Most likely they won’t. Applying the lessons of Stuxnet to a virus intended to destroy indiscriminantly would create something like Ebola: extremely virulent, to the point where its virulence is its greatest weakness. Not only would it destroy computers the hacker should be taking advantage of, it would also be very “loud”, attracting a lot of attention to the goal of exterminating it as quickly as possible.
Stuxnet was a special case: because it only went active to kill a specific target, it was “quiet” when it mattered, and only went “loud” once it was already too late.
It may be sophisticated in its infection methods, but it wasn’t sophisticated enough to keep its infections inside the nuclear enrichment plant – or even just inside Iran. So I don’t know how successful it can be said to have been in sophisticated precision targeting. Neither is it clear that it succeeded in its supposed objective to destroy any centrifuges.
So who are the prime suspects? The USA. Israel. Russian & China probably could have the expertise. Britain, France and Germany. I’m happy to say it communicated with a server in Denmark, but I don’t think we were responsible.
That’s not a lack of sophistication, just common sense. If you want to use a virus for this kind of thing, it’s either so you can carry out the attack without going anywhere near the target or so you have a scapegoat for your real attack so it looks like you did it without going anywhere near the target. Either way, infecting just the nuclear enrichment plant defeats the purpose.
If so, then it seems like a very high degree of collateral damage. It has infected tens of thousands or millions of computers in China, India, Indonesia and also in the USA and Europe. Many more computers have been infected outside than inside Iran. For how many hundreds of millions of dollars of damage I know not. That’s the kind of widespread and uncontrollable collateral damage that puts an international ban on more conventional weapons.
I knew about the worm, I didn’t know exactly what systems it was targeting.
If it’s been affecting the speed controls on their centrifuges there’s a pretty good chance of it physically killing someone. I bet every engineer and lab scientist on the board shuddered when they read that bit :eek:.
No, it’s not. When people talk about “collateral damage” with regards to conventional weapons, they are talking about weapons that will cause just as much damage to a non-enemy as it will an enemy. A land mine, for example, will kill a civilian just as readily as it will an enemy.
Stuxnet does not do this. The damage caused to someone whose computer is infected with a “Kill Iranian and Finnish Gas Centrifuges” virus is far less than the damage caused to an actual Iranian or Finnish gas centrifuge.
Any weapon will kill civilians as readily as it will an enemy. The thing that makes land mines odious is that they linger and cause damages to civilians long time after the conflict has passed on.
I’m aware that stuxnet will only wreck the kind of havoc which it was designed for in very special circumstances. However all the other infected computers will also be harmed and considering the number infected computers the total damages to for instance China may well be many times higher than the damages done to Iran. That sounds like a digital pendant to a massive cluster bomb. Cause massive damages in a wide area to hit a small target.
In the unlike circumstance that it becomes proven that for instance Israel created the worm, will China be in its right to demand compensations for their losses? Or even consider it an act of war.
It is my understanding that Stuxnet is essentially harmless in any scenario other than that for which it was designed – e.g. if it is on my computer it won’t affect me one way or the other. Is this information incorrect?
I understand that Stuxnet was not designed to destroy centrifuges but rather to harm them in such a way that it did not draw attention to itself, making things terribly inconvenient for Iran as long as possible. It was able to set them back a few years, I think.
The thing is that there is no such thing as a harmless virus or worm and such. Even it does nothing except just lay dormant taking up a little space and propagating itself, it still causes damages. There will always be unintended consequences. It will still cost to protect your system from infection and clean up infected computers, etc. And if you were IT responsible for a large power plant, would you be comfortable with ignoring that your control system had become infected with stuxnet – thinking it is probably harmless?
My understanding is that it was not designed to destroy the centrifuges.
It was more insidious than that. It was designed to increase the spin speed periodically such that they would require frequent maintanance and produce crap-grade uranium. All the while reporting “everything’s ok” data.
IOW it was designed to stall Iran’s nuclear ambitions for as long as possible.
