Three Cheers for Stuxnet
The New York Times reports today that the Stuxnet computer virus, the immensely sophisticated virus that appears to have been targeted quite specifically at the Iranian nuclear program, has set that program back by at least two or three years. Who, pray, designed the virus that has given the world new breathing room?
Officially, neither American nor Israeli officials will even utter the name of the malicious computer program, much less describe any role in designing it.
But Israeli officials grin widely when asked about its effects. Mr. Obama’s chief strategist for combating weapons of mass destruction, Gary Samore, sidestepped a Stuxnet question at a recent conference about Iran, but added with a smile: “I’m glad to hear they are having troubles with their centrifuge machines, and the U.S. and its allies are doing everything we can to make it more complicated.”
How did Israeli and American intelligence recruit the young--they're always young--hackers they needed to produce Stuxnet? How did they convey the virus to at least one of the computers the Iranians were using in their program? We'll almost certainly never know. But whatever the details, this enterprise required imagination, daring, and--what seemed to have been absent from American intelligence agencies, at least during the Bush years--a certain ruthless, self-confident determination to do our enemies harm. Congratulations--congratulations to all involved.
We shall see what President Obama and Secretary of State Clinton do with the additional time they now have, but the people involved in the Stuxnet program--a few dozen? Perhaps a hundred?--may literally have prevented a nuclear war.
- Comment (26)
- · Quote
- · UnfollowFollow (4)
- Pages:
- 1
- 2
- Pages:
- 1
- 2
Comments :
Jul '10
Re: Three Cheers for Stuxnet
You know, Peter, when I read that story this morning, I was thinking: as much as we disdain the New York Times, who's gonna bring us this kind of reporting when it's gone?
Jun '10
Re: Three Cheers for Stuxnet
First you list all the various conditions that can ruin a specific piece of machinery, and then you imagine how you can create that destructive condition from a distance. It's just another engineering problem. The people that design machines don't allow for intentional destruction, so they don't guard against it. They could, but why would they? It's just designing with the goal of destruction, rather than production. Just another design job.
Nov '10
Re: Three Cheers for Stuxnet
More to the point, Stuxnet required enormous resources — the kind that only several national governments can provide. Rumor and conjecture suggest that it was a joint effort involving the US, Israel, Germany and who knows how many other countries. I suspect the Russians were involved, too, cynically helping the Iranian nuclear project and taking Iranian money, while giving (or selling) us the information we needed for Stuxnet. That would be just like the Russians.
Edited on Jan 16, 2011 at 7:02pmDec '10
Re: Three Cheers for Stuxnet
The Russians say that the Stuxnet worm just may cause the Bushehr reactor to melt down:
"Russian nuclear officials have warned of another Chernobyl-style nuclear disaster at Iran's controversial Bushehr reactor because of the damage caused by the Stuxnet virus, according to the latest Western intelligence reports."
Re: Three Cheers for Stuxnet
From your lips to Aaron's ears.
May '10
Re: Three Cheers for Stuxnet
What I don't get is how the software for such major, specialized installations can use off-the-shelf software/programming and/or be able to be "infected" from the outside.
I've heard that in in sixth round of Stuxnet's mutation, episodes of the Ricochet Podcast, interpreted into Farsi, will start playing in the control rooms of Iranian nuclear facilities.
Edited on Jan 16, 2011 at 6:04pmDec '10
Re: Three Cheers for Stuxnet
The Iranians seem hell bent on maintaining their national pride, no matter who gets killed:
"The Iranian government is bitterly opposed to any further delay, which it would regard as another blow to national pride on a project that is more than a decade behind schedule. While Western intelligence officials believe Iran's nuclear programme is aimed at producing nuclear weapons, Iran insists the project's goals are peaceful.
"The Russian scientists' report to the Kremlin, a copy of which has been seen by The Daily Telegraph, concludes that, despite 'performing simple, basic tests" on the Bushehr reactor, the Russian team "cannot guarantee safe activation of the reactor'.
"It also accuses the Iranian management team, which is under intense political pressure to stick to the deadline, of 'not exhibiting the professional and moral responsibility' that is normally required. They accuse the Iranians of having 'disregard for human life' and warn that Russia could find itself blamed for 'another Chernobyl' if it allows Bushehr to go ahead."
May '10
Re: Three Cheers for Stuxnet
Peter Robinson
From your lips to Aaron's ears.
You mean, who will politicians and bureaucrats leak information to for their own purposes? Oh, I think they'll find someone.
Jul '10
Re: Three Cheers for Stuxnet
It's interesting, one of my partners read this piece at work today.
