I'd argue that Google Search is much more sophisticated than Stuxnet. Windows is much more sophisticated. Linux is more sophisticated than Stuxnet. The list goes on.
We tend to ignore the sophistication of things we are familiar with, and hype those that surprise. But that's not a fair measure of anything.
In my view, the sophistication is implied by the breadth of expertise required to put the whole thing together. Google Search and the OS landscape are for sure broad and sophisticated. However, their development was accomplished by computer scientists.
In order for stuxnet to be effective, it was necessary to employ expertise in:
- Uranium enrichment methods and processes
- Capital equipment control systems and their development environments
- Theory of operation of centrifuge machines
- Corporate espionage of some sort
- Organizational management skills that can pull all that together
- and deep understanding of the operating systems referenced above
But do those things really contribute to the sophistication of the software? For example imagine some code written with no understanding of uranium enrichment:
const int CENTRIFUGE_RPM = 500;
And then some other code written with a deep understanding of uranium enrichment:
const int CENTRIFUGE_RPM = 1203;
Can you really say that the second bit of code is more "complex"? Same goes for stolen driver signing keys and some of the other things mentioned in the post.
Other large software projects like operating systems or Google search involve much more complex software concepts which I think is the primary thing that should be measured when discussing the sophistication of software.
This is such a powerful distinction that I feel it should help us rethink language paradigms. Complexity is not (just) the complications one can impose by construct or the involutions required of ones algorithms, it's the overall real world system your code addresses.
Simple programs which are coded simply may address complex phenomena to complex ends--perhaps that's even the ideal?
You might enjoy Fred Brook's essay "No Silver Bullet", where he distinguishes between "Accidental Complexity" (basically, complexity created by software engineers when implementing a solution) and "Essential Complexity" (complexity that arises because software is written to solve some real world problem and the world is complex).
> Most people perceive complexity as things they don't understand.
I don't think this is true. For example, as a math teacher, I couldn't do a very good job predicting how easy or difficult students would find particular problems. But I could easily predict which problems would be easier and which would be more difficult. I could do that even though I personally understood all the problems.
I don't think difficulty is complexity. For example, the bitcoin mining protocol complexity is the same but the difficulty goes up or down.
I'll attribute difficulty to the energy required to resolve a system. For example, pulling weight. The complexity of the action is the same. But the difficulty depends on the weights to pull.
Sure, I suppose you'd just need a good definition for complexity. Notions like computational complexity have clear definitions while what I think you're describing might not. Or may be it would require some thinking and be valid in some limited regimes of "real world" effects as you call it.
Something something about simple rules being able to describe complex behaviour. Example: you can describe a flock of birds in motion around an object with 2 or 3 rules.
Complex rules yields stupid results. Example: tax codes in most countries.
Must be a quote but I wasn't able to find a source for it.
The problem with simple rules is the volume of computation. Theoretically you could write a tax code using quantum mechanics, but good luck calculating your tax each year (or before the heat death of the universe).
When systems get too complex to simulate from first principles, we have to resort to inductive reasoning--observe the system and then create rules as we see a need.
Yes the resulting rule set is a mess, like our tax code. But the physical system that the U.S. federal tax code (for example) covers--the United States of America--is mind-bogglingly complex.
We have trouble computationally simulating more than a certain number of neurons... there are billions of neurons in each human brain, and there are hundreds of millions of human brains interacting in the U.S. This does not even get into other physical phenomena like surface water or mineral distribution.
The results are stupid because we are too stupid to understand and analyze the system we're trying to describe and manage.
That something something is actually Agent Based Modeling / Simulation.
Back when I was in academia I used to develop ABMs to represent the behaviour of complex systems with a simple set of rules of agent action and interaction.
The game of Life is the quintessential example of that.
Stringing together independent pieces doesn't produce a significant rise in complexity.
For instance, the payload which specifically looks for uranium centrifuge hardware is independent of the worm which carries the payload. They can be developed separately, by different people, and combined.
That specific worm could carry a payload to attack anything.
Or, that specific payload could be carried by any worm.
There is next to no coupling between "worm" and "payload".
As the linked article points out, it wasn't just raising the speed, it was raising it in a subtle enough way to ruin the process while other experts routinely monitored the system
Most importantly it worked very successfully. With Windows, Google search, or most of the others mentioned here, they have had a huge number of problems. The word used was "sophisticated." I think that also implies some level of near-flawlessness in the end result.
The sophistication of a piece of code is not merely an attribute of its complexity.
Else a program with tons of accidental complexity (a badly written program by an intern) would be equally good with a program with huge essential complexity (a 10 line program that takes tons of domain and/or programming knowledge to write)...
Have you written motor control software before? If you haven't that might be why you can't tell. Whenever hardware is involved, with perhaps sometimes the exception of GPUs and workstation CPUs, I've noticed people's intuitions get a lot less reliable -- it's sort of like looking up the programming abstraction tower, lexical closures with higher-order functions to compute derivatives can seem awfully sophisticated to someone who's never seen something like it.
Of course if the sophistication is more about what they needed to know in order to break the things (and make that code change), then talking about this subsystem by itself that's either way lower or roughly the same as what they'd need to know to build and operate their own centrifuges. Much less, if they only needed to focus on one part of the process (motor control) that would cause problems (which might just be a brief consultant call with our own nuclear physicists and engineers, I don't know, nuclear science details seem as mysterious to me as high level language details might to impoverished programmers), or about the same, if they knew everything the Iranians knew about the systems (did we ever find out if they got all the blueprints and so forth and built replicas for end-to-end testing?) plus a bit extra on how and where to make it break without easily being detected.
Uh, that’s one small but important conponent of Stuxnet. The complexity is in the delivery mechanism, and the way it disguised itself, and the way it actually broke the centrifuges.
