Cyber Warfare

The report in pdf:

It's funny how the media is back to talking about Iran's nuclear program ramping up yet what about Stuxnet? For something that supposedly cost billions to develop, what did they get out of it? They basically spent the cost of how many F-22s just to supposedly halt Iran's nuclear program for what is essentailly a hiccup. Either the whole Stuxnet was just hype or the cheering and patting each other on the back over expert programming skills to create Stuxnet blinds people to the fact it did nothing in the end.

Stuxnet was and IS a worm that is capable of lying in wait for the correct time to strike. And the second iteration of Stuxnet, Flame is lurking and working now even as you read this. Think about it: Would you rather have Iran's nuclear program disrupted by a weapon that causes no blood shed or launch an all out shooting war trying to bomb the hell out of Iran. As I said think carefully about the choice

^^^ I am with NikeX on this one. There are risks of things going horribly wrong even with all the safeguards Stuxnet & Flame have, but it is still much better than going in all guns blazing IMHO. Stuxnet & Flame are incredibly selective & smart and will do absolutely no harm to computers not belonging to the target.

Me... suggesting war? No, I was saying the multibillion dollar development of Stuxnet is probably going to be the biggest waste of money or the biggest hoax in the history of bull. And why is the news media sounding the alarm again on Iran nuclear program? Why haven't they activated Stuxnet to strike again? The alarms are sounding... Oh yeah the Iranians are that dumb that they keep working with infected equipment. First of all, if one was to develop this for specifically for Iran, why would you acknowledge it for Iran to work to circumvent it? Fact is the hype is coming from people who aren't in the know. Since Iran is pushing ahead with little effect... billions of dollars for what? That's if it's true in the first place. If it was meant to stop Iran's nuclear program, why is their nuclear program proceeding? Why is there talk of Israel preparing to strike? Weren't they the ones that had part or full responsibility for Stuxnet? What's the point of developing it if Israel still needs to strike militarily? Big waste or big hoax. That's what it is. The way it's playing out now, Stuxnet was just to get the Iranians to think all their equipment was infected thus would not proceed. Looks like it's not working as planned.

Operation Orchard by Israel against Syria highlights the military implications of having sleeper software installed for well timed strikes. The similarity of Flame and Stuxnet should be seen as part of the development of a family of malwares that can greatly amplify the destructive potential of one agent.
Force multipliers for espionage will have a massive impact because old school HUMINT espionage had massive problems with lots of agents of little value, upgrading the SIGINT and sabotage capability of HUMINT sources enhances quality&quantity of handled individuals without as much risky training as previously necessary + making better use of patsies.

Hyperwarp said:

^^^ I am with NikeX on this one. There are risks of things going horribly wrong even with all the safeguards Stuxnet & Flame have, but it is still much better than going in all guns blazing IMHO. Stuxnet & Flame are incredibly selective & smart and will do absolutely no harm to computers not belonging to the target.

Click to expand...

Until some college kid saves a copy, learns how to take control of it and posts instructions on some hacker forum.

Cyber warfare is unlike any previous forms because while only some nation states and the biggest tech corporations have the skill and resources to write something like Flame and Stuxnet, a single gifted individual could very feasible repurpose it to do something the original programmers never intended. Like disabling critical safety mechanisms of places like power stations and causing things to overhead/over-pressurize/over-rev and ultimately fail, often violently (read explosively or burst into flames); they could also release toxic chemicals or crash passenger trains or open the sluices on dams and flood entire cities.

The world is hopelessly, laughably unprepared for the kinds of damage and destruction something like Stuxnet and flame might cause, especially if guided by fanatics or idiots who do not fully comprehend the consequences of their actions, or simply doesn't care.

America and Israel has let the genie out of the bottle by releasing Flame and Stuxnet into the WWW. Internet security firms have already 'captured' and isolated examples of both viruses in ways that means the automatic self destruct command built in cannot be remotely activated, and they are probing and studying those viruses, and they will not be the only ones to have done that.

Not only does the release of such sophisticated viruses make it possible for potential copy-cat viruses to be written based on the coding, it is also entirely possible others might just re-program the virus to do something else.

I seriously doubt the Russians or Chinese would believe the CIA had absolutely no involvement if critical infrastructure in Russia and/or China started to be disabled/destroyed by Flame or Stuxnet even if the CIA actually was innocent and it was just some hacker who figured out how to tell those viruses to go target other things. That opens the door to some unaffiliated party triggering a cyber total war between the world's top powers that might easily spill out into the real world.

