Wednesday, September 29, 2010

On the subject of viruses

I had one myself recently, a rather nasty and virulent cold. My minimal blog output went to zero. I'll understand if you dock my pay.

On the technological and political front, the Stuxnet virus is creating lots of comment and speculation. (via Blackfive) It looks to me like an elegantly crafted exploit and the writers' hats more light than dark, since most reported problems are coming from Iran (bad guys) and Indonesia (elastic views of property rights). Some reports claim Stuxnet uses bugs in unpatched Windows 7 installs,such as those that have been pirated. But that's not all--the Windows computers need to be connected to Siemens control software and devices before the virus really goes to town and does anything that creates a problem. Which, of course, is the situation every script kiddy wants to exploit and brag about at Hackercon. Not. It's looking pretty clear there aren't many situations where you have pirated or un-updated-since-2009 Windows computers AND expensive industrial Siemens-only control systems, and one would be the Bushehr nuclear complex in Iran. That exists primarily to create a nuclear bomb to destroy Israel. Israel, by the way, containing an awful lot of very clever computer geeks that don't feel like becoming radioactive gas, thanks all the same.

There has been some vaporing in the press about how this presents an opportunity for terrorism, extortion, yadda yadda. My cynical nature wonders if these critics also think Israel should just lie back and take it. My practical nature notes that given the clever stuff Stuxnet uses and the wide-ranging technical expertise needed -- not to mention a significant intelligence operation to find all the necessary information like chipset security certificates and model numbers of the centrifuges--that your average jihadi is going to stick to goat manure IEDs. Really, it is looking like this is only major government-league stuff.

And it's not like this hasn't been done before. In a very clever trick, in 1982 the CIA got the Soviet Union to blow up its own gas pipeline using pre-hacked control chips the Soviets stole from us themselves. Even better, they had to check every single element for the hack (a non-obvious one) after the explosion to make sure it didn't happen again. This will happen with Stuxnet too. Sure, everyone knows about it now but the Iranians can't be sure what else got infected. They will have to check *everything*, possibly with computers already infected with a "don't notice that" virus, and it will take lots and lots of time and effort -- that won't be available for purifying uranium and making nukes. Sounds like a win to me ...


Blogger The Thomas said...

I always love it when people develop DO-178B level A process control software using level E methods ... then run it out of RAM so it can be self modifying by any virus that comes along.

So much ugly goodness all in one place amazes me.

I hope they aren't doing that with the sewage lift station at the end of our street.

6:41 AM, October 01, 2010  
Anonymous BillT said...

...and it isn't like the Israelis haven't previously stuck weevils into the mullahs' 'puters.

We need to start a rumor that the bug was delivered through downloaded goat pr0n...

6:59 AM, October 01, 2010  

Post a Comment

<< Home