Stuxnet Authors Made Key Errors 228
Trailrunner7 writes "There is a growing sentiment among security researchers that the programmers behind the Stuxnet attack may not have been the super-elite cadre of developers that they've been mythologized to be in the media. In fact, some experts say that Stuxnet could well have been far more effective and difficult to detect had the attackers not made a few elementary mistakes."
Does anyone here think they could do all of that? (Score:3, Insightful)
"There are a lot of skills needed to write Stuxnet," he said. "Whoever did this needed to know WinCC programming, Step 7, they needed platform process knowledge, the ability to reverse engineer a number of file formats, kernel rootkit development and exploit development. That's a broad set of skills. Does anyone here think they could do all of that?"
May I have a show of /. hands, please?
Criticism is easy (Score:5, Insightful)
If the NY Times had just revealed it was Chinese.. (Score:3, Insightful)
I'm guessing had it come out that it was of Chinese origin, we'd be inundated with articles about how the Chinese are so much smarter than everyone else because the code is just so darned perfect, only the scary Red Chinese could have pulled it off....and America's days are numbered....duck and cover.
But when it's the US/Israel? Meh...it's not that good.
The lack of elementary mistakes? (Score:2, Insightful)
The Unabomber manifesto, the use of certain people and devices can point back to/expose groups eg http://en.wikipedia.org/wiki/Gladio_in_Italy [wikipedia.org]
The early use of a 'new' plastic explosive, a DNA sequence http://www.newscientist.com/article/dn2265-anthrax-attack-bug-identical-to-army-strain.html [newscientist.com] can all be tested. Could the code in a more perfect, more pure, quality form (as found in the wild) ever really point back to teaching methods or something geographical?
If its still highly effective on some levels, its fine, anything better could the residue of a state actor start to glow?
As always... (Score:2, Insightful)
It's much easier to highlight someone else's mistakes than create something that would stand up to the same scrutiny yourself.
Re:Does anyone here think they could do all of tha (Score:5, Insightful)
Re:Yeah, sure... (Score:4, Insightful)
> If the US had a less hostile foreign policy....
Bull. International relations ain't kindergarten. Our opponents have goals that are incompatible with ours, thus we are called opponents. Russia dreams of empire lost. China dreams of empire to come. Iran dreams of dominating the Middle East and restoring the glory of Persia as an atomic power. Meanwhile madmen in North Korea and Venezuela dream their mad dreams of power and glory. We have valid reasons to be working to thwart, slow and otherwise hinder those plans.
So tell me mr enlightened one, which one of those country's plans should we either get out of the way of or encourage. Or more bluntly, which of our allies should we throw under the bus to appease them. All of Eastern Europe? NATO? Taiwan? Israel? South Korea and Japan?
Meanwhile India and Brazil also are taking a larger place on the world's stage and we don't really mind. Hell, if you ask me carrying the 'White Man's Burden' is getting to not be worth it and we could use some other halfway sane players to step up and take an active role putting out diplomatic fires and cleaning up after natural disasters.
Re:true (Score:5, Insightful)
Re:Criticism is easy (Score:5, Insightful)
Re:Obvious really (Score:5, Insightful)
Re:Yeah, sure... (Score:5, Insightful)
You're right, international relations isn't kindergarten. Of course, it doesn't help that the US has a long history of being the school bully.
Iran Contra sound familiar?
Even further back...the Shah of Iran?
The mujahideen of Afghanistan?
Selling Saddam the chemical weapons that we had him hanged for using?
The list goes on, but somehow I doubt that any revelation about the crazy fucked up shit we did to other nations will do anything to change your mind.
Re:conspiracy 101 (Score:5, Insightful)
Yes, Israel WANTS the world to know what happened, and they want the world to know they were involved. This is why Mossad has been gleefully and publicly showing off that Iran's nuclear weapon development has been pushed back years.
It is odd that a mission that was 100% successful (something even Iran won't deny) is being criticized for not being good enough. Maybe some researchers just wanted their names in the newspaper?
Re:Yeah, sure... (Score:5, Insightful)
There are no pure good or pure evil actors or actions.
However there is lots and lots of hypocrisy and we've built up a big steaming pile of it since WWII.
Re:Does anyone here think they could do all of tha (Score:5, Insightful)
I think it also useful to point out that
It will be interesting to see what other malware is found in Iran. For it seems very unlikely that stuxnet was the only arrow in the quiver. It seems much more likely that it is just the first of several products to be discovered.