Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

A Finnish-Chinese Connection For Stuxnet?

timothy posted more than 3 years ago | from the fusion-cuisine dept.

Security 113

Lingenfelter writes "I recently wrote a white paper entitled 'Dragons, Tigers, Pearls, and Yellowcake' in which I proposed four alternative scenarios for the Stuxnet worm other than the commonly held assumption that it was Israel or the US targeting Iran's Bushehr or Natanz facilities."

cancel ×

113 comments

Sorry! There are no comments related to the filter you selected.

I did it. (2)

MrQuacker (1938262) | more than 3 years ago | (#34585342)

Since everyone else is taking credit, I might as well...

rule 1 (-1)

Anonymous Coward | more than 3 years ago | (#34585352)

never, never feed your penis after midnight.

Re:rule 1 (-1)

Anonymous Coward | more than 3 years ago | (#34585442)

Why not?

My paper is coming (4, Funny)

unity100 (970058) | more than 3 years ago | (#34585384)

In which, i will blame stuxnet worm on late Marilyn Monroe.

Re:My paper is coming (0, Offtopic)

vidnet (580068) | more than 3 years ago | (#34585588)

Wow, this brings a whole new interpretation to Elton John's tribute. It does seem to be about secrets, subversion and crawling worms:

Goodbye Norma Jean
Though I never knew you at all
You had the grace to hold yourself
While those around you crawled
They crawled out of the woodwork
And they whispered into your brain
They set you on the treadmill
And they made you change your name

Re:My paper is coming (1)

ilsaloving (1534307) | more than 3 years ago | (#34587056)

I'm not sure I follow... how does version control fit into this?

Re:My paper is coming (0)

Anonymous Coward | more than 3 years ago | (#34588772)

So that what she meant in the telephone conversation with Kennedy. Instead of she wanting to stop Hoover the goal was to stop the devilish plans of the leader of the future post-revolutionary Iran. As a consequence, the Revolutionary Guard quickly manufactured a time machine to send well-read Iranian ninja to stage a drug overdose for Marilyn.

Overthinking it (5, Insightful)

mike260 (224212) | more than 3 years ago | (#34585396)

Israel is (by far) the most nervous about Iran's nuclear program, and already had one pre-emptive attack on a nuclear plant under it's belt that (in their worldview) was a resounding success and is a point of national pride.
So one of the drives targeted by stuxnet is manufactured in China...I hate to state the obvious, but what isn't?

Re:Overthinking it (1)

RenHoek (101570) | more than 3 years ago | (#34585454)

Wasn't there a wikileaks cable about Israel preparing a cyberattack on Iran?

Re:Overthinking it (0)

Anonymous Coward | more than 3 years ago | (#34585890)

Provide details if there is such a cable...

Re:Overthinking it (1)

GameboyRMH (1153867) | more than 3 years ago | (#34586970)

Not really:

http://www.securecomputing.net.au/News/241927,cablegate-dsd-unprepared-for-cyberwar.aspx [securecomputing.net.au]

The group also discussed Israeli nervousness over Iran's nuclear programme, the ONA expressing interest in Fort's and INR's assessments on Israeli "red lines" and the "likelihood of an Israeli strike against Iranian nuclear facilities".

Source:

http://images.theage.com.au/file/2010/12/15/2096934/Cables.htm [theage.com.au]

Re:Overthinking it (1)

eulernet (1132389) | more than 3 years ago | (#34585502)

And an iranian nuclear scientist has been killed recently:
http://www.bbc.co.uk/news/world-middle-east-11860928 [bbc.co.uk]
And the article mentions that another one was killed at the beginning of this year.

It's more efficient to kill scientists than to use virus.
This is very similar to Mossad's ways http://en.wikipedia.org/wiki/Mossad [wikipedia.org]

As usual, Iran blames Israel, and Israel blames Iran for this murder.

Re:Overthinking it (1)

mike260 (224212) | more than 3 years ago | (#34585528)

You can only kill the scientists and bomb the facilities you know about; a virus can go anywhere.

Yeah, anywhere (0)

Anonymous Coward | more than 3 years ago | (#34585650)

But whoever mixed together Stuxnet had a very clear idea about the facility they were targeting. That's what makes this thriller so interesting.

Re:Yeah, anywhere (1)

LingNoi (1066278) | more than 3 years ago | (#34586884)

Stuxnet has been found throughout the world, you make it sound like they only found it in one facility.

Re:Yeah, anywhere (1)

rtfa-troll (1340807) | more than 3 years ago | (#34589126)

They knew about the design of the facility, but if I read the Symantec decoding of this they did it in a very generic way based on a specific configuration which is quite likely to repeat in all similar centrifuge sites. That would target both Iran and North Korea and even potentially Pakistan I guess. But it also means that it targets any facilities with a similar configuration. It would be very very very interesting to know if their targetting would cause a nuclear leak. If it did, would that be detectable from the outside. If so, did they then identify the location of other secret plants?

Re:Overthinking it (3, Informative)

gl4ss (559668) | more than 3 years ago | (#34585548)

I guess the current way many finnish industrial machine manufacturing goes is that the first models are machined and done in finland and then at least parts manufacture is subcontracted from somewhere cheaper, also we don't have chip fabs in finland so naturally a lot of the parts need to be imports anyways. and another thing that's done on contract by finnish firms by finns is to go to a project site and fix up the mess that the export chinese workmen haven't been able to fix.

the finnish connection is an interesting one because there's plenty of people in finland who could've written stuxnet by themselfs(and access to fresh exploits and the means to look for exploits themselfs) and possibly had the information too - and quite low probability of getting connected to it by anyone else. but it's an obvious one that's hard to prove so it's just that it's targeting some finnish connection hardware that's the connection to finland. the motivation in that case wouldn't have been money, fame or such, it would be that it's just such a sweet target and even if caught criminal chargers would've been extremely hard to press(and even condemning it morally would have sparked a lot of discussion, after all stuxnet was a more civil way to slow the progress there than bombing some scientists).

finland does a lot of trade with many shady countries, nobody gives a rats ass you see(about what finland does and with whom) and economy isn't exactly booming so extra business is extra business, that's not to say that the iranians maybe hadn't lied about what they're going to use the machinery for - notice that had they been used for something else than what the iranians (now apparently confirmedly) were using them for then stuxnet would have done nothing :). they could've used them to run some fat seperators but nooo, had to use for some zero economical output work.

