A Finnish-Chinese Connection For Stuxnet? 113
Lingenfelter writes "I recently wrote a white paper entitled 'Dragons, Tigers, Pearls, and Yellowcake' in which I proposed four alternative scenarios for the Stuxnet worm other than the commonly held assumption that it was Israel or the US targeting Iran's Bushehr or Natanz facilities."
Re:Overthinking it (Score:4, Informative)
I guess the current way many finnish industrial machine manufacturing goes is that the first models are machined and done in finland and then at least parts manufacture is subcontracted from somewhere cheaper, also we don't have chip fabs in finland so naturally a lot of the parts need to be imports anyways. and another thing that's done on contract by finnish firms by finns is to go to a project site and fix up the mess that the export chinese workmen haven't been able to fix.
the finnish connection is an interesting one because there's plenty of people in finland who could've written stuxnet by themselfs(and access to fresh exploits and the means to look for exploits themselfs) and possibly had the information too - and quite low probability of getting connected to it by anyone else. but it's an obvious one that's hard to prove so it's just that it's targeting some finnish connection hardware that's the connection to finland. the motivation in that case wouldn't have been money, fame or such, it would be that it's just such a sweet target and even if caught criminal chargers would've been extremely hard to press(and even condemning it morally would have sparked a lot of discussion, after all stuxnet was a more civil way to slow the progress there than bombing some scientists).
finland does a lot of trade with many shady countries, nobody gives a rats ass you see(about what finland does and with whom) and economy isn't exactly booming so extra business is extra business, that's not to say that the iranians maybe hadn't lied about what they're going to use the machinery for - notice that had they been used for something else than what the iranians (now apparently confirmedly) were using them for then stuxnet would have done nothing :). they could've used them to run some fat seperators but nooo, had to use for some zero economical output work.
Re:Rather basic question (Score:4, Informative)
On the presumption that this is some electronic device with a user-modifiable firmware (how else would the worm be able to modify it?) - what would stop Iran from taking an unaffected piece, dumping the firmware, and re-uploading it?
Do a clean reinstall of Windows, and you're set to go.
Is there something I am missing?
Here's what you're missing:
We originally only had two basic kinds of memory chips, RAM which is volatile, and ROM which was non-volatile. Then someone came up with a new chip that could be 'flashed', that is you could change the data values once but then it became completely non-volitile and was no longer updatable (WORM- Write Once Read Many).
These were the first flashable chips, and had a finite amount of space to use for updates since once you wrote new data, it was there for good.
Well we have largely moved away from WORM technology on most consumer devices, since it's a lot better to have a chip which is largely non-volitie but can still be updated so you don't run out of space or risk totally ruining the chip.
But a lot of high-dollar embedded devices still use WORM chips. Why? Because devices like the ones in question are not only expensive in terms of the raw hardware, but also cost a fortune in license fees for the software which runs them. And the last thing they want is for someone to purchase the equipment from someone else (used or stolen, for example) and run their own software on it- the company makes nothing. So they use chips which are based on WORM technology, which means that a malicious (or bugged) update could easily prevent any further updates (upgrades or downgrades, it's all updates)... which would require replacing the chip. And in most cases, it would be an entire board not just a single chip.
So that's basically a headache for any legit operation which has a support contract with the manufacturer (which they WILL have, always), they ship it back and the maker ships a new one. Or maybe just sends a tech to the site with a spare. Which is all fine and dandy when you're not a country under international embargo, and has multiple powerful nations working to prevent you from getting these machines in the first place. But when you are a 'rogue state' or whatever we're calling them today, getting a replacement chip with the proper software on it is probably even more difficult than just getting an entirely new unit on the black market.
Re:If Lingenfelter is right (Score:4, Informative)
Seriously?
If it was an escaped Chinese military virus wouldn't it have been alot more deadly?
Also, it was traced to a pig farm in Mexico.
Now please coat your tin foil suit with tungsten carbide.You're gonna need it.