> Sophistication has come to mean a few things, but its original definition was "to denature, or simplify". Today it is common as a measure of refinement
So no, it can in many cases even be the precise opposite of complexity.
It actually originally comes from "sophistry", which is an ancient greek discipline of wisdom and excellence. I would generally associate the word with a high level of complexity that has been expertly reduced and refined to an elegant quality.
>Can you really say that the second bit of code is more "complex"?
Yes. Take fastinvsqrt() for example. Cleve Moler learned about this trick from code written by William Kahan and K.C. Ng at Berkeley around 1986.
float fastInvSqrt(float x) {
int i = *(int*)&x;
i = 0x5f3759df - (i >> 1);
float y = *(float*)&i;
return y * (1.5F - 0.5F * x * y * y);
}
Simple instructions, VERY complex code. Not as complex as this one, though, which took almost 20 years to come about:
float fastInvSqrt(float x) {
int i = *(int*)&x;
i = 0x5f375a86 - (i >> 1);
float y = *(float*)&i;
return y * (1.5F - 0.5F * x * y * y);
}
Chris Lomont says "The new constant 0x5f375a86 appears to perform slightly better than the original one. Since both are approximations, either works well in practice. I
would like to find the original author if possible, and see if the method was derived or just guessed and tested."
A model aircraft can be simple, but an understanding of principles for designing it can be hard. IMHO, these two pieces of code are extremely simple, in terms of logic, instructions and computations. But they are sophisticated, the second is even more sophisticated than the first.
I, personally, would differentiate between complex and sophisticated.
That is just one line of code, sure. But I can't imagine what it took to get that line of code there, and everything that comes with that. How many people were involved, PhD's, years of experience in a range of fields, and not just years of experience in any field but experience in fields like espionage.
My uneducated brain would still put "most sophisticated software ever written" in the hyperbole box, but even then I'm hesitating.
Wouldn't the people who know the physical things just write requirements for those farther on down the chain?
The threat analysts say, we need to destroy Iran's ability to make nuclear weapons. The nuclear weapons specialists say, the part where we can best do that is by somehow breaking their centrifuges. The centrifuge technician they call up says, "well, x RPMs will really ruin those things. And it would be hard to tell if they did it like this..." Then the software guys make the code that ruins the centrifuge, and the red team incorporates it into their fancy worm, with specs on what exactly to look for.
Ultimately, it was kind of a failure in that anyone found out about it. Maybe there were better programs, and because they were better we never heard about them at all. But still it's pretty amazing :)
The key part is that you have to bring all of those all together. In hindsight it might be straightforward but if you had a blank slate, how would you approach the problem of "stop Iran from refining Uranium"?
To me the most surprising result would be if it cost fewer than bombing the nuclear facility. At 100k$ each bomb, Stuxnet looks affordable, plus all the expertise and other attack vectors you get from piecing it togethet.
$100K for a bomb? I have no idea what bombs really cost, but if we go with that number, they could have dropped a lot of bombs for that price. One junior engineer working for a year costs that much. We know that expertise in a lot of fields existed, that implies a number of engineers.
I'm going to guess a bomb is cheaper. Of course a bomb has a lot of other disadvantages which is why it wasn't used.
One particularly expensive component of stuxnet is deniability. Although the commonly accepted theory for stuxnet's invention is "a state actor", specifically the United States, there's no proof of that at all. And conjecture without proof poses no threat to the US government.
If the government were to, on the otherhand, bomb Iranian nuclear facilities, one small mistake in the plan could ruin their chances of deniability, bringing down international condemnation on the US.
>and deep understanding of the operating systems referenced above
I think this understates it; it required a deeper understanding of the vulnerabilities of those operating systems than anyone else in the world, including the creators of the operating systems
Well, in the case of windows, I recall that maintaining backward compatibility with a variety of applications required a knowledge of the resource demands of each of those applications, with those applications each operating in a different domain. Similarly, creating memory allocators is something of a "black art" - it's a matter of generically good allocator but one which doesn't generate fragmented memory in "normal usage patterns" and then you have to learn what those normal usage patterns are, which involves understanding however many applications.
So the question of "sophistication" is both subtle and difficult to call.
Edit: And the production of a algorithm that's a conglomeration of ad-hoc processes might qualify as another sort of sophistication, see "the hardest program I ever wrote":
Most of the bullet points you've listed can be summed up as "business logic." I'm sure the Stuxnet programmers worked with physicists and industrial controls specialists.
Developing software for, say, jet engines requires sophisticated knowledge of jet engines, which is probably about equally complex. But it's manageable because programmers work with engineers who are subject matter experts.
The breadth of the expertise is: writing the worm, plus the domain knowledge of a nuclear engineer. Period. You could argue that the control software of those centrifuges is as sophisticated as the worm, since in requires knowledge in two separate domains: writing software and nuclear engineering. Same goes for any ERP software, which requires the contribution of software experts and domain experts.
I think Windows and Stuxnet are sophisticated in different ways.
Windows has to cover a huge area and a lot of "known" unknowns and be able to recover (somewhat) reliably. Stuff breaks, you get weird error messages, that driver for your Wi-Fi never really worked right, but at the end of the day you have a computer that works pretty well, and that's quite remarkable. The same is of course true of Linux and other operating systems.
Stuxnet is a hyper-specialized piece of software (malware) that cannot fail or it loses it's purpose. The authors clearly knew they had to have multiple fallbacks for every step of the process, but I find it very impressive that it reached it's end goal successfully and without being discovered. A lot of software (including malware) break because of regular software bugs, environments that differ from the expected, interference by the user, the list goes on. For Stuxnet to have avoided all of those, that is quite sophisticated.
It's the most sophisticated piece of malware, that's for sure (at least counting the ones we know of).