Regarding your comments on a "college kid saves a copy" statement you should understand that this cyberweapon was professionally done by people who have the job of making things like this. You should understand that there are some pieces of software / malware that are beyond some kid creating by sitting in a basement somewhere. And that counters have been made to deal with the current crop of Stuxnet - Flame malware

Regarding your statement of a "single gifted individual" wreaking havoc with a re-purposed version of the Stuxnet - Flame software you need to understand that both of these cyberweapons were delivered to their targets in a specific way. And that way would make it difficult for a lone wolf "gifted individual to accomplish his mission of mayhem and havoc. What I am saying is that there was a humint component that was the delivery vector in this case. That implies serious organization. As in highly specialized team. And organization of the type that even you hinted at with your reference to nation states and big tech corporations only having the resources to do these things would be able to pull things like this off.

Finally you need to understand that things have evolved greatly since the release of the Stuxnet - Flame malware. For example there are some pieces of software roaming around in the wild that has even have the great minds at Kaspersky stumped. The design of the cyberweapons named "DuQu" and "Gauss" are absolutely brilliant in their uses of encryption to protect themselves and perform their missions. I make no claim to fully understand these pieces of software but marvel at their ingenuity.

AssassinsMace said:

That's if it's true in the first place. If it was meant to stop Iran's nuclear program, why is their nuclear program proceeding?

Click to expand...

Is it?

Why is there talk of Israel preparing to strike? Weren't they the ones that had part or full responsibility for Stuxnet? What's the point of developing it if Israel still needs to strike militarily? Big waste or big hoax. That's what it is. The way it's playing out now, Stuxnet was just to get the Iranians to think all their equipment was infected thus would not proceed. Looks like it's not working as planned.

Click to expand...

Talk is cheap

NikeX said:

Regarding your comments on a "college kid saves a copy" statement you should understand that this cyberweapon was professionally done by people who have the job of making things like this. You should understand that there are some pieces of software / malware that are beyond some kid creating by sitting in a basement somewhere. And that counters have been made to deal with the current crop of Stuxnet - Flame malware

Regarding your statement of a "single gifted individual" wreaking havoc with a re-purposed version of the Stuxnet - Flame software you need to understand that both of these cyberweapons were delivered to their targets in a specific way. And that way would make it difficult for a lone wolf "gifted individual to accomplish his mission of mayhem and havoc. What I am saying is that there was a humint component that was the delivery vector in this case. That implies serious organization. As in highly specialized team. And organization of the type that even you hinted at with your reference to nation states and big tech corporations only having the resources to do these things would be able to pull things like this off.

Finally you need to understand that things have evolved greatly since the release of the Stuxnet - Flame malware. For example there are some pieces of software roaming around in the wild that has even have the great minds at Kaspersky stumped. The design of the cyberweapons named "DuQu" and "Gauss" are absolutely brilliant in their uses of encryption to protect themselves and perform their missions. I make no claim to fully understand these pieces of software but marvel at their ingenuity.

Click to expand...

I agree on that. Having critical systems with a www access is as good as making them defenceless and a freeride for everyone to manipulate. You need HUMINT to wreak havoc and this makes these items just new toys for old purposes of sabotage and eavesdropping. Every programm has specific information sequences that can be identified even in modified versions, reducing the capability of using such a weapon for a strike that backfires on enemy systems.
A kid genius with too much time at hand can use such things to blow the brains out of his private enemies' and school's computers. The difference between him and the professionals is that such persons can and were tracked. "anonymous" is based on wishful thinking.

AssassinsMace said:

Exactly! That's why it's easier just to say it's doing what the hype is saying than in reality. The Iranian program rolls on meaning Stuxnet was a big watse of money or a lie in the first place. Who are they ones that identified Stuxnet? Internet security firms who wouldn't be in business if there weren't any "threats."

Click to expand...

I'm not part of the Iranian nuclear team and I do have a hard time to figure out how well they are doing. Centrifges for enrichment of isotopes that have a low percentage margin of distinguishable atomic weight need a lot of precision to yield a high differentiation degree of isotopes.
While not outright destroying the centrifuges, these malware regulations of frequency alteration under full speed are likely to have caused much increased friction wear of the centrifuges. This is a major problem for enrichment because there are few places on earth who can manufacture that kind of precision replacements. If you lack precision for speed and defined production conditions you need a lot more quantity at a lot higher costs for the same result. Speed and the capability to define conditions are much overlooked by our undereducated journalists and PR professionals. Exactly these circumstances force Iran to make a decision, ramp up for military capability or keep low for civilian use only. Stuxnet attack is a test of Iranian intentions under duress and much less expensive than a war, plus it served as a field test for technology demonstrator of a whole family of tools.
What do you know about these enrichment issues and where can I find out more about that?

Someone jokingly said that computer security program producers als create the computer insecurity programs to keep themselves employed.
This problem is known all over the world among firefighters. From time to time all firefighter departments are investigating because one of their own is intentionally setting fires in order to fight them with his comrades and feel appreciated by the community they defend. A nice article on that: