
Unilateral Israeli changes to Stuxnet caused its exposure, angering US - bhouston
http://www.jpost.com/Middle-East/Iran/Israels-rash-behavior-blew-operation-to-sabotage-Irans-computers-US-officials-say-444970
======
fsck--off
If you want to read more about the two different Stuxnet attacks, I highly
recommend Ralph Langner's 2013 write-up "To Kill A Centrifuge"

[http://www.langner.com/en/wp-content/uploads/2013/11/To-
kill...](http://www.langner.com/en/wp-content/uploads/2013/11/To-kill-a-
centrifuge.pdf) (36 page PDF)

Langner was the first researcher (outside of those who were involved in its
creation) to discover Stuxnet.

~~~
rqebmm
It's interesting reading that doc in light of this news, as Langer notes that
in 2009 the attack vector changed significantly, from a stealthy, bespoke,
pressure-oriented attack, to a more vicious but easier to identify rotor-speed
attack (the one we've all heard of), and also increased its infectivity by
self-propagating.

> "Whatever the effect of the overpressure attack was, the attackers decided
> to try something different in 2009. That may have been motivated by the fact
> that the overpressure attack was lethal just by accident, that it didn’t
> achieve anything, or – that somebody simply decided to check out something
> new and fresh."

> "Summing up, the differences between the two Stuxnet variants discussed here
> are striking. In the newer version, the attackers became less concerned
> about being detected. It seems a stretch to say that they wanted to be
> discovered, but they were certainly pushing the envelope and accepting the
> risk."

> "The dramatic differences between both versions point to changing priorities
> that will most likely have been accompanied by a change in stakeholders. "

I wonder if that's when the Israelis got involved?

Also, this is shockingly readable for the depth and subject matter!

------
ars
> In this way, after the strongest version of the virus was implanted in order
> to increase the force of the damage to the centrifuges at Natanz, the virus
> .... began to "jump from computer to computer"

I don't see how one follows from the other. One talks about the virus causing
additional damage to centrifuges rather than minor damage.

The other is about increased infectiousness.

They are two different things and they are just tied together as if there is
some relationship between them.

This article is almost completely devoid of any evidence, or even a plausible
logical explanation/motivation.

~~~
sigmar
>The other is about increased infectiousness.

Perhaps the additional damage is caused by increased infectiousness since the
virus would be spread through more diverse intermediaries on its way to
various centrifuge systems?

>This article is almost completely devoid of any evidence, or even a plausible
logical explanation/motivation.

Well this article is reporting on what is stated in a forthcoming movie, not
performing an investigation

~~~
ihsw
> Perhaps the additional damage is caused by increased infectiousness since
> the virus would be spread through more diverse intermediaries on its way to
> various centrifuge systems?

And there it is. Fingerprinting the variety of recipients takes time and
effort, as well as producing viable payloads to assert control over them.

------
samstave
Stuxnet was such an amazing event. The speculation at first, the quasi
confirmation a little later based on certain items in the code. The dissection
of it and the tech talks by Microsoft and others on its design and build...
And then that it had a successor - and now it comes out that Israel and US
squabbling over what team did what which allowed it to be exposed.

It is such an amazing cornerstone in the cyberpunk reality of where the world
is heading.

If you haven't watched the tech talks on stuxnet and duqu, please do - super
interesting.

[https://m.youtube.com/watch?v=rOwMW6agpTI](https://m.youtube.com/watch?v=rOwMW6agpTI)

[https://www.ted.com/talks/ralph_langner_cracking_stuxnet_a_2...](https://www.ted.com/talks/ralph_langner_cracking_stuxnet_a_21st_century_cyberweapon?language=en)

[https://m.youtube.com/watch?v=P_nOg4Os6qg](https://m.youtube.com/watch?v=P_nOg4Os6qg)

~~~
Jerry2
> _If you haven 't watched the tech talks on stuxnet and duqu, please do -
> super interesting._

