

Development and testing of the Stuxnet worm - jonburs
http://www.nytimes.com/2011/01/16/world/middleeast/16stuxnet.html?pagewanted=all

======
dmix
It's seemingly safe to believe that there is a very high probability that the
US and Israel are behind Stuxnet.

According to Wikipedia, if this is true than 2010 had the first occurrence of
cyber-warfare between nation states in our history.

<http://en.wikipedia.org/wiki/Stuxnet>

~~~
btilly
The first occurrence? Very unlikely.

It goes back farther than you'd think. The first incident that I've heard
about was in 1982. See
<http://en.wikipedia.org/wiki/Siberian_pipeline_sabotage> for details.

~~~
rdl
Electronic and signals warfare has an even longer history; RDF in WW1 and
earlier, and of course Enigma/Colossus and the RADAR war of ww2. I wouldn't
consider these unrelated to cyberwarfare.

------
extension
I haven't decided yet how to feel about Stuxnet. On one hand, good guys don't
release viruses into the wild, _period_. On the other hand, only good has come
from this. Iran doesn't get nukes until later and industry figures out that
they need to lock down their machine controllers, without any real damage.

~~~
MichaelSalib
_Iran doesn't get nukes until later_

So, we're not going to change the end-game, we're just going to piss of
Iran....and you think that's good?

Consider things from the Iranian's perspective. Back in the day, they were
establishing a legitimate democratically elected government. The US overthrew
that government and pushed a brutal dictator into power, who tortured and
murdered many Iranians. From their perspective, the US is an evil nation that
does evil things. Nuclear weapons look like the only thing that could give
them security against the US. And we're hellbent on stopping them. Heck, the
US has never even apologized for overthrowing their government and installing
a murderous dictator: can you really blame the Iranians for believing that the
US government is trying to screw with their country?

The only way this ends well is with a deal and deals require trust. Does
Stuxnet promote that trust? Or does Stuxnet just provide further evidence that
the hardliners are right, that the US is trying to screw with their country?

 _industry figures out that they need to lock down their machine controllers_

This seems like wishful thinking. We have a terrible track record of getting
large scale systems secured, even in areas where those systems are under
continuous public attack. Industrial software is not one of those areas, so
developers of such software are unlikely to take security very seriously. But
even if they did: we don't know how to get them to build secure systems.

Microsoft spends a huge amount of developer time and money on system security.
They're not very successful. But they devote a much larger fraction of their
budget to that goal than any industrial software shop. So expecting industrial
software shops to produce code that is even as secure as Microsoft's
seems...unlikely.

~~~
extension
_So, we're not going to change the end-game, we're just going to piss of
Iran....and you think that's good?_

All I want is for nobody to get nuked. I think it's more likely that nobody
will get nuked if Iran doesn't have nukes. But you're right that Stuxnet is a
dirty move that erodes trust, that's why I'm conflicted.

 _We have a terrible track record of getting large scale systems secured, even
in areas where those systems are under continuous public attack. Industrial
software is not one of those areas, so developers of such software are
unlikely to take security very seriously._

Surely going from complete obliviousness to awareness is the biggest step the
industry will ever take to being secure, even if subsequent progress is slow.
But I think they will fare better than corporate or home users, because there
are less of them and they are more technically inclined and disciplined.

~~~
MichaelSalib
_I think it's more likely that nobody will get nuked if Iran doesn't have
nukes._

But this doesn't stop Iran from getting nukes, it only delays them. And I
don't see why Iran getting nukes increases the probability of anyone getting
nuked. A nuclear Iran is an Iran that still responds to deterrence.

 _Surely going from complete obliviousness to awareness is the biggest step
the industry will ever take to being secure_

Discovering that you have untreatable cancer will not alter how long you live.

 _they are more technically inclined and disciplined._

Wrong. Do you know anyone who does instrumentation and control work for power
plants? These are people who are very skilled...in their field. In my
experience, they don't know a lot about security because they don't have to.
They don't have millions of script kiddies and organized crime hammering their
code looking for exploits so they can afford to be blissfully ignorant. And
they're no more disciplined than any other developer.

~~~
forensic
>But this doesn't stop Iran from getting nukes, it only delays them.

