Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

How Investigators Deciphered Stuxnet

Soulskill posted more than 3 years ago | from the introductory-cyberwarfare dept.

Security 131

suraj.sun tips a story at Wired that takes an in-depth look into how security researchers tracked down and worked to understand the infamous Stuxnet worm. The article begins: "It was January 2010, and investigators with the International Atomic Energy Agency had just completed an inspection at the uranium enrichment plant outside Natanz in central Iran, when they realized that something was off within the cascade rooms where thousands of centrifuges were enriching uranium. But when the IAEA later reviewed footage from surveillance cameras installed outside the cascade rooms to monitor Iran's enrichment program, they were stunned as they counted the numbers. The workers had been replacing the units at an incredible rate — later estimates would indicate between 1,000 and 2,000 centrifuges were swapped out over a few months. The question was, why?"

Sorry! There are no comments related to the filter you selected.

Frosty piss (-1)

Anonymous Coward | more than 3 years ago | (#36726880)

Kiss my shiny metal ass.

Possibly the coolest cyberwar article I've read (2, Insightful)

He Who Has No Name (768306) | more than 3 years ago | (#36726882)

The part about the differences in loyalties of the Symantec researchers was telling, though.

"We don't care if this harms something important our country is doing to stop madmen from getting the Fist of God. We have customers to do business with!"

Re:Possibly the coolest cyberwar article I've read (4, Insightful)

neochubbz (937091) | more than 3 years ago | (#36727102)

The part about the differences in loyalties of the Symantec researchers was telling, though.

"We don't care if this harms something important our country is doing to stop madmen from getting the Fist of God. We have customers to do business with!"

You're looking at this the wrong way; fighting computer viruses is akin to fighting biological viruses, it benefits everyone. Even if stuxnet was being used in some sort of covert fashion, you don't go around using viruses as weapons without having an effective vaccination/cure in place.

Re:Possibly the coolest cyberwar article I've read (1, Insightful)

Renraku (518261) | more than 3 years ago | (#36727200)

Considering the virus only infected the outdated type of centrifuge with the firmware that Iran was using...I think it was only benefiting Iran and Symantec's wallet.

Re:Possibly the coolest cyberwar article I've read (5, Informative)

EvanED (569694) | more than 3 years ago | (#36727480)

If you had RTFA (or perhaps with a more critical eye) you'd know that they had no clue about that at that time. When they first went public with it, all they knew was that it was a quite sophisticated attack that went after Step7 controllers. And given that, I definitely agree with them that it was in everyone's best interest to release that information.

Re:Possibly the coolest cyberwar article I've read (1)

EvanED (569694) | more than 3 years ago | (#36727504)

Well, they also knew at may have been aimed at Iran.

But still, they didn't know how precisely targeted the worm was at that point, and they certainly didn't know it was aimed at the centrifuges at that point.

Re:Possibly the coolest cyberwar article I've read (4, Insightful)

Darinbob (1142669) | more than 3 years ago | (#36729224)

But the stuxnet virus was out there on malware sites and could have been adapted to other uses. Figuring out what it did and how it worked was crucial in being able to stop it effectively.

Re:Possibly the coolest cyberwar article I've read (3, Insightful)

He Who Has No Name (768306) | more than 3 years ago | (#36727388)

Computers can be reformatted and replaced.

Tel Aviv cannot.

The groups behind Stuxnet were prioritizing the risks of a surgical anti-nuclear proliferation strike as being worth the potential collateral damage. I think that was a prescient and reasonable decision, especially given Iran's irrationality and their hunger for nuclear weapons.

Re:Possibly the coolest cyberwar article I've read (2, Insightful)

Anonymous Coward | more than 3 years ago | (#36727794)

Iran is not going to attack Israel. Even Ahmadinejad in his most insane moments would not attack Israel first. But it would play right into the madman's wet dream if Israel attacked Iran. Then Iran would basically be defending against Israeli aggression.

This is what Ahmadinejad believes. He believes that the return of the Mahdi will only happen when Iran is attacked by Israel. An attack the other way around would "void the prophecy".

Re:Possibly the coolest cyberwar article I've read (1)

Anonymous Coward | more than 3 years ago | (#36728826)

Iran is not going to attack Israel. Even Ahmadinejad in his most insane moments would not attack Israel first.

Perhaps, perhaps not. But can you guarantee that everyone who has access to the nukes they are developing, now and in the future, won't? In one of the least stable regions in the entire world? Full of terrorists willing to give their lives and the lives of their children, whose stated goal is the extermination of the Israeli nation?

Yeah, though not.

Re:Possibly the coolest cyberwar article I've read (0)

Anonymous Coward | more than 3 years ago | (#36729358)

We should be so grateful to Israel's leaders for not using their own nuclear weapons.

Re:Possibly the coolest cyberwar article I've read (2)

silentcoder (1241496) | more than 3 years ago | (#36731804)

As somebody from Africa I must say:
Can you guarantee that everybody who sits in the white house with nuclear launch codes, now and in the future, won't start nuking countries if they refuse to pass laws demanded by US companies ?

You've had a history of removing democratically elected leaders around the world if those leaders put the development of their own people ahead of corporate profits and replacing them with dictators that would do as you say. In the case of Panama you actually had a CIA agent become the official ruler of the country to get your way.

You gave the nuclear launch codes to G.W. Bush... TWICE !

Iran has a risk of acting insane in the name of Islam. You have a HISTORY of acting insane in the name of the great god Profit.

Why should the world trust you more than them ?

Oh - and unlike Iran - you HAVE in fact used nukes in war before (twice), in fact you're the only country in the world that has done so - EVER.
Oh ... and also unlike Iran - you don't have the potential to develop nuclear power, you ARE a nuclear power you have enough of the damn things stockpiled to turn the entire planet into a glass parking lot.

Sorry, but speaking as somebody who is not a citizen of either country - I trust neither of you, and I trust the USA less than Iran.

Oh, and my country WAS a nuclear power in the 1980s, we chose to dismantle our nuclear capability ourselves (without any pressure to do so from outside) purely because we were opposed to the concept of continuing to stockpile bombs that we had no conceivable scenario of ever using.

Re:Possibly the coolest cyberwar article I've read (1)

CPTreese (2114124) | more than 3 years ago | (#36731796)

Really???? Oh thank God! All this time I was thinking that Iran and all the other Arab states still wanted to decimate Israel! It's a good thing that after two attempts of destroying Israel they would only bluster after possessing a nuke. You poor naive man.