But calling it the most sophisticated piece of software is too big of a stretch.
That said, other answers to this question include what we would traditionally consider as contestants (like Linux kernel), it just happens that the submitter decided to submit this specific answer. I don't know was this the top answer before it exploded here, but it sure is now.
They are a family, as in, all of them were almost certainly created by the same group.
Symantec said that Duqu is "near identical" to Stuxnet. As for Flame, Kaspersky[0] initially said that it contains no resemblance to Stuxnet, and then later on discovered that they've even shared a zero day in their early versions.
From my understanding, I don't necessarily consider them as different software, more as a single software + forks by the same group for different purposes and with different zero days.
Stuxnet just happened to be the one that got to be the most popular one, for a number of reasons (most destructive, attacking the most sensitive targets, the one that got out of control and spread outside of Iran uncontrollably, first to be discovered...), so I refer to Stuxnet as the original one and Flame and Duqu as more of forks than completely different pieces of software.
Which one is more sophisticated between the three would be the same as if we tried figuring out which Linux-based OS is the most sophisticated, except that in this scenario, we only have 3 Linux distros (maybe four with Gauss) and they've all been created by the same group. There's really no point in trying to compare their sophistication.
[0] Before people bash on me for using Kaspersky as a source, Kaspersky, Iranian CERT and a university in Bucharest were the ones that initially discovered Flame, and Kaspersky's the group that published the first detailed analysis on Flame.
Out of topic but your defense for referencing Kaspersky makes me wonder why people would see a problem with it? I'm not familiar with the field and don't know who's who.
Only if you're on "Team USA". Looking on from outside, it seems to me pretty obvious that a Russian security company might provide useful insights on US malware operations that a large US security company would be less inclined or would not immediately report on.
Otherwise it's just your basic mudslinging; Both Kaspersky and US security companies are likely to do their governments favours, in particular by selectively not reporting things, both willingly and under pressure. If you're a US citizen working for a US security company and you'd stumble upon a US malware operation that appears to be doing something benign, such as preventing nuclear whatnots, you might be disinclined to report on it for fear of ruining a US malware mission--and even look past the fact that they're using such a risky, dangerous type of software to do it (being a worm/virus, remember that Stuxnet also disrupted and got into places that weren't targets).
Back when Stuxnet was active, I closely followed the story and the existence of the (airgap-hopping) virus was discovered long before people got any solid ideas about its purpose. When finally the first reports came that the special control software checked for machines running on a frequency that were only used in either some Finnish industrial plant or these Iranian refineries[0], the first reports on this did not come from a US security company.
[0] This part is a bit vague sorry. I wish I had sourced/fact-checked this part of the story better, years ago. There was so much going on.
They're a Russian company and semi-recently Trump banned their software from government agencies.
People theorize they're controlled by the Russian government but I've never come across any evidence that they're anything other than a top tier security company though.
They have done some fairly bold moves in the past though, like cleverly calling out other AV companies that were copying their detections [0] and kind of embarrassing the NSA [1] when a NSA employee took their malware/cyber weapons home to their PC running Kaspersky AV, which detected the malware and sent it back to Kaspersky server for analysis.
In Kaspersky's defense, they have started making their source code auditable for certain customers. Kaspersky is well aware of how they are perceived as a company, and they are aware that if anyone ever traces any of their activities back to the KGB, it's game over for them. I can't pretend I trust Kaspersky 100%, but I can see why others might.
"I've received feedback from people who were just focusing on the question why other anti-virus companies would detect a clean file we uploaded. And I can only repeat as I did in the blog: This could have happened to us as well," Kalkuhl explained."
Well, he clearly says, the test was to expose the "negative effect of cheap static on-demand tests" and not that others copied from them, because this seems to be routine and they do the same.
> They're a Russian company and semi-recently Trump banned their software from government agencies.
I know it's popular to bash Trump, but it was the DHS that banned the software, not Trump:
In a binding directive, acting homeland security secretary Elaine Duke ordered that federal civilian agencies identify Kaspersky Lab software on their networks. After 90 days, unless otherwise directed, they must remove the software, on the grounds that the company has connections to the Russian government and its software poses a security risk.
Which came after the GSA removed them from the list of approved vendors:
The directive comes months after the federal General Services Administration, the agency in charge of government purchasing, removed Kaspersky from its list of approved vendors. In doing so, the GSA suggested a vulnerability exists with Kaspersky that could give the Kremlin backdoor access to the systems the company protects.
I say this without having seen the code base for either, but I'd be surprised if Stuxnet's code base was anywhere near as large or with as many moving pieces. Still, it's incredible to imagine the knowledge base that needed to go into Stuxnet to get things off the ground.
Google Search was originally written by two guys in graduate school and has been refined and rewritten many times since then. I'm sure the code base is complicated and undoubtedly some of the greatest minds in software engineering and computer science have used it. The same goes for Linux, which was written by one guy and grew from there.
On the other hand, Stuxnet isn't something that a few brilliant graduate students could have put together. To even get this thing off the ground, you need people with backgrounds in nuclear physics and/or chemistry, operating systems specialists, people with knowledge of industrial equipment, networking experts, an espionage network and competent management to pull it all together. Plus, you need to keep the whole project secret. Oh, and funding. Lot's of funding.
I'd call that sophistication in that you can't even think about starting to tackle this problem if you're just two guys in a garage.
Without any kind of metric for “sophisticated” it’s all subjective anyhow. I like Stuxnet as an example - it’s devious and a true hacker approach, albeit as blackhat as they come.
i think for something to be sophisticated we are looking at how complex it is. this worm does nothing new in that regard (taking advantage of 0days, hiding, covering tracks etc.) it is no more sophisticated than a regular worm. quora is a fucking joke.
