NYTimes Reveals Details Of How US Created Stuxnet... And How A Programming Error Led To Its Escape

from the when's-the-movie-coming-out dept

With a lot of new attention being paid to the Flame malware that was datamining computers around the Middle East, there have been plenty of comparisons to Stuxnet, the famous bit of malware that was targeted at mucking up Iran's nuclear power program. So it's very interesting timing to see the NY Times reveal many of the details behind Stuxnet, including confirming that it was a program driven by the US, with a lot of help from the Israelis. Many, many, many people suspected that already, but it certainly appears that the NYTimes has numerous detailed sources that support this claim.

Perhaps even more interesting, however, is the fact that Stuxnet (which apparently originally infected Iranian nuclear plants via workers using USB keys when they shouldn't) was never supposed to get out into the wild. It was supposed to just sit in the computers at the power plant, confusing the hell out of the Iranians. But, obviously, that didn't happen. Having that info get out into the wild probably killed off the effort much earlier than expected, since it basically explained to the Iranians what was happening.

It's also noteworthy that a source in the article claims that Stuxnet was the first example of using a computer attack to destroy physical items (it made centrifuges work irregularly in ways that could cause them to break). Some have therefore used Stuxnet as "proof" of the cybersecurity threats out there and the misnamed "cyberwar." I'm not sure that's true. Stuxnet still appears to be a rather unique case in terms of a very, very specific target that had some significant vulnerabilities. We hear lots of worries about cybersecurity impacting physical infrastructure -- and I'm sure that those who wish to do harm would love to bring down power grids and airplanes through some form of a cyber attack. But I'm not convinced that the success of Stuxnet is so easily replicable in other such areas. And I don't see how that automatically justifies effectively tossing out all privacy protections.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: cybersecurity, cyberwar, iran, israel, middle east, stuxnet


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 1 Jun 2012 @ 3:04pm

    so, the US government creates a virus, release it on an unsuspecting 'enemy?' country to gain knowledge on certain practices being carried out in that country, but then lose control of that virus. not bad. we then are supposed to allow the introduction of new laws that will give even more surveillance on citizens and trust that the data/information gathered wont be lost, stolen, given away or sold? yeah, right!

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 1 Jun 2012 @ 3:39pm

      Act of War

      More on the subject:

      http://www.zerohedge.com/news/obama-ordered-code-stux

      This is "the first presidentially-mandated and condoned act of cyberwarfare, one circumventing the War Powers Act of course."

      "It appears to be the first time the United States has repeatedly used cyberweapons to cripple another country's infrastructure, achieving, with computer code, what until then could be accomplished only by bombing a country or sending in agents to plant explosives"

      "No country's infrastructure is more dependent on computer systems, and thus more vulnerable to attack, than that of the United States. It is only a matter of time, most experts believe, before it becomes the target of the same kind of weapon that the Americans have used, secretly, against Iran."

      link to this | view in chronology ]

    • identicon
      Libreman, 1 Jun 2012 @ 3:44pm

      Re:

      Exactly! What stuxnet proves is that the biggest "cyber-threat" is not China, Iran or Russia but indeed the US (along with Israel) - and we are supposed to give even more power to these people? People who launch cyber terrorist attacks against other countries in clear violation of international law? Where is the outrage of the "international community" now?

      This is really absurd, if any other country did this they would be labeled state sponsor of terrorism - why not the US? The citizens of the US have to get serious and get rid of the oligarchy that captured their government before this ends very badly for them and the world as a whole ...

      link to this | view in chronology ]

      • icon
        Wally (profile), 2 Jun 2012 @ 12:07am

        Re: Re:

        Libreman, you forget that these viruses were meant to destroy Iran's nuclear efforts. Iran was really, really close to producing enough Enriched Uranium 235...an isotope typically used in a fission bomb, or Nuclear fuel at a power plant...the latter of which they had produced 5 years worth of fuel over a year ago but did not stop producing the same batch......The nuclear power plants they were building were nowhere near one vital thing...a viable source of water. These viruses destroyed the equipment that is needed to produce more uranium....So before you even remotely decide to question the motives of two nations whose collateral damage was only a few manufacturing systems...think of what Iran was actually doing. Producing Weapons grade amounts of Uranium 235.

        link to this | view in chronology ]

        • identicon
          JarHead, 2 Jun 2012 @ 6:03am

          Re: Re: Re:

          So what? I repeat, SO WHAT? Does it make the end justify the means?

