×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Stuxnet Analysis Backs Iran-Israel Connection

Soulskill posted more than 3 years ago | from the my-god-has-a-bigger-firewall-than-your-god dept.

Security 307

Trailrunner7 writes "Liam O'Murchu of Symantec, speaking at the Virus Bulletin Conference, provided the first detailed public analysis of the worm's inner workings to an audience of some of the world's top computer virus experts. O'Murchu described a sophisticated and highly targeted virus and demonstrated a proof of concept exploit that showed how the virus could cause machines using infected PLCs to run out of control. Though most of the conversation about Stuxnet is still based on conjecture, O'Murchu said that Symantec's analysis of Stuxnet's code for manipulating PLCs on industrial control systems by Siemens backs up both the speculation that Iran was the intended target and that Israel was the possible source of the virus. O'Murchu noted that researchers had uncovered the reference to an obscure date in the worm's code, May 9, 1979, which, he noted, was the date on which a prominent Iranian Jew, Habib Elghanian, was executed by the new Islamic government shortly after the revolution. Anti-virus experts said O'Murchu's hypothesis about the origins of Stuxnet were plausible, though some continue to wonder how the authors of such a sophisticated piece of malware allowed it to break into the wild and attract attention." Symantec has also issued a lengthy and detailed dossier on Stuxnet (PDF).

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

307 comments

first (-1, Troll)

Anonymous Coward | more than 3 years ago | (#33765988)

they did wtc too

Wait a minute. (5, Insightful)

Moryath (553296) | more than 3 years ago | (#33766014)

So the entire idea of the "Israel created this to attack Iran" idea is based on finding the date May 9, 1979 hidden in the code - and that because it's the first day the current theocratic asshats running Iran beheaded the first Jew of their despotic regime? Really?

This is like playing Nostradamus. Pluck something vague, go hunting, and see what you can say later to claim you "predicted it." For instance, in Eastern bloc countries, May 9 1945 is "Victory Day." I'm sure some prominent politician somewhere in there also died on May 9, 1979. A google search for that date came back with 196,000 results just on the precise phrase "May 9, 1979".

Ridiculous.

Re:Wait a minute. (2, Insightful)

Anonymous Coward | more than 3 years ago | (#33766048)

So the entire idea of the "Israel created this to attack Iran" idea is based on finding the date May 9, 1979 hidden in the code

No, the idea is based on Israel having the motivation, the capability, and the demonstrated willingness to do things like this. (Not saying that it's true that the thing came from Israel *or* targeted Iran, mind you.)

Re:Wait a minute. (5, Insightful)

Moryath (553296) | more than 3 years ago | (#33766100)

Dozens of regimes have the motivation, capability and demonstrated willingness to do things like this.

Hell, thousands of hackers across the world have the motivation, capability, and demonstrated willingness to do things like this. And that's not even before we get to the professional virus-writers that are tied in with outfits like yakuza and russian mafia gangs these days operating various blackmail/extortion gambits.

It sounds more like the "idea" is based on someone who has some grudge against Israel and found a convenient outlet for it, just like all the other "waah the jews did it" conspiracy theories that always sprout up - including the dork who posted a "jews also did wtc" in the first post (thankfully probably trollmarked down to -1 by now) to this article.

Re:Wait a minute. (2, Interesting)

PopeRatzo (965947) | more than 3 years ago | (#33766504)

Dozens of regimes have the motivation, capability and demonstrated willingness to do things like this.

What would you say are the top five "regimes" that you believe have the "motivation, capability and demonstrated willingness" to perform a cyber-attack like this on Iran?

Re:Wait a minute. (1, Insightful)

Moryath (553296) | more than 3 years ago | (#33766618)

You're still operating under the faulty assumption it's against Iran.

Who else does Iran sell these PLC's to?

Re:Wait a minute. (0, Troll)

Wyatt Earp (1029) | more than 3 years ago | (#33766620)

Who has "motivation, capability and demonstrated willingness", US, EU and Israel as state actors.

Russian Jews/Russian Mafia, Saudi/UAE/Qatar outsourcing for the technology to Malaysia, Indonesia, Pakistanis or the PRC (Saudi Arabia has a long history of high end weapons purchases from the PRC, perhaps including some atomic warheads).

But, of course Israel did it, and you don't need crazy cracker crumb clues.

Re:Wait a minute. (0)

Anonymous Coward | more than 3 years ago | (#33766888)

"Russian Jews/Russian Mafia" -- I am confused -- are these, like, the same thing in your world? A homogeneous body of Russian Jews that are also the Mafia?

Also, PRC - as in People's Republic of China - has sold nukes to Saudi Arabia? Really?

Do you know any Greys and Reptilians too?

Re:Wait a minute. (5, Funny)

Patch86 (1465427) | more than 3 years ago | (#33766130)

So are we claiming that development on Stuxnet started on 9/5/1979 in reaction to this execution? (Did Siemans even make industrial control computers in the 70s?) Or are we claiming that the "authors of such a sophisticated piece of malware" decided to plant a trail of clues, like some sort of cartoon villains?

They would have got away with it too, if it weren't for those meddling Symantec engineers.

Re:Wait a minute. (0)

Anonymous Coward | more than 3 years ago | (#33766056)

This is exactly what I would expect an agent of the Israeli government to say to throw people off the trail...

Re:Wait a minute. (2, Funny)

Anonymous Coward | more than 3 years ago | (#33766206)

This is exactly what I would expect an agent of the Israeli government to say to throw people off the trail...