Re:Possibly the coolest cyberwar article I've read (1)

Whiteox (919863) | more than 3 years ago | (#36731014)

It would be interesting to hypothesize if Tel Aviv/Israel was nuked, whether Israel would counterattack or expect US to counter-attack on their behalf. After all there's a lot of black gold in those wells.

Re:Possibly the coolest cyberwar article I've read (1)

m50d (797211) | more than 3 years ago | (#36731524)

Ah yes, Israel has an excellent record of being anti-nuclear proliferation.

Re:Possibly the coolest cyberwar article I've read (1)

Anonymous Coward | more than 3 years ago | (#36731224)

Not to mention the fact that if you're working for American company you should somehow magically transform your loyality from your native nationality to US is rather ridiculous argument. A company is a just thing that operates within the limits set in the law. Defense and espionage are nation state actions.

The people mentioned in the article were an Irish, a French and a Japanese among others. I'm working for French company but I as sure as hell don't think what are the French government's advantages in every single thing I do even if it would end up being part of something "good for the world". The OP's point of view is natural though if you're only accustomed to think people are either American or evil. :]

Re:Possibly the coolest cyberwar article I've read (2)

silentcoder (1241496) | more than 3 years ago | (#36731752)

I would take your logic a step further.
If a major virus hit in Asia tomorrow representing a major threat to any countries it reached - you would want your CDC doing all in their power to assist in finding a prevention/cure while it's still only in those other countries. You would want them to stop it - saving lives there as well as reducing risk to yourself.
You would certainly want the redcross and doctors without borders and similar organisations doing all in their power to stem the tide before it reached you.
Now if you later learn that the virus was actually a biological weapon developed by the pentagon to launch on countries that supported terrorists - you would not afterwards be calling DwB and RC evil for fighting (and perhaps curing/inoculating against) it would you ? Cyberthreats have a much lower risk to human life that's true (though stuxnet proved that virusses could be targetted at computer-controlled machinery and designed to break them - what if the next stuxnet specifically hits heart-lung machines in private hospitals ?) you may or may not agree with private hospitals - but you'd not want a lot of sick people being murdered would you ?

Much as I'm in favor of market regulation - a security company choosing to ignore politics and fight the threat - that's their JOB - I cannot fault them for that.

Re:Possibly the coolest cyberwar article I've read (2, Insightful)

IamTheRealMike (537420) | more than 3 years ago | (#36727196)

Madmen? Compared to what?

Last I checked, the only country claiming credit for Stuxnet was Israel, ie, a country that refuses international inspections of its atomic facilities and "neither confirms nor denies" that it has the bomb (confirming would mean losing US aid that is contingent on not developing these weapons). Israel also has a track record of invading other countries whereas Iran does not.

Measured by past actions, Israel is a far more dangerous country than Iran. It certainly has nukes, has a power mad and oppressive government that regularly ignores basic human rights, is warlike, and shows zero interest in making peace with its neighbours. Infecting 100,000+ computers with a virus and assassinating scientists in order to achieve its foreign policy objectives is exactly the kind of reckless behavior I'd associate with madmen.

Re:Possibly the coolest cyberwar article I've read (1)

rhook (943951) | more than 3 years ago | (#36727264)

Israel also attacked the USS Liberty, which was in international waters, and which also did not attack any of Israel's forces.

http://en.wikipedia.org/wiki/USS_Liberty_incident [wikipedia.org]

Re:Possibly the coolest cyberwar article I've read (3, Insightful)

rwven (663186) | more than 3 years ago | (#36727624)

"Both the Israeli and U.S. governments conducted inquiries and issued reports that concluded the attack was a mistake due to Israeli confusion about the identity of the USS Liberty."

All the whining about how Israel was intentionally trying to sick the ship doesn't make any sense. Considering the efficiency of the Israeli military at getting these sorts of jobs done, there's no way they somehow didn't manage to sink the ship. If they had intended to do it, they would have done it. No question whatsoever.

The only explanation is that they attempted to destroy it with all due effort, and ceased attempting when they realized that they were attacking a friendly target. Considering they accidentally attacked a column of their own tanks the day before, it's not hard to imagine that they could make another similar mistake, especially given the craziness that was going on during those days.

Re:Possibly the coolest cyberwar article I've read (2)

rhook (943951) | more than 3 years ago | (#36727972)

Visibility of American flag: The official Israeli reports say that the reconnaissance and fighter aircraft pilots, and the torpedo boat captains did not see any flag on Liberty. Official American reports say that the Liberty was flying her American flag before, during and after the attack. The only exception being a brief period in which one flag had been shot down and then replaced with a larger flag that measured approximately 13 ft (4.0 m) long. U.S. Naval Court of Inquiry finding number 2 states: "The calm conditions and slow speed of the ship may well have made the American flag difficult to identify." And finding number 28 states: "Flat, calm conditions and the slow five knot patrol speed of LIBERTY in forenoon when she was being looked over initially may well have produced insufficient wind for steaming colors enough to be seen by pilots".[86] The NSA History Report (page 41) states: "... every official interview of numerous Liberty crewmen gave consistent evidence that indeed the Liberty was flying an American flag—and, further, the weather conditions were ideal to ensure its easy observance and identification."

The official report is not consistent with what the crew reported. There is also no excuse for attacking an research ship in international waters. The Liberty was, after all, a communications ship.

On October 2, 2007, The Chicago Tribune published a special report[6] into the attack, containing numerous previously unreported quotes from former military personnel with first-hand knowledge of the incident. Many of these quotes directly contradict the U.S. National Security Agency's position that it never intercepted the communications of the attacking Israeli pilots, claiming that not only did transcripts of those communications exist, but also that it showed the Israelis knew they were attacking an American naval vessel.

There's just too many unanswered questions about this.

Re:Possibly the coolest cyberwar article I've read (1)

unitron (5733) | more than 3 years ago | (#36730580)

There's just too many unanswered questions about this.

Not to mention entirely too many unquestioned answers.

Re:Possibly the coolest cyberwar article I've read (0)

Anonymous Coward | more than 3 years ago | (#36730194)

All the whining about how Israel was intentionally trying to sick the ship doesn't make any sense.

The criticism of attacking a ship without clear ID in international waters on the other hand is completely justified.

Re:Possibly the coolest cyberwar article I've read (2)

silentcoder (1241496) | more than 3 years ago | (#36731824)

Paragraph 1: The Israeli army was too efficient to fail in an attack.