Re:Overthinking it (0)

Anonymous Coward | more than 3 years ago | (#34589878)

"also we don't have chip fabs in finland"

Actually there's one in Vantaa. It's operated by Okmetic, a company listed in the Helsinki stock exchange.

Re:Overthinking it (2)

grrrgrrr (945173) | more than 3 years ago | (#34585640)

On the other hand China is the most obvious source of any cyber warfare or espionage. They have shown they can and will do it. So why not for this one? I think Israel would use one of the more trusted methods of bombing or assassination that is what they are known for and it has also the added benefit of showing your strength publicly as you point out yourself.

Re:Overthinking it (2)

Pharmboy (216950) | more than 3 years ago | (#34585660)

I tend to agree, although the scientists that died of high velocity lead poisoning does sound like something Israel could and would do, very effectively. The problem with the US is that we are always too obvious, try to be "loved", and overly open about stuff like this. We save the secret spying and covert operations on our own citizens.

Re:Overthinking it (1)

mike260 (224212) | more than 3 years ago | (#34585850)

IMHO this also sends a message: "We've been peeing in your centrifuges for months without even having to leave our offices."
Mossad already had the ninja assassin rep, now they get to be ninja assassin hackers.

Re:Overthinking it (1)

grrrgrrr (945173) | more than 3 years ago | (#34586004)

You think any intelligence organization has the knowhow to write a specialized worm like that? I think that is not how an operation like that is executed. They will really need to have a contact in the company that made the centrifuges to do it for them. That is also their main business having a network of contacts. It will be much more difficult for the mossad to have that kind of network or contacts in China than it is to just do the attack. That is why the articles argument is so strong in my eyes

Re:Overthinking it (1)

mlts (1038732) | more than 3 years ago | (#34587552)

China has a lot to gain by doing this:

1: Slowing down Iran's nuclear ambitions is in China's interests because when Iran does have the bomb, who knows what direction it may be sent.

2: Having Stuxnet blamed on the US/Israel is a good thing for China -- the more countries hostile to the west, the better.

3: If a conflict does break out, China could easily make a deal with Iran by offering to have the Red Guard protect the country in return for oil rights. This would ensure them a strong strategic base in the Middle East essentially forever.

But it may not be even China. Yesterday, along a similar topic, I stated that it could be a group of sociopathic people who have a skillz level far better than a script kiddy. There are people out there with a lot of knowledge and access to the 0-day scene who would love to do something like this just for kicks. They don't like any foreign power, so being instrumental in slowing one foreign power's aims while having it blamed on other people would accomplish their goals. There are people out there who would love to cause an incident, and then "watch the world burn", regardless of the consequences.

Re:Overthinking it (2)

Unequivocal (155957) | more than 3 years ago | (#34592084)

Bruce Schneirer debunked the sociopath theory reasonably well when he observed that this tool is very specifically focused. If this tool had been built with sociopathic/antisocial intent it would have f'ed-up way, way more public infrastructure world-wide.

Re:Overthinking it (2)

LWATCDR (28044) | more than 3 years ago | (#34585880)

Actually just about everybody is worried about Iran's nuclear program. Russia has it's own problems with muslim extremists and Iran and Russia are natural enemies that for now are cooperating. They do not want Iran to have nuclear weapons they just want to sell them stuff.
India doesn't really want an extremist Islamic nuclear power that could become allies with an extremist Pakistan.
Throw in France, Germany, the UK, Sweden, Italy, and all the nations near Iran and you have a long list. Frankly you can make it pretty easy.
Who wants Iran to have nuclear weapons.
The extremists elements of the Iran.

Who doesn't want Iran to have nuclear weapons?
Everybody else on the planet.

Of course you will have a few people outside of Iran but you get the picture. The world really doesn't want this.
 

Re:Overthinking it (1)

Eunuchswear (210685) | more than 3 years ago | (#34587060)

Russia has it's own problems with muslim extremists

Yeah, 'cos Shia Iran spends all its time cooperating with Sunni/Salafist jihadi groups.

Re:Overthinking it (2)

Xest (935314) | more than 3 years ago | (#34585918)

"Israel is (by far) the most nervous about Iran's nuclear program, and already had one pre-emptive attack on a nuclear plant under it's belt that (in their worldview) was a resounding success and is a point of national pride."

Actually, it's done two. It bombed the Osirak reactor in Iraq and '81, and it bombed the Syrian nuclear installation in 2007.

But here's the point, when you consider that Iran is no more a threat to Israel than Iraq was then, and than Syria was in 2007, then why do you think if Israel is responsible, that they made such a change of tactics this time? Why switch to such a covert method that's at worst going to delay things a bit, and certainly not going to completely destroy the facility when their pre-existing modus operandi is simply to go in and bomb the installations? Something they're more than capable of doing.

You may be right that China didn't do it, but there's so many possibilities, just because Iran vocally hates Israel doesn't mean it's any more concerned than other countries. With Iran trying to build long range missiles capable of hitting Europe, what makes you think that pretty much any European country isn't responsible? It's arguable that even Saudi Arabia is more interested in dealing with Iran than Israel.

Yes you're right Israel has motive, but when they want to do something they also tend not to fuck around either, Stuxnet seems to very much be a case of fucking around. It seems more like something designed to disrupt Iran's ambitions rather than outright destroy them, likely to delay their programme to force them to sit at the negotiating table longer, again, something Israel tends not to care about if it's really bothered by something.

Re:Overthinking it (2)

mike260 (224212) | more than 3 years ago | (#34586040)

The Military Option: Bushehr is not Osirak [wikileaks.ch] :

the GOI does not know where all of the targets are located

potential targets are well dispersed throughout the country, with several located in built-up civilian areas

any attack on Bushehr would likely result in Russian casualties and endanger Moscow's cooperation

Re:Overthinking it (1)

Bill, Shooter of Bul (629286) | more than 3 years ago | (#34588256)

Its like you're wondering why anyone would ever improve their tactics. Why on earth did we start dropping bombs from planes, when charging head on into machine gun fire worked so well for the past 6000 years? Why on earth did we start using computers, when typewriters were cheaper and more available?