That's exactly what I would expect a pedophile terrorist puppy-kicker to say.

Re:Wait a minute. (3, Funny)

Anonymous Coward | more than 3 years ago | (#33766380)

This is exactly what I would expect an agent of the Israeli government to say to throw people off the trail...

Careful. What if that's what they want you to think?

Re:Wait a minute. (0)

Anonymous Coward | more than 3 years ago | (#33766920)

This just in: 85% of conspiracy theorists are actually CIA spooks spreading the seeds of intentionally wacko theories in order to raise doubts about the discoveries of other conspiracy theorists. 12% of conspiracy theorists are FBI plants instigating wackier theories to discredit the theories of the CIA spooks, as 83% of the spook "wacko" theories are incidentally correct. About 2% of conspiracy theorists are actually Secret Service agents intentionally spreading misinformation to discredit the CIA and FBI based theories. 1% of conspiracy theorists belong to the information guild of the illuminati; They spread truths through the rest of the conspiracy theory community in order that the population in general becomes convinced that the truths are actually false by association. Now THAT's bureaucracy for ya.

Re:Wait a minute. (3, Insightful)

EdZ (755139) | more than 3 years ago | (#33766124)

So the entire idea of the "Israel created this to attack Iran" idea is based on finding the date May 9, 1979 hidden in the code

That, and the worm being targeted at Iranian PLCs. It's an incredibly sophisticated and specific attack with little avenue for direct profit, so it's unlikely to be either an extortion attempt by a criminal organisation or something produced by a blackhat hobbyist. That makes a government being behind it likely. Israel definitely has motive and means to be behind the worm.

some continue to wonder how the authors of such a sophisticated piece of malware allowed it to break into the wild and attract attention.

It took quite a while before researchers realised the payload was intended to mess with one specific brand of PLCs (they're hardly part of a standard honeypot), maybe the intent was to hide it in plain sight it as 'just another botnet'.

Re:Wait a minute. (4, Funny)

PopeRatzo (965947) | more than 3 years ago | (#33766524)

Israel definitely has motive and means to be behind the worm.

You better be careful. Rick Sanchez just said that Jews control all the ISPs and you might have your Internet connecti...{NO CARRIER}

Re:Wait a minute. (0)

Anonymous Coward | more than 3 years ago | (#33766642)

It's an incredibly sophisticated and specific attack with little avenue for direct profit,

Yes, because the report by a company who sells software that attempts to prevent this says so.

so it's unlikely to be either an extortion attempt by a criminal organisation or something produced by a blackhat hobbyist.

Just because you couldn't think of a way of profiting doesn't mean other didn't.

That makes a government being behind it likely. Israel definitely has motive and means to be behind the worm.

So did a lot of other people. With the malware being seen lately it seems quite obvious to me that a hell of a lot of people
have the resources and are capable of creating some very sophisticated and nasty software.

Heres a few other possibilities that are just as likely as the findings in a biased report...

It was a demonstration of a piece of attack software. The target being chosen to demonstrate their ability to hide and attack specific
systems.
It was written by one of the 'security' companies to sell protection software.
It was created by the US/Chinese/UK/Chinese/Finnish government at a way to escalate tension so they can invade or sell pizzas.

Re:Wait a minute. (1)

JumpDrive (1437895) | more than 3 years ago | (#33766846)

They also found the word "Myrtus" in the code which refers to the book of Esther , which is part of an old Testament tale in which the Jews pre-empt a Persian plot to destroy them.

New York Times [nytimes.com]

I still don't think it is enough to point the finger at Isreal though. It could very well be that someone put these references in the code to get people looking in a different direction or to actually see if they could stir up a fight between Iran and Isreal.

Re:Wait a minute. (2, Insightful)

ACS Solver (1068112) | more than 3 years ago | (#33766148)

Yeah, that doesn't seem like good evidence at all. Mind you, I do consider it very likely that Israel is behind this. Israel has both the motivation and the capability to launch such an electronic attack at Iran. But as far as actual evidence goes, I'd like to see something more concrete. Assuming that the code really refers to the date and that it's not just a mistaken interpretation of a pointer to 0x00090579, there's still a lot of stuff that happened on that particular day.

Re:Wait a minute. (2, Interesting)

dgatwood (11270) | more than 3 years ago | (#33766184)

I'd guess the odds are at least as good that it's the author's birthday.

Re:Wait a minute. (0)

Moryath (553296) | more than 3 years ago | (#33766224)

Presuming the author was born in 1979 you have a 1 in 365 chance... I like those odds!

Hang on.... (1)

Matje (183300) | more than 3 years ago | (#33766818)

Assuming the author was born in 1979 AND was born on the 9th of May, you'd have a 1 in 1 chance. Even better odds!!! ;-)

Re:Wait a minute. (1, Informative)

Anonymous Coward | more than 3 years ago | (#33766156)

Also, the creators of the virus called it Myrtus, which is another name for Esther. Esther was the Jewish wife of a Persian king. One of the kings lieutenants hatched a plan to destroy the Jewish people and Esther convinced the king to give permission to fight back. The story is vaguely appropriate.

It was either created by Israeli interests or made to look like it.

Re:Wait a minute. (0)

Anonymous Coward | more than 3 years ago | (#33766352)

Which most likely throws out the US as a source of it, since we're a bit too cozy with the Israelis to want to direct that sort of attention at them.