Paragraph 2: The Isreali army was not efficient enough to identify friendly targets.

That's pretty much a summary of your post.. am I the only one seeing the rather major contradiction ?

Those two paragraphs can't both be true.

A much more likely scenario is:
The Israeli army at that stage was so inefficient not only did it repeatedly strike friendly targets - when it did it failed at the attacks.

Re:Possibly the coolest cyberwar article I've read (2, Insightful)

Sheik Yerbouti (96423) | more than 3 years ago | (#36727846)

You would put the Iranians above the Israelis? The Iranians are self declared anti semites who recently brutally repressed the self expression of their own people and have declared the US and Israel their enemy. The same people that round up jews and shoot them with firing squads? While Israel has been one of the few steadfast and erstwhile US allies in the middle east. Must be nice to be so poorly informed about reality. Here is the reality Israel is surrounded by anti semites that beat and repress their own people and specifically beat, repress, and generally mistreat women and execute gays. They share no common values with you lefty they would just as soon see you dead as to let a jew live. There is no difference between Iranians and pre WW2 european anti semites only difference is this modern group of anti semites is about to have the bomb. But no reason to worry about that I am sure.

Re:Possibly the coolest cyberwar article I've read (0, Informative)

Anonymous Coward | more than 3 years ago | (#36728586)

Look up the definition of "semitic". Jews, Muslims and Christians fall under this category. You seem to be quite poorly informed yourself.

Re:Possibly the coolest cyberwar article I've read (3, Informative)

pheonix7117 (1439515) | more than 3 years ago | (#36728732)

I hate to have to do this, but while 'semitic' may indeed include Jews, Muslims, and Christians, the definition of 'anti-semitism' is quite clear. From Miriam-Webster:

Definition of ANTI-SEMITISM: hostility toward or discrimination against Jews as a religious, ethnic, or racial group

Source: http://www.merriam-webster.com/dictionary/anti%20semitic [merriam-webster.com]

Re:Possibly the coolest cyberwar article I've read (0)

colinrichardday (768814) | more than 3 years ago | (#36730066)

And as the first respondent to your link pointed out, the term "Semite" applies to people besides Jews, so why is antisemitism restricted to hatred of Jews? What if Merriam-Webster is wrong?

Re:Possibly the coolest cyberwar article I've read (1)

pheonix7117 (1439515) | more than 3 years ago | (#36730134)

Most likely another language fail somewhere along the way. If you're interested, this [dailywritingtips.com] may warrant a brief look-over. At this point, I would probably attribute it to semantics.

Re:Possibly the coolest cyberwar article I've read (1)

colinrichardday (768814) | more than 3 years ago | (#36730044)

The term "Semitic" applies to peoples who speak a semitic language. This would include Jews and Arabs, but not the Iranians, as Farsi is Indo-Eurpean.

Re:Possibly the coolest cyberwar article I've read (3, Informative)

EEPROMS (889169) | more than 3 years ago | (#36728594)

You seriously need to go to Israel and see how the local officials and zionists treat their Arab citizens. It's common practice for Zionist officials to re-assign property as being abandoned or derelict if an arab family lives in it so they can move a zionist family into it, even if the arab family have lived there for 30 years and have paperwork to prove ownership of the property. Then you have the local police standing by while zionists stone arabs and break their windows to force them out of their homes. If that isn't ethnic cleansing I don't know what is. People keep saying Israel is a democracy. I say Israel is a democracy for jews and screw everyone else.

Anti-Zionism != Anti-Semitism (4, Insightful)

Artemis3 (85734) | more than 3 years ago | (#36729646)

No one declares anti-semitism, but anti-zionism.
Zionism [wikimedia.org] is the political movement to re-establish the Jewish State, contradicting the scriptures about staying away... (Why keep Sabbath then?).

In any case, the Zionists waged war and won the land by force, then proceed to get rid of locals, who naturally resisted the invasion in any way they could. Lots of slaughtering and struggle in the process; oh yes, the Zionists did started with terrorism when the land was controlled by the UK... Were you not told about King David Hotel bombing [wikimedia.org] ?

The methods the Israeli forces use are simply mass murdering people trapped and sieged in ghettos. Sounds familiar doesn't it? Yes, ethnic cleansing it is; and all sorts of air bombardment and land and even sea warfare against civilians, mostly armed with just rocks and pitiful glorified firecrackers. No NATO bombing, or no fly zones there... Thousands of innocent people die in Gaza, the UN doesn't care, even after Israel destroys UN facilities there.

Say what you like about Iran, they haven't dropped white phosphor cluster bombs against civilians, Israel has; everyone watched "Cast Lead". Israel once bombed a Nuclear power plant in Irak, but nothing of the sort has occurred to Israel from Irak. And before there were incidents like the Sabra and Shatilla massacre [wikimedia.org] , guess who was involved? The current Prime Minister... Reality surpasses intentions.

Things like executions occur when you let religious extremists in power. It would be the same if you followed your traditions to the letter. Do not forget both religions have the same root, and Christianity as well. And all of them have committed atrocities in the past, and in that very same patch of land even.

The Islam scripture actually treat Jews (and Christians) with respect, and before the Zionists invaded, local Jews and Christians did live there just like they live in other countries.

You say Israel is "surrounded", No s*** Sherlock, Zionists invaded the land and waged war against all its neighbors (defeating them). Thats when a violent future for Israel was sealed; and you have fanatics killing their own leaders [wikimedia.org] , when daring to reach peace after decades of bloodshed.

Zionists don't care about anything and anyone, they want their conquered land clean of Palestinians and anti-zionists and they don't care about the UN or even if the whole world declared war against them, they have the nukes ready [wikimedia.org] should they ever lose.

"Anti-semitism" is Zionist propaganda against anyone who dares think different.

Re:Anti-Zionism != Anti-Semitism (0)

Anonymous Coward | more than 3 years ago | (#36731482)

Mods: this deserves more than a +2

Re:Possibly the coolest cyberwar article I've read (1)

Matje (183300) | more than 3 years ago | (#36730434)

the trouble with your argument is that it puts the means above the ends. Of course Jews should be respected and be able to live peacefully, just like any other human being. What people, like the GP, are saying is that the means employed by Israel do not respect the right of other human beings. That behaviour is not only morally saddening, it's feeding terrorism.

