and arresting/torturing far more, did NOTHING to stop the protest in Egypt. Or killing all the buffalo stopped Bob.

    • by hoshino ( 790390 )

      In reality, there are multiple independent groups acting under the banner of Anonymous, along with a much larger group of passive participants who identify themselves with the cause. One of the most prominent and active groups runs the anonops.ru IRC server and these are the ones who are/were at war with HBGary Federal. Sure, they are not that structured or organized, but they clearly exist as an independent sub-group of the "Anonymous" movement. Aaron Barr tried to identify them and supposedly almost came

    • There is no Cabal, I say!


      PS. I think saying "This doesn't sit well with our illusory individual culture." would be somewhat more accurate, BTW.

      And I can't help but wonder how similar all those revolutions ultimately might be... in past examples - whatever ideologically-guided people like to believe (and would like you to believe) - economic reasons were the major motivation for uprisings behind the Iron Curtain, for movements of the 80s. Ordinary people simply wanted better pays in relation to rising
    • That means that there is no point in ousting its leaders

      I don't think that's necessarily accurate. It may prove to be the case, but it's certainly not a foregone conclusion.

      It's a risk/reward structure. People participate in Anonymous, they get some sort of ideological or social reward for it, and they view their risk as being fairly minimal. (WE ARE ANONYMOUS. YOU CAN'T CATCH US. BLAH DEE FUCKING BLAH.) It's entirely reasonable to posit that there is a relatively small group of die-hard Anonymous types, who are ideologically driven to...mayhem, for whatever rea

      • That means that there is no point in ousting its leaders

        I don't think that's necessarily accurate. It may prove to be the case, but it's certainly not a foregone conclusion.

        Foregone in so much as we'll never be free of computer viruses. Too many people got a taste of the power they have, and like the idea of being "anonymous".

        The anarcho-lunatics will keep doing what they're doing, which is more or less okay, because without massive participation Anonymous is toothless.

        It doesn't sound like the HBGary attack took all that massive of participation. DDOSSing did, but the point was that helped people stay anonymous by using a mob. Reminds me of what they used to do in my hometown. 2-3- poeple would all walk out of Walmart at the same time with their hands full at the "right" time. Then they'd all get on the bus. They figu

    • Does any of this rant matter

      No. It's pretty much lame sophomoric 'philosophical' twaddle where it isn't crappy sophomoric 'philosophical' twaddle.

    • by DrJimbo ( 594231 )
      Is that you Keyser Soze?
  • by devnull17 ( 592326 ) * on Sunday February 13, 2011 @10:33AM (#35192346) Homepage Journal

    Wait, so they have a copy of something that was designed to replicate itself and is known to have spread to literally hundreds of thousands of unsecured machines? And they have a binary copy of it? I'm going to write the rest of this post from my bomb shelter.

    The media talk about Anonymous like it's some shadowy terrorist super-villain collective, but that's really missing the point. Anonymous is, at its core, the world's most prolific troll. Look at the sites they attacked in the whole WikiLeaks affair. Visa.com and MasterCard.com? It's obvious to anyone with a clue that these are symbolic targets. If they'd had the desire (and arguably the capability) to inflict real damage, they'd have gone after the payment processing infrastructure instead. But their goal isn't to break stuff. It's to do something relatively inconsequential, and see how many media organizations they can get to shit their pants over it.

    This is (roughly) the same group whose crowning achievement was getting Oprah to say "over 9000 penises" on national TV. Even if they have the capability to inflict real damage—and some members clearly do—they seem to be more interested in getting attention and playing the media for complete fools. Which is way more entertaining than indiscriminately wreaking havoc on the world.

    And that's the bottom line. Everything they do is for entertainment value. Because they're not terrorists; they're trolls.

    • Everything they do is for entertainment value. Because they're not terrorists; they're trolls.

      You're missing the point of "who anonymous is" just like all the media organization who call them an elite group of "hackers on steroids" or a domestic terrorist organization or any kind of organization. Anonymous is anyone who shows up on 4chan, or their IRC channels, or who DOESN'T show up there but participates in things that started there like trolling all their favorite tagets, posting flicker animations to epilepsy boards, Project Chanology, DDOSing the flame of the day, or whatever. Or anyone who doe

  • by Anonymous Coward

    https://github.com/Laurelai/decompile-dump

  • by Anonymous Coward

    Who the fuck cares if they have copies of the code?
    So do many other private analysts.

    And HBGary is a joke of a company.

  • The Big Picture (Score:4, Interesting)

    by pitr256 ( 201315 ) on Sunday February 13, 2011 @12:28PM (#35192894) Homepage

    I think everyone is missing the biggest point of whether or not Anonymous has access to the Stuxnet source code and that is, with the source code the actual creator could possibly be identified. Imagine if HBGary in some way knows what organization created Stuxnet or perhaps they had a hand in helping create it? The repercussions could be quite severe especially if it was as many claimed created by Israel with US backing. The idea in the article of the ways Anonymous could possible modify Stuxnet are simply stupid.

    The other thing that everyone seems to be missing is the fact that HBGary also had in their possession a botnet that they were wanting to sell. Who would a company specializing in federal security be trying to sell a botnet to? This totally seems to be their modus operandi. "Hey government! Why create your own botnet that could be traced back to you? We can sell you one for a cheap million dollars!" Sort of the same thing they did with the Wikileaks stuff if you ask me.

    And the last thing is how if the release of this information does confirm that some federal/government group did in fact have a hand in Stuxnet or was interested in buying a botnet, how totally idiotic they are in utililizing such an inept company like HBGary to help them. It really says something about security companies that specialize in government security contracts.

    1. Download Metasploit/OllyDbg
    2. Get Top Secret clearance
    3. ???
    4. Profit!!!

    • 1. Download Metasploit/OllyDbg
      2. Get Top Secret clearance
      3. ???
      4. Profit!!!

      Sounds like a good plan, actually.

      Over the last decade I've seen some really dumb people with some really stupid ideas become insanely rich. Just because I *knew* as an expert it couldn't work or wouldn't do what you would want it to do - and the idiots didn't have a clue about it but managed to sell the idea to people with even less knowledge but a great deal of money.

      Sometimes I wonder if I'm not the one being utterly stupid for having ethics and being a professional. Or if everyone that I consider to be

  • I don't really get the point of this article. As dozens of people have said above, who cares.

    But if you accept the premise of the article as placing Anonymous somehow in control of something that was previously under the control of Israel, I would say, how stupid can you get? Mossad's most recently exposed assassination was fairly sloppy, but they did kill the guy. That's certainly not the kind of wrath I'd want to bring down on myself.

  • Last night, a member of hacker group Anonymous

    *sigh*

  • Except to the truly incompetent. The media-hype was completely out of proportion with with reality. Stuxnet is a mediocre piece of malware at best, that was created by people that did not really understand what they were doing. The only impressive part of it is the exact intelligence on how the Iranian Uranium centrifuges were wired. Apart from that, Stuxnet is basically a second-rated knockoff of technologies well known and understood.

  • A random group of strangers claims possession of stuxnet worm.

Some people manage by the book, even though they don't know who wrote the book or even what book.

Working...