NYTimes Reveals Details Of How US Created Stuxnet… And How A Programming Error Led To Its Escape
from the when's-the-movie-coming-out dept
With a lot of new attention being paid to the Flame malware that was datamining computers around the Middle East, there have been plenty of comparisons to Stuxnet, the famous bit of malware that was targeted at mucking up Iran’s nuclear power program. So it’s very interesting timing to see the NY Times reveal many of the details behind Stuxnet, including confirming that it was a program driven by the US, with a lot of help from the Israelis. Many, many, many people suspected that already, but it certainly appears that the NYTimes has numerous detailed sources that support this claim.
Perhaps even more interesting, however, is the fact that Stuxnet (which apparently originally infected Iranian nuclear plants via workers using USB keys when they shouldn’t) was never supposed to get out into the wild. It was supposed to just sit in the computers at the power plant, confusing the hell out of the Iranians. But, obviously, that didn’t happen. Having that info get out into the wild probably killed off the effort much earlier than expected, since it basically explained to the Iranians what was happening.
It’s also noteworthy that a source in the article claims that Stuxnet was the first example of using a computer attack to destroy physical items (it made centrifuges work irregularly in ways that could cause them to break). Some have therefore used Stuxnet as “proof” of the cybersecurity threats out there and the misnamed “cyberwar.” I’m not sure that’s true. Stuxnet still appears to be a rather unique case in terms of a very, very specific target that had some significant vulnerabilities. We hear lots of worries about cybersecurity impacting physical infrastructure — and I’m sure that those who wish to do harm would love to bring down power grids and airplanes through some form of a cyber attack. But I’m not convinced that the success of Stuxnet is so easily replicable in other such areas. And I don’t see how that automatically justifies effectively tossing out all privacy protections.
Filed Under: cybersecurity, cyberwar, iran, israel, middle east, stuxnet
Comments on “NYTimes Reveals Details Of How US Created Stuxnet… And How A Programming Error Led To Its Escape”
so, the US government creates a virus, release it on an unsuspecting ‘enemy?’ country to gain knowledge on certain practices being carried out in that country, but then lose control of that virus. not bad. we then are supposed to allow the introduction of new laws that will give even more surveillance on citizens and trust that the data/information gathered wont be lost, stolen, given away or sold? yeah, right!
Re: Act of War
More on the subject:
http://www.zerohedge.com/news/obama-ordered-code-stux
This is “the first presidentially-mandated and condoned act of cyberwarfare, one circumventing the War Powers Act of course.”
“It appears to be the first time the United States has repeatedly used cyberweapons to cripple another country’s infrastructure, achieving, with computer code, what until then could be accomplished only by bombing a country or sending in agents to plant explosives”
“No country’s infrastructure is more dependent on computer systems, and thus more vulnerable to attack, than that of the United States. It is only a matter of time, most experts believe, before it becomes the target of the same kind of weapon that the Americans have used, secretly, against Iran.”
Re: Re:
Exactly! What stuxnet proves is that the biggest “cyber-threat” is not China, Iran or Russia but indeed the US (along with Israel) – and we are supposed to give even more power to these people? People who launch cyber terrorist attacks against other countries in clear violation of international law? Where is the outrage of the “international community” now?
This is really absurd, if any other country did this they would be labeled state sponsor of terrorism – why not the US? The citizens of the US have to get serious and get rid of the oligarchy that captured their government before this ends very badly for them and the world as a whole …
Re: Re: Re:You are forgetting some things
Libreman, you forget that these viruses were meant to destroy Iran’s nuclear efforts. Iran was really, really close to producing enough Enriched Uranium 235…an isotope typically used in a fission bomb, or as fuel at a power plant…the latter of which they had produced 5 years worth of fuel over a year ago but did not stop producing the same batch……The nuclear power plants they were building were nowhere near one vital thing…a viable source of water. These viruses destroyed the equipment that is needed to produce more uranium….So before you even remotely decide to question the motives of two nations whose collateral damage was only a few manufacturing systems…think of what Iran was actually doing. Producing Weapons grade amounts of Uranium 235.