          I remember an analogy an apt friend once made. 2 brothers are given a bar of chocolate. The big brother ate his share of the chocolate whole, while the little one ate his a bit of a time, for whatever reason. Now the big brother, eager for more chocolate, preaches to the little one that eating chocolate is very bad for your health while coercing him to give up his share for "safe keeping".

          This blog preaches innovation as a way to handle disruption in the digital age, but only in the narrow sense of the internet. Why can't it also apply in international relations? IMHO it's time for the old "gatekeepers" to go in that area as well.

          link to this | view in chronology ]

          • identicon
            Anonymous Coward, 2 Jun 2012 @ 10:01am

            Re: Re: Re: Re:

            Agreed. We need a heavy rain to come and wash all the dirt away!

            link to this | view in chronology ]

        • identicon
          Anonymous Coward, 2 Jun 2012 @ 6:47am

          Re: Re: Re:

          Wally,

          You repeated the below claim 3 times.
          Iran was really, really close to producing enough Enriched Uranium 235

          Are you just hoping that if you repeat a claim without attribution it will become truth?

          link to this | view in chronology ]

      • icon
        Wally (profile), 2 Jun 2012 @ 12:07am

        Re: Re:You are forgetting some things

        Libreman, you forget that these viruses were meant to destroy Iran's nuclear efforts. Iran was really, really close to producing enough Enriched Uranium 235...an isotope typically used in a fission bomb, or as fuel at a power plant...the latter of which they had produced 5 years worth of fuel over a year ago but did not stop producing the same batch......The nuclear power plants they were building were nowhere near one vital thing...a viable source of water. These viruses destroyed the equipment that is needed to produce more uranium....So before you even remotely decide to question the motives of two nations whose collateral damage was only a few manufacturing systems...think of what Iran was actually doing. Producing Weapons grade amounts of Uranium 235.

        link to this | view in chronology ]

      • icon
        Wally (profile), 2 Jun 2012 @ 12:10am

        Re: Re:Something to remember

        Libreman, you forget that these viruses were meant to destroy Iran's nuclear efforts. Iran was really, really close to producing enough Enriched Uranium 235...an isotope typically used in a fission bomb, or as fuel at a power plant...the latter of which they had produced 5 years worth of fuel over a year ago but did not stop producing the same batch......The nuclear power plants they were building were nowhere near one vital thing...a viable source of water. These viruses destroyed the equipment that is needed to produce more uranium....So before you even remotely decide to question the motives of two nations whose collateral damage was only a few manufacturing systems...think of what Iran was actually doing. Producing Weapons grade amounts of Uranium 235.

        link to this | view in chronology ]

        • icon
          The Logician (profile), 2 Jun 2012 @ 6:52am

          Re: Re: Re:Something to remember

          You make these claims, Wally, but you do not provide any evidence to support them. Also, preemptive acts are never justified no matter what the reason. If you were truly concerned about the effects of nuclear weapons, you would push for the US to disarm its own supply first, which is the largest in the world.

          Acting out of fear is never the correct course of action. It is the US government's continual and deliberate interference in the affairs of other nations that is a substantial reason for the world's dislike of this country. Had we adopted and practiced an earthly version of the Prime Directive, this would not be the case. And without built-up resentment, other nations would have had less cause to want to do the US harm.

          Acts of sabotage are never right, no matter the supposed reason. They are, by their very nature, acts born of fear rather than logic. Rather than attempt to push its agenda upon all other nations as it currently is, the US ought to instead adopt the Prime Directive, recall all military personnel from abroad, and work in peace to ensure a better world for its people.

          Dictators rise and fall, it is the way of human nature, and many who are there now are only in the position due to US influence and serve as puppet rulers. If our government truly believes in self-determination, then it needs to withdraw all forces from abroad and let other nations govern themselves without any US influence whatsoever.