Chinese or Russian Intelligence could certainly have the access. On the other hand both have had recent captures regarding industrial espionage, so having the informationt to specifically target these parts seems like a possible stretch.

Re:Wait a minute. (0)

Anonymous Coward | more than 3 years ago | (#33766698)

Meh, who knows what the US wants to do? And heck, I wouldn't put it past Israeli intelligence to intentionally leave these fingerprints in the virus so people would speculate about who set them up.

Re:Wait a minute. (2, Insightful)

alexo (9335) | more than 3 years ago | (#33766842)

Also, the creators of the virus called it Myrtus, which is another name for Esther. Esther was the Jewish wife of a Persian king. One of the kings lieutenants hatched a plan to destroy the Jewish people and Esther convinced the king to give permission to fight back. The story is vaguely appropriate.

Damn, people, you're beginning to sound like the whackos that find "biblical references" that "predict" everything that happened since (in hindsight, of course).

If you believe that Israel is behind the attack, fine -- at this point it is as plausible an assumption as any -- but stop getting all over yourselves in ridiculous attempts to "prove" it.

Consider this:

1. State actors do not put "easter eggs" into munitions. If a state wants it to be known that they are behind such an action, it will either claim responsibility or will leak the information while officially refusing to comment. If a foreign intelligence programmer decides to get "creative", they will be dealt with harshly.

2. Israelis speak Hebrew. The name Esther is written and pronounced as ESTER (transliteration, the 'E' is short, like in 'merry'). *Nobody* uses the word "Myrtus". Also see #1 above.

Re:Wait a minute. (4, Insightful)

polle404 (727386) | more than 3 years ago | (#33766230)

funny, yesterday it was an obscure bible reference that supposedly proved Israeli mischief
http://gizmodo.com/5652032/the-secret-code-inside-the-supervirus-attacking-iran-nuclear-power [gizmodo.com]

Sounds like someone has found someone to blame, and are desperately searching for "evidence" to back it up

Re:Wait a minute. (2, Insightful)

Moryath (553296) | more than 3 years ago | (#33766322)

Hey but wait! Today is October 1st that they "discovered" the May 9th reference. That's the day Alexander the Great defeated Darius III of Persia! That PROVES it was an attack against Iran, because Iran is Persia!

October 1 is also the day Germany annexed the Sudetenland... and the day the USS Grouper torpedoed the Lisbon Maru mistakenly... and the day the Israeli Air Force bombed the PLO headquarters in Tunis (too bad they didn't get Arafat back then!).

And this is the problem of trying to follow "date code" clues. Assuming you didn't mistake a hexadecimal pointer for a datecode, you still generally have a 1/365 chance (ostensibly 1/366 for leap years, but for some reason February 29th just seems to be a relatively boring day [wikipedia.org] anyways) of hitting some coincidental match anyways.

Ya (4, Interesting)

Sycraft-fu (314770) | more than 3 years ago | (#33766254)

This is compounded by the problem that people are presupposing the answer. From the start, it seems people have assumed this MUST be an attack against Iran and thus done by the US or Israel. As such their thought process is "Find evidence of US or Israeli involvement," and not "Try to find out the source of the attack."

If you look hard enough for evidence of something, you'll often find it, even when there isn't any, particularly when the standard for evidence is low. Same kind of shit with all the 9/11 conspiracy. People doing 9s 11s and so on all over the place. Snopes did a great bit choosing another number and showing how that was all over the place too.

Sorry, but I'd require a significant amount for than this to be convinced. This isn't evidence, it is speculation at best and conspiracy mongering at worst.

It's called circumstantial evidence (4, Insightful)

Zocalo (252965) | more than 3 years ago | (#33766344)

And it adds up. Besides the "date", admittedly a bit of a stretch as you note, there are also references to "Myrtus" within a path left in the code. Myrtus, a type of myrtle, is possibly a biblical reference to the Book of Esther (Esther was originally called Hadassah - similar to the Hebrew word for myrtle) in which Jewish forces, after unraveling a Persian attack plan, stage a preemptive and successful assault against their adversaries. There is also the level of knowledge required for the targeting of Stuxnet, including highly specific details about its intended target that would have required internal knowledge of the kind that is likely to require espionage to acquire. Finally, there is also a cut-off date of June 24, 2012 when Stuxnet will go dormant. While not unheard of in the world of more conventional botnets, this is decidedly unusual and further points to a nation state's involvement.

Taking all that together, I think it's fairly reasonable to limit the list of suspects to those countries with a reason to be wary of Iran's nuclear program - of which there are, admittedly, quite a few. However, Israel does have a track record for being decidedly unsubtle when it is being proactive about such things, viz the 2007 air raid [wikipedia.org] on one of Syria's nuclear facilities, or the murder of Mahmoud_al-Mabhouh. [wikipedia.org]

Re:It's called circumstantial evidence (1)

gtall (79522) | more than 3 years ago | (#33766452)

"June 24, 2012" Hey, yer right, isn't this close to the date on the Mayan Calendar when ... when ... err ... something really, really BIG will happen. Coincidence? I think not.

Re:It's called circumstantial evidence (4, Funny)

Moryath (553296) | more than 3 years ago | (#33766506)

admittedly a bit of a stretch as you note, there are also references to "Myrtus" within a path left in the code. Myrtus, a type of myrtle, is possibly a biblical reference to the Book of Esther (Esther was originally called Hadassah - similar to the Hebrew word for myrtle)

So now we're working off the "this word sounds like this word which is another word for this word" theory?