Stuxnet is an awesome weapon. It continues to screw up the centrifuges. They have no way of keeping their systems clean. No one died. No human casualties. No one's that ticked off at Israel, except Iran who has been calling for the destruction of Israel for the past 30 years. Sounds pretty good to me. If Israel didn't do stuxnet, they sure as hell should have, and owe whoever did a huge favour.

Re:Overthinking it (1)

Migraineman (632203) | more than 3 years ago | (#34590600)

Why on earth did we start dropping bombs from planes, when charging head on into machine gun fire worked so well for the past 6000 years?

Was it over when the Germans bombed Pearl Harbor? Hell no!

Re:Overthinking it (1)

Ben4jammin (1233084) | more than 3 years ago | (#34587982)

I agree with what you say about Israel, but that to me makes it LESS likely they would do something so indirect. From my limited knowledge of the whole thing, this attack appears much too subtle for Israel's taste...as in no bombs. A subtle approach like a virus where you really aren't going to be able to prove the source the way you can with aircraft and bombs suggests someone who wants to get it done without rocking the boat. Like someone with a bunch of side deals or other things at stake...both of which could describe the US and China.

I guess what I am trying to say is that IMHO when Israel does something, they WANT you to know they did it. For this virus, someone wanted to remain somewhat anonymous.

Re:Overthinking it (1)

Bill, Shooter of Bul (629286) | more than 3 years ago | (#34588838)

I think you have the Military confused with the Mossad. Military always wants cred. Intel Agency wants you to have a doubt. Having that little bit of doubt makes you hesitant, giving them a little bit more of an edge.

Re:Overthinking it (1)

ColdWetDog (752185) | more than 3 years ago | (#34589038)

I guess what I am trying to say is that IMHO when Israel does something, they WANT you to know they did it. For this virus, someone wanted to remain somewhat anonymous.

But everyone (except notably the submitter) thinks it's Israel. Therefore, they win this round. The Israelis are indeed quite nuanced and capable of a wide range of 'interventions': Blowing up people with cell phones, disappearing people, generic spying, high seas piracy and more.

It doesn't just have to go kaboom. Maybe the fighter jocks get bonus points for air raids but it's always good to have access to a deep toolkit.

Rather basic question (2, Interesting)

Anonymous Coward | more than 3 years ago | (#34585398)

On the presumption that this is some electronic device with a user-modifiable firmware (how else would the worm be able to modify it?) - what would stop Iran from taking an unaffected piece, dumping the firmware, and re-uploading it?

Do a clean reinstall of Windows, and you're set to go.

Is there something I am missing?

Re:Rather basic question (2)

mike260 (224212) | more than 3 years ago | (#34585490)

Nope, seems about right. But you can reinfect a PC by inserting an infected USB key and viewing the contents, so until you know the infection-vectors (which took a while to discover) you'd have difficulty staying clean.

Stuxnet was made to stay undetected as long as possible - it only mucks about with attached drives (rapidly spinning them up and down) at long intervals and for short periods. So instead of a room full of exploding centrifuges, you get an abnormally high failure-rate. It even records sensor data from normal operation and replays it while it's messing with the drives to hide itself from anyone monitoring it.

Re:Rather basic question (4, Informative)

Anonymous Coward | more than 3 years ago | (#34585708)

On the presumption that this is some electronic device with a user-modifiable firmware (how else would the worm be able to modify it?) - what would stop Iran from taking an unaffected piece, dumping the firmware, and re-uploading it?

Do a clean reinstall of Windows, and you're set to go.

Is there something I am missing?

Here's what you're missing:

We originally only had two basic kinds of memory chips, RAM which is volatile, and ROM which was non-volatile. Then someone came up with a new chip that could be 'flashed', that is you could change the data values once but then it became completely non-volitile and was no longer updatable (WORM- Write Once Read Many).
These were the first flashable chips, and had a finite amount of space to use for updates since once you wrote new data, it was there for good.
Well we have largely moved away from WORM technology on most consumer devices, since it's a lot better to have a chip which is largely non-volitie but can still be updated so you don't run out of space or risk totally ruining the chip.

But a lot of high-dollar embedded devices still use WORM chips. Why? Because devices like the ones in question are not only expensive in terms of the raw hardware, but also cost a fortune in license fees for the software which runs them. And the last thing they want is for someone to purchase the equipment from someone else (used or stolen, for example) and run their own software on it- the company makes nothing. So they use chips which are based on WORM technology, which means that a malicious (or bugged) update could easily prevent any further updates (upgrades or downgrades, it's all updates)... which would require replacing the chip. And in most cases, it would be an entire board not just a single chip.

So that's basically a headache for any legit operation which has a support contract with the manufacturer (which they WILL have, always), they ship it back and the maker ships a new one. Or maybe just sends a tech to the site with a spare. Which is all fine and dandy when you're not a country under international embargo, and has multiple powerful nations working to prevent you from getting these machines in the first place. But when you are a 'rogue state' or whatever we're calling them today, getting a replacement chip with the proper software on it is probably even more difficult than just getting an entirely new unit on the black market.

Re:Rather basic question (3, Insightful)

tacktick (1866274) | more than 3 years ago | (#34586148)

Stuxnet is quite the nasty piece of malware. There isnt anything simple about it.
This is Symantec's summary:

Stuxnet is a threat targeting a specific industrial control system likely in Iran, such as a gas pipeline or power
plant. The ultimate goal of Stuxnet is to sabotage that facility by reprogramming programmable logic controllers
(PLCs) to operate as the attackers intend them to, most likely out of their specified boundaries.
Stuxnet was discovered in July, but is confirmed to have existed at least one year prior and likely even before.
The majority of infections were found in Iran. Stuxnet contains many features such as:
Self-replicates through removable drives exploiting a vulnerability a llowing auto-execution.
Microsoft Windows Shortcut ‘LNK/PIF’ Files Automatic File Execution Vulnerability (BID 41732)
  Spreads in a LAN through a vulnerability in the Windows Print Spooler.
Microsoft Windows Print Spooler Service Remote Code Execution Vulnerability (BID 43073)
  Spreads through SMB by exploiting the Microsoft Windows Server Service RPC Handling Remote Code Execution
Vulnerability (BID 31874).
  Copies and executes itself on remote computers through network shares.
  Copies and executes itself on remote computers running a WinCC database server.
  Copies itself into Step 7 projects in such a way that it automatically executes when the Step 7 project is
loaded.
  Updates itself through a peer-to-peer mechanism within a LAN.
  Exploits a total of four unpatched Microsoft vulnerabilities, two of which are previously mentioned vulnerabilities
for self-replication and the other two are escalation of privilege vulnerabilities that have yet to be
disclosed.
  Contacts a command and control server that allows the hacker to download and execute code, including updated
versions.
  Contains a Windows rootkit that hide its binaries.
  Attempts to bypass security products.
  Fingerprints a specific industrial control system and modifies code on the Siemens PLCs to potentially sabotage
the system.
  Hides modified code on PLCs, essentially a rootkit for PLCs.

