*So, what's worse, strategically: Stuxnet, or proliferating Iranian nuclear weapons? How about a world where you've got proliferating Stuxnets AND proliferating Iranian nuclear weapons?
*Y'know, somebody built this Stuxnet thing. It didn't come from a UFO, it had some set of human authors. There aren't that many hackers, black-hat or white-hat, who are capable of that level of software performance – especially with specialized insider knowledge like SCADA vulnerabilities.
*Reading this THREAT LEVEL piece, it seems pretty likely that the team who invented this malware are not anonymous military Morlocks hidden in a cyberwar basement. They're likely to be civilian star programmers who have had a pretty high public profile in the security scene. Somebody in power recruited them as a nuclear-hacker dirty-dozen A-Team. If so, then the most amazing thing about Stuxnet is that these guys are not bragging about their aw3s0m3 exploit.
*I hope they got the cyberwar equivalent of medals and a big pat on the head from the head-of-state. Because when these guys egosurf the web and see all this blathering, hey-wow coverage for their brilliant intervention that was supposed to be all permanently, utterly super-secret – well, that must be a very, very itchy feeling.
https://www.wired.com/threatlevel/2011/01/inl-and-stuxnet/
*Speaking of which: whatever happened to Dancho Danchev? Bulgarian white-hat ultra-hacker just kinda evaporates without a word? No return address for Dancho? What gives with that?
(((More, later.)))
(((Oh really, you don't say, etc.:)))
https://threatpost.com/en_us/blogs/stuxnet-authors-made-several-basic-errors-011811
(...)
"There are a lot of skills needed to write Stuxnet," he said. "Whoever did this needed to know WinCC programming, Step 7, they needed platform process knowledge, the ability to reverse engineer a number of file formats, kernel rootkit development and exploit development. That's a broad set of skills. Does anyone here think they could do all of that?" (((Oh sure. Yeah. You betcha. Gimme a week to brush up on my file-format reversal skills.)))
"That broad spectrum of abilities is what has led many analysts to conclude that Stuxnet could only be the work of a well-funded, highly skilled group such as an intelligence agency or other government group. However, Parker pointed out that there were a number of mistakes in the attack that one wouldn't expect to find if it was launched by such an elite group. For example, the command-and-control mechanism is poorly done and sends its traffic in the clear and the worm ended up propagating on the Internet, which was likely not the intent.
"This was probably not a western state. There were too many mistakes made. There's a lot that went wrong," he said. 'There's too much technical inconsistency. But, the bugs were unlikely to fail. They were all logic flaws with high reliability."
"Parker said that Stuxnet may have been developed originally on contract and then once it was handed off to the end user, that group adapted it by adding the C&C infrastructure and perhaps one of the exploits, as well...."
(((Now, the REALLY "oh really" part.)))
https://threatpost.com/en_us/blogs/expert-stuxnet-just-latest-us-hacks-covert-nuke-programs-011911
"Stuxnet, the world's most famous industrial malware has spurred questions and controversy. Who created it? what was its purpose? And did it work? But a new book out by journalists Catherine Collins and Douglas Frantz claims that Stuxnet was just the latest in a string of covert efforts by the U.S. and its allies to sabotage the nuclear programs of rogue nations, and may have been necessary because of the failure of earlier sabotage attempts.
"Their book, 'Fallout: The True Story of the CIA's Secret War on Nuclear Trafficking" examines the U.S.'s investigation of A.Q. Khan, the father of Pakistan's nuclear weapons program and of an extensive black market in nuclear materials. Among the pages of this fascinating account of Khan's rise and the CIA's decades-long surveillance of his secretive network are some interesting tidbits that shed light on the possible origins of the Stuxnet worm.
"Khan's network was a critical supplier of nuclear equipment to the regimes in North Korea, Libya and Iran that wanted to build a nuclear weapons programs out of sight of international watch dogs and regulators. Among other things, Khan supplied the Iranian leadership with centrifuges used to enrich uranium that could be used to build a nuclear weapon. Those same centrifuges, we now known, were the primary target of the Stuxnet worm, which is believed to have disabled a good part of Iran's nuclear enrichment operation and set the country's progress towards a bomb back by years...."
(((Well, "extraordinary claims require extraordinary evidence" and all that; but Stuxnet is quite an extraordinary thing.)))