If you or someone else has some recommendations on which ones are worth
watching, please do let us know.

~~~
AsyncAwait
For a broader overview of Stuxnet and the surrounding situation, I would
recommend the book "Countdown to Zero Day" \-
[http://www.amazon.com/gp/product/0770436196](http://www.amazon.com/gp/product/0770436196)

------
BWStearns
>> The deadly virus

>> “changed the code” (the scare quotes bit)

>> to invent a “vaccine”

>> the secret formula... fell into the hands of Russia and Iran

>> increasingly stronger versions of the virus

>> the most deadly version of the virus

Is anyone else not wild about the manner in which "cyber" articles get
written? I feel like non-technical readers are left mildly concerned that
they're going to come down with a case of the stuxnet and die, or that now
that Russia and Iran have a copy of stuxnet we're all doomed.

Most of the language regarding the virus seemed more appropriate for an actual
bioweapon. It'd be nice if there were a bit more focus on educating the public
than scaring them.

~~~
sangnoir
MOst of the quotes made sense to me: >> “changed the code” (the scare quotes
bit)

Might not be scare quotes but a direct quotation

>> to invent a “vaccine”

This is pretty obvious - an antivirus

>> the secret formula... fell into the hands of Russia and Iran

They got a way to get the virus' signature, as well as copies to reverse-
engineer

>> increasingly stronger versions of the virus

>> the most deadly version of the virus

Might refer to virulence or how quickly the effects were ramped up. The most
effective viruses are not the most transmissible (burn themselves out and/or
are quickly noticed)

> now that Russia and Iran have a copy of stuxnet we're all doomed

not doomed _per se_ , but it would probably be better for the average american
if this hadn't happened. The worst thing about this, IMO, is that it set a
very public precedent on the use of 'cyber-weaponry', costing the US moral
high-ground

~~~
BWStearns
With the exception of me missing that they were not scare quotes but rather
direct quotes, I understood all of the referenced text. I just wanted to point
out that the way it is written is not the best way to help inform the general
public about cybersabotage and espionage campaigns. While using such language
directed towards an expert crowd for giggles doesn't do any harm it
contributes to the general atmosphere of panic to tell a general audience that
Russia and Iran now have "the secret formula for the most deadly version of
the virus". My parents don't know for sure that that virus won't kill you,
computers are very scary for them, they might think stuxnet is in their car
trying to kill them now.

------
obelisk_
>Pictures of then-Iranian president Mahmoud Ahmadinejad’s visit to the Natanz
facility helped the experts obtain needed intelligence on the computers. The
computers, their configuration and their rear connections can be seen clearly
in the pictures. Eventually, these entry and exit points served as portals to
implant the virus.

I doubt that this alone was all they needed. Probably once they had identified
the vendors of the equipment, they retrieved the purchase orders from those
vendors, either with or without the knowledge of said vendors.

~~~
lucio
[http://static1.businessinsider.com/image/528cf418eab8ea305c9...](http://static1.businessinsider.com/image/528cf418eab8ea305c969d2a/the-
stuxnet-attack-on-irans-nuclear-plant-was-far-more-dangerous-than-previously-
thought.jpg)

------
suprgeek
Hate to turn this into a political thread when there is so much info about
software but....

The sheer arrogance with with Israel operates is just something else. They
seem to to believe that no action they take will ever be questioned or lead to
any blowback.

The almost total control of US Foreign policy that they have now makes me
think that the Iran deal being operationalized was nothing sort of a coup for
Pres. Obama.

If I were a conspiracy nut, I would be looking very closely at how those two
US naval boats drifted that close to an Iranian base on the eve of the
agreement coming into force.

~~~
TheGuyWhoCodes
"They seem to to believe that no action they take will ever be questioned or
lead to any blowback" \- That's not true. Like any country Israel wights the
pros and cons of any decision. Some work in their favor some don't. If you
think Israel doesn't taken into account the repercussions to it's actions you
are gravely mistaken. I agree with you that Israel tries and succeeds in
influencing US Foreign policy, why wouldn't any country do that if it works in
their favor? Why is Israel being criticized of this when any other country
including the UK, France, Germany, Iran, Egypt are doing the same?