Lessee. "May" is a synonym with "shall"... which sounds a lot like "challa"... which is a lovely tasty breadstuff usually eaten by... JEWS! AAAUGH! RUN FOR YOUR LIVES!

Of course, that's the point of all this meaningless bullshit. You're looking for obscure connections trying to "prove" your own biases. Nothing more.

Re:It's called circumstantial evidence (2, Funny)

Jah-Wren Ryel (80510) | more than 3 years ago | (#33766788)

there are also references to "Myrtus" within a path left in the code. Myrtus, a type of myrtle,

Which is very close to Yertle the Turtle.

OH
MY
GOD

Dr Seuss authored the virus from beyond the grave!!!!

Re:It's called circumstantial evidence (1)

guyminuslife (1349809) | more than 3 years ago | (#33766512)

You'd think that if Israel were behind the attack, they would realize they'd be the prime suspect, but I can't fathom why they would want to advertise it. A blackhat hobbyist might, because they're looking for some sort of "look at how smart I am" personal credit, whereas that seems less likely for a government to do.

The embedded references could just as easily have been planted by someone unaffiliated with Israel, who also knew that Israel would be the prime suspect, and wanted to lead some trail to them. Meaning, if you didn't think the culprit was Israel beforehand, you shouldn't think so now. (Mind you, it probably *was* Israel, but that was already the prevailing theory.)

It's sort of like this [veoh.com].

Re:It's called circumstantial evidence (4, Informative)

Jah-Wren Ryel (80510) | more than 3 years ago | (#33766864)

there are also references to "Myrtus" within a path left in the code.

Considering the virus targets the PLCs [wikimedia.org] in SCADA [wikimedia.org] systems where RTUs [wikimedia.org] are standard system components, I'm willing to bet that "myrtus" is short for something like "My RTU Source" rather than an obscure reference to guavas. [palomar.edu]

Re:Wait a minute. (3, Insightful)

copponex (13876) | more than 3 years ago | (#33766450)

Ridiculous.

What's more ridiculous is people who think the State of Israel can do no wrong, or that Israeli interests are the same thing as American interests.

The virus was targeted towards Iranian PLCs. The date is supporting evidence of that, but may be a coincidence anyway.

What's not a coincidence is that Israel has been threatening to attack Iran, but still refuses to sign the Non Proliferation Treaty as Iran has and subject themselves to inspections. Israel doesn't want to play by anyone's rules but their own, and creating this virus falls well within the threats they have made over the past five years.

Why o why (2, Informative)

Anonymous Coward | more than 3 years ago | (#33766520)

would Israel threaten to attack Iran? Oh, that's right: Iran is a state sponsor of terrorism and has threatened to attack Israel.

Re:Wait a minute. (1)

Wyatt Earp (1029) | more than 3 years ago | (#33766648)

Iran has been threatening Israel since 1979 and has been attacking Israel and Israelis since 1982. Hell Hezbollah is backed, funded and armed by Iran.

I caught one of Hezbollah's gifts to Israel in 1994 when a 122mm rocket exploded in the north of Israel, so I'm really getting a kick out of your trying to paint everything as Israel's fault.

Re:Wait a minute. (1)

DragonWriter (970822) | more than 3 years ago | (#33766562)

So the entire idea of the "Israel created this to attack Iran" idea is based on finding the date May 9, 1979 hidden in the code - and that because it's the first day the current theocratic asshats running Iran beheaded the first Jew of their despotic regime? Really?

No, from TFA, there are several bases for that:
1) Israel having the motive in its stated interests,
2) The facilities affected in Iran,
3) The sophistication of the code and Israel's capacity in that regard,
4) Various reference in the code and filenames, including both the date you mention and a reference to Myrtus.

Re:Wait a minute. (0)

Anonymous Coward | more than 3 years ago | (#33766714)

Yeah, i.e. if it said "Copyright (C) Government of Israel Mossad Branch" we would directly say, its not Israel because we assume they would never do such a thing. So whenever Israel wants to proof they didn't do it, they would just put in obvious things such as "dedications to jews who died horrible" and then they could point it out and say they didn't do it.

Re:Wait a minute. (1)

hairyfeet (841228) | more than 3 years ago | (#33766758)

Nooo, I'd say the belief is more based on the Mossad having a history of doing whatever it takes, from using letter bombs to poisoned chocolate [wikipedia.org], their having gone after a middle eastern reactor in the past (Iraq) and that the only other group that would most likely have the means (the US right wing) is currently not in command and besides the USA is ass deep in two wars and would therefor likely not try to stir up the hornet's nest.

So I'd say that while trying to claim everything is the work of Zionists is indeed paranoid, history shows when it comes to Mossad they have NO problem playing dirty and as long as the target was hit would in all likelihood see any other infections as collateral damage.

Fear mongering (0)

Anonymous Coward | more than 3 years ago | (#33766022)

So it's the new craze now, trying to get news outlets to listen to you using political/racial fear mongering virus news!

Re:Fear mongering (1)

WrongSizeGlass (838941) | more than 3 years ago | (#33766216)

So it's the new craze now, trying to get news outlets to listen to you using political/racial fear mongering virus news!

It's not quite a craze yet, but it is spreading ;-)

Proof??? (5, Insightful)

ArieKremen (733795) | more than 3 years ago | (#33766028)

They were smart enough to write and deploy a complex virus, but stupid enough to include a reference to an obscure execution date of a prominent Iranian Jew; the first .Google hit conveniently pointing to the relevant Wikipedia entry. That screams red herring (en.wikipedia.org/wiki/Red_herring_(idiom)), not proof.

