Via Forbes' Firewall Blog (by Jeffrey Carr)-
The Stuxnet worm isn’t just infecting thousands of industrial control systems–its hype is also spreading unchecked throughout the news outlets of the Western world. The latest take on the media’s new favorite piece of malicious software: this article in the New York Times wherein John Markoff makes a series of bad assumptions when he writes “As in real warfare, even the most carefully aimed weapon in computer warfare leaves collateral damage. The Stuxnet worm was no different.”
Markoff’s conclusion is presumably based upon the work of German researcher Ralph Langner of Langner Communications who has said of his own theory that it’s completely speculative. In fact he closes by passing this “non-technical stuff” over to others more qualified than he to do the analysis, which was a good thing because the three paragraphs under his heading “Ralph’s Theory – Completely Speculative From Here” are nothing more than sheer guesswork without any attempt by Langner to apply an analytic method to his guesstimate.
Unfortunately, as the media frenzy heated up and Langner was fast becoming the star attraction, he left the world of scientific objectivity far behind when he reportedly told the Christian Science Monitor that “Stuxnet is essentially a precision, military-grade cyber missile deployed early last year to seek out and destroy one real-world target of high importance – a target still unknown.” Unknown is correct, but that didn’t stop Langner from making a guess – Iran’s Bushehr nuclear reactor.
So if Langner’s speculation is correct, the same minds behind the most sophisticated piece of malware that anyone has ever seen couldn’t figure out a way to deliver it without involving a dozen countries and contaminating thousands of hosts? Even worse, that of all the possible targets to pick from, they chose an IAEA-supervised civilian power facility that has zero military value and isn’t even operational yet?
The lynchpins that support his argument are almost as flimsy and can be applied to numerous facilities around the world. It’s an astoundingly weak case based on more flaws than I have the time to document here. The worst, though, is today’s post on Langner’s web page wherein he claims to have been proven right by Iran’s announcement that they were dealing with thousands of Stuxnet- infected hosts across their nation including ones on the commercial side of the Bushehr reactor.
Really, Ralph? That’s what proved you right? We already knew that Iran, Indonesia and India had thousands of infected computers. What you apparently didn’t know, Ralph, was that Iran wasn’t the most heavily hit country in the first five days of the attack. According to Kaspersky Labs data, India was first with 8565 infections, followed by Indonesia (5148), and Iran came in third with 3062. More importantly, these numbers don’t tell the whole story because they’re derived solely by the reporting of protected hosts back to the AV vendor (i.e., Kaspersky, Microsoft, ESET, F-Secure, etc.). In other words, no one really knows how widespread the Stuxnet infection rate is.
The worst part about this entire mess is that we’ve apparently learned nothing from the intelligence failure of Iraqi WMDs. Bad analysis combined with a political agenda supported by a non-critical media propelled us into a war that never should have happened. This past week we could be seeing history repeat itself. The Iranian government is not the most rational of regimes, and their politicians are not technically literate. If Iran attacks Israel because of unfounded conclusions drawn by ambitious researchers and a media that is far more competitive than critical, then you only have yourselves to blame for the consequences.
------------------------------------------------------------------
Some people have suggested that Stuxnet was designed to attack Iran's Bushehr nuclear power station, while others have speculated that it was designed to attack Natanz, but most of the theories (while sounding solid) lack any real solid evidence. However, the points outlined by Frank Rieger tell a very good story and I would personally pick Natanz over Bushehr (if it was a coin toss).
Then again, perhaps there wasn't any specific target behind Stuxnet. Maybe the people behind it just wanted the ability to break the high-speed process of their choosing at a time of their choosing, based on changing conditions on the ground. A sort of, sabotage network in the waiting.
Who knows.
But in hope of stimulating "alternative analysis", Carr has just posted another entry - Did The Stuxnet Worm Kill India’s INSAT-4B Satellite?
No comments:
Post a Comment