~~~
cheetos
> Why is Israel being criticized of this when any other country including the
> UK, France, Germany, Iran, Egypt are doing the same?

Because Israel could not do five percent of the things they are doing without
the massive amount of military and financial welfare and protection they
receive from the USA. The other countries you list do not have that luxury to
nearly the same extent.

~~~
TheGuyWhoCodes
Massive amount? US foreign aid to Israel is about at most 3% of Israel yearly
budget. Most of it Israel has to spend in a specific defined way, mostly
buying from US companies. Some go to R&D which are joined operations with the
US. Don't forget that Egypt and Jordan get foreign Aid, 1.5B$ while Israel
gets 3B$. I don't see any comments on why US should stop it. UK, France,
Germany are in NATO which gives them much more luxury to do what they want.
Iran developed a Nuclear program, is funding and assisting terror organization
which killed thousands of civilians, not to mention in details what's going on
in Syria right now.

~~~
obrero
> Don't forget that Egypt and Jordan get foreign Aid, 1.5B$ while Israel gets
> 3B$

What? Egypt got no "foreign aid" until some post-Nasserite forces in Egypt got
together and decided to kow-tow to Israel and the US during the Camp David
accords. For Jordan it is pretty much the same thing, from the attacks on
Black September on.

The politicians running these countries were bought off to play nice with
Israel. This is more or less openly stated in journals like Foreign Affairs.
The money to Egypt and Jordan is money being given indirectly to Israel.

~~~
TheGuyWhoCodes
Egypt gets Foreign Aid since 79', Jordan got economic and military aid since
1951 and 1957, respectively. Black September started on 6 September 1970.

I agree with you they were bought off, but was it better for them to be at a
constant war with Israel?

> The money to Egypt and Jordan is money being given indirectly to Israel I'd
> very much would like an explanation on this.

------
IvanDenisovich
In any large organization you'll see instances of departments clashing over
projects, managers going over each others' heads and bureaucratic turf wars.
I'm sure these disputes are at least as common inside the NSA, or between
different branches of US intelligence, as they are between the US and its
allies.

The difference here is that in an international setting, our national ego
comes into play and suddenly it's all about the Israeli lobby or some deep
geopolitical interests, when it could just as easily be caused by a SW bug or
an overzealous midlevel manager.

Maybe there is a place for a broader discussion about supplying arms to
Israel, but I don't think this case is a good example. Looks more like Israel
and the US collaborated very closely, on mostly equal terms, to achieve some
impressive technological breakthroughs. If anything, this is a testament to
how technology and international cooperation can provide a safe and efficient
alternative to unilateral use of of force. If the worst side-effect of all of
our covert and overt operations was leaking some Zero Days, the world would be
a much safer place.

~~~
SturgeonsLaw
> I'm sure these disputes are at least as common inside the NSA

Given the NSA's contradictory mandates to both improve and weaken security, I
think you're definitely on to something.

------
jqm
I guess I'm ok with Stuxnet. What I am most decidedly not OK with is the
assassination of Iranian scientists. Iran has a right to be upset... it's only
a wonder they aren't more upset.

------
Raticide
That website looks awful, full of clickbait titles and stupid scam adverts.
Doesn't seem like a trustworthy source at all.

------
hackuser
Remember that while Israel is a first world country, it's tiny. It's
population is 8.4 million, 1/40th of the U.S. and about the size of New York
City proper (not suburban, which is ~20 million). Probably the Israeli
government does not have the same level of talent and other resources that the
U.S. government does. Imagine if the NSA was staffed only with residents of
NYC, for example.

(However, 3 of 8 US Supreme Court Justices are from NYC, and Alito and Scalia
are/were from NJ.)

~~~
BWStearns
This is a bit offset by their large proportional tech sector and compulsory
service. The NSA (and gov tech in general) would be a hell of a lot better if
everyone had to do a year or two of government service.

Clarification: not to imply that the NSA is bad at their job currently, but if
they could borrow two years off of every technical person in the country I
can't see how that could hurt.

