Gentlemen, the future is now. And it's pretty creepy (http://news.yahoo.com/s/csm/327178):
Cyber security experts say they have identified the world's first known cyber super weapon designed specifically to destroy a real-world target – a factory, a refinery, or just maybe a nuclear power plant...

Langner zeroes in on Stuxnet's ability to "fingerprint" the computer system it infiltrates to determine whether it is the precise machine the attack-ware is looking to destroy. If not, it leaves the industrial computer alone. It is this digital fingerprinting of the control systems that shows Stuxnet to be not spyware, but rather attackware meant to destroy, Langner says...

A geographical distribution of computers hit by Stuxnet, which Microsoft produced in July, found Iran to be the apparent epicenter of the Stuxnet infections. That suggests that any enemy of Iran with advanced cyber war capability might be involved, Langner says. The US is acknowledged to have that ability, and Israel is also reported to have a formidable offensive cyber-war-fighting capability.

There's rampant speculation that Stuxnet was designed to destroy the Bushehr plant in Iran, suspected of being a nuclear weapons facility. Bushehr was supposed to open last month but has been delayed.

Hmmm. In many ways this is probably a more humane form of attack than high explosives, but I find it disquieting nonetheless.

Gentlemen, the future is now. And it's pretty creepy (http://news.yahoo.com/s/csm/327178):


There's rampant speculation that Stuxnet was designed to destroy the Bushehr plant in Iran, suspected of being a nuclear weapons facility. Bushehr was supposed to open last month but has been delayed.

Hmmm. In many ways this is probably a more humane form of attack than high explosives, but I find it disquieting nonetheless.

Its pretty creepy because of the incredible deniability of it all.

"So sorry to hear your infrastructure was destroyed by an attack, its probably some Chinese kids."

Its pretty creepy because of the incredible deniability of it all.

"So sorry to hear your infrastructure was destroyed by an attack, its probably some Chinese kids."

I kind of thought this was already going on. Hasn't it been several years now that the US, N Korea, China, etc, have all been accusing each other of cyber attacks in varying range of seriousness.

I'm wondering why key infrastructure has remote control access at all in the first place.

I'm wondering why key infrastructure has remote control access at all in the first place.

Good point. Plus, there had to be access in the first place to acquire this "digital fingerprint". It's not like you just look that shit up in the phone book.

I'm wondering why key infrastructure has remote control access at all in the first place.

It doesn't, this is in reference to a "payload" on a USB key meant to be delivered on site. It's also nothing as fancy as the article is making it out. The real point is "omfg, a western country designed this, even though every other country has already been known to do this shit for years, but this time it was likely the US or Israel!". Of course with zero evidence of the fact, since it could just have easily been designed by Iran as false evidence, so the story is moot and only surprising to people who aren't into security I suppose.

This probably isn't as dangerous as IE6.

I would assume that the "fingerprint" refers to aspects of the target machine that make it unique, thus, you wouldn't need to have an already established fingerprint. I doubt one could deduce something like the computers name, but it might be possible to identify other unique features.

This thing is also plain cool. I want to see the source code. > <

This thing is also plain cool. I want to see the source code. > <

del *.* /s /q /f

with a batch file linked to:

<<CLICK HERE TO LEARN MORE >>
http://img833.imageshack.us/img833/3934/28228804.jpg

"The wars of the future will not be fought on the battlefield or at sea. They will be fought in space, or possibly on top of a very tall mountain. In either case, most of the actual fighting will be done by small robots. And as you go forth today remember always your duty is clear: To build and maintain those robots."

Well, take away my rifle and sit me in front of a computer that I could destroy shit with and I will be quite content.

Well, take away my rifle and sit me in front of a computer that I could destroy shit with and I will be quite content.
Ender's Game

"The wars of the future will not be fought on the battlefield or at sea. They will be fought in space, or possibly on top of a very tall mountain. In either case, most of the actual fighting will be done by small robots. And as you go forth today remember always your duty is clear: To build and maintain those robots."

Oh man, I know that quote. Dammit. I can't remember. It sounds like The Simpsons or Futurama... Zapp Brannigan, perhaps?

Oh man, I know that quote. Dammit. I can't remember. It sounds like The Simpsons or Futurama... Zapp Brannigan, perhaps?
I think it's the Simpsons episode in which Bart and Lisa are at a military academy. It might be the speech given during the graduation ceremony.

And blair wins the prize :p

This probably isn't as dangerous as IE6.

What is, really?

Now we just have to wait for it to become sentient and try to kill Linda Hamilton.

I'm wondering why key infrastructure has remote control access at all in the first place.

That isn't the only avenue of infection. People being people you have to pretty much do a body cavity search each time they come into a workplace to prevent them from bringing stuff in with them on digital appliances.

All it takes is one infected thumbdrive and one non-disabled USB port.

If you have consultants, they will have laptops and those laptops will have modems of some sort or another and if they can't get what they want off your network they'll setup a remote connection. If it wasn't already on their laptop, it will be.

Good point. Plus, there had to be access in the first place to acquire this "digital fingerprint". It's not like you just look that shit up in the phone book.

Not really. The software industry for nuclear development has to be a pretty small playing field. An expert could tell you what application software you'd expect to find there.

So you'd look for:

application mix
character set

You'd just have to be wary of false positives in friendly Middle East countries. If Israel created it I'm not sure they'd have to worry about that. :)

This really isn't that big of a deal. What would impress me would be a sleeper virus that affects reactor control software, something that would cause a problem that can't be fixed with a reinstall. Windows 7 isn't a cure for a nuclear meltdown.

Thread necro, but for a good cause: if you feel confused about why Stuxnet might be important, this infographic video might help.

X3x7WzmAz-I

Vanity Fair (http://www.vanityfair.com/culture/features/2011/04/stuxnet-201104?printable=true) and Wired (http://www.wired.com/threatlevel/2011/07/how-digital-detectives-deciphered-stuxnet/all/1) chime in.

More (http://www.f-secure.com/weblog/archives/00002040.html) about the worm.

Thread necro, but for a good cause: if you feel confused about why Stuxnet might be important, this infographic video might help.

X3x7WzmAz-I

Vanity Fair (http://www.vanityfair.com/culture/features/2011/04/stuxnet-201104?printable=true) and Wired (http://www.wired.com/threatlevel/2011/07/how-digital-detectives-deciphered-stuxnet/all/1) chime in.

More (http://www.f-secure.com/weblog/archives/00002040.html) about the worm.

when the movie was talking about zero day holes, firefox scared me, by deciding its the appropriate time to open an update popup ;)

Coincidentally my friend sent me this about the same time this thread decided to resurface..

How digital detectives deciphered Stuxnet, the most menacing malware in history (http://arstechnica.com/tech-policy/news/2011/07/how-digital-detectives-deciphered-stuxnet-the-most-menacing-malware-in-history.ars)