The full Stuxnet dossier for interesting reading:
http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_stuxnet_dossier.pdf [symantec.com]

Chinas viewpoint on Iran and nukes (5, Interesting)

antifoidulus (807088) | more than 3 years ago | (#34585426)

China is actually worrying about Irans nuclear ambitions but for different reasons than most of the west is. They arent worried too much about Iran attacking any of its interest but dont want to see US influence continue to grow in the region

Its already well established(and the leaked cables support this) that many of the other countries in the area are quite wary of Iran and its ambitions, and a nuclear armed Iran would give the US and these countries a rationale for increasing US presence and influence in the region. China does not see this as being beneficial in the long run as it sees the US as its biggest, and really only, potential rival. Therefore they are against a nuclear armed Iran but on the other hand Iran is one of Chinas biggest oil suppliers and it really does not want to piss them off. So Chinas position is to try to prevent Iran from getting nukes while at the same time looking like the `good guy`. They often times abstain when it comes time to vote on Iranian sanctions in the security counsel. This essentially gives them an out, they can continue to see sanctions and pressure put on the Iranian nuke program without looking like a bad guy to Iran. They can always tell the Iranians that they were worried about vague and unspecified reprecussions if asked why they didnt vote no.

Chinas viewpoint on the US. (1)

Anonymous Coward | more than 3 years ago | (#34585678)

Its already well established(and the leaked cables support this) that many of the other countries in the area are quite wary of Iran and its ambitions, and a nuclear armed Iran would give the US and these countries a rationale for increasing US presence and influence in the region. China does not see this as being beneficial in the long run as it sees the US as its biggest, and really only, potential rival.

A rival that is not only it's biggest market, who if it went bankrupt would render all the debt China purchased worthless.

Re:Chinas viewpoint on the US. (1)

HiThere (15173) | more than 3 years ago | (#34592088)

Not really, a large part of it maybe, but much of the debt has been translated into proper ownership.

AND OF COURSE, E.T. (1)

Anonymous Coward | more than 3 years ago | (#34585438)

Because they have visited, and some have stayed on, as well. They are amongst us now. Aliens. Believe it !! Or not. I won't tell. They'll lock me up and throw away the key this time !!

RTFA? (0)

thegarbz (1787294) | more than 3 years ago | (#34585500)

A spectacularly worthless summary.

Re:RTFA? (2)

Spazztastic (814296) | more than 3 years ago | (#34585718)

A spectacularly worthless summary.

And even in TFA you have to click through three different links just to download the white paper.

It's about oil and coal (5, Interesting)

moxsam (917470) | more than 3 years ago | (#34585508)

Iran not only gets money but also Chinese coal in exchange for their crude oil that they sell to China. Now when Iran finishes their reactors, Iran needs less coal for making electric energy. But China will still need the oil. Thus they have to pay more for the oil. Even worse, the less coal Iran needs the less dependent they become on China, so they are more likely to sell thei oil to other countries.

Sabotaging the nuclear plants of Iran is a cheap way to sustain the co-dependancy between Iran and China.

Re:It's about oil and coal (5, Insightful)

tacktick (1866274) | more than 3 years ago | (#34586056)

Now that is a tempting hypothesis.
But I'm going with Occam's razor on this one.

Who has the most to lose should Iran get nukes? Israel. Who has the most interest in the region? Israel. Who has the cash and the tech know-how? Who has a close relationship with a more powerful country with a _big_ interest in stopping Iran? Israel

Re:It's about oil and coal (0)

Anonymous Coward | more than 3 years ago | (#34590556)

Who is plugging for America to do the dirty work? Who doesn't care if,as a result of the attack, oil goes to $200 a barrel, etc, etc.

If it walks like a duck, swims like a dick and quacks like a duck, then, oy vey, maybe it is a crocodile.

Re:It's about oil and coal (0)

Anonymous Coward | more than 3 years ago | (#34591188)

Iran not only gets money but also Chinese coal in exchange for their crude oil that they sell to China. Now when Iran finishes their reactors, Iran needs less coal for making electric energy. But China will still need the oil. Thus they have to pay more for the oil. Even worse, the less coal Iran needs the less dependent they become on China, so they are more likely to sell thei oil to other countries.

Sabotaging the nuclear plants of Iran is a cheap way to sustain the co-dependancy between Iran and China.

Other viable buyers are holding trade embargoes to Iran. China is a very valuable trading partner, it has no interest of weakening the strength of its middle-east ally. On the contrary, stronger, more stable Iran means stronger trade between the countries.

Having a twist in the story is always nice, and it's of course important to consider all the alternative factors and players in a covert-ops story shaded by mysteries. Still, it is painfully obvious that Israel has the most to gain with the best probability of conducting such an attack. Sometimes the most intuitive, reasonable answers are also correct.

Surprising? (0)

Anonymous Coward | more than 3 years ago | (#34585530)

"Most people who have followed the Stuxnet investigation know that the international headquarters for Vacon is in Finland, but surprisingly, Finland isn’t where Vacon’s frequency converter drives are manufactured. Vacon’s manufacturing plant is actually located in the Peoples Republic of China (PRC) "

Um. how is this surprising?

If Lingenfelter is right (1, Interesting)

Kupfernigk (1190345) | more than 3 years ago | (#34585556)

he has soberly pointed out a case of China engaged in cyber-warfare using means which have got out of control. (There seems to be a fair number of medical doctors who suspect that "swine flu" is actually a Chinese military virus that escaped from a lab.)