          It is an unfortunate reality that the worst villains often see themselves as heroes, and that the US in large part suffers from such a mistaken view of things. And it is this government's myopia and hypocrisy which condemns this country in the sight of other nations. Violence and the threat of it should be the last resort, not the first. And tactics such as sabotage should be avoided entirely, unless you wish the US to become a nation of Romulans. Personally, I would prefer the Federation instead.

          link to this | view in chronology ]

        • icon
          art guerrilla (profile), 3 Jun 2012 @ 3:47am

          Re: Re: Re:Something to remember

          "wally" = ass unstein (traitor to the constitution, and all around fan of 1984)...
          okay, i have as much proof of that as "wally" does of his assertions... *but*, my speculation fits the facts, while "wally's" does not...

          usa = sponsor/originator of state terrorism
          therefore, we should drone ourselves out of existence ? ? ?
          seems to follow...

          art guerrilla
          aka ann archy
          eof

          link to this | view in chronology ]

  • identicon
    George Samaras, 1 Jun 2012 @ 3:04pm

    Generalizing cyberattacks

    Unfortunately, your not being convinced has very little to do with the reality that it is readily accomplished. However, that still is no justification for an attack on civil liberties; those are the actions of groups with either a different agenda or the lack of sophistication to avoid "bruteforce" solutions to problems.

    link to this | view in chronology ]

  • identicon
    Michael, 1 Jun 2012 @ 3:08pm

    Physical Security == Ownership

    Once again this just proves that controlling physical access is a critical core line of defense for establishing a truly secure environment. External media which is poorly vetted is an infection vector; making your workers need to use the above increases the risk of infection.

    link to this | view in chronology ]

  • identicon
    Rob, 1 Jun 2012 @ 3:15pm

    Well, there goes the article's credibility

    "It's also noteworthy that a source in the article claims that Stuxnet was the first example of using a computer attack to destroy physical items"

    What about the Siberian pipeline explosion almost three decades ago that's been attributed to a trojan?

    link to this | view in chronology ]

  • identicon
    Ryan, 1 Jun 2012 @ 3:17pm

    Cyber Terrorism

    This upsets me. A lot. I'm really mad that all this time, media outlets and even the government itself has been whipping up our fear, telling us to be afraid of "cyber terrorists" and the "cyber war."

    Now here we are again with our pants around our ankles, and the entire world knows now that the United States IS the cyber terrorist. Our government AGAIN goes and attacks another sovereign country, unprovoked.

    The rest of the world is right - we're a big playground bully, and nothing more. Our education rots, our healthcare lay in ruins... and we have nothing better to do than code computer viruses and unleash them on people who have nor want anything to do with us, like a pimply-faced kid in his mom's basement.

    Well, it's back to telling people I'm Canadian whenever I travel.

    Ironically, the phrase "cyber terrorism" is on that government watch list now, isn't it? Great, now I'm a "person of interest" for talking about it. FML. >_

    link to this | view in chronology ]

  • identicon
    AB, 1 Jun 2012 @ 3:18pm

    What amazes me is that it "was never supposed to get out into the wild." How could anyone capable of grasping the concept of a virus seriously think that wouldn't happen?

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 1 Jun 2012 @ 3:41pm

      Re:

      You do realise that by "it was never supposed to get out into the wild" they mean it wasn't intended to leave the Iranian systems it was planted on.

      link to this | view in chronology ]

      • identicon
        Cowardly Anonymous, 1 Jun 2012 @ 4:45pm

        Re: Re:

        You do realize that this follows the pattern, though not the severity, of the classic doomsday scenario for a weaponized virus (computer or disease).

        In other words, I'm sure AB does realize that.

        link to this | view in chronology ]

      • identicon
        AB, 1 Jun 2012 @ 5:01pm

        Re: Re:

        Yes, obviously. Yet one of the main aspect of a virus (or pretty much any malware) is it's ability to relocate and adapt. In this case it was designed to transfer itself from the storage unit (USB flash drive) to the host system (whatever system the flash drive was plugged into) without user interaction. In other words EVERY system that USB drive was plugged into would become infected. And probably every other USB drive plugged into that system would also become infected (remember how a virus is supposed to replicate and transfer itself?).