Re: Re: Re:
Libreman, you forget that these viruses were meant to destroy Iran’s nuclear efforts. Iran was really, really close to producing enough Enriched Uranium 235…an isotope typically used in a fission bomb, or Nuclear fuel at a power plant…the latter of which they had produced 5 years worth of fuel over a year ago but did not stop producing the same batch……The nuclear power plants they were building were nowhere near one vital thing…a viable source of water. These viruses destroyed the equipment that is needed to produce more uranium….So before you even remotely decide to question the motives of two nations whose collateral damage was only a few manufacturing systems…think of what Iran was actually doing. Producing Weapons grade amounts of Uranium 235.
Re: Re: Re: Re:
So what? I repeat, SO WHAT? Does it make the end justify the means?
I remember an analogy an apt friend once made. 2 brothers are given a bar of chocolate. The big brother ate his share of the chocolate whole, while the little one ate his a bit of a time, for whatever reason. Now the big brother, eager for more chocolate, preaches to the little one that eating chocolate is very bad for your health while coercing him to give up his share for “safe keeping”.
This blog preaches innovation as a way to handle disruption in the digital age, but only in the narrow sense of the internet. Why can’t it also apply in international relations? IMHO it’s time for the old “gatekeepers” to go in that area as well.
Re: Re: Re:2 Re:
Agreed. We need a heavy rain to come and wash all the dirt away!
Re: Re: Re: Re:
Wally,
You repeated the below claim 3 times.
Iran was really, really close to producing enough Enriched Uranium 235
Are you just hoping that if you repeat a claim without attribution it will become truth?
Re: Re: Re:Something to remember
Libreman, you forget that these viruses were meant to destroy Iran’s nuclear efforts. Iran was really, really close to producing enough Enriched Uranium 235…an isotope typically used in a fission bomb, or as fuel at a power plant…the latter of which they had produced 5 years worth of fuel over a year ago but did not stop producing the same batch……The nuclear power plants they were building were nowhere near one vital thing…a viable source of water. These viruses destroyed the equipment that is needed to produce more uranium….So before you even remotely decide to question the motives of two nations whose collateral damage was only a few manufacturing systems…think of what Iran was actually doing. Producing Weapons grade amounts of Uranium 235.
Re: Re: Re: Re:Something to remember
You make these claims, Wally, but you do not provide any evidence to support them. Also, preemptive acts are never justified no matter what the reason. If you were truly concerned about the effects of nuclear weapons, you would push for the US to disarm its own supply first, which is the largest in the world.
Acting out of fear is never the correct course of action. It is the US government’s continual and deliberate interference in the affairs of other nations that is a substantial reason for the world’s dislike of this country. Had we adopted and practiced an earthly version of the Prime Directive, this would not be the case. And without built-up resentment, other nations would have had less cause to want to do the US harm.
Acts of sabotage are never right, no matter the supposed reason. They are, by their very nature, acts born of fear rather than logic. Rather than attempt to push its agenda upon all other nations as it currently is, the US ought to instead adopt the Prime Directive, recall all military personnel from abroad, and work in peace to ensure a better world for its people.
Dictators rise and fall, it is the way of human nature, and many who are there now are only in the position due to US influence and serve as puppet rulers. If our government truly believes in self-determination, then it needs to withdraw all forces from abroad and let other nations govern themselves without any US influence whatsoever.
It is an unfortunate reality that the worst villains often see themselves as heroes, and that the US in large part suffers from such a mistaken view of things. And it is this government’s myopia and hypocrisy which condemns this country in the sight of other nations. Violence and the threat of it should be the last resort, not the first. And tactics such as sabotage should be avoided entirely, unless you wish the US to become a nation of Romulans. Personally, I would prefer the Federation instead.