Personally, I think the Stuxnet work is comparable to a Rube Goldberg contraption.
So you could ask, is a RG machine more sophisticated than say a computer - maybe not on a strictly technical level, but again without a metric, it's all about how we feel about it.
Anyways, I thought it was a great writeup that explains at least one aspect of what sophisticated software is, in a language most anyone could understand.
I think for something to be sophisticated we are looking at the metric that differentiates fine wines and cheeses from plebeian non-fine wine and cheeses.
If we can just capture that essence, we will wield the power of sophistication in our hands.
Big != sophisticated. I’m not denying that there’s a ton of effort and features that go into windows, but operating systems are well known, and I’m sure most of the code powering windows is not all that sophisticated outside of some core components.
It’s sort of like comparing a skyscraper to an iPhone. Sure the skyscraper requires a lot more manual labor, but the iPhone is more sophisticated. It took ~80 years from when the Empire State Building was built to when the iPhone was built. The iPhone is more sophisticated but it’d still take more time and resources to make another Empire State Building.
Sorry if that’s a poor analogy- it’s the best I got right now.
Lets not forget software used for extremely complicated and risky operations like Mars Rover or Rosetta mission, developers did some quite amazing things there with very limited hardware resources...
This comparison is ridiculous. Searching the internet can be imperfect, it can be lossy, and there aren't any real consequences. We are talking about an ad platform after all. If you search for kittens and you get back 345 results or 101 results or 2345 results, does it really matter? No, it has no consequence to anyone.
>I'd argue that Google Search is much more sophisticated than Stuxnet. Windows is much more sophisticated.
Not to be rude, but it really doesn't sound like you read the article.
Especially when you claim that Windows is more sophisticated. Stuxnet had to get past all of Windows security, and did so by using not just one or two or three never-before-known flaws, but a bunch of them.
Probably not. Complex things break a lot. You want the life-critical code to be as simple as possible, with proven correctness if possible. I bet you'll not find 1 recursion in ISS flight code, and you'll not find anything that's not having an known-upper-bound on time run.
It is possible that code itself is not that complex, but the interaction between all modules certainly has a high level of complexity.
"In the International Space Station’s U.S. segment alone, more than 1.5 million lines of flight software code run on 44 computers communicating via 100 data networks transferring 400,000 signals (e.g. pressure or temperature measurements, valve positions, etc.)."
Several years later, and even with the code, researchers are not able to summarize a complete list of what stuxnet definitely does.
What I see here is that the word "sophistication" is misunderstood by a lot of people.
Stuxnet took control of multiple layers of complex production environments. There are numerous "0day" kits in the code.
It's not like an effort like a search engine or most other organized software projects, because there are logistical dependencies of the worm itself in those exploits. If it was a US-israel effort (I think it almost definitely was, but who cares) then consider how much discipline and effort it takes to keep TWO govt groups of hackers coordinated enough to keep those exploits fresh, whilst simultaneously building a dependable worm.
Another thing, a lot of the actual machinery and shit isn't very well known, and this is worth mentioning because it's not like you can go spin up an emulator for this shit to test out your massively devastating two-country worm on.
Stuxnet of course made the best of this by using lots of different exploits in different situations, giving it the biggest attack surface it could, that's low hanging fruit anyways.
I think stuxnet doesn't impress people because maybe they think it's just a bunch of bugs in old shitty software, but it's so much more than that. It's bugs in software that only a few hundred or maybe a few thousand people have ever seen, much less pentested, on machinery that's rare and sometimes even unique to the location, the infrastructure of the place is based on rough intel at best, and oh by the way, your spy hackers need to coordinate with this other group on the other side of the planet.
Start brainstorming how you'd pull it off, and I think it'll become more imrpressive as you do.
Personally, I think it's the most incredible display of skill and prowess in malware thus far. The years I've spent disassembling, reversing, tracing, filtering, researching... A lifetime of hacking doesn't even knock the dust off of a project like that.
Stuxnet changed history. Any "game of chicken" style equilibria is broken if the probability a nuclear actor's command and control drops below 100%. If there is even a 1% chance that when a Big Red Button is pushed the missiles fail to launch the game becomes unwinnable. Simulations of imperfect information in dynamic brinkmanship where both players are known to have advanced cyber capabilities results in a single dreaded endgame: general nuclear exchange.
We have moved into uncharted domains. And herein lie demons. Past Rules of Engagement universally agreed upon regarding the use of kinetic weapons no longer apply. For wiser heads to prevail in the current global climate, the voice for peace must become the loudest one.
Rules of engagement for cyberspace operations: a view from the USA
After the first couple of sentences I came to the opposite conclusion: perhaps the greatest nuclear powers have all had their launch systems compromised already, and if people started pushing buttons nothing would happen. Comforting thought.
Yes, it has the potential to break the MAD equilibrium. It's very ironic to me that offensive technologies do not threaten world peace as much as defensive technologies.
MAD is a local maximum of peace, but only if we define "peace" to include "tense standoff". It appears to be the best we can do in the presence of overwhelmingly powerful offensive capabilities.
Imagine the different "peace" if instead we had overwhelmingly powerful defensive capabilities.
But everyone would have to have those, or else the first country to develop them would have an insurmountable advantage. A country that has both nuclear weapons and the ability to block all attacks including nuclear would rule the world, or at least dominate it without opposition.
Very interesting comments especially conclusion that voice for peace must be loudest. Generally, personally agree. However, what you think of current USA stance of beefing up defense and probably nuclear arsenal while others are not allowed such weapons? Won't it make them want these weapons even more?
The launch is a two person process and while in theory the second person is only there to verify the identity of the President this has never been put to the test and there truly is no way to tell what would Mattis do in a situation like this.
Removal from position due to medical incapacity is not only a real transfer of power mechanism but also fairly easy for the Vice President to do, assuming that the Secret Service agrees.