        Even if it was originally only copied onto just that one single flash drive, who in their right mind would actually believe that flash drive would only ever be plugged into the one computer that was supposed to be infected? Of course it would be plugged into other systems, it's a PORTABLE DRIVE! It's DESIGNED to be used FOR TRANSFERRING FILES!

        Anyone who has ever worked around viruses even a little bit knows just how unpredictable they are. There is no such thing as a secure virus. I would expect that anyone capable of grasping the concept of a virus would realize that.

        Then again what they claim in a press report isn't necessarily the same as the truth...

        link to this | view in chronology ]

  • icon
    sehlat (profile), 1 Jun 2012 @ 3:18pm

    One line in that article is SCARY

    “It turns out there is always an idiot around who doesn’t think much about the thumb drive in their hand.”

    The implication that almost nothing is safe that has USB ports has not escaped my notice.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 1 Jun 2012 @ 3:26pm

    So the US creates some nasty malware, then uses the thing that THEY created to go "Hey! We need to protect ourselves from this!"

    Sounds like the FBI applauding that they stop terrorism to the plots they set up in the first place.

    Everyone must be taking advice from the same tinfoil-hat loon in the bowels of the Government.

    link to this | view in chronology ]

  • icon
    Josh (profile), 1 Jun 2012 @ 3:31pm

    I'm all for a good trolling, but is messing up a NUCLEAR power plant such a good idea to begin with? What if it causes a meltdown? "Oh don't worry, it's just Iran."?

    link to this | view in chronology ]

    • identicon
      Cowardly Anonymous, 1 Jun 2012 @ 4:49pm

      Re:

      It was messing with the enrichment process, and wasn't set up to disrupt any automatic shut-down measures. In other words, it was well designed and not designed to do that much damage, so it looks like that concern may have been specifically addressed to avoid a meltdown.

      Disclaimer: well designed does not mean it should have been done.

      link to this | view in chronology ]

  • identicon
    Rich Kulawiec, 1 Jun 2012 @ 3:31pm

    It's also noteworthy that a source in the article claims that Stuxnet was the first example of using a computer attack to destroy physical items [...]

    While it wasn't an attack per se (it was a bug) the destruction done by the Therac 25 is particularly notable because (a) it resulted in the loss of human life and (b) it's become a classic case study -- so much so that I think anyone trying to understand the possibilities of physical attacks initiated by software should make sure the reports/articles about it are part of their background reading.

    link to this | view in chronology ]

  • icon
    Mark Gisleson (profile), 1 Jun 2012 @ 3:33pm

    I'm not disappointed in Israel

    this being one of the least of their crimes, but it always disappoints me when the Israeli dog wags their U.S. tail.

    I would hate to have to vote for Ron Paul to achieve saner U.S. foreign policy, but I cannot think of one major candidate in the last twenty years who hasn't crapped on the U.S. Constitution in their haste to embrace Israel's thuggish world view.

    Yes, many Jews died in WWII death camps, but how many Muslims have to die from IDF attacks before Israel calls it even?

    link to this | view in chronology ]

    • identicon
      JarHead, 2 Jun 2012 @ 6:23am

      Re: I'm not disappointed in Israel

      To answer your question, all of them. We're (me and my brother/sister muslim) the immediate threat for them. Then, all the gentiles, either killed or subjugated.

      I'm not playing religion card here, and I view them as fellow human. It's in my observation from what little I know about history, Israeli's intent are not malevolent, but only to ensure their own safety. However nearly thousand years of abuse around the world (WW2 is just an example of a systematic effort) have pushed them over the edge about what is required to ensure safety.