Re: Re: Re: Re:Something to remember
“wally” = ass unstein (traitor to the constitution, and all around fan of 1984)…
okay, i have as much proof of that as “wally” does of his assertions… *but*, my speculation fits the facts, while “wally’s” does not…
usa = sponsor/originator of state terrorism
therefore, we should drone ourselves out of existence ? ? ?
seems to follow…
art guerrilla
aka ann archy
eof
Generalizing cyberattacks
Unfortunately, your not being convinced has very little to do with the reality that it is readily accomplished. However, that still is no justification for an attack on civil liberties; those are the actions of groups with either a different agenda or the lack of sophistication to avoid “bruteforce” solutions to problems.
Physical Security == Ownership
Once again this just proves that controlling physical access is a critical core line of defense for establishing a truly secure environment. External media which is poorly vetted is an infection vector; making your workers need to use the above increases the risk of infection.
Well, there goes the article's credibility
“It’s also noteworthy that a source in the article claims that Stuxnet was the first example of using a computer attack to destroy physical items”
What about the Siberian pipeline explosion almost three decades ago that’s been attributed to a trojan?
Cyber Terrorism
This upsets me. A lot. I’m really mad that all this time, media outlets and even the government itself has been whipping up our fear, telling us to be afraid of “cyber terrorists” and the “cyber war.”
Now here we are again with our pants around our ankles, and the entire world knows now that the United States IS the cyber terrorist. Our government AGAIN goes and attacks another sovereign country, unprovoked.
The rest of the world is right – we’re a big playground bully, and nothing more. Our education rots, our healthcare lay in ruins… and we have nothing better to do than code computer viruses and unleash them on people who have nor want anything to do with us, like a pimply-faced kid in his mom’s basement.
Well, it’s back to telling people I’m Canadian whenever I travel.
Ironically, the phrase “cyber terrorism” is on that government watch list now, isn’t it? Great, now I’m a “person of interest” for talking about it. FML. >_
What amazes me is that it “was never supposed to get out into the wild.” How could anyone capable of grasping the concept of a virus seriously think that wouldn’t happen?
Re: Re:
You do realise that by “it was never supposed to get out into the wild” they mean it wasn’t intended to leave the Iranian systems it was planted on.
Re: Re: Re:
You do realize that this follows the pattern, though not the severity, of the classic doomsday scenario for a weaponized virus (computer or disease).
In other words, I’m sure AB does realize that.
Re: Re: Re:
Yes, obviously. Yet one of the main aspect of a virus (or pretty much any malware) is it’s ability to relocate and adapt. In this case it was designed to transfer itself from the storage unit (USB flash drive) to the host system (whatever system the flash drive was plugged into) without user interaction. In other words EVERY system that USB drive was plugged into would become infected. And probably every other USB drive plugged into that system would also become infected (remember how a virus is supposed to replicate and transfer itself?).
Even if it was originally only copied onto just that one single flash drive, who in their right mind would actually believe that flash drive would only ever be plugged into the one computer that was supposed to be infected? Of course it would be plugged into other systems, it’s a PORTABLE DRIVE! It’s DESIGNED to be used FOR TRANSFERRING FILES!
Anyone who has ever worked around viruses even a little bit knows just how unpredictable they are. There is no such thing as a secure virus. I would expect that anyone capable of grasping the concept of a virus would realize that.
Then again what they claim in a press report isn’t necessarily the same as the truth…
One line in that article is SCARY
?It turns out there is always an idiot around who doesn?t think much about the thumb drive in their hand.?
The implication that almost nothing is safe that has USB ports has not escaped my notice.
So the US creates some nasty malware, then uses the thing that THEY created to go “Hey! We need to protect ourselves from this!”
Sounds like the FBI applauding that they stop terrorism to the plots they set up in the first place.
Everyone must be taking advice from the same tinfoil-hat loon in the bowels of the Government.
I’m all for a good trolling, but is messing up a NUCLEAR power plant such a good idea to begin with? What if it causes a meltdown? “Oh don’t worry, it’s just Iran.”?
