
 Puzzle box: The quest to crack the world’s most mysterious malware warhead - robin_reala
http://arstechnica.com/security/2013/03/the-worlds-most-mysterious-potentially-destructive-malware-is-not-stuxnet/
======
wahsd
Let us keep in mind that as we boot up our own cyber sabres to rattle at
China, et al., the USA and Israel are extensively attacking and, essentially,
invading sovereign nations and breaching the international peace. I don't like
corrupt, oppressive regimes any more than the next guy or gal, but maybe we
should try just not creating, causing, supporting, or sustaining them in the
first place. I really don't think that the actions our government is taking in
our name is in any manner better than the very "regimes" they feel righteous
to openly attack.

As with the unfettered use and expansion of drone warfare in a stupid, narrow-
minded, degenerate manner; this type of wanton wielding and violence through
cyber weapons will backfire on us. Who will no longer feel justified to use
the very same tools against our own national grid and economy if we show no
ability for restraint at using the nuclear option.

Just a few thoughts to keep in mind. You can't whine and cry once the shit you
pull being an asshole is turned on you.

~~~
GHFigs
_You can't whine and cry once the shit you pull being an asshole is turned on
you._

Is it your opinion that ignoring seven UN resolutions demanding a halt uranium
enrichment activities does not on some level constitute asshole behavior?

~~~
X-Istence
Why does the US get to continue uranium enrichment/building of nuclear
warheads, but places like Iran are not allowed to do so?

Why is the US considered a trustworthy enough country to have control over
weapons that if used would change the world in mere seconds and kill millions?

~~~
GHFigs
_Why does the US get to continue uranium enrichment/building of nuclear
warheads, but places like Iran are not allowed to do so?_

1\. The US doesn't build nuclear warheads, and presently doesn't have the
capability of replacing the ones it has. This is a whole issue of its own.

2\. Because of the Treaty on the Non-Proliferation of Nuclear Weapons, which
Iran ratified.

------
guruz
This is an awesome way to encrypt your malware code based on the OS
environment of the target.

Looking forward to the researchers finding out more about who did that.

------
yk
Nice article. I wonder how reliable one can use the targeting mechanism.
Essentially it depends on two installed programs, one in the programs folder
and one in the $PATH. So by choosing proprietary programs, one can likely
target one department of one organization. On the other hand there are
programs which are highly suggestive of the user, for example one could target
Autocad and therefore target engineers or Cubase and target musicians.

Guess we will find out, when the Iran runs some testing utility on their
systems. ( And Ahmadinejad needs a nice topic for a press conference... )

~~~
fluidcruft
What springs to my mind is targeting special-purpose programs used by states
for encryption and secure communications. i.e. inject cryptographic backdoors
or sufficiently weaken PRNGs so that intercepted communications can be
"easily" deciphered elsewhere.

------
jug6ernaut
Amazing. I have always been fascinated by cryptology and espionage. What these
virus(Gauss, Flame, Stuxnet) are doing/accomplishing is simply amazing. The
cutting edge of cyber warfare.

I don't really have anything to add to the discussion, i know little to
nothing of cryptology(sadly). But its stuff like this that inspires me as a
programmer to be better, to do better. If these aren't examples of programming
that is truly changing the world idky what is.

~~~
dsl
> The cutting edge of cyber warfare.

Actually all this stuff is 6+ years old. We haven't even stumbled on to the
new stuff yet.

------
jgrahamc
I bet that whoever chose the salt chose it so that the resulting RC4 key is
not one of the weak ones.

~~~
dsl
You can generate and discard bytes after initialization to avoid the weak key
issue as well.

~~~
daeken
As far as I'm aware, that's not done here. (Warning: I've read analysis on the
process, but haven't looked at the code myself)

~~~
dsl
I was just pointing out that someone who was aware of the key weakness issue
would probably just implement the known fix, rather than carefully select and
test different salts.

------
speeder
I wish I had the skills to crack that, purely because to see how it was made
and understand it, just out of curiosity and to see awesomeness.

------
pyre
There is also the possibility that the target is North Korea, so the price of
discovery is that much higher.

~~~
kriro
Dennis Rodman is a obviously a spy and has already connected the USB device :D