      I really hope for peaceful resolution of the problem.

      link to this | view in chronology ]

  • identicon
    anonymous dutch coward, 1 Jun 2012 @ 3:47pm

    nice job

    All in all a nice well executed sabotage/espionage action by the Israelis and Americans. I don't mind calling it cyberwarfare, although that's an infected term around here, as long as we keep some distance from the defense industry bla bla.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 1 Jun 2012 @ 3:51pm

      Re: nice job

      that's the thing... its cyberwarfare according to the direct definitions set up a year later, by people who had to know the details of what we'd already fucking done. so.. apparently we're at war with iran?

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 1 Jun 2012 @ 3:49pm

    thats kind of the best part:
    Federal fucktards:

    "We need vast security, to protect us from strategic level cyberweapons aimed at destroying infrastructure"

    joe public: why do you need such a thing?

    FF: "well, because we went ahead and released a strategic level cyber weapon against irans infrastructure, which according to OUR OWN definitions (which we didn't release until a year later) is a full out act of war."
    " So you see, we know for a fact that there are factions out there looking to do serious damage to america in cyberspace, because they want revenge for what we did to them."



    Joe public: wait....so your saying you already unilaterally declared (covert) cyber war on Iran, released a theater level strategic cyberweapon against their infrastructure, and got caught at it. All without congressional approval, knowledge or oversite one assumes.
    Now America desperately needs cyber defense capabilities, to defend against weapons that america so far is the only one using?

    1 question, wy isn't everyone involved up on charges?
    >

    link to this | view in chronology ]

  • identicon
    anonymous dutch coward, 1 Jun 2012 @ 3:53pm

    outrage

    I would safe up some "outrage" for the moment the Iranians test their first nuke.

    link to this | view in chronology ]

    • identicon
      JarHead, 2 Jun 2012 @ 6:59am

      Re: outrage

      Yeah, at that point, the 2nd test will be launching a nuclear headed ICBM to either US and/or Israel, which will be counter attacked by their own nuclear ICBMs, thus ushering WW6.

      /sarc

      link to this | view in chronology ]

  • identicon
    Donnicton, 1 Jun 2012 @ 4:48pm

    As I've said on the Ars Technica article of the same issue(which was promptly drowned out by Anti-US "I told you so"s and partisan bickering)...

    The article specifically states "None would allow their names to be used because the effort remains highly classified, and parts of it continue to this day. "

    While there is no doubt in my mind that a government is capable of programming a virus to do something - that's not being debated here - it does seem strange to me that someone can just pop up a "the US did it!" piece with no real references or citation trail and... yeah, I still would like to see more proof than this.

    While it's not exactly news that the Anti-America crowd will just put their blinders on and use this unreferenced, uncited NYT article as an excuse to exclaim "AWWW, you see? I knew it was them all along!", all he really did here was point out functionality of Stuxnet that was already publicly available knowledge. In a truly logical sense the only thing that I see this article really revealing is a boost in sales with his end-of-article book plug.

    There's certainly a possibility that the US is responsible, but given the "credible" sources that the NYT writer cited(i.e. none), it's also equally as likely that they're not. While I agree that they are certainly the most likely suspects, I would still severely caution a bit of pragmatism until solid proof arises that isn't just a glorified book plug, despite Ars' writers almost literally parading around exclaiming "CONFIRM! THE US R TERORIST!"

    link to this | view in chronology ]

    • identicon
      akp, 1 Jun 2012 @ 5:18pm

      Re:

      Regarding sources... Just because they didn't cite or name them doesn't mean they aren't legitimate sources.

      I don't have a LOT of trust in journalism these days, but protecting anonymous sources is part of the job.

      They couldn't use the names in print, but it's highly likely that *someone* at the NYT did their homework on whether the unnamed sources are credible.

      If they don't do their homework, the paper is liable for libel. Historically, if a trusted newspaper puts something in print, they DO have the evidence to back it up.

      See: Woodword & Bernstein, Washington Post

      link to this | view in chronology ]

      • identicon
        Donnicton, 1 Jun 2012 @ 6:21pm

        Re: Re:

        Regarding sources... Just because they didn't cite or name them doesn't mean they aren't legitimate sources.

        It doesn't mean they automatically are, either. And that's my point.

        I don't have a LOT of trust in journalism these days, but protecting anonymous sources is part of the job.

