quote:

ORIGINAL: hertz

quote:

Not to mention that they ran the entire thing as a covert op with no leaks.  There's no way that a bunch of loosely organized terrorists could have pulled this one off.

Why not? Why even terrorists? It could be some IT student working from her bedroom. We don't know enough yet.

quote:

ORIGINAL: DomKen

quote:

ORIGINAL: hertz

quote:

Not to mention that they ran the entire thing as a covert op with no leaks.  There's no way that a bunch of loosely organized terrorists could have pulled this one off.

Why not? Why even terrorists? It could be some IT student working from her bedroom. We don't know enough yet.

Writing this virus required
1) Finding an otherwise unknown vulnerability in the way USB devices work
2) Detailed knowldege of siemens industrial control products
3) Detailed knowledge of the precise industrial process to be attacked
4) Sophisticated encryption techniques

That's a very broad and unlikely skill set for a single individual. The size and sophistication of the software functionally rules out it being the work of a single coder.

quote:

ORIGINAL: DomKen

Writing this virus required
1) Finding an otherwise unknown vulnerability in the way USB devices work
2) Detailed knowldege of siemens industrial control products
3) Detailed knowledge of the precise industrial process to be attacked
4) Sophisticated encryption techniques

That's a very broad and unlikely skill set for a single individual. The size and sophistication of the software functionally rules out it being the work of a single coder.

quote:

ORIGINAL: DarkSteven

quote:

ORIGINAL: hertz

Wouldn't it be just too ironic if the real target is somewhere in the US, and all those people who are currently cheer-leading for the Zionists are about to discover that actually, a sneak attack of this sort could have some very real and unpleasant consequences for a civilian population?

Look, hertz, this is a bad situation any way you slice it.  I have been taking it for granted that Iran has been developing a nuclear weapon.  If so, then either Iran becomes a nuclear power, or else some nation, either Israel or the US, would bomb Iran and touch off God knows what in the Middle East.  Either outcome would be horrific.

I am tickled pink that there is another option.

And the folks who determined the target are pretty damn good.  They used espionage to determine what hardware and software is in the "reactor", and made code that is way more sophisticated than anything seen to date.  Not to mention that they ran the entire thing as a covert op with no leaks.  There's no way that a bunch of loosely organized terrorists could have pulled this one off.

quote:

ORIGINAL: willbeurdaddy

quote:

ORIGINAL: hertz

quote:

And, yes, I'm assuming that this emanated from Israel. It was done so professionally and effectively and quietly...

A bit like their attack on the civilians on board the Mavi Marmara...

ROLF. Spoken like the anti-Semite you are.

quote:

In the fall of 2008, a variant of a three year-old, relatively-benign worm began winding its way through the U.S. military’s networks, spread by troops using thumb drives and other removable storage media. Now, the Pentagon says the infiltration — first reported by Danger Room — was a deliberate attack, launched by foreign spies. It’s a claim that some of the troops who worked to contain the worm are finding hard to back up.

The worm, dubbed agent.btz, caused the military’s network administrators major headaches. It took the Pentagon nearly 14 months of stop and go effort to clean out the worm — a process the military called “Operation Buckshot Yankee.” The endeavor was so tortuous that it helped lead to a major reorganization of the armed forces’ information defenses, including the creation of the military’s new Cyber Command.

quote:

ORIGINAL: hertz

4. Knowledge of the design and deployment of 'sophisticated encryption techniques' are two a penny in hacking circles.

quote:

ORIGINAL: hertz

Dumping Windoze for Linux would be an excellent start. Which raises another interesting thought. If large organisations and military organisations gave up on Windoze and went for something more secure, this sort of attack would be much less likely to happen.

quote:

ORIGINAL: Icarys

No it's not. Not exactly.. Once you have a certain level of skill...adapting to work in various other avenue's is just another curve..Not quite the bend one would imagine either.

quote:


Kevin Mitnik was an "all around" hacker that did everything from phreaking to social engineering software. His expertise was phone systems but he had a wide array of other skills which included computer virus's and BBS board hacks to the making of electronic devices which aided him in his attempts.

I believe he now writes for 2600.

quote:

ORIGINAL: ScaryJello

quote:

ORIGINAL: hertz

4. Knowledge of the design and deployment of 'sophisticated encryption techniques' are two a penny in hacking circles.

Ummmm not really. The high level encryption techniques used in reactors, military and governmental level systems is quite advanced. The knowledge required to be able to reverse engineer and bypass such encryption in such a fashion as to not trigger any alarms, while not rare, is not "two a penny."

quote:

quote:

ORIGINAL: hertz

Dumping Windoze for Linux would be an excellent start. Which raises another interesting thought. If large organisations and military organisations gave up on Windoze and went for something more secure, this sort of attack would be much less likely to happen.

Windows is common on many government computers, however the attacks used in this worm are not windows specific as the USB protocols are virtually the same on each operating system.

quote:

Switching to Linux won't solve the issue either.

quote:

Yes it is a steep learning curve to switch from one of those areas to another. The amount of knowledge that a single person would have to have would be akin to someone being able to play professional baseball, golf, football and be a world class archer. Sure it is possible to find someone who can do that, but it is easier and more efficient to bring in people who are experts in the individual fields and have them work jointly on the project.

quote:

Okay. Kevin Mitnick is not an incredible hacker. His technical skills were not anywhere near the top of the crowd even back in his hey-day. Kevin Mitnick is first and fore most a Social Engineer. He had goo basic skills, but relied mostly upon Social engineering to access systems and obtain the information needed to fool the networks.

Also so far as I know he does not write for 2600. Especially since I don't believe there are any staff writers for that magazine. Most of the articles are submitted by readers and professionals in the computer field. It is akin to a journal of psychiatry where the articles come from professionals as opposed to staff members.


He had a cool story and got lots of coverage, but there are far cooler hackers out there to look at. Captain Crunch, Eric Corley and Gary McKinnon. Not to mention the number of white hat hackers out there.

quote:

If stuxnet was encrypted using over the counter tools then it would already be fully decrypted and reverse engineered.

quote:

The people disassembling this thing are quite sure it is lokking for a single specific industrial process. The "payload" is keyed to only be activated on that specific system and to do very specific things to that system.

quote:

As I said above this is extremely unlikely to be a single p[erson. The skillset is too broad and the program is too big and too sophisticated to be a single coders effort.

quote:

ORIGINAL: hertz

quote:

If stuxnet was encrypted using over the counter tools then it would already be fully decrypted and reverse engineered.

Not necessarily. One of the great joys of encryption is that even if someone tells you exactly which algorithm was used, without the key, it's very difficult to reverse the process back to the original.

quote:

quote:

The people disassembling this thing are quite sure it is lokking for a single specific industrial process. The "payload" is keyed to only be activated on that specific system and to do very specific things to that system.

There have been some reports saying this, yes. There have been some reports suggesting that it has attacked many systems using WinCC and Seimens software.

quote:

quote:

As I said above this is extremely unlikely to be a single p[erson. The skillset is too broad and the program is too big and too sophisticated to be a single coders effort.

It's a big leap from here to the suggestion that a rogue state such as Israel released the worm. Single person, small group of hackers, state - no-one knows at this point.

quote:


This, comming from a bigotted Islamaphobe......

People in glass houses......