Well, I obviously need to cite the page where I got this info. But I see that it was actually Fox news :smack:
Heh, as the commentator notes, you simply can’t trust anything deliberately added to the worm by its makers. Adding clever little clues that it was Israeli would of course be an obvious blind - or even a double blind (it could be Israelis adding the clues deliberately to make folks think that it wasn’t the Israelis! ).
You know who else has a zillion programmers and expertise in refining fissionable materials? India. Arguably more of a motive than anyone else but Israel, too.
Something was nagging at my subconscious last night, but it wasn’t until today that I realized what it was. Stuxnet reminds me of an (alleged) sabotage of Soviet natural gas pipelines by the CIA. I suspect this type of thing happens a lot more often than most of us realize. (The overly-paranoid part of my brain reminds me of all the problems the FBI encountered when updating their computer system a few years back.)
I think the “b:.…” path was just an error. Even clever humans make mistakes, and the fact that a path was hardcoded into a compiled DLL file was probably just an oversight. The “do not infect” flag is clearly a deliberate choice, even though it’s unclear why that particular string was chosen.
Iran has admitted that Stuxnet caused them problems:
I am a bit amused at the command and control computer URLs: “www.mypremierfutbol.com” and “www.todaysfutbol.com”. Makes me imagine the following scene:
IT GUY: “You’re a nuclear scientist. Stop goofing off at work!”
SCIENTIST: “What are you talking about?”
IT: “Visiting futbol sites at work! You should have a better work ethic.”
S: “I haven’t! Honest!”
IT: “That’s not what the router logs say.”
Also while the worm is dangerous it’s true brilliance is the specificity of it’s target. As far as I know this thing isn’t attacking anything outside of Iran so the best and brightest programmers from more sophisticated countries have no reason to cure it. Like a sea born super scurvy that only kills pirates, or camel fleas that only infect terrorists.
I’m still suspicious of the claim that this ‘virus’ has ‘infected’ thousands or millions of computers. Claims of damage by computer viruses are often exagerrated. When a report of a virus appears, every crash, data loss, and bug gets attributed to the virus, without any confirmation of cause. The specificity of this one makes it unlikely to have propogated so widely. Possibly portions of it have found their way into many systems, but they should be harmless and detectable by common means.
Yes, pretty ingenious. The virus infected many industrial manufacturing systems around the world but just sat there and sniffed for the right Siemens controllers. These controllers are not specific to nuclear weapons development.
If the right controllers were not found it did nothing. Eventually the virus found it’s target. Kind of like you are doing business with me, I’m doing something similar but unrelated with someone else, eventually the virus will find it’s mark. Because it didn’t harm any intermediary system, no alarm was raised. It didn’t really need to be delivered on-site.
That is the beauty of it. It might have taken longer, but eventually it would find the target, because eventually the systems that program the components, even unrelated components, would carry the virus to it’s target.
TriPolar,
Symantec, according to the above-linked PDF, set up a system to monitor traffic to the command and control servers. (I can’t immediately find information on how exactly they did this. My half-educated guess is that once the infection was known, it wasn’t hard to convince some DNS authority to start redirecting traffic to Symantec’s special systems so that Stuxnet could be studied.) At that point, it’s simple to start counting the IP’s that are sending data saying, essentially, “Another infected host reporting for duty. My stats are [list of info]. Any updates or orders, sir?”
Symantec started monitoring this data on July 20, 2010. The report states that, “As of September 29, 2010 the data has shown that there are approximately 100,000 infected hosts.”
This is likely an underestimate, since a host infected by, for example, an infected removable harddrive, might not have Internet access. Therefore it could not contact the c&c servers.
The large number of infected hosts not related to Iranian nuclear work is presumably due to the myriad ways in which Stuxnet spreads itself. It’s possible that it would have spread even further, but that instances of it were targeted for deletion by its controllers whenever it went too far afield. That’s complete speculation on my part, but it did contain self-removal capabilities.
So, who registered the futbol domains? Doesn’t registering a domain name generally require traceable information, at the very least a credit card number?
).