Re:Proof??? (1)

NecroPuppy (222648) | more than 3 years ago | (#33766112)

This.

It's not like Israel is the only country / group / whatever in the world who doesn't like Iran.

I know that if I were writing something that targetted a group, I'd add in at least a few things that pointed to "someone other than me", if only to confuse the matter / feed the conspiracy theorists.

Like, if I were targetting Israel with something, I'd have to slap in something about Mel Gibson being the source.

Re:Proof??? (1)

AffidavitDonda (1736752) | more than 3 years ago | (#33766212)

Yes, and then I would add a few things that would point directly at me, only make them so stupid and easy to find, that it looks as somebody else has put them in to point at me...
And then insert something, that adds up to 23 in some way, to give some food to the conspiracy theorists as well.

That's a kind of vicious circle and the whole "Who did it?" discussion is just aimless.

Re:Proof??? (3, Interesting)

hex0D (1890162) | more than 3 years ago | (#33766180)

The whole idea could be is that it doesn't prove anything, but still tells everyone who's responsible. Perhaps a threat veiled enough to not be actionable legally, but still heard loud and clear. I see pulling that off as evidence of smarts, not stupidity.

Re:Proof??? (1)

future assassin (639396) | more than 3 years ago | (#33766314)

>They were smart enough to write and deploy a complex virus, but stupid enough to include a reference to an obscure execution date of a prominent Iranian Jew; the first

Right because no tech genius is ego driven or has enough common sense to let his/her feeling get in a way of the job.

Re:Proof??? (1)

ArieKremen (733795) | more than 3 years ago | (#33766394)

Don't you think that if a state-sponsored agency wrote and deployed the virus, the QA/QC would remove ego-driven references? A basement hacker has an ego, a state-sponsored team of programmers have a task.

Re:Proof??? (1)

WidgetGuy (1233314) | more than 3 years ago | (#33766704)

At the risk of being labelled a "Grammar Nazi," I think you meant to say in your SIG: "Snoop unto them as they snoop unto unto us."

It's public intentionally, duh. (3, Interesting)

gclef (96311) | more than 3 years ago | (#33766062)

Why are they surprised that it broke out? That's probably part of the whole idea: seed the target area (presumably Iran) with flash drives with the worm on it, then sit back and wait. When world + dog gets infected, you know *someone* in your targeted area picked up the flash drives, so there's a very high likelihood that someone at your target site infected their PC.

Doing it this way allows the attacker to know that they've succeeded (and presumably to take whatever follow-up measure they had planned) without giving away who they are. Since *everyone* knows that the worm exists, there's no secret signal path to trace back to the author.

Significant Dates.. (1)

Xaositecte (897197) | more than 3 years ago | (#33766070)

It's possible to attach significance to any given date in the past 60+ years to an important, though obscure, event that occurred in the Middle East. Someone dies, someone is born, or elected, or deposed, or a protest is held, etc.

I wouldn't be surprised if Israel really DID organize Stuxnet, and the date hidden in the code DID mean something, but whoever put it in there was referring to a completely different obscure historical event.

Israel vs arab nukes (1, Insightful)

hex0D (1890162) | more than 3 years ago | (#33766090)

Watching the news reports on Iran's nuclear program about a month ago, I started to wonder if Israel would rely on diplomacy alone to resolve the issue. They sure didn't in 1981 when Iraq was building a nuclear reactor in Osirak, they flew in F-16s and bombed it. So it's not without precedent for the Israelis to attack Arab nuclear facilities.

I for one respect their taking direct action in the interest of their national security. And if they can do so in a way that does not cost human life, all the better.

Re:Israel vs arab nukes (3, Informative)

X-Power (1009277) | more than 3 years ago | (#33766190)

Repeat after me, Iranians are not arab. Turks are not arabs, afghanis are not arabs, israelis are not arab. The middle east is not just arabs with jews thrown in for good measure.

Re:Israel vs arab nukes (1)

athmanb (100367) | more than 3 years ago | (#33766208)

The Arabs are building nukes in Iran? Someone needs to tell the Iranian government about this I'm sure they're going to be just as shocked as everyone else.

Re:Israel vs arab nukes (1)

SplashMyBandit (1543257) | more than 3 years ago | (#33766362)

I guess most Western folks don't know that the Arabs and Persians are different and are strong rivals, not allies.

Re:Israel vs arab nukes (1)

hex0D (1890162) | more than 3 years ago | (#33766814)

I'm actually not one of those Western folks, but you wouldn't know it from my original post. But it was with them in mind that I sacrificed strict accuracy in favor of readability. I did not think it detracted from my point. My apologies if it did.

Re:Israel vs arab nukes (0, Flamebait)

couchslug (175151) | more than 3 years ago | (#33766300)

Why is that a Troll? Bitches with mod points should answer that argument instead of getting their panties wedged.

When you have an enemy that merits attack, laws and convention and all the "civilized" nonsense that is LESS important than "not being put to the sword" goes out the window as it should.

Conventional "morality" is a luxury of those who are protected by overwhelming force. Israel is surrounded by religious enemies, and won't get a second chance to lose a war.

