Archive for January, 2011

The baffling Stuxnet saga

Thursday, January 20th, 2011

2011-01-16, The New York Times added its weight to claims that the USA and Israel were responsible for the notorious recent Stuxnet computer worm attack on Iranian nuclear centrifuges. Amongst many other claims, it said:

The virus was designed as an American-Israeli project to sabotage the Iranian program.

http://www.nytimes.com/2011/01/16/world/middleeast/16stuxnet.html

But closer inspection of the Stuxnet saga indicates a story with some gaping holes and anomalies. Some of the issues that puzzle me include…

1. Why did Iran, a sworn enemy of the United States, base its nuclear energy programme around a proprietary American operating system? If I were using an enemy’s software product to build a highly contentious and vulnerable plant, I would at least want to inspect its source code for malware & possible back-doors.

2. MS Windows is not renowned for security at the best of times. Who in their right mind would use it for a controlling a Nuclear power plant? Kinda puts a whole new spin on the expression “blue screen of death” doesn’t it?

3. Why did Siemens (the manufacturer of the plant controller software) hard-code the system password? And then tell its users never to change it?

4. Anyone noticed how quiet Microsoft is regarding this matter? And why did Microsoft allow one of the four serious vulnerabilities that were eventually exploited by Stuxnet, to go unfixed for over a year?

http://www.h-online.com/security/news/item/
Vulnerability-exploited-by-Stuxnet-
discovered-more-than-a-year-ago-1095797.html

5. If USA and/or Israeli Governments did create (or sponsor the creation of) Stuxnet, then I wonder if it occurred to its orchestrators that their own Windows-based systems could also be vulnerable? Whilst Iran has suffered the most, as of August 2010, 1.56% of Stuxnet strikes were in the USA!

http://j-j.co.za/?tag=stuxnet

6. Indeed, if the US and/or its allies have really initiated this attack, then, considering their dependence on MS operating systems, this could prove to be a deeply embarrassing and costly own goal. I wonder if the geniuses in the Pentagon have a name for it yet? “Friendly-cyberfire?” “Collateral-cyberdamage?” And what plans are in place to put right the damage?

To misquote Paul Daniels, I suspect, “Not a lot!

scutigera coleoptrata animation

So it seems to me that huge chunks of this story are missing. Since we can no longer believe a word that any Government says about anything, perhaps Mr Assange and his chums will dig up something they can share with us?

I can’t help feeling we need whistleblowers now, more than ever. Or as George Orwell rather aptly put it-

During times of universal deceit, telling the truth becomes a revolutionary act.

Honk! Honk!