This will go against the entire business mantra, but if he is right the West really needs to pull back manufacturing of electronic devices and make more serious efforts to combat Chinese electronic warfare, because in this case they were either incompetent or simply didn't give a shit about collateral damage. Either option is exceedingly worrying,

Re:If Lingenfelter is right (3, Insightful)

acidfast7 (551610) | more than 3 years ago | (#34585928)

As a microbiologist, I haven't anyone reputable suggest that H1N1/09 was engineered. Sounds like tin-foil hat material to me. And I wouldn't trust an MD/DO to speculate about the evolutionary origin of a virus.

Re:If Lingenfelter is right (1)

John Hasler (414242) | more than 3 years ago | (#34586768)

I believe that the "AIDS is a CIA plot" bullshit started as Soviet propaganda in the eighties and evolved into the current set of conspiracy theories.

Re:If Lingenfelter is right (2)

Eunuchswear (210685) | more than 3 years ago | (#34587172)

I believe the '"AIDS is a CIA plot" is Soviet propaganda' rumour started as a Belgian misinformation campaign in '93.

Re:If Lingenfelter is right (1)

Unequivocal (155957) | more than 3 years ago | (#34592158)

Thanks - I was going to post similarly. I haven't heard a peep in any med lit about H1N1 being anything other than a natural variant. Maybe OP heard it at the doctor's office but you hear a lot at the doctor's office that is worth a second opinion.

Re:If Lingenfelter is right (4, Informative)

tacktick (1866274) | more than 3 years ago | (#34586006)

Seriously?
If it was an escaped Chinese military virus wouldn't it have been alot more deadly?

Also, it was traced to a pig farm in Mexico.

Now please coat your tin foil suit with tungsten carbide.You're gonna need it.

Re:If Lingenfelter is right (0)

Anonymous Coward | more than 3 years ago | (#34586990)

*Idly wonders if the parent comment was rated informative because of the facts about the virus or how to coat a tin foil suit.* ;)

Re:If Lingenfelter is right (1)

ColdWetDog (752185) | more than 3 years ago | (#34589150)

Seriously? If it was an escaped Chinese military virus wouldn't it have been alot more deadly?

Maelcum produced a white lump of foam slightly smaller than Case's head, fished a pearl-handled switchblade on a green nylon lanyard out of the hip pocket of his tattered shorts and carefully slit the plastic. He extracted a rectangular object and passed it to Case. `Thas part some gun, mon?' `No,' Case said, turning it over, `but it's a weapon. It's virus.' `Not on thisboy tug, mon,' Maelcum said firmly, reaching for the steel cassette. `A program. Virus program. Can't get into you, can't even get into your software. I've got to interface it through the deck, before it can work on anything...'

`What is this thing?' he asked the Hosaka. `Parcel for me.' `Data transfer from Bockris Systems GmbH, Frankfurt, advises, under coded transmission, that content of shipment is Kuang Grade Mark Eleven penetration program. Bockris further advises that interface with Ono-Sendai Cyberspace 7 is entirely compatible and yields optimal penetration capabilities, particularly with regard to existing military systems...'

Didn't you read the manual? You have to buy the things.

Re:If Lingenfelter is right (0)

Anonymous Coward | more than 3 years ago | (#34586380)

The US army has approved the use of Android devices, but hasn't of Apple devices, because Apple's devices are only produced in China. Whereas, Android manf. have plants all over the world, etc.

Re:If Lingenfelter is right (1)

Anonymous Coward | more than 3 years ago | (#34586612)

There seems to be a fair number of medical doctors who suspect that "swine flu" is actually a Chinese military virus that escaped from a lab.

Stop. Right. There.
"Medical doctors"? What are they basing their suspicions on?

You made this up or were fooled.

Here's a question... (1)

Rone (46994) | more than 3 years ago | (#34585572)

Interesting article, which (indirectly) raises an even more interesting question:

If China was behind the StuxNet worm, why would they risk undoing all of their careful origin-obfuscation work by subsequently carrying out two high-risk meat-space operations against high-level Iranian engineers?

One possibility is that they simply didn't . Once the worm came to light, some other intelligence agency with a more direct way of handling things may have decided to seize the opportunity to increase the worm's lifespan by eliminating the people most likely to stop it.

If two different parties were behind the worm and the assassinations, TFA's China theory might indeed be plausible.

Yet another daft conspiracy theory (1)

Anonymous Coward | more than 3 years ago | (#34585592)

A conspiracy theory, particularly one which is as convoluted and as baseless as this is, does not gain any magic credibility if the loony that devised it happens to write it down in a document which then proceeds to refer to it as a "white paper". I understand his desperate need to sell his little pet conspiracy theory on the authoritativeness of the "white paper" label alone but that doesn't make it any more true.

Finland? Not entirely implausible (1)

damn_registrars (1103043) | more than 3 years ago | (#34585612)

One of the world's most prolific spammers [spamhaus.org] has hid out in Finland from time to time. While his hiding out there does not make an argument for Finland supporting his actions, it does suggest that it may be a place where computer criminals can hide out fairly effectively. Being as he was controlling a botnet from there to pump spam, it would not be hard to envision him using the same botnet to attack someone he views as an enemy - regardless of whether or not they have any negative affiliations with anything he does directly.

Of course if it really is Kuvayev - who makes most of his money selling counterfeit prescription drugs - he may actually be acting very short-sighted here. He may be concerned that radiation accident victims wouldn't want to buy his counterfeit viagra, while really he should be thinking of all the other drugs he could sell those people...

Re:Finland? Not entirely implausible (1)

jovius (974690) | more than 3 years ago | (#34585696)

Besides the attack has probably been devised using an operating system originating from Finland!

Endless loop. (2)

miffo.swe (547642) | more than 3 years ago | (#34585618)

Iran needs nuclear weapons to be sure US and Israel wont invade. Those two knows that the minute Iran has nuclear weapons as a deterrent, they cant invade. This is an endless loop where Usrael says invasion is the only solution because Iran is trying to get nuclears to deter an invasion.

