Stuxnet Secret twin??

[MtnGoat]

Somethings that make you go huummmm....

http://www.foreignpolicy.com/article...s_cyber_attack

[PRB]

how about pasting that one...site wants a log in.

[perdurabo]

Quote:

Originally Posted by PRB

how about pasting that one...site wants a log in.

Here's a sanitized link:

http://www.instapaper.com/text?u=htt...s_cyber_attack

[Badger52]

Thanks for posting.
Never Say Anything.

[PRB]

Interesting...wonder if it is on the mark.

[Trapper John]

Hmmmm....indeed!

If this is true, and I have no reason to believe it is not, then this revelation is a Game Changer.

This goes far beyond the impact of the Stuxnet revelation on military strategy IMO.

If Stuxnet is NSA derived, then, in light of the recent disclosure of the metadata collection efforts to monitor and track behavior of individuals and groups is nothing short of centralization of absolute power into fewer and fewer hands with little or no accountability.

I think the genie is out of the bottle.

[MtnGoat]

Quote:

Originally Posted by Trapper John

Hmmmm....indeed!

If this is true, and I have no reason to believe it is not, then this revelation is a Game Changer.

This goes far beyond the impact of the Stuxnet revelation on military strategy IMO.

If Stuxnet is NSA derived, then, in light of the recent disclosure of the metadata collection efforts to monitor and track behavior of individuals and groups is nothing short of centralization of absolute power into fewer and fewer hands with little or no accountability.

I think the genie is out of the bottle.

John you hit it out of the ball park with your bottle thinking.

[35NCO]

Quote:

Originally Posted by Trapper John

I think the genie is out of the bottle.

The genie problem is that the code for how it was done is now into the wild to be reverse engineered for a long time to come. It wont be long before we see it here gentlemen. I can promise someone will be hitting us very soon in such a manner. The ONLY thing that stops this currently is strategic timing of the attack. For some reason it is not useful now to our adversary's otherwise it would have already happened. Perhaps they are having too much enjoyment in watching our current political failures.

Whats about to happen will be the new nuclear arms race of our very near new future. Once there is a strike, it will be an act of war. Then the whole internet will explode with counter strikes. Its only takes one good hit to create the tipping point that spirals it all into oblivion. I strongly disagree with the author. I do not believe the code getting out in to the wild was intentional. If it was, it very well may have been the most dangerous leadership decision in warfare for generations to come and to those that may not longer exist.

[The Reaper]

Quote:

Originally Posted by 35NCO

The genie problem is that the code for how it was done is now into the wild to be reverse engineered for a long time to come. It wont be long before we see it here gentlemen. I can promise someone will be hitting us very soon in such a manner. The ONLY thing that stops this currently is strategic timing of the attack. For some reason it is not useful now to our adversary's otherwise it would have already happened. Perhaps they are having too much enjoyment in watching our current political failures.

Whats about to happen will be the new nuclear arms race of our very near new future. Once there is a strike, it will be an act of war. Then the whole internet will explode with counter strikes. Its only takes one good hit to create the tipping point that spirals it all into oblivion. I strongly disagree with the author. I do not believe the code getting out in to the wild was intentional. If it was, it very well may have been the most dangerous leadership decision in warfare for generations to come and to those that may not longer exist.

I tend to concur, unless we have innoculated ourselves somehow with a defense, and I think that is highly unlikely.

TR

[mugwump]

Quote:

Originally Posted by 35NCO

The genie problem is that the code for how it was done is now into the wild to be reverse engineered for a long time to come. It wont be long before we see it here gentlemen. I can promise someone will be hitting us very soon in such a manner. The ONLY thing that stops this currently is strategic timing of the attack. For some reason it is not useful now to our adversary's otherwise it would have already happened. Perhaps they are having too much enjoyment in watching our current political failures.

Whats about to happen will be the new nuclear arms race of our very near new future. Once there is a strike, it will be an act of war. Then the whole internet will explode with counter strikes. Its only takes one good hit to create the tipping point that spirals it all into oblivion. I strongly disagree with the author. I do not believe the code getting out in to the wild was intentional. If it was, it very well may have been the most dangerous leadership decision in warfare for generations to come and to those that may not longer exist.

The arms race has been on for years and only MAD keeps things in line. The subtext in the article is spot-on: Stuxnet demonstrates "do not mess with us because we can do worse to you." We are not being attacked by Iran, say, because their infrastructure would be laid waste in hours by a retaliatory SCADA attack and they know it. We are far ahead of the rest of the world in this arena.

Stuxnet is remarkable only because of it's sophistication and subtly. The first-phase attack was like re-setting 10,000 wristwatches to be seconds off without anyone noticing. And they're in a guarded room. And you do it several time per day. A SCADA infrastructure attack would be as subtle as smashing the wristwatches with a sledgehammer.

My bet for the first (MSM-publicized) attack involving fatalities: some script-kiddie malcontent out to go down in flames. If you're the first one to sell a tee-shirt with him wearing a Che beret you'll be able to retire in a week.

[PRB]

I wonder how many 'sleeping' virus's exist in the US. All of the businessmen that travel/work in China using their systems and then plug in their devices back home.

[Badger52]

Quote:

Originally Posted by PRB

I wonder how many 'sleeping' virus's exist in the US. All of the businessmen that travel/work in China using their systems and then plug in their devices back home.

If you travel/work in many of those regions & have ever left your laptop in your hotel unattended it's already theirs. I'm kinda old school, but this makes a case for some robust 'thing' you can have on your person at all times if you have to work that way. And then be prepared to discard it, with no remorse, for the never-connected device you have with what's of genuine value. Our big-ticket adversaries send their people to years-long university-grade programs just focusing on offensive cyberwar. As 35NCO said, it's when, not if.

[Flagg]

Great article.

I wonder if the reported death of Mojtaba Ahmadi, Iran's reported cyber warfare commander, would be the first open source casualty in the crossover of cyber to kinetic warfare realms?

I'm sure it's no coincidence that the US announced that cyber attacks directed against the US may constitute use of force up through and including a nuclear response.

Which I reckon is a good idea considering Pandora's Box has clearly been opened with the Stuxnet point of reference.

I think it's easily within the realm of possibility that bad guys with exceptional strategic cyber bomb making talent will need to be hunted and targeted much like bad guys with exceptional tactical/operational IED bomb making talent.

I'm less worried about peer state versus near peer state cyber warfare due to MAD vulnerabilities than I am about a well resourced independent or proxy opponent with real talent.

The asymmetric nuclear threat is real, but it's threat to me personally and directly WAY down here is probably quite low.

But I would rate the likelihood of a cyber threat having a significant direct/indirect threat to my way of life due to the likelihood of it cascading around the world as possibly quite high.

Becoming aware of collection capabilities, opportunities, and vulnerabilities, when traveling thru/to the usual suspects, has led to changes in my use of technology.

Just my 0.02c

[Gold Eagle]

Quote:

Originally Posted by PRB

I wonder how many 'sleeping' virus's exist in the US. All of the businessmen that travel/work in China using their systems and then plug in their devices back home.

I hope we don't find out the hard way.

[MtnGoat]

I think between Iran and the Russian plants, shows a sign of the shift is the difference in infection methods of the two versions. The first Stuxnet had to be manually installed to controller systems at the facility by a knowing agent. This was a strong action and feat. While the second version was designed to self-replicate and spread through USB-drives and laptops of unwitting engineers. Now this was smart, witting and unwitting.