Re: Re:
It was messing with the enrichment process, and wasn’t set up to disrupt any automatic shut-down measures. In other words, it was well designed and not designed to do that much damage, so it looks like that concern may have been specifically addressed to avoid a meltdown.
Disclaimer: well designed does not mean it should have been done.
It’s also noteworthy that a source in the article claims that Stuxnet was the first example of using a computer attack to destroy physical items […]
While it wasn’t an attack per se (it was a bug) the destruction done by the Therac 25 is particularly notable because (a) it resulted in the loss of human life and (b) it’s become a classic case study — so much so that I think anyone trying to understand the possibilities of physical attacks initiated by software should make sure the reports/articles about it are part of their background reading.
I'm not disappointed in Israel
this being one of the least of their crimes, but it always disappoints me when the Israeli dog wags their U.S. tail.
I would hate to have to vote for Ron Paul to achieve saner U.S. foreign policy, but I cannot think of one major candidate in the last twenty years who hasn’t crapped on the U.S. Constitution in their haste to embrace Israel’s thuggish world view.
Yes, many Jews died in WWII death camps, but how many Muslims have to die from IDF attacks before Israel calls it even?
Re: I'm not disappointed in Israel
To answer your question, all of them. We’re (me and my brother/sister muslim) the immediate threat for them. Then, all the gentiles, either killed or subjugated.
I’m not playing religion card here, and I view them as fellow human. It’s in my observation from what little I know about history, Israeli’s intent are not malevolent, but only to ensure their own safety. However nearly thousand years of abuse around the world (WW2 is just an example of a systematic effort) have pushed them over the edge about what is required to ensure safety.
I really hope for peaceful resolution of the problem.
nice job
All in all a nice well executed sabotage/espionage action by the Israelis and Americans. I don’t mind calling it cyberwarfare, although that’s an infected term around here, as long as we keep some distance from the defense industry bla bla.
Re: nice job
that’s the thing… its cyberwarfare according to the direct definitions set up a year later, by people who had to know the details of what we’d already fucking done. so.. apparently we’re at war with iran?
thats kind of the best part:
Federal fucktards:
“We need vast security, to protect us from strategic level cyberweapons aimed at destroying infrastructure”
joe public: why do you need such a thing?
FF: “well, because we went ahead and released a strategic level cyber weapon against irans infrastructure, which according to OUR OWN definitions (which we didn’t release until a year later) is a full out act of war.”
” So you see, we know for a fact that there are factions out there looking to do serious damage to america in cyberspace, because they want revenge for what we did to them.”
Joe public: wait….so your saying you already unilaterally declared (covert) cyber war on Iran, released a theater level strategic cyberweapon against their infrastructure, and got caught at it. All without congressional approval, knowledge or oversite one assumes.
Now America desperately needs cyber defense capabilities, to defend against weapons that america so far is the only one using?
1 question, wy isn’t everyone involved up on charges?
>
outrage
I would safe up some “outrage” for the moment the Iranians test their first nuke.
Re: outrage
Yeah, at that point, the 2nd test will be launching a nuclear headed ICBM to either US and/or Israel, which will be counter attacked by their own nuclear ICBMs, thus ushering WW6.
/sarc
As I’ve said on the Ars Technica article of the same issue(which was promptly drowned out by Anti-US “I told you so”s and partisan bickering)…
The article specifically states “None would allow their names to be used because the effort remains highly classified, and parts of it continue to this day. “
While there is no doubt in my mind that a government is capable of programming a virus to do something – that’s not being debated here – it does seem strange to me that someone can just pop up a “the US did it!” piece with no real references or citation trail and… yeah, I still would like to see more proof than this.
While it’s not exactly news that the Anti-America crowd will just put their blinders on and use this unreferenced, uncited NYT article as an excuse to exclaim “AWWW, you see? I knew it was them all along!”, all he really did here was point out functionality of Stuxnet that was already publicly available knowledge. In a truly logical sense the only thing that I see this article really revealing is a boost in sales with his end-of-article book plug.
