

Another Piece of the Stuxnet Puzzle - 127001brewer
http://www.schneier.com/blog/archives/2012/02/another_piece_o.html

======
joelhaasnoot
Interesting that the pictures here that he mentions
<http://www.president.ir/en/9172> are from 2008, Stuxnet is from 2010. This
picture <http://www.president.ir/media/main/28838.jpg> can be matched to the
attack code. Wonder if who ever created it (US/Isreali gov't/attackers?)
actually used this as evidence or had better inside sources...

~~~
JanezStupar
I believe that its safe to say that at the level of incompetence of counter
intelligence that has allowed for presidents team to publicly publish the
images on the Internet, from which one versed in the field can read and
discern the architecture and configuration of a top secret nuclear facility.

I believe that getting a spy into the facility like this would be no major
obstacle for MOSAD or CIA, since they have in the past infiltrated even more
secure organizations/facilities.

------
forgotusername
tl;dw: the "juice" Schneier refers to is essentially the correlation between a
bunch of static array bounds in the Stuxnet code, the layout of Natanz'
enrichment process as computed by a respected American nuclear physicist in a
public paper (based on data from an intentional leak by the previous head of
the Iranian nuclear program), and finally hard evidence of this layout in
SCADA screenshots from the plant that were released by the Iranian government.

This summary makes the correlation sound almost coincidental, however the
video makes a pretty convincing case.

------
aw3c2
Direct link to the actual content:
[http://www.digitalbond.com/2012/01/31/langners-stuxnet-
deep-...](http://www.digitalbond.com/2012/01/31/langners-stuxnet-deep-
dive-s4-video/)

~~~
feralchimp
Was hoping this was the video, which isn't showing up on iOS.

~~~
schiffern
<http://vimeopro.com/s42012/s4-2012/video/35806770>

They should've embedded with the Vimeo universal player:
<http://vimeo.com/blog:334>

------
ChuckMcM
In the video it was really cool to see where he points out the configuration
of the 15 stages by looking at the top of the monitors in the foreground. Let
that be a lesson to you opsen out there, don't let them see the big board!

------
stianan
At 28:35 he says: "This is a 100% match with what you see here. The most
telling evidence are the missing dots here and here. These are your missing
dots".

Which dots is he referring to? There are two prominent missing dots on the
computer screen, but they are not present in his Stuxnet model.

~~~
joelhaasnoot
He's talking about the screen on the right. Green dots indicate a centrifige,
white dots indicate none. You can see the patterns line up with the table on
the slide.

------
trotsky
Is anyone aware of a source of Ralph's commented decompilation? Has he said if
it will be released?

------
funkah
100% certainty is always nice, but I thought everyone was already pretty well
convinced that it was designed to specifically attack that lab. At least, that
was my impression from that big long article about it that was going around a
while ago.

~~~
maaku
Yes there's nothing new here, except a public explanation about WHY everyone
is pretty well convinced Natanz was the target. And it makes for a pretty
interesting watch.

------
monochromatic
Does Schneier actually write anything himself for his blog anymore, or does he
just link to things he finds on the internet?