The only really path to getting Iran off the path to nuclears are that the US and Israel promises to not invade Iran. Since thats their goal they wont.

One can hope China will step in and assure the freedom of Iran from US/Israeli aggression and thus disarm the situation. Thus far China have taken a very laid back aproach to the rest of the world and tried to not interfere with other countries policies. Maybe the time has come to rethink that.

Re:Endless loop. (0)

mcvos (645701) | more than 3 years ago | (#34586060)

Iran needs nuclear weapons to be sure US and Israel wont invade. Those two knows that the minute Iran has nuclear weapons as a deterrent, they cant invade. This is an endless loop where Usrael says invasion is the only solution because Iran is trying to get nuclears to deter an invasion.

The only really path to getting Iran off the path to nuclears are that the US and Israel promises to not invade Iran.

If they're that serious about invasion, US and Israel would invade before Iran has their nukes ready. What they're afraid of is that if they don't invade, Iran will simply launch the nukes at Israel, because that's the kind of guy Ahmadinejad is. Or seems to be, at least. The nukes might force the US and Israel to do something against Iran even when they'd rather not.

Re:Endless loop. (2)

miffo.swe (547642) | more than 3 years ago | (#34586286)

I see you have eaten and digested the propaganda very well. Iran is not a crazy banana republic with raving mad leaders.

The US and Israel wants an excuse to invade, just as the lies about Iraq WMD was used to fool the world. It doesnt matter if Iran stops its (for now) civilian nuclear program, some other excuse will be made. Iran sadly needs nuclear weapons to protect itself from the US and Israel.

Do you seriously think Iran would launch a first strike at Israel knowing it would turn every square inch of Iran into a parking space?

Up until today Israel and the US has been far more aggressive against other countries than Iran, who furthermore has had to defend themselves from US weapons, chemical weapons and money through Saddam back when he was US best buddy.

Re:Endless loop. (0)

mcvos (645701) | more than 3 years ago | (#34586616)

Iran is not a crazy banana republic with raving mad leaders.

Yes it is. Iran has a lot of very reasonable, smart, educated and enlightened people, but its leaders are stark raving mad. Get rid of the theocracy and have some real elections for a change. Go back to the democracy of before 1953.

The US and Israel wants an excuse to invade, just as the lies about Iraq WMD was used to fool the world.

The US would sell its own mother to not have to invade Iran. They're already embroiled in two neverending wars. They don't want a third.

It doesnt matter if Iran stops its (for now) civilian nuclear program, some other excuse will be made. Iran sadly needs nuclear weapons to protect itself from the US and Israel.

How is Israel going to attack Iran? The only reason for Israel to ever do so is if Iran is a direct threat to Israel's continued existence. Israel too has enough crap on their hands after upsetting Turkey and the EU with their seizing ships at sea and the continued repression of Palestinians.

I admit Israel's self-destructiveness rivals that of Iran's current leadership, so you never know you never know what kind of crazy stunt they're going to pull next, but invading Iran goes way beyond that. A bombing strike on the nuclear facilities, sure. But other than that, Israel is only really interested in harassing Palestinians and taking their land.

Do you seriously think Iran would launch a first strike at Israel knowing it would turn every square inch of Iran into a parking space?

With Ahmadinejad at the helm? I consider it a distinct possibility.

Up until today Israel and the US has been far more aggressive against other countries than Iran, who furthermore has had to defend themselves from US weapons, chemical weapons and money through Saddam back when he was US best buddy.

I'm not going to dispute that. The US has a lot of blood on their hands, as does Israel. But at the moment, Israel is only really a threat to the continued existence of the Palestinians. They're not a threat to anyone else, unless they get in the way (which they might). And the US is really a lot more likely to invade Iran because they're about to get a nuke, than they'd be if Iran didn't get a nuke.

Re:Endless loop. (2)

John Hasler (414242) | more than 3 years ago | (#34586868)

But the threat of attack by Israel and/or the USA (and the idiot "sanctions") is very useful to the rulers of Iran (Ahmadinejad is far from being a dictator). They need an external enemy to blame for all their internal problems.

Re:Endless loop. (1)

mcvos (645701) | more than 3 years ago | (#34587188)

It's hard to say that the US isn't at least partially to blame for Iran's problems. It was a democracy until 1953, when, with the help of the CIA and the ayatollahs, the government was overthrown and the Shah placed in power. And it went downhill from there.

Re:Endless loop. (1)

Unequivocal (155957) | more than 3 years ago | (#34592284)

We definitely made the bed and now we're stuck lying in it. Good point. But it still doesn't un-crazy the Iranian theocracy. Crazy US foreign policy gave them the vehicle to come to power but those nutjobs are doing fine being crazy all on their own now.

Ditto for Afghanistan come to think of it (twice there - first in the 80's and now again with Karzai). The more things change, the more they stay the same..

Re:Endless loop. (1)

Eunuchswear (210685) | more than 3 years ago | (#34587284)

Go back to the democracy of before 1953.

Don't be ridiculous - after all the effort we put in to overthrowing it?

Do you seriously think Iran would launch a first strike at Israel knowing it would turn every square inch of Iran into a parking space?

With Ahmadinejad at the helm? I consider it a distinct possibility.

Well, it's a good thing he's not at the helm then, isn't it.

You do know he has no control over foreign or military policy?

Re:Endless loop. (1)

Unequivocal (155957) | more than 3 years ago | (#34592248)

Those last round of elections were free and fair? Ahmadinejad sure sounds like a nut job whenever he opens his mouth in public.

Don't get me wrong, I agree there's tremendous media bias about Iran. But the Iranian gov't seems pretty loco. The US gov't up until recently seemed pretty loco to me as well.

The Iranian police and paramilitary stomping on civilians during a peaceful demonstration looked a lot more to me like Burma than the US or Europe. I marched peacefully against the (second) Iraq war and no one stomped on me. The gov't didn't listen, but I think there's a pretty big difference between those two things.

Re:Endless loop. (1)

ThatsLoseNotLoose (719462) | more than 3 years ago | (#34589454)

Are you serious about Israel invading Iran? Have you ever looked at a map?

If the US were to invade, there wouldn't be any Israeli involvement because none would be needed or wanted.