Remember, the Secret Service works for the US Treasury.
The problem is not everyone on the world stage is a rational game theory nerd that links to papers like we want them to be. Also 60 years of treating every other country as a box in a threat model to be manipulated against other boxes has been a completely unmitigated disaster, so maybe we should stop that.
You want to ask all those who lost their lives in any of the numerous conflicts. Only, because the big clash didn't happen (it nearly happened three times in 1983), this doesn't mean that there weren't any conflicts. E.g., the biggest air war in history, in Laos, even was conducted in secrecy, African politics is just a single mess, etc.
In brief, it concludes that the US alone (there have been lots of conflicts without any manifest involvement of the US) has been involved since WWII in conflicts causing "the deaths of between 20 and 30 million people".
[Edit] You may also consider the ongoing war in Syria, which is not only exceeding WII in duration already, but also overshadows the total death count of the US in the WWII Pacific "theatre" (161,000 dead, including 111,914 in battle and 49,000 non-battle) by 500,000+ dead (last consensual figure was 470,000, issued by the Syrian Center for Policy Research in 2016).
The world also became a lot more connected, so we're exposed a lot more to wars and such abroad, and we've matured morally speaking and can see that all wars are unnecessary.
I thought I read that people said nearly that identical thing shortly before the start of World War I. That world economies are so intertwined and peace was lasting.
> Only in a western welfare bubble. Morality over war is what you can afford having other security needs taken care of.
That's actually a false hypothesis of people in the 'western bubble' who haven't experienced war. Research I've seen shows that people in places that have experienced it, such as in Syria, are much more opposed to it.
And that bears out in Western experiences: Who created the UN, with the stated purpose to prevent another war? Who created (the ancestor institutions that became) the EU to prevent another European war? Who enforced the Geneva conventions and prosecuted war criminals after WWII?
The answer is, the people who had lived WWI and WWII. They knew far more of war than anyone today in the West, and they thought it was the worst scourge of humanity which must be prevented from happening again at almost any cost. Who are we to disagree?
Do note the same countries still wage war (and trade in realpolitik). What you're saying is not mutually exclusive with what I'm saying, it's on a continuum.
The western world has developed institutions that give it security. Once those parts of the world ravaged by war do the same, they too will enjoy peace and stability.
Well, we're undoing these institutions with an ever-growing fervor, as we appease the insecurities of a few rich and powerful people by handing them yet another election and yet another few units of currency on top of their almost unimaginably huge mountain of existing wealth.
For all the evidence we have, MAD has worked. Still here. Still no WWIII. At the beginning of the twentieth century it was looking like we'd have another world war every twenty years or so for the rest of time.
As best we can tell, nukes actually did end large-scale war. I would call that at least a partially mitigated disaster.
You're not wrong, but there were multiple incidents during the cold war where the US and Soviet Union came very, very, very close to a nuclear exchange, and it was only dumb luck (and sometimes the heroic actions of individuals who were in the right place at the right time) that saved us. We were lucky, and luck is not a plan.
The unwillingness of people to start a nuclear exchange is exactly the plan. In the examples you speak of, common soldiers and technicians refused to launch the missiles. It's noteworthy that the idea of a full-scale thermonuclear exchange is so horrifying that even soldiers who assume they are already dead and have orders to launch still refuse. I think that speaks a lot about the inherent goodness of humanity, but that's a different story.
I know it came very close, but the assumption was that it would come to the brink yet nobody would want to go through with it and begin open aggression. Seems dubious and risky, but once again it worked. And let's not discount the negative risk--a conventional world war with the Soviet Union, China, the US and Britain would have been so terrible.
With such a small data set we should still be dubious, but I don't know if we can consign it merely to luck. I think it was a good plan. Terrible publicity, though. Nightmarish. But so is war.
I think that weapons range, combined with either precision targeting or large numbers, gets that job done. Picture a world without nukes, but with lots of highly accurate ICBMs and SLBMs. The attacker can expect to be attacked, with the destruction being stuff like the Kremlin or Whitehouse or parliament building.
In the days of WWII, an attacker could rightly feel confident that there could not be an immediate response that strikes anything of importance. The attacker might even believe that such a response could not be possible ever in the future. Poland could be invaded without any realistic worry that Berlin would be attacked that same day, and a bit of optimism turns that into Berlin being safe.
Maybe so, I have no idea. I think they'd just hardened bunkers and go to war anyway. But really it doesn't matter; the genie is out of the bottle, so MAD is really the only plan available. Can't un-invent the bomb.
I don't see how that argument is justified. Maybe the Marshall Plan and the European Community saved Europe from war. Maybe Maybe globalization and general civilization-wide wealth creation made it so the elite's and xommonners businesses are less profitable in large scale war. (Note that even today, wars happen in poor countries, not rich countries). Maybe democratic evolution made the "send peasants to war" model obselete, and maybe modern communication made it harder to sell the fascist lies that motivated WWII.
Nuclear Weapons didn't prevent Vietnam or Korea or the Middle East wars.
While my humble opinion is that MAD was effective, let's be careful not to infer causation from a sequence of events (the rooster crows and then the sun rises). And the events of 'MAD' and 'peace' are not in sequence: WWII ended in 1945. MAD wasn't an idea until the 1960s and not implemented in a treaty until the 1972 Anti-Ballistic Missile (ABM) Treaty, AFAICT.[0]
It makes more sense if you remember that nuclear weapons and delivery technology didn't reach the 'assured destruction' stage for awhile. Remember that in the Korean War, in the 1950s, General MacArthur was pushing to use nuclear weapons (IIRC); it wasn't as taboo then. Finally, remember that MAD applied only to the Soviet Union and U.S. (or the Warsaw Pact and NATO), while major international wars ended worldwide, for the most part. Remember that WWI and WWII were fought between future NATO members; the later peace between them wasn't due to MAD.