Re:Israel vs arab nukes (1)

gtall (79522) | more than 3 years ago | (#33766608)

C'mon, no one it their right mind thinks taking out any surface structures supporting Iran's nuclear activity is going to prevent them from building the Shi'ite Peace Maker Bomb of Allah. Neither the U.S. nor Israel thinks this is possible. All the "leaks" are just rattle Iran's cage. There's no taking out Iran's nuclear ability and everyone knows it. Everything from here on out is either attempting to delay their ability to produce their pathetic attempt at showing they aren't a bunch of Big Swinging Dicks or deal with the consequences. What do they think they Arab regimes will respond with? A collective bow down in the direction of Tehran or nukes of their own? In 20 years, we'll have a nuclear armed Gulf grinning at each other while they sharpen their missiles. Some idiot on the Shi'ite side, begging for the return of the 12th Imam, will push the button...first at Israel. And then, after the Arabs realize this means the potential victory of Shi'ism over Sunnism, they'll push their own button. And all will die satisfied they've killed more Jews than Hilter and Stalin combined. A pox on the lotl of them.

Re:Israel vs arab nukes (1)

hex0D (1890162) | more than 3 years ago | (#33766862)

Neither the U.S. nor Israel thinks this is possible.

Why wouldn't Israel think this? They took out Saddam's surface facility, and he never got the bomb.

Re:Israel vs arab nukes (1)

Dave Emami (237460) | more than 3 years ago | (#33766844)

Sorry to nitpick, and I know it's not central to your post, but Iranians are not Arabs any more than Koreans are Japanese or Poles are Russians. In fact, if you're in the wrong place -- Riyadh or Tehran, say, or Westwood, California -- it's a nice way to piss someone off.

This is China's doing. (1, Interesting)

Anonymous Coward | more than 3 years ago | (#33766104)

They want to start a war with Israel/Middle East because they know the US would get sucked in and weakened.

I don't buy this for a second.

Really fails the smell test. (3, Interesting)

Apuleius (6901) | more than 3 years ago | (#33766126)

Iran still has several thousand Jews living in Tehran and Isfahan. To refer to the execution of Elghanian is to invite the execution of some other scapegoat out of the Jewish community. The Mullahs of Iran are very, very easy to offend, tease, tweak, et cetera. There are plenty of ways to put insults aimed at them into this virus without pointing at the Jewish community, and rest assured any Israeli hacker knows plenty.

Also, Elghanian could not have been the only one. (1)

Apuleius (6901) | more than 3 years ago | (#33766220)

A google search for "executed in Iran" and "May 9, 1979" doesn't turn up any other names, but if I recall correctly, by that time Tehran's Evin Prison was already an abbatoir, with many more victims killed. Can any Iranian chime in on this ? By May, weren't the Islamists already massacring the leftists?

Framed! (0)

Anonymous Coward | more than 3 years ago | (#33766136)

It doesn't reveal anything at all about who wrote it. Anyone could have put such a date or other breadcrumbs in there to deliberately mislead anyone who might look into it.

Whoever did release this (1, Interesting)

jd (1658) | more than 3 years ago | (#33766146)

...was utterly unconcerned for any potential cost. Many countries use German-made equipment. A prior story covered an air crash in Spain caused by viruses on mission-critical computers, demonstrating that critical computers are poorly-secured. There are likely to be French and British nuclear reactors that use the specific machine targeted. The "collateral damage" could have been extensive. Whether the virus was written by a member of the security forces or a member of the general public, one single inadvertent contamination of the wrong machine could have cause a gigantic nuclear accident in some of the most densely-populated parts of Europe.

Is a temporary setback for Iran worth putting millions of European's live at risk over? (Yes, these countries ARE densely-populated. Britain isn't that much larger than Rhode Island but has over a quarter of the population of the entire United States. You don't need a hell of a lot to put a great many people in serious danger.)

As far as I am concerned, whoever wrote that virus is guilty of endangerment on a scale unimaginable by most people.

Re:Whoever did release this (2, Informative)

Anonymous Coward | more than 3 years ago | (#33766182)

...was utterly unconcerned for any potential cost.

On the contrary, they made damn sure that the payload would only be triggered under very specific circumstances, the specifics of which are unknown to the general public. (Probably the only people who do know are the attackers and the target, and they aren't talking.)

If you want a car analogy: Stuxnet isn't a Time Machine that triggers at 88 MPH. It's not even a Time Machine that only trips if it's installed in a DeLorean doing 88 MPH. You only see some serious shit if if you're doing 88 MPH in a DeLorean with a specific VIN.

Re:Whoever did release this (1)

joeflies (529536) | more than 3 years ago | (#33766214)

but none of the collateral damage scenarios did happen, so does that change your slippery slope speculation and accusations?

Re:Whoever did release this (1)

it0 (567968) | more than 3 years ago | (#33766286)

well apparently deepwater horizon also had siemens computers, although it is assumed that stuxnet didn't cause the spill.

Re:Whoever did release this (0)

Anonymous Coward | more than 3 years ago | (#33766278)

Wikipedia says that the UK is 94,060 sq. miles and Rhode island is 1545 sq. miles.

Re:Whoever did release this (3, Informative)

poliscipirate (1636723) | more than 3 years ago | (#33766288)

Britain isn't that much larger than Rhode Island but has over a quarter of the population of the entire United States.

Not to be picky, but Britain is a little over 80,000 square miles in area, while Rhode Island is around 1,200 square miles. Not even in the same ballpark.

Re:Whoever did release this (0)

Anonymous Coward | more than 3 years ago | (#33766292)

Britain isn't that much larger than Rhode Island but has over a quarter of the population of the entire United States.