There’s certainly a possibility that the US is responsible, but given the “credible” sources that the NYT writer cited(i.e. none), it’s also equally as likely that they’re not. While I agree that they are certainly the most likely suspects, I would still severely caution a bit of pragmatism until solid proof arises that isn’t just a glorified book plug, despite Ars’ writers almost literally parading around exclaiming “CONFIRM! THE US R TERORIST!”
Re: Re:
Regarding sources… Just because they didn’t cite or name them doesn’t mean they aren’t legitimate sources.
I don’t have a LOT of trust in journalism these days, but protecting anonymous sources is part of the job.
They couldn’t use the names in print, but it’s highly likely that *someone* at the NYT did their homework on whether the unnamed sources are credible.
If they don’t do their homework, the paper is liable for libel. Historically, if a trusted newspaper puts something in print, they DO have the evidence to back it up.
See: Woodword & Bernstein, Washington Post
Re: Re: Re:
Regarding sources… Just because they didn’t cite or name them doesn’t mean they aren’t legitimate sources.
It doesn’t mean they automatically are, either. And that’s my point.
I don’t have a LOT of trust in journalism these days, but protecting anonymous sources is part of the job.
I’m not debating that. However, when your entire article is nothing but anonymous sources and a post-article book plug from the author, it warrants a little bit of caution before(to use one example just from the Techdirt comments) going directly into WWII death camp and IDF comparisons.
They couldn’t use the names in print, but it’s highly likely that *someone* at the NYT did their homework on whether the unnamed sources are credible.
If they don’t do their homework, the paper is liable for libel. Historically, if a trusted newspaper puts something in print, they DO have the evidence to back it up.
Yes, however potential penalties are not specifically a guarantee to be a deterrent(e.g. what RIAA/MPAA-related concept does this blog cover primarily?). It didn’t stop the Killian documents debacle from happening, for example.
More NYT-specifically, didn’t they also falsely report that Gabrielle Giffords had died, at one point? (the melodrama about how it is oh-so-tough to be a timely reporter in that linked piece aside). That being just one example about how the media can get away with posting false news as long as they backpedal before anyone calls/sues them on it.
All I’m saying is, for something that could potentially be big(albeit wholly unsurprising) news, a modicum of composure is not entirely uncalled for.
Re: Re: Re: Re:
Blar, A-tags are broken or something.
Link that should have been posted in regard to the Giffords paragraph.
http://www.nytimes.com/2011/01/16/opinion/16pubed.html
Re: Re: Libel
Well, according to the 2003 Florida Court of Appeals in NEW WORLD COMMUNICATIONS OF TAMPA, INC., versus JANE AKRE Case No. 2D01-529, Fox News doesn’t have to tell the truth; why should the NYT be held for libel then?
Re: Re:
Do you feel the same way about the vilification of supposed hackers in China? Where is the evidence for that given the reality of attribution?
And… “Anti-US” or “Anti-Us current regime”? Not D/R power, but all current power brokers, who, obvious to many, are doing a terrible job for the citizens of this country and the world.
Most probably find the idea of America great, just not the reality that is America today. Empire! And if you don’t like the direct critisism, what the fuck do you like about the country?
I recall some saber rattling in the past about how a cyber attack against the us and/or allies would be considered an act of war which could result in reprisals in the real world …. ahhh waiting for the other shoe.
Physical Damages
First, the elements that allowed Stuxnet to damage physical devices are in no way rare.
Second, they have nothing to do with the computer you are currently using to read this comment.
PLCs (Programmable Logic Controllers) are incredibly low-level computers, which are programmed to follow logical circuitry directly. They literally tell a motor to turn on at speed X for Y time.
Because they are used to directly control physical systems, programmers have to be careful if they are to not cause damage. A single logical error can cause the machine to be in a state it is not supposed to enter, and these states are avoided precisely because they are the states wherein a device is damaged.
PLCs have programs loaded onto them from another device. They are not what most think of as a computer. They do not have USB ports. They are not capable of being directly hooked up to the internet. Stuxnet was never on any of the PLCs, they can’t support something that complex. It infected the device used to program them and made it serve up a defective program.