> At the beginning of the twentieth century it was looking like we'd have another world war every twenty years or so for the rest of time.
The victors of WWII were very concerned about that, and began planning to prevent it before the war ended. That resulted in the UN, the institutions that became the EU, a rejection of nationalism (as a significant cause of war), the spread of democracy and universal human rights as a peace-making policy (democracies generally don't start wars with each other), and U.S. leadership in the international order to maintain those things and to provide stability. My understanding is that those are the reasons for the relative but extraordinary peace. Here's a Churchill speech about it in Zurich in 1946 (the speech focuses on the future EU; remember he also was one of the architects of the United Nations):
(I'll also note that they seemed to have worked so well that now people take the peace for granted and are tossing aside the things that make it happen.)
I partly agree with you but a less charitable interpretation is that we had a bipolar hegemony that prevented full-scale wars. Many regions experienced significant violence, often caused or abetted by Western powers that turned out to be less committed to democracy and human rights when they got in the way of power politics. (Edit - or other powers that barely bothered paying lip service to human rights)
Again, I broadly agree with you and would definitely prefer to see a continuation of the past 60 years over whatever’s on the horizon, but let’s not get too rose tinted about Weatern benevolence.
I agree. The reason I didn't go into the detail you did was that I just had to draw a line on the length of the comment, for my sake and for the sake of the reader. I'm glad you added your comment.
Your timeline is wrong. Bernard Brodie came up with Nuclear deterrence in 1946. The Soviets would have read his work or understood the implicatikns. There was a reason they raced to get the bomb.
> Bernard Brodie came up with Nuclear deterrence in 1946. The Soviets would have read his work or understood the implicatikns. There was a reason they raced to get the bomb.
Mutually Assured Destruction is not the same as Brodie's Nuclear Deterrence AFAIK (which admittedly isn't much). In 1946, neither side could come close to assuring destruction of the other; the Soviets didn't have any atomic bombs until 1949, the U.S. didn't have the H-bomb until 1954, and of course neither had ICBMs, The best production rocket was probably the V-2.
I haven't actually read Brodie, I'm just going on my memory from my strategic studies class. But my recollection is that he more or less fully fleshed out nuclear warfare theory in 1946. The tech wasn't there, but the logic of the weapons was.
MAD is less a strategy than a reality. As long as each side has weapons that can't be credibly destroyed in a first strike, you have MAD, whether theorists explicitly call for it or not.
Though of course submarines make this easier to achieve in practice.
I might be wrong about this though, perhaps there were significant differences between Brodie's 1946 theory and later MAD developments.
Thanks. A couple things I don't think are accurate, based on my limited knowledge:
> As long as each side has weapons that can't be credibly destroyed in a first strike, you have MAD
With the significant qualifier that you need enough weapons to survive to completely destroy the enemy.
> MAD is less a strategy than a reality
I'm pretty sure that's incorrect. It was and is a specific strategy and implementing it was the reason for the ABM treaty and others - defensive weapons would make destruction less "assured". See the source I linked above.
The thing with defense is that even without the ABM treaty, we don't have an effective defense. MIRVs will always be cheaper than single shot ABMs, and their reliability is too low to rely on in the event of a second strike. That's what I meant by it being a reality.
People do of course adopt it as a strategy as well. But if effective defense tech existed I don't think the strategy would hold. The US abandoned the ABM treaty even without such technology.
As for your first point, it's true that MAD didn't really conclusively come into force until submarines. But there were efforts before then to maintain a second strike capability, such as keeping a certain percentage of bombers in the air, preparing them for fast takeoff, etc
Maybe not 100% assured second strike, but the basic idea was the same
Do we really have enough data to draw conclusions? A nuclear war could break out in ten years time and be orders of magnitude worse than WWII. That would invalidate MAD in an instant.
Nuclear weapons create a requirement that you safety depends on the pragmatism and sanity of leaders and government. Not only of your own country but your enemies.
The patterns of history suggest we are heading for unclear war. Power (manifested as interest) has been present in every conflict - no exception. Every nation eventually gets the war it is trying to avoid - nuclear war too. Decision-makers delude themselves that the course they are on will not lead to annihilation, but it always does. World leaders are deluding themselves now.
Read more at: http://www.ghostsofhistory.wordpress.com/
Not scared of what “we” are doing to “them”, but rather what “they” are doing to “us”... our power plants, dams, electrical grids, gas pipelines, traffic light networks, air traffic control systems.........
The above comment makes no mentions of who is doing what to whom. I think the idea of “us” doing things worse than I could imagine is just as scary as the other way round. You are indirectly part of the responsible bodies and may face the backlash without having been able to not only do but even know anything about it. Imagine for exemple being a Russian citizen whose quality of life is diminished due to political/economic sanctions as a result of your country's espionage activity being revealed.
> Imagine for exemple being a Russian citizen whose quality of life is diminished due to political/economic sanctions as a result of your country's espionage activity being revealed.
I know quite a few Russians. Almost all act defensive over how people treat Russia as a politically homogeneous (evil) unit, when it's mainly a few oligarchs at the top. To the point of defending the political explanations espoused by state TV, which of course is heavily biased towards the narrative said oligarchs want the Russian people to believe.
Remind you of anything? I for one have stopped trusting Dutch news for "being honest with itself".
We're quickly heading toward the age of the first Virtual WMD. The implications can be as wide as your imagination, but possibly worse than existing WMDs.
You know what's worse than the instant obliteration of millions of people? The slow obliteration and starving of millions of people.
Imagine Venezuela, but much much worse.
Picture a society that doesn't know how to create institutions, conduct trade and collaborate with the people around them without the aid of a computers.