Eating doesn't stop hunger, it only delays it.

"Stopping" something is inherently temporary. You can say the exact same thing
about stopping anything.

Exercise doesn't stop obesity, it only delays it.

Delay is exactly the goal.

Eventually the Iranian public is going to overthrow their theocracy and create
a democracy. Then they will probably stop striving so hard for nukes because
the leaders will turn to creating prosperity rather than attempting to achieve
a false security through apocalyptic weapons.

------
adrianwaj
Stuxnet: forcing Israel haters everywhere to come sulking out of the woodwork.

------
endtime
Why is it so surprising/impressive that the worm was tested on centrifuges
similar to those it was targeting? More than once, the article emphasizes that
this is unusual and interesting...am I missing something?

~~~
metachris
They are complicated, large and extremely expensive. Nothing one could do in a
garage.

~~~
endtime
Okay...I didn't know anyone was still considering the possibility that Stuxnet
was developed in a garage.

------
yassersouri
You Americans don't get it. Israel and US murder our scientists. They try to
stop our progress towards nuclear energy. They put sanction on us so we can't
buy things like air planes and our planes are old and they crash and people
die. ... All because of what? Because they believe we want to build stupid
nuclear bomb -which we don't- and they have no evidence of it. So we stay in a
war. Peace is never going to become a reality. And It's Americans fault.

~~~
Peaker
Why is Iran developing long-range missiles with the capability of carrying
nuclear warheads in parallel to its nuclear program?

Iran has been involved in multiple wars by proxy for a while now, it is
unlikely an opportunity to arm itself with nukes will arise and they will not
take it.

~~~
ryoshu
Most likely because it is a non-Arab power in the Middle East that is
threatened on two sides by the world's only standing super power -- a super
power that has routinely threatened invasion of Iran. Look at the WikiLeaks
cables that exposed the pressure from other Middle Eastern governments for the
US to invade Iran. Given the geopolitics, Iran's desire for nuclear weapons is
perfectly rational.

------
jaydz
This story would be more interesting if Microsoft and/or Siemens actually
helped develop this malware.

~~~
kenjackson
I think the story would be more interesting if the malware appeared to have
come from aliens from outside our solar system who knew that Iran getting
nuclear capability would destroy the world and eventually set the galaxy out
of balance. They send a virus back through time to stop Iran.

This reporter finds evidence of this in the virus, and additionally finds
indications of future events that have yet to unfold, but which this virus
will also disrupt.

Otherwise, I think you're left with a pretty mundane story.

~~~
nir
The story could definitely use some Nicholas Cage.

------
bueller
the net positive is that cyber-security is brought to the forefront for the US
gov, more importantly this will be a great movie staring colin farrell as an
Israeli ruby developer that came up with the plan

~~~
bueller
<http://en.wikipedia.org/wiki/Unit_8200>

~~~
Dove
Also, <http://en.wikipedia.org/wiki/Twenty-Fourth_Air_Force>

This stuff isn't new -- it's just new to most people.

------
Estragon
I probably shouldn't be surprised by willful ignorance anymore, but it amazes
me that everybody in the article can celebrate this achievement and at the
same time admit that it's just "pushing back the clock." Israel's still going
to get hit by a nuclear weapon some time, because the technology to build one
is just going to keep getting cheaper and more accessible.

~~~
btmorex
You think it's inevitable that Israel gets nuked? I find that very unlikely,
especially since the attacking nation would definitely be destroyed as well.

Iran doesn't want nukes so that they can destroy Israel. They wants nukes,
because obtaining them immediately makes them powerful on the world stage.
(and I say that as someone who really doesn't want to see them get nukes too
because they're a crazy religious theocracy)

~~~
yassersouri
Think for one minute. Who is the craziest nation in this regard? Who has used
nukes twice to murder people. US of course.

~~~
abdulhaq
Never remind Americans that they deliberately slaughtered over 100,000
civilians with nuclear weapons - they don't like it.

~~~
forensic
Would Muslims abstain from killing civilians in a world war?

Moral arguments are pointless. We need results oriented thinking.

Is it better or worse for everyone if Iranian leaders have nukes?

I think even most Iranians would agree that it is worse. Their government is
not exactly popular.