Re:Possibly the coolest cyberwar article I've read (1)

Whiteox (919863) | more than 3 years ago | (#36731024)

Oh for shit's sake! You are either a really bad troll or have the maturity and understanding of an 8 yr old. Grow up!

Re:Possibly the coolest cyberwar article I've read (1)

m50d (797211) | more than 3 years ago | (#36731562)

Of course Israel's a major US ally, look at what they're getting from the US. As for mistreatment, sure, all regimes in the region are terrible, but that does nothing to excuse Israel.

So yes, I'm more worried about Israel, because they have nuclear weapons already, and seem more likely to end up in a situation where they have nothing to lose by using them.

Re:Possibly the coolest cyberwar article I've read (-1)

Anonymous Coward | more than 3 years ago | (#36728132)

Only one country in the world has ever used its nuclear weapons (on civilians, too), and that wasn't Israel.

Re:Possibly the coolest cyberwar article I've read (1)

Anonymous Coward | more than 3 years ago | (#36728734)

Zero interest in peace? How did the long-standing peace accords with Jordan and Egypt come about?

Interesting phrasing you used - "no history of invading" - why didn't you say "no history of attacking"? Perhaps because Iran and Israel have been in a shadow war for years - Hezbollah is Iran's chief proxy in the region. It's little wonder that Stuxnet first hit Iran shortly after the Lebanon war of 2006 (which started when Hezbollah crossed into Israel and attacked a patrol, kidnapping several soldiers).

Israel gets knocked for human rights because groups like Human Rights Watch get massive donations from Saudis. In fact, the anti-Israeli bias at Human Rights Watch was so bad the founder of the organization called it to task in the New York Times. Richard Goldstone, chairman of the UN's Goldstone Report that criticized Israel's conduct in the recent Gaza war later said the document was very flawed in an op-ed in the Washington Post, and in it admitted the obvious and longstanding bias of the UN Human Rights Council against Israel. Israel's "human rights" critics have a very poor track record.

Israel is in a very difficult position (demographically, geographically and militarily speaking), and while it doesn't always make the right decisions, it does as good a job as I think is humanly possible. I challenge anyone to try to run a small nation with a large, hostile population that is intent on destroying you, and surrounding by countries that use your nation as a vent for the frustration of their peoples and dream of carving up your territory.

Apart from appreciation of their ability to wage war, most of the comments I hear about Israel on Slashdot are from critics that at best are ignorant of the conflict, and at worst willfully blind. No history of "invading" . . . sheesh.

Re:Possibly the coolest cyberwar article I've read (0)

Anonymous Coward | more than 3 years ago | (#36728852)

| Israel also has a track record of invading other countries whereas Iran does not.

You know, I think Iraq may dispute that.

| It certainly has nukes, has a power mad and oppressive government that regularly ignores basic human rights, is warlike, and shows zero interest in making peace with its neighbours

Sounds like Iran okay.

Re:Possibly the coolest cyberwar article I've read (1)

colinrichardday (768814) | more than 3 years ago | (#36730106)

You know, I think Iraq may dispute that.

According to this http://en.wikipedia.org/wiki/Iran-Iraq_war [wikipedia.org] the Iraqis invaded Iran.

Re:Possibly the coolest cyberwar article I've read (1)

couchslug (175151) | more than 3 years ago | (#36728902)

If it doesn't act that way, it will be destroyed.

Virtue is no defense.

Re:Possibly the coolest cyberwar article I've read (2)

labnet (457441) | more than 3 years ago | (#36730072)

You should have been marked -1Troll not +5Insightful.

Isreal (a tiny sliver of land) is surrounded on all sides by Arabs (who vastly outnumber them) who are mostly Muslims, who's stated aim is the destruction of Isreal.
It has been the Arab neighbours that have waged wars against Israel, not the otherway around.
Palestine refugees only exist because their Arab brothers (Jordan/Egypt etal) refuse to let them resetle, thus they become an antogonstic pawn (PLO etc) against Israel.

Re:Possibly the coolest cyberwar article I've read (0)

Anonymous Coward | more than 3 years ago | (#36730418)

Who wouldn't want to just give up their homeland and resettle given the chance? Clearly it's just because they are denied this bliss.

Re:Possibly the coolest cyberwar article I've read (1)

tokul (682258) | more than 3 years ago | (#36730172)

Measured by past actions, Israel is a far more dangerous country than Iran.

Probably. Except for the part where they only want to survive and don't agitate for total extermination of opponent. Don't confuse madmen with bullies. Country run by aggressive theocrats is country run by madmen.

After WW2 Israelis used their chance and created own country. Arabs lost their chance when they decided not to share and asked for the whole pie instead of accepting fair piece of it.

Re:Possibly the coolest cyberwar article I've read (1)

alantus (882150) | more than 3 years ago | (#36730472)

Madmen? Compared to what?

Last I checked, the only country claiming credit for Stuxnet was Israel, ie, a country that refuses international inspections of its atomic facilities and "neither confirms nor denies" that it has the bomb (confirming would mean losing US aid that is contingent on not developing these weapons).

Israel claimed credit for Stuxnet? Do you have any reference for that or are you just speaking out of your ass?
Israel never signed the Nuclear Non-Proliferation Treaty (NPT), and as such doesn't enjoy the benefits of doing so.
Iran on the other hand signed and ratified the NPT, so it gets said benefits while at the same time develops its nuclear weapons and lies shamelessly about its true intentions.

  Israel also has a track record of invading other countries whereas Iran does not.

Measured by past actions, Israel is a far more dangerous country than Iran. It certainly has nukes, has a power mad and oppressive government that regularly ignores basic human rights, is warlike, and shows zero interest in making peace with its neighbours. Infecting 100,000+ computers with a virus and assassinating scientists in order to achieve its foreign policy objectives is exactly the kind of reckless behavior I'd associate with madmen.

Measured by past actions I would say every single country surrounding Israel is way more dangerous.
Who do you think finances, trains and equips terrorist groups like Hezbollah and Hamas with rockets?

Basically every single war fought against Israel by the arab countries had the objective to "push the jews into the sea", and every single time they have failed.
For Israel its a war for survival. For the arabs its a war to found one more muslim state (because there aren't enough of them already).

Re:Possibly the coolest cyberwar article I've read (1)

Whiteox (919863) | more than 3 years ago | (#36731044)

Israel claimed credit for Stuxnet? Do you have any reference for that or are you just speaking out of your ass?