I have programmed a PLC before. They are used in almost all assembly lines. They don’t have to damage the machines. They could be programmed to make defective products.
There is very little risk of this happening.
Why you shouldn’t worry:
Stuxnet being made by the US is about the only reasonable explanation. They have access to a whole bunch of behind the scenes stuff of the people who make PLCs and the security used to protect the programming of them.
If Iran had used their own tech, there would have been now way to hit them.
Which brings me too the true purpose of CISPA:
CISPA is not about your data. CISPA is not about defense. CISPA is about making it easier to make more of the these weapons.
I really don’t mind the US breaking Iran’s toys. In fact, an ‘attack’ that killed no one seems like a pretty good way to conduct business.
Re: Re:
Like to see your comment if you’re at the other end of the stick
WEAPONS GRADE ENRICHED URANIUM
Has anyone forgotten that Iran was about a week away from producing WEAPONS GRADE ENRICHED URANIUM. If these viruses didn’t stop and erase the data that was being stored on the low level computer systems, they would have used said comeputers to make more Enriched Uranium….think about that for a bit before you question the Tactics of the CIA and the NSA
Before anyone points out “Oh, well they were using Uranium for power plants”, try to think of how a Uranium based Nuclear Power Plant operates. They need to be near a source of FRESH water to work otherwise the Sodium typically found in ocean salt water would absorb the vast amount of radiation being pumped into the water and cause a melt down in the cooling units. Furthermore, the Nuclear Power Plants that were built in Iran were nowhere near a viable source source of water……they were producing ENRICHED URANIUM AND IF THEY HAD GOTTEN TO A CERTAIN AMOUNT….they would have used it.
“Stuxnet being made by the US is about the only reasonable explanation. They have access to a whole bunch of behind the scenes stuff of the people who make PLCs and the security used to protect the programming of them.”
In other words, infect the logic boards (and disrupt them safely) that the PLC’s use to follow precision calculations to make Enriched Uranium. That is quite understandable.
“CISPA is not about your data. CISPA is not about defense. CISPA is about making it easier to make more of the these weapons.”
CISPA may be designed to make this easier to do what the the US has done, but its wording was so ambiguous and broad, that it left the door open for people to actually violate our civil liberties here in the US.
Re: WEAPONS GRADE ENRICHED URANIUM
Has anyone forgotten that Iran was about a week away from producing WEAPONS GRADE ENRICHED URANIUM.
Hard to forget what may very well be what is in someone’s overactive imagination.
And, does anyone have ‘maps’ of Stuxnet infections? I keep seeing a claim that Stuxnet was ‘in Japan’ and even as far as claiming it had infected the Fukushima plant – but all I get is claims like the one above…unattributed claims.
Re: WEAPONS GRADE ENRICHED URANIUM
Has anyone forgotten that Iraq had a stockpile of WEAPONS OF MASS DESTRUCTION!!! That crazy Saddam Hussein was about to unleash a GLOBAL ATTACK on THE WORLD!!! We must send our troops to destroy Hussein, his armies, and spend billions of dollars we don’t have, maybe kill some innocent civilians, and lose a few of our troops…OH WAIT!!! No WMD’s. No threat. Our bad!
Re: Re: WEAPONS GRADE ENRICHED URANIUM
NO what people forgot was that everyone from Gore, to Clinton, to the French were not only stating the weapons existed but were slamming GW for not acting faster. Fortunately, there will forever be youtube for those who care to know the truth. It is also strange that before the war a couple of tons of yellowcake uranium was considered a WMD but after being found in Iraq it was considered not a threat.
Re: Re: Re: WEAPONS GRADE ENRICHED URANIUM
I wish I lived in whatever little fantasy world you lived in ten years ago.