Rhode Island is 1,214 sq miles and England itself is 50,337 sq miles, and the whole of the UK is 94,525 sq miles. That's far more than just a little larger than Rhode Island.

Re:Whoever did release this (0)

Anonymous Coward | more than 3 years ago | (#33766294)

So, your argument is not that a particular cyber-weapon is bad, but that it's bad because Europeans are put at risk. Yes, whoever wrote that virus is guilty of endangerment, but endangerment happens to affect even the filthy subhumans living outside the US and Europe all the time. Like, for example, innocent Iranians living in the neighborhoods around Iranian reactors.

Re:Whoever did release this (0, Troll)

jd (1658) | more than 3 years ago | (#33766560)

There probably aren't that many innocent Iranians in the vicinity of Iranian reactors - at least in comparison to the number of innocent Britons living next to British nuclear reactors. The problem with the "innocent Iranians" argument is that there will be plenty of people who would argue that it was "for the greater good". On the other hand, an accident in Europe or America that was due to the virus is indisputably not for the "greater good". As I've said before, I have a serious problem with assassinations of any kind of anyone. I recognize that this opinion is not universally shared, so the logical thing to do is to look at whether this virus would potentially harm those whom all concerned would agree are not acceptable targets.

Re:Whoever did release this (3, Informative)

sed quid in infernos (1167989) | more than 3 years ago | (#33766310)

Britain isn't that much larger than Rhode Island but has over a quarter of the population of the entire United States.

Nope.

Rhode Island area = 1,214 square miles [wikipedia.org]; Great Britain area = 84,600 square miles [wikipedia.org] - more than 60 times greater.

Great Britain population = ~60 million (mid 2009); United States population = ~310 million [wikipedia.org] (mid 2010) - more than 5 times greater.

Re:Whoever did release this (0)

Anonymous Coward | more than 3 years ago | (#33766320)

Britain isn't that much larger than Rhode Island

By Rhode Island, did you mean Utah?

Re:Whoever did release this (1)

War Camel (1773094) | more than 3 years ago | (#33766330)

p>Is a temporary setback for Iran worth putting millions of European's live at risk over? (Yes, these countries ARE densely-populated. Britain isn't that much larger than Rhode Island but has over a quarter of the population of the entire United States. .

Mmm, not that wikipedia is the most reliable source, but Britain [wikipedia.org] and Rhode Island [wikipedia.org] differ in terms of area by nearly two orders of magnitude...

Re:Whoever did release this (1)

drachenstern (160456) | more than 3 years ago | (#33766622)

That's funny, I always thought the UK was about the size of Wyoming ... http://en.wikipedia.org/wiki/List_of_us_states_by_size [wikipedia.org] and http://en.wikipedia.org/wiki/United_Kingdom [wikipedia.org]

Now if you only mean England, then we can talk about http://en.wikipedia.org/wiki/England [wikipedia.org] and the size of Alabama ... which is pretty remarkable.

Spiffy, compare the flags of the state and the country...

Re:Whoever did release this (1)

Internal Modem (1281796) | more than 3 years ago | (#33766832)

It spreads via USB flash drives, not the internet. It erases itself from the flash drive after infecting three machines. These are two controls built in to reduce collateral damage by limiting the virus' geographic region.

I've seen this episode before (2, Interesting)

joeflies (529536) | more than 3 years ago | (#33766172)

It was Star Trek Next Generation - The Vengence Factor [memory-alpha.org]. Only one in a million Acamarians have the DNA which this virus was designed to kill.

Yeah, Right... (3, Insightful)

Nom du Keyboard (633989) | more than 3 years ago | (#33766198)

Yeah, right. Israel creates this super-secret superworm, attacks Iran with it, after putting their fingerprints all over it just so that they will get caught by the first person to look at it in a text editor. All this knowing that it is going to infect the whole world and everybody is going to be coming after the authors with torches, pitchforks, and blood in their eye.

Of course, that explains it all.

Re:Yeah, Right... (1)

Rod Beauvex (832040) | more than 3 years ago | (#33766290)

I believe it. Israel knows it has the unquestioned support of that crazy America country with all the nukes and looney leaders. So why does it matter to Israel if the rest of the world know it?

Re:Yeah, Right... (-1, Troll)

Anonymous Coward | more than 3 years ago | (#33766386)

Are you serious? Do you follow israel? They kill palestinians daily with the entire world watching. What do they care about bad press from a computer virus?

Really?!? This is front-page quality? (4, Insightful)

ZuchinniOne (1617763) | more than 3 years ago | (#33766264)

Technical analysis aside, all these Israel claims are based on huge assumptions and zero concrete evidence. Even if Israel did create this virus why would they put references in the code that led back to them?

Re:Really?!? This is front-page quality? (4, Insightful)

SplashMyBandit (1543257) | more than 3 years ago | (#33766348)

Exactly. It shows how badly the people analyzing the worm would like it to tie it back to a super-secret Mossad operation. Talk about "confirmation bias"!

Re:Really?!? This is front-page quality? (0)

Anonymous Coward | more than 3 years ago | (#33766398)

Why did they just send an execution squad to kill Mahmoud al-Mabhouh in Dubai in a way that the whole fucking wide world knows it was them... and the agents where even filmed? Well, who knows, perhaps they like the publicity.

O'Murchu is the Irish for Murphy (0)

Anonymous Coward | more than 3 years ago | (#33766564)

Wonder if he is the one that came up with Murphy's law!