A comment after the wired article points to a link:
"(Accuracy of the information has not been confirmed by Israel) In a surprise admission a couple days ago, at the retirement party of the Chief of the Israeli Armed Forces, Gabi Ashkenazi, he celebrated as one of his achievements that Israel was behind the “StuxNet” attack on Iranian nuclear centrifuges and an air attack on a Syrian nuclear reactor. This was published in The Haaretz (http://translate.google.com/tr... as well as later in The Telegraph. "

Re:Possibly the coolest cyberwar article I've read (5, Insightful)

steelfood (895457) | more than 3 years ago | (#36727782)

You're a troll.

You will note that according to TFA, the researchers didn't know it was targeted to sabotage an Iranian nuclear facility until the very end. And by the time anyone realized it was, the cat was out of the bag. Towards the end, it was only a matter of figuring out what specific facility was being targeted.

It is true these guys were suspicious the entire time that it was a government black ops operation. But that suspicion in and of itself says nothing. It could have been attacking anything, like Russian natural gas pipelines again, for all they knew. What they did know was that it was a virus designed to sabotage a controller used in industrial manufacturing. And as the Russian pipeline incident illustrates, that can have very serious consequences.

Imagine if someone sabotaged a manufacturing plant used to build commercial planes that would shorten its maintenance cycle or lifespan from the engineered specifications. Or one that sabotaged a vehicle tire manufacturing facility. Or high speed railway brakes. That would have been disastrous.

What their attitudes told me was that at the very real risk of personal health and safety, they did the entire civilized world a huge service by making their findings public. They revealed to the world the method by which a very real act of industrial sabotage happened, all the while knowing that it could land them dead. They put the duty of warning the entire world of such an attack vector before their own selves.

Sure, TFA says they were doing it for their customers. But that's a disingenuous way of looking at it. Because the customers who benefit the most from their disclosure are the same ones who manufacture physical equipment that must be within established guidelines, many of which are safety guidelines. And that means we, the people who operate the equipment or rely on such equipment to not fail unexpectedly are the ultimate beneficiaries.

To me, it puts them among the very few noble and honorable individuals left in the world. You may not care for such attributes in people, but I think there are still a few in the world who do. At the very least, I think most people wouldn't want to live in a world where everyone was petty and underhanded, as you seem to advocate by your comment. And I think they by their actions are greater believers of freedom than you by your weasel words.

Re:Possibly the coolest cyberwar article I've read (1)

Darinbob (1142669) | more than 3 years ago | (#36729282)

It could have been any country A attacking country B as well. Or it could have been company A attacking company B. There was a big cluster in Iran, but that doesn't mean that the target was necessarily Iran; without knowing much about it early in the investigation maybe you could conclude that Iran was where it was first introduced. You also can't conclude that because the target was Iran that the attacker must necessarily be one of the good guys.

It was a covert op, but as soon as the malware is discovered the covert op starts to break down. Once the antivirus programs are updated to detect this the game is over, even if the researchers had decided to stop digging overnight. If the government that did this has any clue they would have realized it was all over from the first postings about it and started working on plan B, and they most likely assumed this would happen eventually.

So in that sense stopping digging into the malware wouldn't have changed anything. But it certainly helped to point out the SCADA systems were vulnerable (there's a bit of naivete I think in assuming that because you're not on the internet that you're safe).

Re:Possibly the coolest cyberwar article I've read (2)

siddesu (698447) | more than 3 years ago | (#36727898)

Actually, considering what "our country" has done to the region over the past decade it may have been the patriotic decision.

Re:Possibly the coolest cyberwar article I've read (1)

Johnny Mnemonic (176043) | more than 3 years ago | (#36729954)

Loyalty to whom? No one ever told them to stop. The provenance of Stuxnet can be reasonably inferred, but it's far from certain. For all they knew, they were characterizing a cyberweapon used by a (sometimes) ally that the US would want to know more about.

Re:Possibly the coolest cyberwar article I've read (1)

Hal_Porter (817932) | more than 3 years ago | (#36730932)

> Fist of God

I believe in Islam it is referred to as the Cloven Hoof of Allah.

Breaking (-1)

Anonymous Coward | more than 3 years ago | (#36726906)

suraj.sun tips a story at Weird that takes an in-depth look into how security researchers tracked down and worked to understand the infamous Frost Post worm. The article begins:

"It was January 2010, and investigators with the International Frosty Agency had just completed an inspection at the goatse enrichment plant outside Christmas Island in Firstpostistan, when they realized that something was off within the cascade rooms where thousands of posters were hitting F5 repeatedly. But when the IFA later reviewed footage from surveillance cameras installed outside the cascade rooms to monitor Christmas Island's goatsex program, they were stunned as they counted the numbers. The workers had been getting first posts at an incredible rate — later estimates would indicate between 1,000 and 2,000 first posts were obtained over a few hours. The question was, why?"

Whats with the Layout? (1, Funny)

repapetilto (1219852) | more than 3 years ago | (#36726920)

There are green lines and empty white everywhere taking up space

Re:Whats with the Layout? (3, Insightful)

AnotherShep (599837) | more than 3 years ago | (#36727174)

I like it; it's pretty damn readable.

Re:Whats with the Layout? (1)

jshackney (99735) | more than 3 years ago | (#36729104)

I'm on a tiny screen (1024 wide) and had to scroll side-to-side to read the article.

Great content, but wish I had a bigger screen.

Re:Whats with the Layout? (0)

Anonymous Coward | more than 3 years ago | (#36729396)

I have a widescreen but keep my browser about 1024 or so, i think that is common. Who uses full widescreen for websites?

Re:Whats with the Layout? (0)

Anonymous Coward | more than 3 years ago | (#36731520)

So true... that is why I keep mine at 1600/1200, but on a second screen. :P

Re:Whats with the Layout? (1)

Anonymous Coward | more than 3 years ago | (#36727768)

We're still hearing complaints about the Slashdot redesign?

Pnårp.com (-1)

Anonymous Coward | more than 3 years ago | (#36726924)

But what does this have to do with the sublime insanity that is Pnårp.com?

I wonder if the alarmist view that Iran was... (2)

Assmasher (456699) | more than 3 years ago | (#36726926)

...expanding enrichment production because of the influx of tubes was a direct result of this damage...?

Re:I wonder if the alarmist view that Iran was... (1)

zippthorne (748122) | more than 3 years ago | (#36727140)

I wonder if the worm is actually a cover story to explain the influx of tubes so people won't look for expanded production....