Re: WEAPONS GRADE ENRICHED URANIUM
All I hear is: “Do as I say, not as I do/did”
The comments and apparent sympathy for Iran, a nation that has repeatedly stated they wish to wipe countries with religiously conflicting views is indicative of the average age of a commenter on this site. Please read the comments regarding Germany’s rights to statehood circa 1938 by an equally young crowd. Nothing has changed, we have not evolved in the last 100 years..instead people continue to want to believe in an idealistic manner that puts everyone at threat. Pakistan, China, and several other countries also stated they had no intention of developing nuclear weapons either before doing so the difference is they never had the audacity to proclaim that they would destroy another nation to bring on the second coming of their Lord. So do you believe the first statement that they don’t wish to have nukes while disregarding the second?
Please grow up soon.
Re: Iran
I grew up in the ’50s. I was born just months after the CIA deposed the first democratically elected leader of a Muslim nation. As I grew up I watched the US prop up the corrupt Shah as Iran did the scut work of American “diplomacy” in the Middle East, a job that was taken over by Israel after the Shah fell.
Iran is an immature theocracy now, just like Israel. Iran, however, has centuries of history in their corner that indicates they will not attack their neighbors (Iraq attacked Iran with Reagan’s blessings, remember?)
Iran needs to be watched, but the Iranian people will slowly bring sanity back to that nation despite it having some crackpot leaders.
I’m much more concerned about Israel, a nation that keeps moving right, and whose political parties are becoming increasingly hostile to African workers, gays and pretty much everyone who isn’t Jewish.
You can call it a tie, but Iran doesn’t influence the USA. Israel does.
I’m keeping my eye on Israel if you don’t mind.
Re: Re:
Where’s the sympathy for Iran? They’re not following international law either.
But the ends here do not justify the means. The US has created Stuxnet using quite a few electronic assets at it’s disposal that it only had thanks to the Governments efforts to get its hooks into every modern company and industry that operates in the US. Stuxnet took advantage of several zero-days and a signed certificate from a trusted certificate source that it may not have had otherwise.
You can talk all you want from one side of your mouth about how Iran deserved it and this is to protect freedom. But you can’t talk from the other side about how America needs the trust of these technology companies and requires special backdoors and privileges regarding the information these companies protect while it is pulling stuff like this.
You need to stop being ignorant, read a book, do something to stop being so naive.
We’re missing the main problem with the logic that Stuxnet was an advanced attack on infrastructure and we’re going to be attacked over the internet any day now:
The systems and companies that Stuxnet targeted, particularly Microsoft Windows and Siemens computer infrastructure may not have had the same vulnerabilities that it had if the CIA/FBI wasn’t pushing for their own private backdoors into the majority of closed-sourced industry applications.
It goes back to being a problem of government agencies putting their nose places where they shouldn’t. Which is a good way to summarize the Stuxnet ordeal as a whole.
Also, usually what happens in a situation like this is fingers start getting pointed. I’m guessing a select few up top are going to be pointing them toward Anonymous.
I can see the headlines now: “YES SO WE HACKED THE COMPUTERS OF A SOVEREIGN NATION BUT WE NEED TO BE ON TOP OF THE CYBER GAME SO WE CAN STAY AHEAD OF ANONYMOUS, WHO BTW WROTE STUXNET ORIGINALLY”
Stuxnet in us!?!
Since they can do that to the Iranians, is it possible that our computers have “Stuxnet-like” programs hacking or spying on us? The FBI has already confirmed they have the means to gather information, no matter how secured it is.
This is not a conspiracy theory stuff. This info just came out after the Boston bomber’s wife refused to tell everything to the US authorities.
Microsoft responsibility
I really confused when I saw this article. several years ago I watched a video Bruce Dang one of Microsoft Research team member mentioned we knew about Stuxnet but we weren’t allowed to talk about it till now (2010). but now days that everybody knows about the Stuxnet and its mission is finished, why Microsoft haven’t patched it forever? is there something remained?
I searched a lot to find the video I had watched several years ago which contained much more knowledge about the role of Microsoft Research in responsibility of postponing patch the Stuxnet vulnerabilities but I couldn’t find it. If someone has any idea please contact me in http://remotegun.com