        I'm not debating that. However, when your entire article is nothing but anonymous sources and a post-article book plug from the author, it warrants a little bit of caution before(to use one example just from the Techdirt comments) going directly into WWII death camp and IDF comparisons.

        They couldn't use the names in print, but it's highly likely that *someone* at the NYT did their homework on whether the unnamed sources are credible.

        If they don't do their homework, the paper is liable for libel. Historically, if a trusted newspaper puts something in print, they DO have the evidence to back it up.


        Yes, however potential penalties are not specifically a guarantee to be a deterrent(e.g. what RIAA/MPAA-related concept does this blog cover primarily?). It didn't stop the Killian documents debacle from happening, for example.

        More NYT-specifically, didn't they also falsely report that Gabrielle Giffords had died, at one point? (the melodrama about how it is oh-so-tough to be a timely reporter in that linked piece aside). That being just one example about how the media can get away with posting false news as long as they backpedal before anyone calls/sues them on it.

        All I'm saying is, for something that could potentially be big(albeit wholly unsurprising) news, a modicum of composure is not entirely uncalled for.

        link to this | view in chronology ]

      • identicon
        Miso Susanowa, 3 Jun 2012 @ 4:42am

        Libel

        Well, according to the 2003 Florida Court of Appeals in NEW WORLD COMMUNICATIONS OF TAMPA, INC., versus JANE AKRE Case No. 2D01-529, Fox News doesn't have to tell the truth; why should the NYT be held for libel then?

        link to this | view in chronology ]

    • identicon
      Anonymous Coward, 1 Jun 2012 @ 5:21pm

      Re:

      Do you feel the same way about the vilification of supposed hackers in China? Where is the evidence for that given the reality of attribution?

      And... "Anti-US" or "Anti-Us current regime"? Not D/R power, but all current power brokers, who, obvious to many, are doing a terrible job for the citizens of this country and the world.

      Most probably find the idea of America great, just not the reality that is America today. Empire! And if you don't like the direct critisism, what the fuck do you like about the country?

      link to this | view in chronology ]

  • identicon
    abc gum, 1 Jun 2012 @ 4:58pm

    I recall some saber rattling in the past about how a cyber attack against the us and/or allies would be considered an act of war which could result in reprisals in the real world .... ahhh waiting for the other shoe.

    link to this | view in chronology ]

  • identicon
    Cowardly Anonymous, 1 Jun 2012 @ 5:15pm

    Physical Damages

    First, the elements that allowed Stuxnet to damage physical devices are in no way rare.

    Second, they have nothing to do with the computer you are currently using to read this comment.

    PLCs (Programmable Logic Controllers) are incredibly low-level computers, which are programmed to follow logical circuitry directly. They literally tell a motor to turn on at speed X for Y time.

    Because they are used to directly control physical systems, programmers have to be careful if they are to not cause damage. A single logical error can cause the machine to be in a state it is not supposed to enter, and these states are avoided precisely because they are the states wherein a device is damaged.

    PLCs have programs loaded onto them from another device. They are not what most think of as a computer. They do not have USB ports. They are not capable of being directly hooked up to the internet. Stuxnet was never on any of the PLCs, they can't support something that complex. It infected the device used to program them and made it serve up a defective program.



    I have programmed a PLC before. They are used in almost all assembly lines. They don't have to damage the machines. They could be programmed to make defective products.

    There is very little risk of this happening.


    Why you shouldn't worry:
    Stuxnet being made by the US is about the only reasonable explanation. They have access to a whole bunch of behind the scenes stuff of the people who make PLCs and the security used to protect the programming of them.

    If Iran had used their own tech, there would have been now way to hit them.