How? (2, Interesting)

Angst Badger (8636) | more than 3 years ago | (#33766568)

Anti-virus experts said O'Murchu's hypothesis about the origins of Stuxnet were plausible, though some continue to wonder how the authors of such a sophisticated piece of malware allowed it to break into the wild and attract attention.

Seriously? We refer to this kind of programs by names like "worm" and "virus" because they resemble their biological namesakes in that they get into all kinds of places and reproduce. Who wonders about shit like this?

If Stuxnet was designed by a hostile state to damage Iranian industry, it's quite possible that, lacking any good way to deploy it inside Iran, it was released into the wild in hopes that it would find its way in on its own. Even states like the US and Israel, who probably have at least some operatives inside Iran, would probably prefer to take this approach than to risk compromising their inside operatives.

While Israel and the US are the most likely nation-state actors, it's worth considering that there are any number of NGOd that are hostile to Iran and would have the resources to hire programmers to build a worm -- if they didn't already have some in-house. It's also possible that this is the work of a lone individual: the idea that it would take a state actor to create a worm is even more laughable than SCO's contention that Linus Torvalds couldn't have possibly written a kernel by himself. And finally, Iran has plenty of competitors and outright enemies in the Islamic world. Pakistan in particular has the technical personnel, a nuclear monopoly within the Islamic world to defend, and an ongoing struggle with Iran over influence in Afghanistan. If I was forced to bet on the question, I'd put my money on Israel, but at the same time, I wouldn't be at all surprised if I lost the bet. Iran has lots of enemies, internal and external. It's almost like one of those cliched murder mysteries where a broadly disliked person is murdered and everyone he knew is a suspect.

The May 9, 1979 reference (3, Informative)

Jason W (65940) | more than 3 years ago | (#33766678)

For those too lazy to read the dossier:

Export 16 first checks that the configuration data is valid, after that it checks the value “NTVDM TRACE” in the following registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\MS-DOS Emulation

If this value is equal to 19790509 the threat will exit. This is thought to be an infection marker or a “do not in- fect” marker. If this is set correctly infection will not occur. The value appears to be a date of May 9, 1979. While on May 9, 1979 a variety of historical events occured, according to Wikipedia “Habib Elghanian was executed by a firing squad in Tehran sending shock waves through the closely knit Iranian Jewish community. He was the first Jew and one of the first civilians to be executed by the new Islamic government. This prompted the mass exodus of the once 100,000 member strong Jewish community of Iran which continues to this day.” Symantec cautions readers on drawing any attribution conclusions. Attackers would have the natural desire to implicate another party.

Next, Stuxnet reads a date from the configuration data (offset 0x8c in the configuration data). If the current date is later than the date in the configuration file then infection will also not occur and the threat will exit. The date found in the current configuration file is June 24, 2012.

But really, May 9, 1979 being Rosario Dawson's birthday puts this back on the teenager in his basement path to me.

Nice job (1)

Sycraft-fu (314770) | more than 3 years ago | (#33766866)

If I had mod point, I'd try to mod you up to 100.

See what he did there people? He found something else that fit the rather vague data, that weakly points to a totally different theory. This is even assuming the number there is meant to be a date.

That is precisely why shit like this is useless: If you look hard enough you will find evidence, even when there is none. I'm sure with a bit of searching, you could find a whole bunch of other shit that happened on that day. Of course you could probably find other things, real or imagined, that the number could stand for, including just a random string of digits.

This is a very excellent example of how your bias in what you are looking for can cloud what you find, and how easy there are many alternate explanations when you are going for weak "conspiracy theory" level evidence.

False flag (1)

zhilla2 (1586095) | more than 3 years ago | (#33766706)

While it could be possible organizations such as Mossad could be behind this, from what I've read about modern espionage, http://en.wikipedia.org/wiki/False_flag [wikipedia.org] sounds equally plausible. Could be even a rival to Siemens. Or good old Ruskys or Chinese or Saudis for some reason. Someone else who would profit from Iran-Israel war? Eskimos? Obama's evil twin? Bush's good twin?
No way to know really - secret services & black ops people tend to be secretive an stirring that pot is certainly dangerous game.
This could have been VERY DANGEROUS if those boards went into productions and caused an industrial accident or worse yet, an nuclear one.

Make it glow (1)

AHuxley (892839) | more than 3 years ago | (#33766764)

The origins of this code could be a mystery for a while. The connection to something in Iran seems clear.
Different techs and directors then get on the phones/emails within Iran and start getting/requesting more info and better reports.
Israel Army’s intelligence Unit 8200/Urim then sits back and watches Iran glow with new connections and sites.
http://cryptome.org/eyeball/ilsig/ilsig-eyeball.htm [cryptome.org]

Isreal would have just bombed Iran... wait, oh no. (-1, Troll)

Anonymous Coward | more than 3 years ago | (#33766854)

Israeli Jews are not known for gentle sabotage, they are known for bombing, torturing, starving, humiliating, murdering and maiming non-jew children while stealing the organs of their parents for transplant into Jews (yup every bit of it has happened, they even "apologized" for the organ stealing bit).

Wait.... control systems for a nuclear reactor... that might lead to a melt-down causing death and misery for 10s or 100s of thousands of innocent civilians... now THAT sounds like something Israel would do.

Yup, Israelis, no one else besides the U.S. is sadistic enough, and the US is too busy bombing, torturing, starving, humiliating, and maiming non-christian children in Iraq, Afghanistan, and Pakistan.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...