Re:I wonder if the alarmist view that Iran was... (1)

Assmasher (456699) | more than 3 years ago | (#36727482)

I guess they screwed it up then by changing out the tubes in front of the UN inspectors...

Re:I wonder if the alarmist view that Iran was... (1)

zippthorne (748122) | more than 3 years ago | (#36730210)

What do they do with the "old" tubes? Is there a visual indication that the tube is useless?

Re:I wonder if the alarmist view that Iran was... (1)

Whiteox (919863) | more than 3 years ago | (#36731144)

Now that is insightful!
Even if StuxNet wasn't found, they would have expanded the production to make up for the losses anyway.
So maybe that's why those responsible didn't worry too much about the discovery and reverse engineering of it.

Another really good article (4, Informative)

bigredradio (631970) | more than 3 years ago | (#36726946)

There was another good article in Vanity Fair [vanityfair.com]

Re:Another really good article (0)

Anonymous Coward | more than 3 years ago | (#36728832)

It's amazing how well vanity fair researches interesting topics that seem somewhat out their usual focus.

Re:Another really good article (1)

unitron (5733) | more than 3 years ago | (#36731232)

Although not as "Tom Clancy-ish" as the Wired article, it's also quite interesting (and gets into the possible underlying politics more), and it's quite interesting how Wired makes it sound like Symantic did almost everything and Vanity Fair doesn't do much more than mention them in passing while giving Kaspersky a lot of ink.

Re:Another really good article (1)

Whiteox (919863) | more than 3 years ago | (#36731240)

Top article. Fills in some of the gaps. Good read.

Quick (1)

atari2600a (1892574) | more than 3 years ago | (#36726978)

Someone superimpose Poyots & the CIA seal on trollface!

Story from Wired (0)

Necroman (61604) | more than 3 years ago | (#36727000)

This is on the front page of wired.com right now:
http://www.wired.com/threatlevel/2011/07/how-digital-detectives-deciphered-stuxnet/all/1 [wired.com] .

And it's all on 1 page!

Oops, sorry, please ignore. (1)

Necroman (61604) | more than 3 years ago | (#36727020)

Oops, I thought the summary linked elsewhere (had another article open), and linked to the wrong one. Just ignore me please.

I do hope (1, Flamebait)

TheCarp (96830) | more than 3 years ago | (#36727042)

That some day...justice can be done and the people who wrote stuxnet end up in an Iranian court some day to face charges for this.

Only fair, if someone released a worm that attacked US or Western European equipment, our governments would demand that the criminals be brought to our justice....I really do hope that we see some turnabout on this play, even if only so I can laugh.

Re:I do hope (1)

Wyatt Earp (1029) | more than 3 years ago | (#36727132)

So they'll be executed for hampering Iran's nuclear weapon program.

Re:I do hope (0)

gnick (1211984) | more than 3 years ago | (#36727148)

Yeah, the Iranians would love that. "We don't know who it was, but we suspect either an American or Israeli group. Please send us some Americans and Israelis to punish." What could go wrong?

Or, suppose it's proved that it was a government effort. "Please send us the staff of the CIA."

Re:I do hope (1)

TheCarp (96830) | more than 3 years ago | (#36728142)

Sounds good to me, given their track record of sending people off to other countries to be tortured... it wouldn't bother me one bit.

Re:I do hope (2)

chispito (1870390) | more than 3 years ago | (#36727202)

Yes. Those poor, poor theocrats.

Re:I do hope (0)

Anonymous Coward | more than 3 years ago | (#36727808)

How would that be "justice", exactly? "Law enforcement" perhaps, but not justice.
Justice requires for wrongful acts to be punished and fair trial to be given.
This is a topic that comes up often and seems very commonly misunderstood. Justice is whether something is right or wrong. Law enforcement is whether or not it's approved of by a leader (and in a democracy, that should reflect the will of the populace. Dictatorships... not so much). What people like Hitler, Pol Pot, and Stalin did was all perfectly legal under their own laws.

In this case, if you read the article - it's fascinating (highly recommend!) - whether there were any 'wrongful acts' would seem to depend solely on perspective, and receiving a fair trail in Iran is somewhat of an oxymoron.

From TFA:
Stuxnet targeted only computers with a Seimens software for controlling micro-controllers. If a very specific configuration of 164 of specific ones of them was found (one that matches a nuclear facility in Iran), then it periodically changed the motor speed to try and break them. Otherwise it seems to have tried very hard to localize the infection, and did not deploy its payload on any system not matching the right configuration.

So the real question here is, is delaying Iran from making nuclear weapons (which they'd most use for mass murder) by a method that caused no loss of life itself (unlike a bombing), an act of evil? I guess that depends which side you're rooting for.

Re:I do hope (3, Insightful)

TheCarp (96830) | more than 3 years ago | (#36728092)

> In this case, if you read the article - it's fascinating (highly recommend!) - whether there were any 'wrongful acts' would seem to
>depend solely on perspective, and receiving a fair trail in Iran is somewhat of an oxymoron.

Right well... thats the point now isn't it.

> So the real question here is, is delaying Iran from making nuclear weapons (which they'd most use for mass murder) by a method
> that caused no loss of life itself (unlike a bombing), an act of evil? I guess that depends which side you're rooting for.

Well, only if you assume that the major purpose of this venture is a weapons program. The stated purposes are peaceful and lawful. It is also entirely likely that, even if a weapons program were hidden in the works, that the major effect will be peaceful power as, nobody has used a nuke in war in over 60 years, and I don't see that trend changing, whether they get them or not.

Honestly, I agree most with the assessments that say that the best way to deal with Iran is to give them the recognition that they want...and stop pulling stupid chest pumping adversarial tactics, and sabotaging what could be progress towards normalization of relations and, eventually their own reform. However, pulling this sort of shit plays right into the strong hand of those in Iran who would want weapons programs and oppose reform, and rebuilding trust with the rest of the world.

Its hard to argue with "they are out to get us, and see us as the enemy" when.... well... their shit gets sabotaged and we just grin and laugh at them. If this happened to the UK we would be doing everything we could to help catch any Americans involved.

Re:I do hope (-1)

Anonymous Coward | more than 3 years ago | (#36728546)

I have no problems with countries getting nuclear power plants - I generally encourage it. The problem is I simply don't trust Iran in particular, and objectively speaking I think I have more than enough cause for it.

