Friday, November 26, 2010

Stuxnet: Inhuman Secret Agent

Public Radio International calls Stuxnet a real threat. They could be right about that. calls it a virus.

Iran's government says that the nuclear weapons program they don't have - wasn't affected by Stuxnet. That's - unlikely.

Bombs? That's So 20th-Century

I've written about Iran's nuclear program before. While it's remotely possible that one of the world's leading producer of petroleum desperately needs nuclear power plants - which in turn require weapons-grade uranium - I think it's more likely that Iran's ayatollahs wanted nuclear bombs.

I think can see their point, in a way. Quite a few folks outside Iran don't act the way the ayatollahs want them to. Nuclear weapons might seem quite effective - either as an upgrade to their means for converting the unbeliever, or to incinerate folks who wouldn't cooperate.

That's not to say that I approve of the lot that's running Iran. "Understanding" isn't "approval."

I think it's very likely that's what Iran's nuclear program is intended to produce nuclear weapons. I also think that aging religious fanatics with nukes present a very serious threat to anyone within range of their missiles: which includes quite a lot of the Middle East, Russia, and a disturbing fraction of Europe.

If Iran Wanted Nukes, Wouldn't They Have Them By Now?

One of the problems with the notion that Iran wanted nuclear weapons was the way that predictions kept being wrong.

It was like Iran's nuclear program was slowing down.

In some circles, this would 'obviously' mean that the vast right-wing conspiracy, or some other mysterious force, had made up the whole 'Iranian nukes' idea. After all, if Iran wanted nukes, they'd have them by now - and since they don't have them, they didn't want them.

Looks like there was a 'conspiracy' involved. Sort of.

Also, apparently, a very, very sophisticated worm: a sort of Information Age secret agent.

Stuxnet: One Very Smart Worm

Stuxnet is, in a way, scary. I hope that whoever designed it has figured out a way of disabling the thing. I'll get back to that.

According to an article I read today, Stuxnet is a very, very sophisticated set of code: a worm that's designed to damage, but not destroy, particular machinery in Iran's nuclear program. Also not affect other systems it infects - and cover its tracks so effectively that Iranian counter-intelligence apparently assumed that people working on the project were damaging the equipment.

Some of those people were killed - others simply disappeared.

Moralizing While Cities Get Nuked?

I am not comfotable with the idea of (presumably) innocent people being killed by Iranian security, when the culprit is malicious code. Or, rather, whoever made Stuxnet.

On the other hand, I am not comfortable with the idea of people in Tel Aviv, Beirut, Stavropol, or some other city, getting vaporized because folks who could have stopped the Iranian nuclear program - didn't.

I know, by the way: A lot of the folks in the cities I mentioned are Muslims. I've gotten the impression that quite a few Muslims die because some other Muslim decided they're not doing Islam the 'right' way.

Stuxnet: No Skynet

Smart as Stuxnet is, I'm about as certain as I can be about anything that it won't wind up taking over the world, like The Terminator's Skynet.

On the other hand, like I said, I really hope that whoever designed Stuxnet has a way of disabling it - or that one of the many commercial anti-malware firms works out a method.

It looks like it was designed very carefully to perform one function - and only one function. On a particular computer system, in a particular place.

Still, anybody can make a mistake.

As to 'is it moral to use a worm like Stuxnet' to keep religious crazies from having nukes? If someone hadn't developed Stuxnet, the world's best and brightest might be discussion how if they'd just had a chance to talk with the ayatollahs, some city would still be on the map.

I'm inclined to think that "alive" is better than "dead," all other things being equal.

Here's a rather long set of excerpts from that article I mentioned:
"....--The worm also knew that the complex control system that ran the centrifuges was built by Siemans, the German manufacturer, and -- remarkably -- how that system worked as well and how to mask its activities from it.

"--Masking itself from the plant's security and other systems, the worm then ordered the centrifuges to rotate extremely fast, and then to slow down precipitously. This damaged the converter, the centrifuges and the bearings, and it corrupted the uranium in the tubes. It also left Iranian nuclear engineers wondering what was wrong, as computer checks showed no malfunctions in the operating system.

"Estimates are that this went on for more than a year, leaving the Iranian program in chaos. And as it did, the worm grew and adapted throughout the system. As new worms entered the system, they would meet and adapt and become increasingly sophisticated....

"...This went on until June of last year, when a Belarusan company working on the Iranian power plant in Beshehr discovered it in one of its machines. It quickly put out a notice on a Web network monitored by computer security experts around the world. Ordinarily these experts would immediately begin tracing the worm and dissecting it, looking for clues about its origin and other details.

"But that didn’t happen, because within minutes all the alert sites came under attack and were inoperative for 24 hours.

