
A Look at Stuxnet, the World's First Digital Weapon - ghosh
http://www.wired.com/2014/11/countdown-to-zero-day-stuxnet/
======
teamhappy
This is quite important for the current debates we're having. If you look at
the news media, or the Hacker News front page for that matter, you stumble
upon articles accusing China and Russia to hack into foreign governments
regularly. Similarly, China and other asian countries are often accused of
adding backdoors to their hardware (e.g., routers, switches, telco equipment).
The only* backdoors ever found in hardware were found in hardware build by US-
based companies. And, of course, Stuxnet is the first example of governments
(USA and Israel) attacking a foreign country's critical infrastructure with a
"digital weapon." I'm not sure how to feel about that.

*I'm not sure this is still true today

\---

Let me add that, when it comes to topics like this one we should probably
stick to what we know for sure. Figuring out if code is a backdoor or a bug is
already hard enough (not always though). The same goes for attacks.
Governments accuse each other of doing a lot of things, and fortunately,
sometimes they even admit that they make these claims up.

Oh and please don't take my word for any of this. There are well known and
respected people who speak very openly about these topics on conferences like
CCC, DEFCON, etc.

~~~
Dove
_I 'm not sure how to feel about that._

I know how I feel about it: I would much rather wars were fought with code and
robots than with tanks and bayonets. And I would rather those than CBRN
weapons!

Certain countries were _going_ to neutralize that facility. Had to, for
survival reasons. The only real question is . . . how? They could have picked
a full-scale war. They could have precision-bombed the facility. They could
have assassinated the workers. These solutions have all been chosen in the
past, in similar scenarios. By comparison with the other options available,
Stuxnet achieved the goal in an extremely civilized manner, with no loss of
life.

They say the purpose of war is to kill people and break things, but really it
isn't -- it's to accomplish objectives, to make people do what you want. The
killing and breaking is really just a way to make objectives happen. And the
better targeted your weapons are, the better you can make what you want to
happen happen with less and less extra mess. Cyberweapons are some of the best
targeted things ever dreamed of in the history of warfare. You can disable
infrastructure without going within miles of harming a human on either side,
military or otherwise. I am a big fan.

~~~
wavefunction
Like civilians don't need "infrastructure" or "aren't harmed" by its loss...
I'd say stick to your day-job or whatever.

Drone warfare is a horrible new twist on the human tradition of killing each
other over pettiness. There is nothing good about it.

~~~
Dove
_I 'd say stick to your day-job or whatever._

You know, this is an example of the sort of vacuous insult that I don't expect
to see on HN -- or at least, didn't expect to see a few years ago. Every time
I come by here, I'm disappointed afresh by the community, and I find myself
visiting and participating less and less frequently. :(

I disagree with a lot of what you said, and can give you a serious response if
you want one -- but from your tone, I strongly suspect you don't.

~~~
teamhappy
What upsets me the most is that these kind of personal attacks delegitimise
the entire argument (which happens to be my argument too). Fortunately, there
still are a couple of people here who know the difference between "not
condemning" and "advocating."

------
cafard
What about the bogus code that supposedly led to a Soviet gas pipeline
explosion years ago?

~~~
eli
I thought those were more like faulty engineering blueprints

~~~
dmckeon
Looks more like SCADA software than plans:

[https://en.wikipedia.org/wiki/Siberian_pipeline_sabotage](https://en.wikipedia.org/wiki/Siberian_pipeline_sabotage)

------
daveriess
Here's one of the Siemens forum threads where apparently stux is first
encountered by engineers.

[https://www.automation.siemens.com/forum/guests/PostShow.asp...](https://www.automation.siemens.com/forum/guests/PostShow.aspx?PostID=250319&Language=en&PageIndex=1)

~~~
skaevola
Wow... forget dog, I guess nobody on the internet knows if you're an Iranian
nuclear engineer.

------
yuhong
One interesting thing about Stuxnet is that it targeted Win2000 but was only
discovered just after it went out of support.

~~~
teamhappy
I'm not sure how relevant this is given that people claim the purpose of
Stuxnet was to attack Iran's nuclear facilities. Facilities like that usually
aren't allowed to install software updates anyway. The reason is
certification. They install certified software on a machine, and then it gets
locked away and nobody is allowed to touch it. Then again, I don't know if
this is true for Iran as much as it is for western countries.

------
transpy
I have lost the ability to read a long piece. I feel frustrated when I go to
the news site and I am presented with a 'narrative' that seems to hide the
real information. I need a paragraph that tells me straight forward what this
weapon is about, not a long, obfuscated narrative. It's my fault, I'm not
complaining.

~~~
presumeaway
I think I know why you're getting down-voted, but it's an interesting and real
issue.

If you go a while, mostly digesting only tiny chunks of information, your
brain optimizes around that and eventually becomes bad at dealing with longer
narratives. (Aside: sometimes those narratives are worthwhile, other times
they seem like they're just filler to make editors and publishers happy. But
that's beside the point.)

It's also something we seem to be losing as a society.

The good news is, at least in my own experience, it's a skill we can develop
(and it's closely related to attention span). When I buckle down and read
complex texts for non-Internet periods of time (20-30 minutes), I quickly
regain my speed and comprehension. But I find it important to deliberately
exercise that part of my brain.

------
dutchievandyk
"An look"? Not a native speaker, but shouldn't it be "A look"?

~~~
arh68
I imagine the short limit to titles' lengths forced an omission: An
_Unprecedented_ Look at Stuxnet...