Now, I don't know if disabling their computers would result in an incredibly dysfunctional society that would starve, but it's not unthinkable. If it did, the suffering could be far beyond the instant obliteration of millions of people.
Who stands to benefit by destabilizing the western world to such a degree? Clearly some big players like Russia and China, as well as some smaller players can benefit from destabilizing the western world a little bit. But if they destroy it to the point where millions of people are suffering, they'll bring suffering on themselves as well. It seems to me that they're probably motivated to level the playing field and gain dominance more than completely destroying or starving people on a large scale.
To be clear, I wasn't making the case for a motive or even suggesting this was a plausible scenario. My point was death from a nuclear weapon is not the worst form of death.
Modern history is littered with examples of millions of people starving or being slaughtered because societies collapsed economically or politically.
> Who stands to benefit by destabilizing the western world to such a degree?
Who's limiting the conversation to the western world? Let's think beyond ourselves for a second. Wouldn't it be just as tragic if cyber attacks were used to destabilize other places in the world? Imagine an African country that has become entirely dependent on some sort of mobile money transferring platform. Maybe their neighbor launches an attack on that platform to destabilize the country for whatever nefarious reasons.
> You know what's worse than the instant obliteration of millions of people? The slow obliteration and starving of millions of people
Yeah, I'm going to have to sort of disagree with you there. Once you are dead, you are dead. If you are starving, things can still change and you can still have free agency.
Well it's about statistics rather than what an individual might possibly be able to accomplish.
Sure, maybe you'll find a way to survive a famine, but on average most will die because the math just doesn't add up. Not enough food for everyone. And it ends up killing far more than bombs and bullets, even nukes. Disease and famine are far worse than WMD when the numbers are in.
Well I don't think my dead self would mind being dead with it being dead and all. So I don't really see how any kind of suffering is better than death. In a way death doesn't really hurt you, since you stop living.
You joke, but from a certain perspective and within certain parameters, there are people who would find this acceptable, and even preferred. I recall the movie Solace (which wasn't great, but I digress) where the premise is that a serial killer has psychic powers that allow him to see others' futures. When he detects a future that is particularly horrible (disease, injury, etc) with no hope of survival, he makes sure their last moments are wildly happy and kills them painlessly with no warning.
If we were to regard the life of the average poverty stricken human as being _terrible_, then killing them painlessly and suddenly becomes less abhorrent. Of course, then we need to define criteria for whose lives are of sufficiently bad quality where sudden death is a superior option.
Some nihilists might say all humans satisfy that criteria. Even if you're a wealthy and generally happy person, you will become old and die. If you were suddenly dead at this second with no warning, you would not care - the only downside would be those who remained alive, who presumably would care. Let's recurse until no one cares.
And the universe moves along just the same.
I am not advocating for this at all, but I felt your comment justified some sort of explanation. And I have been thinking about these existential questions quite a bit recently.
Actually, in a capitalist country it might be easier to survive such an attack. If there is demand for a product or service, people and businesses will find a way to meet that demand. Millions of people working independently to satisfy their local market demand. It would probably hurt centralized socialist or communist countries more since it severs their control, surveillance, and communication mechanisms.
I agree that markets tend to buffer the effects significantly.
The problem is in times of crisis, the appreciation of market dynamics and rule of law tend to wane. Even if those things are intact, the flow of goods and services can be undermined by well-intentioned but misguided politicians.
My point was simple. Despite the systems of trade, a catastrophic shock in trade or production systems could literally kill millions in a way that is more brutal and horrific than instant obliteration.
I’m intrigued - how does that play out in your head? There’s a disaster causing social collapse but a free market for food remains. Demand outstrips supply so it becomes too expensive for many to buy. What do people do before they can go back to the land and sow their own food? What about areas with a lack of suitable available land (as referenced in a sister post by the potato famine)?
I honestly didn't invest too much time playing out scenarios out in my head, rather I was mentally recalling events in modern history where we've simply allowed millions of people to starve. From a BBC article:
The scarcity, Mukherjee writes, was caused by large-scale exports of food from India for use in the war theatres and consumption in Britain - India exported more than 70,000 tonnes of rice between January and July 1943, even as the famine set in. This would have kept nearly 400,000 people alive for a full year. Mr Churchill turned down fervent pleas to export food to India citing a shortage of ships - this when shiploads of Australian wheat, for example, would pass by India to be stored for future consumption in Europe. As imports dropped, prices shot up and hoarders made a killing.
I guess if I was to assume a scenario that could lead to the starvation of millions, I'd imagine a poorer country making the mistake of relying too much on some sort of electronic platform to trade and save their money. Let's say this country/region also relied too much on exporting some agricultural commodity that was being affect by a change in climate.
A catastrophic attack on their banking platform could theoretically destroy the local populations confidence in the trading currency as well as scare away foreign lenders. It may create incentives where it's more advantageous to hoard food and sell it on the international markets rather than distribute it to local customers who can't pay.
Free markets tend to create the most value in the long run. In some situations, hoarding can create incentives to distribute to underserved areas. In scenarios where the underserved areas do not have a means of payment (monetary, barter, indentured servitude, etc.), free markets and hoarding can simply be horrifyingly cruel.
Should there be some catastrophic collapse in society, I would far prefer that the government requisitioned food and rationed it out. While it’s definitely open to abuse, I think it would do a better job in the short term of keeping people alive. A free market response to a national emergency sounds dreadful to me
I don't disagree. Most times, I would prefer the decisions of how people get the things they need are made by a network of people with incentives to provide and profit rather than central planning. However, if the situation is dire and the incentives create a deadlock, I think thought-out, extraordinary measures to help people are warranted.
> My point was simple. Despite the systems of trade, a catastrophic shock in trade or production systems could literally kill millions in a way that is more brutal and horrific than instant obliteration.