" 'I had to use e-mail to send notices but I couldn't reach everyone. Whoever made the worm had a full day to eliminate all traces of the worm that might lead us them,' Eric Byers, a computer security expert who has examined the Stuxnet. 'No hacker could have done that.'

"Experts, including inspectors from the International Atomic Energy Agency, say that, despite Iran's claims to the contrary, the worm was successful in its goal: causing confusion among Iran’s nuclear engineers and disabling their nuclear program.

"Because of the secrecy surrounding the Iranian program, no one can be certain of the full extent of the damage. But sources inside Iran and elsewhere say that the Iranian centrifuge program has been operating far below its capacity and that the uranium enrichment program had 'stagnated' during the time the worm penetrated the underground facility. Only 4,000 of the 9,000 centrifuges Iran was known to have were put into use. Some suspect that is because of the critical need to replace ones that were damaged.

"And the limited number of those in use dwindled to an estimated 3,700 as problems engulfed their operation. IAEA inspectors say the sabotage better explains the slowness of the program, which they had earlier attributed to poor equipment manufacturing and management problems. As Iranians struggled with the setbacks, they began searching for signs of sabotage. From inside Iran there have been unconfirmed reports that the head of the plant was fired shortly after the worm wended its way into the system and began creating technical problems, and that some scientists who were suspected of espionage disappeared or were executed. And counter intelligence agents began monitoring all communications between scientists at the site, creating a climate of fear and paranoia....

"...Speculation on the worm's origin initially focused on hackers or even companies trying to disrupt competitors. But as engineers tore apart the virus they learned not only the depth of the code, its complex targeting mechanism, (despite infecting more than 100,000 computers it has only done damage at Natanz,) the enormous amount of work that went into it—Microsoft estimated that it consumed 10,000 man days of labor-- and about what the worm knew, the clues narrowed the number of players that have the capabilities to create it to a handful.

" 'This is what nation-states build, if their only other option would be to go to war,' Joseph Wouk, an Israeli security expert wrote.

"Byers is more certain. 'It is a military weapon,' he said.

"And much of what the worm 'knew' could only have come from a consortium of Western intelligence agencies, experts who have examined the code now believe.

"Originally, all eyes turned toward Israel's intelligence agencies. Engineers examining the worm found 'clues' that hinted at Israel's involvement. In one case they found the word 'Myrtus' embedded in the code and argued that it was a reference to Esther, the biblical figure who saved the ancient Jewish state from the Persians. But computer experts say 'Myrtus' is more likely a common reference to 'My RTUS,' or remote terminal units.

"Langer argues that no single Western intelligence agency had the skills to pull this off alone. The most likely answer, he says, is that a consortium of intelligence agencies worked together to build the cyber bomb...."
Langer's picks are
  • The United States
    • Which has the technical skills needed
  • Germany
    • With access to Sieman's product design
  • Russia
    • Familar with
      • Iran's nuclear plant
      • Sieman's systems
He could be right about all that.

Then, there's this - I suppose you could call it a literary reference.
"There is one clue that was left in the code that may tell us all we need to know.

"Embedded in different section of the code is another common computer language reference, but this one is misspelled. Instead of saying 'DEADFOOT,' a term stolen from pilots meaning a failed engine, this one reads 'DEADFOO7.'

"Yes, OO7 has returned -- as a computer worm.

"Stuxnet. Shaken, not stirred."
Related posts:In the news:


Brigid said...

Grade? "which in turn require weapons-trade uranium"

Spelling and grammar three-fer: "I think it's very likely that's what Iran's nuclear program is intended to prouduce nuclear weapons. I also think that ageing relgious fanateics"

Is? "Smart as Stuxnet, I'm"

Missing vowel: "it was desgned very carefully"

The Friendly Neighborhood Proofreader

Brian H. Gill said...


Oh, boy: thanks for spotting that laundry list of typos. Found, fixed, and fanks!

Er, thanks!

Unique, innovative candles

Visit us online:
Spiral Light CandleFind a Retailer
Spiral Light Candle Store


Note! Although I believe that these websites and blogs are useful resources for understanding the War on Terror, I do not necessarily agree with their opinions. 1 1 Given a recent misunderstanding of the phrase "useful resources," a clarification: I do not limit my reading to resources which support my views, or even to those which appear to be accurate. Reading opinions contrary to what I believed has been very useful at times: sometimes verifying my previous assumptions, sometimes encouraging me to change them.

Even resources which, in my opinion, are simply inaccurate are sometimes useful: these can give valuable insights into why some people or groups believe what they do.

In short, It is my opinion that some of the resources in this blogroll are neither accurate, nor unbiased. I do, however, believe that they are useful in understanding the War on Terror, the many versions of Islam, terrorism, and related topics.