    Which brings me too the true purpose of CISPA:

    CISPA is not about your data. CISPA is not about defense. CISPA is about making it easier to make more of the these weapons.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 1 Jun 2012 @ 8:18pm

    I really don't mind the US breaking Iran's toys. In fact, an 'attack' that killed no one seems like a pretty good way to conduct business.

    link to this | view in chronology ]

  • icon
    Wally (profile), 1 Jun 2012 @ 11:49pm

    WEAPONS GRADE ENRICHED URANIUM

    Has anyone forgotten that Iran was about a week away from producing WEAPONS GRADE ENRICHED URANIUM. If these viruses didn't stop and erase the data that was being stored on the low level computer systems, they would have used said comeputers to make more Enriched Uranium....think about that for a bit before you question the Tactics of the CIA and the NSA

    Before anyone points out "Oh, well they were using Uranium for power plants", try to think of how a Uranium based Nuclear Power Plant operates. They need to be near a source of FRESH water to work otherwise the Sodium typically found in ocean salt water would absorb the vast amount of radiation being pumped into the water and cause a melt down in the cooling units. Furthermore, the Nuclear Power Plants that were built in Iran were nowhere near a viable source source of water......they were producing ENRICHED URANIUM AND IF THEY HAD GOTTEN TO A CERTAIN AMOUNT....they would have used it.

    "Stuxnet being made by the US is about the only reasonable explanation. They have access to a whole bunch of behind the scenes stuff of the people who make PLCs and the security used to protect the programming of them."

    In other words, infect the logic boards (and disrupt them safely) that the PLC's use to follow precision calculations to make Enriched Uranium. That is quite understandable.

    "CISPA is not about your data. CISPA is not about defense. CISPA is about making it easier to make more of the these weapons."

    CISPA may be designed to make this easier to do what the the US has done, but its wording was so ambiguous and broad, that it left the door open for people to actually violate our civil liberties here in the US.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 2 Jun 2012 @ 6:43am

      Re: WEAPONS GRADE ENRICHED URANIUM

      Has anyone forgotten that Iran was about a week away from producing WEAPONS GRADE ENRICHED URANIUM.

      Hard to forget what may very well be what is in someone's overactive imagination.

      And, does anyone have 'maps' of Stuxnet infections? I keep seeing a claim that Stuxnet was 'in Japan' and even as far as claiming it had infected the Fukushima plant - but all I get is claims like the one above...unattributed claims.

      link to this | view in chronology ]

    • icon
      Chuck Norris' Enemy (deceased) (profile), 2 Jun 2012 @ 6:55am

      Re: WEAPONS GRADE ENRICHED URANIUM

      Has anyone forgotten that Iraq had a stockpile of WEAPONS OF MASS DESTRUCTION!!! That crazy Saddam Hussein was about to unleash a GLOBAL ATTACK on THE WORLD!!! We must send our troops to destroy Hussein, his armies, and spend billions of dollars we don't have, maybe kill some innocent civilians, and lose a few of our troops...OH WAIT!!! No WMD's. No threat. Our bad!

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 2 Jun 2012 @ 7:14am

        Re: Re: WEAPONS GRADE ENRICHED URANIUM

        NO what people forgot was that everyone from Gore, to Clinton, to the French were not only stating the weapons existed but were slamming GW for not acting faster. Fortunately, there will forever be youtube for those who care to know the truth. It is also strange that before the war a couple of tons of yellowcake uranium was considered a WMD but after being found in Iraq it was considered not a threat.

        link to this | view in chronology ]

        • identicon
          Anonymous Coward, 2 Jun 2012 @ 4:44pm

          Re: Re: Re: WEAPONS GRADE ENRICHED URANIUM

          I wish I lived in whatever little fantasy world you lived in ten years ago.

          link to this | view in chronology ]

    • identicon
      JarHead, 2 Jun 2012 @ 7:07am

      Re: WEAPONS GRADE ENRICHED URANIUM

      All I hear is: "Do as I say, not as I do/did"

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 2 Jun 2012 @ 7:11am

    The comments and apparent sympathy for Iran, a nation that has repeatedly stated they wish to wipe countries with religiously conflicting views is indicative of the average age of a commenter on this site. Please read the comments regarding Germany's rights to statehood circa 1938 by an equally young crowd. Nothing has changed, we have not evolved in the last 100 years..instead people continue to want to believe in an idealistic manner that puts everyone at threat. Pakistan, China, and several other countries also stated they had no intention of developing nuclear weapons either before doing so the difference is they never had the audacity to proclaim that they would destroy another nation to bring on the second coming of their Lord. So do you believe the first statement that they don't wish to have nukes while disregarding the second?