The problem with the "be nice to them" theory is what Iran says and does.
They fund terrorists attacks against Israel and have promised on many occasions to drive them into the sea. The USA is the Great Satan and all that.
Their president stating he is trying to bring about the reappearance of the 12th Imam and bring about the end of days is also all... less than reassuring.

As for them not using it - how can you be so sure? Even if the administration doesn't do anything directly (and more than a few dictators sought military conquest within even the last 100 years - Hitler, Saddam, Imperial Japan, etc), do you trust their governments and military facilities to be secure enough from some terrorist group getting their hands on any nukes (with so many alleged close terrorist ties)? The years we live in have generally been peaceful, but if you ask our grand-parents and great parent's generation, they remember all too well a time "when the world went mad". I certainly hope peace will continue, but ignoring the other possibilities is unwise.

If recent history tells us anything, it's not to trust the words of dictators too much. It was only a little over a decade ago that Kim Jon-Il of North Korea got it in his head to give his country nuclear power (lord knows his country needs electricity). The IAEA believed him, and a few years later, he detonates a nuke. One crackpot with a nuke is enough for me, thanks.

If all Iran wants is nuclear power, all they have to do is behave themselves for a few years, make peace with Israel, and I'll fine with it and say "good for them". At that point, I doubt you'll see a massive effort like Stuxnet taking place, but if it does happen, then I'll be the first to condemn it. Now... not so much.

I understand that aggression like Stuxnet or bombs will not help diplomacy in the short term, but clearly saying "Please don't!" over and over again is clearly not working. They seem to have the rest of the world on mute for this one. Without any threat of enforcement, why would they change? It's what they want. You could try paying extortion money for good behavior of course, but extortionists usually become ever more greedy and end up having to be dealt with (besides, the US can't really afford to be paying countries to not be jerks right now). A slap-down like this is sometimes required, and when it doesn't cause the loss of innocent life, then all the better.

More info (-1, Troll)

dotpott (2366150) | more than 3 years ago | (#36727100)

There is an article on the tools [thoughts.com] used to reverse engineer it
Every hacker should have one of these, I must admit.

More info on the tools (-1, Troll)

dotpottt (2366198) | more than 3 years ago | (#36727156)

There is an article on the tools [thoughts.com] used to reverse engineer it Every hacker should have one of these, I must admit.

Re:More info on the tools (0)

Anonymous Coward | more than 3 years ago | (#36727638)

Very high userid. You created your account today?

Re:More info on the goatse (0)

Anonymous Coward | more than 3 years ago | (#36727722)

It's true, I've never seen goatse used like that before!

Number of centrifuges replaced (0)

Anonymous Coward | more than 3 years ago | (#36727368)

The article says it would be normal to replace 800 centrifuges per year, but they saw between 1000 and 2000 being replaced. If the actual number was closer to 1000, it wasn't really that much of an impact, was it?

Re:Number of centrifuges replaced (0)

Anonymous Coward | more than 3 years ago | (#36727734)

Yes, provided a year is only "a few months".

Re:Number of centrifuges replaced (0)

Anonymous Coward | more than 3 years ago | (#36727752)

1000 to 2000 every three months

TED talk on Stuxnet (0)

Anonymous Coward | more than 3 years ago | (#36727584)

http://www.ted.com/talks/ralph_langner_cracking_stuxnet_a_21st_century_cyberweapon.html

Direct MP4 HD? http://feedproxy.google.com/~r/TEDTalks_video/~5/uLpkPSf1jEc/RalphLangner_2011.mp4

Interesting content, great writing (0)

Anonymous Coward | more than 3 years ago | (#36727636)

This article is full of interesting content, even for someone who may not be versed in logic controllers and the like, and it was written very well. Full of suspense and intrigue, it definitely holds the reader's attention for a long haul through the article. Like one of TFA's commenters said, it reads like a Tom Clancy novel.

How often do we find extended tech pieces that capture the interest of many non-tech readers?

Flaw (-1)

Anonymous Coward | more than 3 years ago | (#36727738)

There is a bit of a flaw in the story. It starts by saying that the worm was clearly designed to spread via USB and local networks because it targetted systems that didn't have an internet connection. But later it says Iran had blocked outgoing internet connections from their nuclear plant and so the systems had stopped "reporting in".

If the plant's systems weren't connected to the internet in the first place, how were they reporting to a remote server in Malaysia? If the worm was saving its reports on the USB drives (which then attempted to upload it from a different location), then why did blocking outgoing connections make any difference to the reports?

And, if the servers were connected to the internet, why was the worm designed to spread via USB? Could the Iranian version of Windows be so well patched that they didn't have any remotely exploitable holes?

Also, this seems like an insane amount of work just to damage a few centrifuges every 27 days. The article says it would be normal to replace around 600 centrifuges a year but they were replacing around 1000. As far as sabotage goes, this seems rather mild. And if they planned to blow up the plant later, then surely the worm wouldn't have risked exposing itself by causing a little damage once a month.

Following the money, I have to wonder if anyone has considered the possibility that the worm was written by the centrifuges' manufacturer, who would obviously know how to write code for the PLCs, and could easily have bought the "0-day" exploits used to spread it on the black market (since it turned out they weren't quite "0-day" and had been used years before).

I'm sure Israel has moles inside the actual Iranian nuclear programme and I'm sure the US could borrow them if they asked nicely (and paid for it). And neither Israel nor the US have ever had any problem with dropping bombs on brownish people.

Re:Flaw (1)

craw (6958) | more than 3 years ago | (#36729690)

Read the arstechnica article, then reread it again

My first-hand experience with this (5, Interesting)

Thagg (9904) | more than 3 years ago | (#36729064)

In 1993, I was working one Saturday at Pacific Data Images in Sunnyvale. (who later went on to make such classics as "Shrek", but that's another story.) At the time we were one of the leading CG advertising companies in the world.

Anyway, I wandered into the front lobby, and there was a guy there, the husband of the receptionist, that had this very long roll of paper, maybe 20 feet, with a undulating line drawn along it it. He was searching up and down along the line, for quite some time....well, I couldn't help but ask what it was.

He said that it was the fourier transform of the power line going into a plant. He and his company were examining the spectrum to see if they could deduce what was going on inside the plant -- if the machines inside the plant would leak substantial information back onto the power line. Anybody with any electrical engineering experience would know that of course this would be true. I said, OK, that's interesting. What do you see in this spectrum?