As for Israel invading? That's seriously daft. Israel's population is less than a tenth of Iran's and they are separated by 500 miles and two sovereign nations.

Israel has about as much ability to invade Iran as the state of Iowa.

If Iran IS invaded, they won't be getting any Chinese assistance for pretty much the same reason. China has no ability to project that much power that far away from home and they have historically shied away from that sort of thing anyway.

I suspect you are the type of person who sees Mossad agents behind your favorite football team's losses.

strange brew that's also good for you (0)

Anonymous Coward | more than 3 years ago | (#34585626)

That would be home made Kombucha.

Realpolitik (1)

Dynamoo (527749) | more than 3 years ago | (#34585706)

China is an intriguing idea as the source for the malware.. if you think about it, China's interests are in no way served by the nuclear ambitions of Iran and North Korea. Western military action against either could be disastrous for the status quo that China depends on, but equally they might not want to side with the west. So quietly sabotaging the nuclear programmes of either or both might be an example of Realpolitik - that is, practical politics that achieves useful results rather than grand gestures.

USB delivered. (2)

Anonymous Admin (304403) | more than 3 years ago | (#34585720)

China would be far more likely to imbed this in the motherboard or nic than to rely on USB as a delivery vehicle.

Stuxnet and Wikileaks (2)

giorgist (1208992) | more than 3 years ago | (#34585846)

I think you need to include the
Stuxnet Israel Wikileaks connection that was anounced in the last couple of days

Zionist origin is attested inside Stuxnet code (0)

Anonymous Coward | more than 3 years ago | (#34585882)

That the date of death (19790509 or 9th of May 1979) for a jewish martyr, lynched during the iranian islamic revolution is hardcoded in a registry key used by Stuxnet. QED

Re:Zionist origin is attested inside Stuxnet code (1)

antifoidulus (807088) | more than 3 years ago | (#34585948)

Yeah because a hardcore Jewish extremist would use the Christian calendar with the American date format to celebrate their martyr.....

Re:Zionist origin is attested inside Stuxnet code (1)

Cryect (603197) | more than 3 years ago | (#34586046)

That is actually more of a Chinese date format which is the format frankly that makes the most sense (at least for sorting). American's use MM-DD-YYYY as the standard though there is some use of DD-MM-YYYY and YYYY-MM-DD depending on the field.

Re:Zionist origin is attested inside Stuxnet code (0)

Anonymous Coward | more than 3 years ago | (#34586224)

YYYY-MM-DD is the default date format used by MySQL, which was created by a *Finn*.

Put *that* in your tungsten-carbide-coated tinfoil hat and smoke it.

+1 for hilarious (2)

tacktick (1866274) | more than 3 years ago | (#34586848)

Did you get the tungsten-carbide coated tinfoil idea from me?

Either way, how about going into business together?
There's money to be made from paranoid people..
Glenn Beck and talk radio do the prep work for us and we do Cha-ching!

Re:+1 for hilarious (0)

Anonymous Coward | more than 3 years ago | (#34587490)

Did you get the tungsten-carbide coated tinfoil idea from me?

I can neither confirm nor deny this allegation. :)

Either way, how about going into business together?
There's money to be made from paranoid people..
Glenn Beck and talk radio do the prep work for us and we do Cha-ching!

However, I am intrigued by your ideas and would to subscribe to^W^Wco-publish your newsletter.

Re:+1 for hilarious (4, Funny)

GameboyRMH (1153867) | more than 3 years ago | (#34587526)

I just pictured Glenn Beck proudly and slowly walking onto the set of his show in an elaborate tungsten-carbide-tinfoil suit, complete with a samurai-style helmet and a US flag strapped to his back.

"Today friends, I am immune to the electromagnetic radiation of the liberal media, and the silent-but-deadly kinetic impact of their hybrid cars. I can think freely and walk the streets without fear. Bring it on, Obama, if that IS your real name"

XD

Re:Zionist origin is attested inside Stuxnet code (1)

radtea (464814) | more than 3 years ago | (#34587194)

That is actually more of a Chinese date format which is the format frankly that makes the most sense

It is the ISO date format: YYYY-MM-DD. It is the only acceptable standard date format for most uses.

People ignorant of modern standards, or incapble of adapting to changing times, still use some weird and archaic date formats, gifting us with ambiguous nonsense like 10/6/8.

Re:Zionist origin is attested inside Stuxnet code (1)

metrix007 (200091) | more than 3 years ago | (#34587480)

I have never understood why the US use MM-DD-YYYY...gosh darn it is retarded and backwards and arbitrary.

Re:Zionist origin is attested inside Stuxnet code (1)

Nadaka (224565) | more than 3 years ago | (#34589314)

what is worse is that we also use DD-MM-YYYY at the same time, so two identical looking dates may have a different value, so you always have to know what the format is to correctly interpret a little less than half our dates.

Re:Zionist origin is attested inside Stuxnet code (1)

rtfa-troll (1340807) | more than 3 years ago | (#34589462)

Hand in your nerd card now. That is the date format. The ISO date format. The only one which alphanumerically sorts in proper order. The one which has no hundred year problem. The one which is easily upgradable to a 10kyear date format without changing ordering. They would use that because it is right. These are people who can make an virus attack on the other side of the world with precision and surprise. They will get the date format right.

Re:Zionist origin is attested inside Stuxnet code (2)

radtea (464814) | more than 3 years ago | (#34587108)

That the date of death (19790509 or 9th of May 1979) for a jewish martyr, lynched during the iranian islamic revolution is hardcoded in a registry key used by Stuxnet. QED

Ok, I'm convinced: it wasn't the Israelis.

Two things convince me of that: the unbelievably lame little astro-turf campaign going on here with AC's all repeating "I'm gonna go with the OBVIOUS on this one" without one shred of actual evidence to back it up; and this particular claim that a group as canny as the Israelis would effectively sign the worm with a value that points back to them.

The astro-turfer's efforts are simply racist, no different from the police looking for a convenient person of the correct racial orgin to pin a crime on. You don't need to have any evidence, just a general knowledge that your favourite ethic group are likely to be criminals, so if a crime was committed it's OBVIOUS that one of them must have done it, right?

But this "signature" is proof of non-Israeli origin, as it requires an incredibly subtle and clever attack on Iran's nuclear program to also include an apparently clear indication of who did it.