He noted that throughout the article it was assumed that Stuxnet was developed by the Israelis. But there was little in the piece to support that assumption.
He said:
Look, I think they did it, and I'm happy about that. But shouldn't the claim be supported?
I replied:
Meanwhile, Jared Loughner is an "alleged" shooter.
Jul '10
Re: Three Cheers for Stuxnet
Aaron Miller
Peter Robinson
From your lips to Aaron's ears.
You mean, who will politicians and bureaucrats leak information to for their own purposes? Oh, I think they'll find someone. · Jan 16 at 6:03pm
Well, Aaron, as much as I love Iowahawk and Weasel Zippers, somehow I just don't think it'll be the same....
May '10
Re: Three Cheers for Stuxnet
Information will always be "leaked." We should wish for the New York Times to survive because it does a smaller and smaller set of things well? Kind of like UNICEF justifying the UN.
I'm sure some other investigative journalism paradigm will arise if the Grey Lady goes away. Maybe without the NYT, it will be harder for certain lies to gain hold as legitimate.
Oct '10
Re: Three Cheers for Stuxnet
There has to be a loud Huzza to the whomevers involved here.
This is far from over by any stretch of the imagination. Forgive this, the folk driving the Iranian car as it were, are blatantly opposed and vidictive to anyone who happens to be standing in the road. Likely, our current administration hope to stand by the roadside and watch the "Loose Nut" behind the Iranian wheel run off the road.
On the subject of the pitfalls of driver responsibility...Might Obama be taking driving lessons from Bill Clinton these days ?
Jul '10
Re: Three Cheers for Stuxnet
Good point.
Jul '10
Re: Three Cheers for Stuxnet
By the way, why are our dear friends at Siemens selling uranium-refining equipment to Iran in the first place?
Maybe we should send Angela Merkel a picture of Vladimir Putin flexing his pecs, along with a reminder that we're a little over-stretched on our military budget.
May '10
Re: Three Cheers for Stuxnet
Balancing the good the NYT does against the bad, we're better off without it.
Saying we wouldn't have had this story if the NYT hadn't reported it is like saying penicillin wouldn't have been discovered if not for Alexander Fleming.
May '10
Re: Three Cheers for Stuxnet
oh man, that ain't the half of it...
http://taiaglobal.com/wp-content/uploads/2010/11/dragons_whitepaper.pdf
Aug '10
Re: Three Cheers for Stuxnet
This news is ancient. The Israeli connection is too obvious. Which is not to say it's untrue. I wish 'em all the best!
Something I neglected to add to those posts, but will do now, is say: maybe the Iranians themselves were parties to the disaster (or, as we say in the biz, "Problem Lies Between Keyboard And Chair"). That's how you convey a virus to an Iranian or any computer - you give it to the computer's user, and let nature take its course.
As for recruiting hackers, I doubt this is hard, because the programming skills are so rapidly acquired, right off the Internet. I was so interested in Stuxnet that at the great age of 53, I resolved to learn C++. In minutes I was set up to write and compile programs. Not these programs - I know nothing of SCADA, and you'd need to know a lot about it in order to allocate variables in a fairly clunky language like C++ - but believe you me, there's no shortage of folks who do know all this stuff. Fear not: there's no lack of talent out there.
May '10
Re: Three Cheers for Stuxnet
What happens when the Revolutionary Guard's IT department eventually gets over Stuxnet and resumes enrichment?
Jul '10
Re: Three Cheers for Stuxnet
There is chatter on the defense-oriented lists that Stuxnet was a Chinese operation. I consider it speculative, but I would bet that way at the moment. The Chinese have developed a very, very large resource pool in this area.
The question for me is, why would Siemens use Microsoft Windows for the operating system on something like this? Able to crossover talent from their IT group?
And please do appreciate the madness in what this virus does.
And those are just the most innovative tricks.
Edited on Jan 16, 2011 at 9:20pmJun '10
Re: Three Cheers for Stuxnet
I don't have much time this evening, so I responding before reading all the posts, but, Kenneth, this story was all over the technical press roughly one month after Stuxnet was discovered, which was June 2010. By late August early September it was in the conventional press, so The New York Times is late to the game. The technical press has been on this story like white on rice since roughly mid-July. Norton, the computer security company, has a massively detailed analysis of Stuxnet capabilities as well as a thorough analysis of, pardon the geek-speak, the vector of infection. Seven months after discovery and six months after the Christian Science Monitor (I think? Not sure) ran the story The New York Times considers this breaking news? I was discussing Stuxnet with my geek and hacker buddies in early September at the latest. And when I write geek and hacker, I mean University educated programmers.