And he pointed to a little sinc() shaped (kind of sombrero shaped) area at a particular frequency. And then showed the aliases of that at higher frequencies. He said that these were clearly signatures of many six-pole electrical motors running all at almost exactly the same speed. I looked inquistitive, and he said, "you know, like if you had a bunch of uranium gas centrifuges running." I thought about this for a few minutes....and said, "uhm, OK, but we don't use centrifuges to separate uranium", and he said "no, we don't" and left it at that.

Soon, he was back to Iraq, using a ground-penetrating radar he developed to look for buried weapons. I never saw him again.

Malicious use of a PLC (2, Interesting)

Anonymous Coward | more than 3 years ago | (#36729836)

This article was a great read, it reminded me of my own first-hand experience with a time bomb planted in PLC code.

The company I was working for at the time manufactured hydraulic presses, the newest one installed at a long time customer included a touch screen control system running WinCE that was front-ending a PLC to control the machine. We had contracted out the development work on the control system and the owner of the company ended up in a billing dispute with the contractor just as the machine was being brought online. In the days before the dispute came to a head, the contractor had been on-site at the customer "making minor improvements to the interface based on customer feedback".

One day the customer calls and says: "Our brand new hydraulic press has stopped working and the control system guy says he can't fix it until you pay him." After the owner of the company was done swearing at the contractor on the phone and literally kicking a hole in his office door, he calls me in and tells me he needs me to go over to the customer and "undo whatever that a**hole did".

I had a basic understanding of PLC programming and access to a prior version of the touch screen interface and PLC code. It took a few hours of scanning both sets of code by hand on-site at the customer, but I located the very basic checks for system date in the touch screen interface code which would set a value that the PLC would read and trigger a safety interlock which effectively disabled the machine's function. This was easily remedied once discovered.

It was a slightly stressful experience for me as I had no input on this control system until the day it was disabled and I was on the spot to fix it. Once it was resolved, I was quite happy.

I'm pretty sure the billing dispute ended up going to the lawyers.

Re:Malicious use of a PLC (0)

Anonymous Coward | more than 3 years ago | (#36731076)

I did similar. I made a Mac dysfunctional to prevent access until I got paid. They didn't suspect me at all and I came back a few days later and 'fixed it'.

Infamous??? (-1)

Anonymous Coward | more than 3 years ago | (#36730306)

I know that /. has more than its fair share of America & Israel haters, but infamous??? One has to be totally deranged to think that nukes in the hands of countries like Iran (who are busy trying to hasten the arrival of the Mahdi) or Pakistan (the country that created the Taliban) is a good thing!!!

Thankfully, w/ Stuxnet, Israel managed to delay Iran's acquisition of nukes. Now, if only something could be done about the ones that Pak has...

Singsong ending? Really (1)

beachdog (690633) | more than 3 years ago | (#36731084)

The problem with the story is the happy little song at the end.

The story attempts to resolve the menace of the Stuxnet worm by suggesting that Iran now knows how to avoid another worm infection.

The competing conclusion is an exceptional piece of software has been described at the design level.

The remaining part of the puzzle is: Did the researchers figure out what linker and what compiler was used to build the darn thing? Have they determined the programming language used from the patterns of data and code? Are the sections of the worm static and fixed in size or are the sizes variable and reached by means of a jump table? Are there pieces of assembly language code present? Does the code have assembly language sequences designed to derail a debugger? Does the worm design show size and configuration changes as the production worm was tweaked?

Finally, are any of the zero day exploits mentioned the result of actions below the level of the operating system? In effect, are there hardware level exploits that can affect any IBM compatible personal computer no matter what operating system it runs? The mention of a computer that repeatedly reboots at the beginning of the article might be just the symptom of the super duper ultra low level exploit, if it exists.

The importance of Stuxnet (1)

Whiteox (919863) | more than 3 years ago | (#36731098)

What is really apparent from all the reverse engineering is that it made the method a template. That's more dangerous than most think. It also means that industrial installations must now have more in-depth security to prevent invasive devices/software.
This is not good. Cyberwar is real and dangerous.

This article ends up posing more questions... (1)

Mysticalfruit (533341) | more than 3 years ago | (#36731774)

I'll start by saying this most assuredly was a government job. Either done by the US, Israel or Russia.

1. There's obviously a spy somewhere. Iran isn't going to make public the intimate details of their reprocessing plants, let alone the exact configuration of their control terminals / PLC controllers and centrifuges. You need hard data for that. Who helped Iran build these plants? Who designed this particular cascade process?

2. People who have a seriously intimate knowledge of this type of hardware had to be involved. It's one thing to say "If there's a motor attached, double it's frequency" and then let the thing burn out. It's a whole other thing to say "up the motor by 20mhz for 50 minutes" knowing it would introduce subtle failures that would be argued away as poor components, overuse, etc. Also, what does that do to the quality of the uranium coming out of the process? Maybe the plan was to not only break the plant but corrupt the output as well. I can't imagine this type of knowledge is wide spread...

3. What was/is the end game? Iran (while it'll never say it) wants the bomb. They want parity with Israel or at least the argument of MAD. I think possibly stuxnet might have had some end game, but barring that, it was a delaying tactic.

sophisticated digital computer worm? (1)

doperative (1958782) | more than 3 years ago | (#36731828)

How Digital Detectives Deciphered Stuxnet, the Most Menacing Malware in History link [wired.com]

"Months earlier, in June 2009, someone had silently unleashed a sophisticated and destructive digital worm that had been slithering its way through computers in Iran with just one aim"

Is there some kind of directive in place that doesn't allow for the mention of MIcrosoft Windows and who in their right mind would be using Windows to control hardware? And that entire report coming from the style of bad journalism, ie. a very bad imitation of Tom Wolf.

"In this case, the exploit allowed the virus to cleverly spread from one computer to another via infected USB sticks. The vulnerability was in the LNK file of Windows Explorer"

Finally, we get to a mention of Windows and what's a browser even doing on a 'computer' controlling a centrefuge? So to recapp, Insert USB device->Windows attempts to to open an icon from a LNK shortcut, the loads a malicious DLL into memory, the DLL is in actuality a rootkit disguised as a digitally signed device driver that gets loaded and run with 'root' privileges, the perps now have full control of your 'computer'.

"When an infected USB stick was inserted into a computer, as Explorer automatically scanned the contents of the stick, the exploit code awakened and surreptitiously dropped a large, partially encrypted file onto the computer, like a military transport plane dropping camouflaged soldiers into target territory"

Ohh for fucks sake !!!

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?