In my experience with the Israelis, they aren't shy about taking credit. Nor are they shy about bombing Iranian nuclear facilities.

So sticking them with Stuxnet requires that Israel for some reason decide to take an indirect, deniable, clandestine approach, AND AT THE SAME TIME hardcode a clear pointer to Israeli origin in the code.

For anyone who finds anything "obvious" about that, I recommend a visit to Dr. Ockham.

It was Nixie (1)

oakwine (1709682) | more than 3 years ago | (#34586058)

I don't see the Chinese ticking off a major oil supplier. China has nothing to win and much to lose in doing so. Stux (sounds like Tux) looks to me like the work of Nixie! Nixiepixel. Mother of All Evil.

Counterargument to article, other possibilities (0)

Anonymous Coward | more than 3 years ago | (#34586470)

I guess I found one point of reasoning in the article somewhat contradictory: that "Furthermore, in March 2010, China’s Customs ministry started an audit at Vacon’s Suzhou facility and took two employees into custody thereby providing further access to Vacon’s manufacturing specifications" ... but the first sample of the Stuxnet virus (which did contain a Siemens DLL) was found on June 2009 according to the Symantec dossier http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_stuxnet_dossier.pdf [symantec.com] referenced in the paper of the article.

This virus may have been first seen in the wild in June 17, 2010, but apparently it's been around before that. Did China really only weaponize it that late in the game, post-March 2010? Or if it occurred before then, the whole March 2010 incident is irrelevant as to China's culpability, but mildly interesting in terms of indicating increased capability. I figure the article's author seems smart enough that he would recognize this so I don't understand if I'm missing something, or he's overly padding his argument with irrelevant-but-interesting datapoints and overlooked this logic, or if I should consider this as disinformation.

Other scenarios that I've wondered about along the way (admittedly more motive-based than evidence-based) :

* Israel routes many attacks or probes (not just this Stuxnet one but perhaps it also) through China (or Russia) because there are a lot of PCs there not-well-protected, their cyber-defense/tracing/auditing is weak(?), and it makes for a plausible cover story given the advanced capabilities, and is less likely to implicate its closest ally (US) and the explanation will serve its closest ally's interests (US fears against China and/or Russia just help with increasing defense budgets in the US thus providing more advanced weapons for Israel.)

* Stuxnet is really a coverup for a previous, perhaps-more-effective sabotage mechanism still-unveiled. Reasoning: as mentioned in the paper referenced by the article, Iran's Natanz's uranium-processing efficiency started to drop in 2008 for reasons still unknown/unrevealed. Let's posit that Stuxnet didn't arrive until later (true given the current evidence.) Iran, having not figured it out the true nature of its vulnerability/ies, now has a culprit that they appear to be eagerly investigating... but the attacker has led them to focus their attention and efforts on a vulnerability that is not the most significant one.

The FSM did it. (3, Insightful)

Anonymous Coward | more than 3 years ago | (#34586484)

You leave a dog alone with a steak. When you later come back, the steak is eaten.

Who ate the steak? It could of course be anyone or anything. It could even be the FSM.

In all recent stuxnet-stories I've read on slashdot I've found a lot of comments (modded +5) beginning like this:

I don't know why everyone is so quick to assume it's {USA,Israel} behind this. It could be {Random country, the Yeti}...

Which is of course true. If you don't know who did it, you don't know who did it. BUT! That doesn't mean every possibility has the same probability.

Re:The FSM did it. (0)

Anonymous Coward | more than 3 years ago | (#34589254)

The FSM did it.

The Federated States of Micronesia [wikipedia.org] has a cyberwarfare program?

Re:The FSM did it. (1)

Unequivocal (155957) | more than 3 years ago | (#34592380)

Great point. It reminds me of the O.J. trial where the prosecution DNA expert was explaining how the blood matched OJ's with a 1 in 6 million chance of being someone else (I'm fuzzy on the actual number - doesn't matter).

The defense lawyer asked the expert, "So did you test six million people to see if it matched all of them." The expert said something like, "No, we used a statistical procedure to determine the match, involving samples of 600 people's blood." (again I'm fuzzy on the actual #'s)

The defense lawyer said, "But what if the 601st person's blood had matched OJ's? No further questions."

Man we need to teach more stat or logic or something school..

As unfashionable as it may seem... (1)

bazmail (764941) | more than 3 years ago | (#34586846)

Sometimes the obvious answer is the right answer.

Yeah, I can write fiction too (1)

elrous0 (869638) | more than 3 years ago | (#34587814)

I'm sure I could concoct any number of scenarios if I really wanted to. But Israel is far-and-away the obvious suspect--with the obvious motive, means, and opportunity. Of course, they could have been framed--but then so could have O.J. and pretty much every guy on death row. It all comes down to whether you want to accept the simplest and most obvious solution, or construct a big conspiracy theory because you're such an Israel fan that you just WILL NOT accept that they might have done something like this.

please folks please (0)

Anonymous Coward | more than 3 years ago | (#34587994)

There is no room for amateur speculators here.
In my professional opinion, the following are the most likely sources of Stuxnet (in decreasing order):
(1) snooki
(2) JWOWW
(3) the "situation"
(4) Pauly D

No in Chinese character (0)

ashbi (1787372) | more than 3 years ago | (#34588812)

This operation was much more in the Israeli Character, than the Chinese one. Chinese are usually very unoriginal in the technology field ,and undaring and cautious in personality. That is why they copy everything created by the west, and do very little innovation of their own. They are not motivated to do vast clandestine operations, that does not directly benefet the careers of those in the comunist party. This is directly opposite of the israeli personality, thay seeks to be creative.

Re:No in Chinese character (0)

Anonymous Coward | more than 3 years ago | (#34589628)

This is directly opposite of the israeli personality, thay seeks to be creative.

And the latest "creative" product from Israel is ....what?

Could it be... (1)

ducomputergeek (595742) | more than 3 years ago | (#34590572)

Regardless of who actually did the deed, chances are a lot of folks where involved by knowing what was happening and deciding not to say anything to the Iranians about it. Sometimes the most effective spying is when you known, but say nothing.

There are a lot of parties that stand to lose from a nuclear Iran.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>