~~~
wernercd
Yes and no...

Yes, because there would be a bigger pool to choose from. For the same reason
that bigger schools have better sports teams: More Athletic types... Having a
bigger pool of candidates means you have more chance to get specific with your
choices.

No, because then you would be using the "Draft". There is a reason the US
moved away from it in after Vietnam and went to an "All Volunteer" force. (
[https://en.wikipedia.org/wiki/Conscription_in_the_United_Sta...](https://en.wikipedia.org/wiki/Conscription_in_the_United_States)
)

Personally, I think those types of services (Military, FBI, etc) should be
volunteer... last thing you want is your back being guarded or secrets been
covered by someone who doesn't agree with or want to be there.

~~~
BWStearns
Definitely agree on the logic around a negative impact of a draft based
service. I was thinking more along the lines of the Swiss model where you can
go be a teacher or a ski patrolman and it'll still count rather than a
Korea/Vietnam style thing.

------
jorgecurio
what confuses me about the US-Israeli relationship is that the most of the
times they work well but at times one is always sabatoging each other in a
manner that makes you reconsider, is Israel and enemy or a friend to the
United States? I don't think Japan would pull off shit like this.

It's like there's a four tier system to what defines a US Ally.

Platinum - Gets you exclusive access to black funds & latest weapons no other
allies are getting. Discounted oil from Saudi too.

Gold - Gets you access to aids and credit line with the IMF. You get the top
grade weapons that other allies wish they were getting haha.

Silver - Gets you access to some aids and political credit for your election
periods in your country. Free defense of your country, we'll even pay half the
cost of our stay.

Bronze - Gets honorable mention in speeches and aids but don't count on our
diplomatic support. You are largely left on your own to defend your country.
We'll sell you some of our refurbished weapons and overstocked weaponry at a
discount or if you buy our bonds.

edit: why the downvotes? seems like any comment that seems to critcize US-
Israel relationship on here are automatically downvoted to oblivion. As a
Canadian, all of this is very confusing. A) Why in the fuck would the most
powerful country succumb to a particular smaller country but nobody else B)
Why in the fuck nobody is allowed to question the arrangement? C) Why are
people who think Jesus will return in Israel (mental illness?) are allowed to
make decisions on behalf of people who don't agree with it?

And to people who say both countries are acting in a way that maximizes their
national interests, yet certain actions by certain country are seemingly
kosher (no pun intended) while if another country in the similar position did
the same actions, there would be severe punitive and a concerted diplomatic
backlash and media smearing. All but one particular country seems to get a
free golden pass on literally all aspects that influence United State's
national interests.

The US gets less than what Israel gets out of the relationship. What was US's
big reward for helping Israel? It incited attack from other anti-Israeli
terrorists and continue to place the national security at risk just to further
some geopolitical goals in some remote place that has nothing to do with the
average American.

The emperor wears no clothes, and as a Canadian I just pointed out what I'm
seeing. I have no stake in this argument or have mistrust or hatred for
Israeli people and American peoples, but it's not hard to see the level of
mistrust each countries populace has towards their own government's policy.

~~~
chx
I think you misunderstand the relationship. One, there are civilians,
extremely rich civilians who are sending more than a pretty penny to Israel.
Two, the US government is essentially bribing the Israel government to stay
put and not kill everyone around them. I believe most people vastly
underestimate the military might of Israel. Did you know, for example, that
Israel has unmanned ground vehicles
[https://en.wikipedia.org/wiki/Guardium](https://en.wikipedia.org/wiki/Guardium)
essentially mini tanks already operational? They have main battle tanks which
can intercept RPGs and even anti tank guided missiles
[https://en.wikipedia.org/wiki/Merkava#Mk_IVm_Windbreaker](https://en.wikipedia.org/wiki/Merkava#Mk_IVm_Windbreaker)
. If Israel wanted to wreak havoc in the region, they certainly could. I was
and still surprised they didn't grab a bit of Syria.

~~~
jqm
Grabbing a bit of Syria would hardly have been worth the propaganda disaster
though. The world wouldn't have reacted very favorably... particularly the
Muslim world.

And yes, Israel has some extremely good technology. But they also have some
pretty fierce enemies. See their incursion into Southern Lebanon a few years
back for instance. They also don't have that large of a population. It
probably is in their best interest they aren't seen as expansionist.... for
the moment at least.