    Please grow up soon.

    link to this | view in chronology ]

    • icon
      Mark Gisleson (profile), 2 Jun 2012 @ 7:49am

      Re: Iran

      I grew up in the '50s. I was born just months after the CIA deposed the first democratically elected leader of a Muslim nation. As I grew up I watched the US prop up the corrupt Shah as Iran did the scut work of American "diplomacy" in the Middle East, a job that was taken over by Israel after the Shah fell.

      Iran is an immature theocracy now, just like Israel. Iran, however, has centuries of history in their corner that indicates they will not attack their neighbors (Iraq attacked Iran with Reagan's blessings, remember?)

      Iran needs to be watched, but the Iranian people will slowly bring sanity back to that nation despite it having some crackpot leaders.

      I'm much more concerned about Israel, a nation that keeps moving right, and whose political parties are becoming increasingly hostile to African workers, gays and pretty much everyone who isn't Jewish.

      You can call it a tie, but Iran doesn't influence the USA. Israel does.

      I'm keeping my eye on Israel if you don't mind.

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 2 Jun 2012 @ 2:33pm

      Re:

      The comments and apparent sympathy for Iran


      Where's the sympathy for Iran? They're not following international law either.

      But the ends here do not justify the means. The US has created Stuxnet using quite a few electronic assets at it's disposal that it only had thanks to the Governments efforts to get its hooks into every modern company and industry that operates in the US. Stuxnet took advantage of several zero-days and a signed certificate from a trusted certificate source that it may not have had otherwise.

      You can talk all you want from one side of your mouth about how Iran deserved it and this is to protect freedom. But you can't talk from the other side about how America needs the trust of these technology companies and requires special backdoors and privileges regarding the information these companies protect while it is pulling stuff like this.

      You need to stop being ignorant, read a book, do something to stop being so naive.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 2 Jun 2012 @ 2:23pm

    We're missing the main problem with the logic that Stuxnet was an advanced attack on infrastructure and we're going to be attacked over the internet any day now:

    The systems and companies that Stuxnet targeted, particularly Microsoft Windows and Siemens computer infrastructure may not have had the same vulnerabilities that it had if the CIA/FBI wasn't pushing for their own private backdoors into the majority of closed-sourced industry applications.

    It goes back to being a problem of government agencies putting their nose places where they shouldn't. Which is a good way to summarize the Stuxnet ordeal as a whole.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 2 Jun 2012 @ 2:27pm

    Also, usually what happens in a situation like this is fingers start getting pointed. I'm guessing a select few up top are going to be pointing them toward Anonymous.

    I can see the headlines now: "YES SO WE HACKED THE COMPUTERS OF A SOVEREIGN NATION BUT WE NEED TO BE ON TOP OF THE CYBER GAME SO WE CAN STAY AHEAD OF ANONYMOUS, WHO BTW WROTE STUXNET ORIGINALLY"

    link to this | view in chronology ]

  • identicon
    Led book light, 13 May 2013 @ 7:41pm

    Stuxnet in us!?!

    Since they can do that to the Iranians, is it possible that our computers have "Stuxnet-like" programs hacking or spying on us? The FBI has already confirmed they have the means to gather information, no matter how secured it is.

    This is not a conspiracy theory stuff. This info just came out after the Boston bomber's wife refused to tell everything to the US authorities.

    link to this | view in chronology ]

  • identicon
    network security, 8 Apr 2015 @ 4:11am

    Microsoft responsibility

    I really confused when I saw this article. several years ago I watched a video Bruce Dang one of Microsoft Research team member mentioned we knew about Stuxnet but we weren't allowed to talk about it till now (2010). but now days that everybody knows about the Stuxnet and its mission is finished, why Microsoft haven't patched it forever? is there something remained?
    I searched a lot to find the video I had watched several years ago which contained much more knowledge about the role of Microsoft Research in responsibility of postponing patch the Stuxnet vulnerabilities but I couldn't find it. If someone has any idea please contact me in http://remotegun.com

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.