
Researchers Connect Flame to Stuxnet - techinsidr
http://www.securelist.com/en/blog/208193568/Back_to_Stuxnet_the_missing_link
======
DanielBMarkham
After reading Sanger's NYT piece, I am becoming more and more concerned about
the administration leaking/deciding-to-release information about Stuxnet. As
this article shows, once the cat is out of the bag people can start learning
all kinds of interesting things about your intelligence activities.

Usually such covert acts which could be considered an act of war are separate
and disjointed. You find a spy in East Germany and it's a one-time incident.
But with technology, you find one op and you start pulling the thread and all
sorts of ops come out of the woodwork.

I'm a libertarian and definitely support a more open society. But I also
believe that any government must keep secrets on occasion. Whether or not
Stuxnet (or any other sort of cyber-warfare) was a good idea is a separate
issue. My concern is that, from a technology standpoint, there may not exist
the separation of operations that is critically necessary for continued
intelligence activities to be successful.

Or, to rephrase, Stuxnet wasn't just the ratcheting up of cyber-warfare in the
particular arena of nuclear non-proliferation. With the acknowledgment that
the U.S. is responsible, and the way deconstructing one operation can lead to
exposing another, it's ratcheting up the stakes for all intelligence-based
cyber activities in all arenas. When the eventual shit storm comes, the U.S.
will be the one that gets the blame for it (fairly or not).

~~~
gaius
The US govt has basically thrown down the gauntlet to every hacker in the
world and invited them to take a crack at the US. I hope the leak was worth
it, for Obama's reelection campaign. Because it was incredibly irresponsible
to boast about it, that is like a red rag to a bull.

~~~
DanielBMarkham
I'm a firm believer that the president gets final call on what's secret and
what's not. If that wasn't the case, you'd have the intelligence agencies
basically running around unfettered.

I also understand that it's an election year, and the party that is out of
power is going to do their best to make everything into a crisis.

Having said all of that, when the administration releases information that
affects programs that might have taken large sums of money to develop over
many years, that might have many more years of usefulness, that has the
potential to change the geopolitical landscape for the country for the worse,
and that draws attention from every hacker on the planet? It's a little more
serious than the usual election year nonsense.

My concern is that I do not believe the country received any benefit at all
from the release, and the harm could go for quite some while. Quite frankly
when things like this happens it helps make a strong case for the idea that
the agencies _should_ keep things from oversight, and I think that's the worst
part of the whole thing. We need to get rid of a lot of the secrecy we have --
perhaps 99% or more -- but the things that remain secret should be soberly
treated as such. Time will tell what kind of damage has really been done after
all the smoke clears. Hopefully not much, but I doubt it.

~~~
dantheman
But the administration has rules, yes secrecy is determined by executive order
but there are processes to follow. You can't say some stuff is so secret that
you can't confirm or deny and then in the next breath brag about it.

------
mmaunder
Quote "The above conclusions point to the existence of two independent
developer teams, which can be referred to as ”Team F” (Flame) and ”Team D”
(Tilded). Each of these teams has been developing its own platform since
2007-2008 at the latest."

This ties in with the data that David Sanger released in his NY Times article
just over a week ago. He reveals that the NSA collaborated with Israel's Unit
8200 to create Stuxnet in an op titled "Olympic Games". So we can probably
just rename them to "Team USA" and "Team IDF".

Sanger's article: [http://www.nytimes.com/2012/06/01/world/middleeast/obama-
ord...](http://www.nytimes.com/2012/06/01/world/middleeast/obama-ordered-wave-
of-cyberattacks-against-iran.html?_r=3&pagewanted=2&seid=auto&smid=tw-
nytimespolitics&pagewanted=all)

~~~
forgotusername
Please don't refer to that NYT article as "data" (noun: _Facts_ and statistics
collected together for reference or analysis). The it-must-have-been-us
presumptive mentality despite the absolute lack of concrete evidence bothers
me to the point of contempt.

~~~
mmaunder
Dear "forgotusername". David Sanger is a Pulitzer prize winning reporter and
Chief White House correspondent for the NY Times where he has been for a
spectacular 30 year career. He worked with the US administration to determine
what data in that article was safe to publish and what would compromise
ongoing ops.

~~~
forgotusername
Making an appeal to authority doesn't change anything. Most people seem to
fail to grasp that there is an $8bn industry spanning the globe who _thrive_
on secret software vulnerabilities.

Beyond the presence of these, the only surprising fact surrounding either worm
is that Stuxnet targeted Siemens PLCs. If it weren't for that, there is
nothing to demonstrate either of these worms weren't written by an entity as
relatively benign as an acutely talented, bored teenager.

But ignore reality, pepper dramatic terms like Iran, cyber war, espionage,
license to kill around liberally and see what effect it has on your freedom to
use your computer in coming years. That may be the only tangible result of all
this hot air.

You should also be aware that same industry stands to make the most direct
gain from any increase in public perception of information security, and any
resulting regulation.

~~~
Xylakant
> Beyond the presence of these, the only surprising fact surrounding either
> worm is that Stuxnet targeted Siemens PLCs. If it weren't for that, there is
> nothing to demonstrate either of these worms weren't written by an entity as
> relatively benign as an acutely talented, bored teenager.

Apart from the fact that flame used a previously unknown chosen prefix
collision attack against MD5? I'd love to meet that bored teenager...

[see <http://news.ycombinator.com/item?id=4080240>]

------
acron0
I have to say, although I can only appreciate at a distance the level of skill
needed to pull something like this off, reading articles about it blows my
frickin' mind. It is both fascinating and terrifying that there are people out
there who can do these kinds of things. This, imo, is the stuff that really
separates the wheat from the chaff when it comes to hackers. And just look how
the media frenzied over the likes of LulzSec. I hope they never have to grasp,
first hand, just how deep that rabbit hole can go. Really, money and political
whim aside, a large portion of our freedom can be attributed to these
individuals. That is damn scary. I hope they're kept on a very tight leash,
anyway.

~~~
weavejester
> Really, money and political whim aside, a large portion of our freedom can
> be attributed to these individuals.

How so?

~~~
dfc
We won _the cold war._

~~~
Danieru
The soviets had an economic crash.

The USA did not win the cold war, the USSR lost it.

~~~
dfc
Wow, I never thought about it like that. Imagine how much earlier _the cold
war_ would have ended if American actions effected the allocation of Soviet
resources? ;)

~~~
morsch
Do you ever question that narrative? I know it's a widespread one, and it
seems to make sense, but I'm wondering how many of those who bring it up have
retraced the research or have the background to even be able to retrace it.

This is not a dig at you -- who knows maybe you _did_ do the research, and if
not, it's a probably a good and reliable strategy to trust the consensus
narrative by default.

~~~
dfc
I appreciate your comment, in fact I think a lot of this thread is based off
blind adherence to the popular narrative (just look at the attention given to
who leaked and why). I have done a lot of research and reading in this area.
The intelligence/military arena is a hobby/fetish of mine. Just look at the
impact of the Stinger and the broader US involvement with Russia's occupation
of Afghanistan (Ghost War is the canonical reference). For further evidence of
the US's awareness of the importance of economics take a look at the grain
subsidies and the discussions for and against.

------
at-fates-hands
The most fascinating part of this for me was the fact it looks like Flame was
developed prior to Stuxnet. Not the other way around as most people believed.

~~~
Achshar
Well flame is alot more complex than stuxnet, so it only makes sense it would
be better at keeping itself hidden, and for longer.

------
droithomme
If true, since we now know who wrote Stuxnet, therefore we now know who wrote
Flame.