~~~
13thLetter
What do you mean by "for the moment at least"?

~~~
jqm
Circumstances may change and at that time it may be in Israel's best interest
to appear expansionist. But for now and for the foreseeable future, it will
probably help keep the peace if they aren't.

~~~
13thLetter
So just like every other country in the world, then.

~~~
jqm
Well, there would be generally less tensions with many other countries acting
in an expansionist manner than with Israel doing so.

Given the history short (modern) history of Israel and the religious animosity
of the neighbors etc. it would be certain to inflame more hostility
internationally than Rawanda taking a piece of Burndi for instance. But I'm
sure you are already aware of all this. I went back and read your previous
posts. It seems you may be looking for an anti-Semite under every rock.
Well... next rock. I'm just pointing out practical reality. I don't have an
axe to grind with Israel existing.

~~~
13thLetter
I won't deny that I'm fairly sensitive on the matter, given that anti-Semitism
is not just acceptable but a major electoral winner these days -- as long as
one applies a coat of "anti-Zionist" paint on top, one is good to go with the
vilest conspiracy theories and blood libels, as we've seen right here in this
comments section.

What made me raise an eyebrow was the bit about how if things changed, it
might be in Israel's interests to be expansionist. That's obviously true, one
could say that about any country, of course, but... well, in the end that's
probably on me being oversensitive, and it was uncalled for to go after it.

~~~
jqm
No worries. I actually think it might be better for the locals if (a more
enlightened and less hard-line) Israel governed a bit more of the Mideast but
this is a political impossibility right now and certainly better left unsaid.
I should have left that bit off... it didn't have anywhere to go but towards
irritating somebody. I'll take blame on that.

------
13thLetter
It's sad how quickly a comment section on a story about Israel fills up with
conspiracy theories about perfidous Zionists owning the US government, even on
a normally more rational place like HN. It feels like this is the Guardian or
something. Maybe we need to take a hard look at ourselves here.

------
profeta
warning: site has auto-play audio ads. (for people that only block flash, and
not ads in general)

------
TheGuyWhoCodes
I find it hard to believe that top secret information like this would be
confirmed by top US officials. Why declassify this information? what possible
outcome were they hoping to achieve?

It's obviously a smear campaign against Israel, i'd take it with a grain of
salt.

------
henrikschroder
> a deadly virus that penetrated computers

> a “vaccine” for their computers

> the secret formula for writing the code for the virus software

> these entry and exit points served as portals to implant the virus.

> the most deadly version of the virus

I don't know if this is a result of the journalist, or the film that is the
source material, but that's way too many bad biological parallels to describe
a computer virus.

~~~
ethbro
I prefer people write in a vocabulary that's native to me as well, but I don't
see any of these as being _inaccurate_ analogies.

------
samstave
[in response to the anti Jew comments below]:

This is just bad.

Trust me I have @dang all over me when I make poor/emotional comments, but
this is just ignorant.

Nobody cares that the Israelis are Jews, we care when they (and any other homo
Sapiens) act like assholes.

So this is not a Jewish issue, per se, it's an asshole issue, let's be clear
about that.

~~~
littletimmy
What anti-Jew comments? There aren't any.

~~~
dfc
HN is not a magical land where people do not leave moronic comments. Between
users flagging comments and dang a lot of comments get killed. If you would
like to see what HN would look like without some level of moderation turn on
show-dead in your preferences. The anti-semetic idiots will be at the bottom
of the page.