Systems have trade have made the market economy of the US more vulnerable to many kinds of "a catastrophic shock[s] in trade or production systems." IIRC, there are only a few days of slack in the US food supply chain. That's down from a month or two during the cold war (where I think there were mandates for reserves).
Capitalist countries still centralize their control, surveillance, and communication into few hands with little diversity. The market forces you describe only apply to the early days of capitalism. Most capitalist societies are long past that, at a stage where the strong early players have re-written the rules and formed quasi-state monopolies.
Just look at how many communications companies the US has. And the government had to step in and break that up because there used to be just one. Even now they are quietly conglomerating back together, and there are no significantly different options available. It's still very vulnerable to an attack or flaw due to lack of diversity.
Not sure how much that really buffers anything. In a lot of mature markets, the fact that the whip-hand is held by another corporation doesn't make much practical difference - what happens if someone finds an attack that bricks every Caterpillar tractor and hauler?
It doesn't matter if C&C is corporate or state, they break the same way.
In 20 years, a virtual WMD may well instantly obliterate millions of people.
I'm already unsure of what the most possible damage someone could do with over-the-air automobile firmware updates is today, just to take one example. What would it be like if someone put out a virus that at 11:32:42am on March 3rd, 2036 causes every GM, Ford, and Tesla self-driving car to lock all the doors, floor the accelerator, and let the chips fall where they may?
Consider not just the immediate impact of the crashes, but the fact that you just completely obliterated emergency services (they couldn't hope to serve but a tiny fraction of the victims), choked every major road and most of the minor roads with wreckage, wrought a catastrophe so large that while I don't predict what the effects would be, we're talking something more defining for a generation that would handily compete with both World Wars combined for psychological effect, with the Great Depression tossed in for good measure... it would be astonishing.
I'm not even sure we couldn't get close to that in 2018, to be honest. What if by some horrors the Stuxnet authors were set the task of making this happen? How close could they get?
The problem all virus authors have is escaping detection. 2036 is too far out for them to count on not being detected, and on cars being the same. Release it today, and even if you infect all cars and are undetected, GM and Ford's normal update cycle is likely to change things such that by accident your virus cannot spread. You can expect to get a handful of cars to accelerate out of control - and odds are the door locks don't work on them so you failed to lock the door.
Infecting a cars is hard for other reasons. Radios tend to be easy to updated (they can sell you new features - maps if nothing else). All other controllers tend to be more locked down such that it is likely that a virus couldn't actually spread to anything that can take control.
Maybe, who knows who GM will change over the next 20 years. GM only has guesses.
"2036 is too far out for them to count on not being detected, and on cars being the same."
Sorry, I conflated two things here. I meant someone in 2036 setting a logic bomb for something like a month in advance in their time, and as a separate question, how close one could get to such a virus today. As we keep wiring up our cars to networks (not necessarily "the Internet", but networks), it's only going to get easier.
One of the problems I think will happen with cars, only accelerated by self driving cars and the high probability that people will largely lease them rather than own them, is that the governments of the world are going to see a big pot of real-time surveillance data and real-time person control mechanisms and won't be able keep their hands off, mandating that cars start getting very connected and that cars have backdoors for authorities to take over and redirect them, etc. My scenario in 2036 may not even be a brilliant virus designer, but just one person with Python scripting skills and a bit too much access to the government control system.
It's not even that hard to imagine such a disaster happening accidentally. I'm sure, no sarcasm, that protections will be put into place, but there always has to be a developer back door mechanism of some sort, and there may be enough controls added, or they may not be added competently enough.
(And in terms of the protections of the cars themselves, remember that Stuxnet included the use of not one, but two code signing certificates that the Stuxnet authors clearly did not have true authority to use. If there's a way from the Internet to the control mechanism, even if it requires signed code, there's no guarantee a particularly capable and motivated enemy won't penetrate the protections.)
My scenario in 2036 may not even be a brilliant virus designer, but just one person with Python scripting skills and a bit too much access to the government control system.
I think you would need to think in the line of a global economy/technology/infrastructure collapse (no power production/utilities, (global) transport, financial crisis), millions of first world being thrown into third world conditions (no access to water, food, medicine) due to the large cities depending on technology.
Also see: https://archive.org/details/james-burke-connections_s01e01
Virtual weapons are worse when it comes to proliferation. And they are worse when it comes to identifying attackers. Both of these could make them more likely to be used.
Software which say opened the throttle and disabled the brakes on millions of vehicles simultaneously would be in the ballpark for total destruction in a short time. With self-driving cars, the total destruction can be optimized, hunting down pedestrians and hitting vulnerable infrastructure.
Blackouts. Do what Stuxnet did to the control rooms of a large number of power plants, spinning up the machines to hard, coordinate this attack so it triggers in a large number of places.
If you can pull this off for a continental scale, you're looking at potentially months to restore power to everywhere.
Actually for power plants it isn't quite so simple. Because turbines and turbogenerators at nominal speed are quite close to the limit of what the material can support, they have multiple independent fail-safes. For example, if you tried to spin a turbine above safe speed, quick acting valves redirect the steam elsewhere in a fraction of a second.
However, there are absolutely things you could do in a power plant that greatly accelerate wear. It might be possible to accelerate wear enough to achieve failure of some parts before the next maintenance happens.
"Just shutting a plant off" on the other hand is not too difficult; for most plants and upstream systems "off" is the safe state, so all systems are designed to fail into that state, if they really have to.
Anything that doesn't require refrigeration would still work though, trucks run on diesel after all.
Which makes me concerned about the future; if the transport network becomes electric, a power outage will cripple things even more. Unless we build self-contained, internet-disconnected charging stations maybe, but that's not going to be done at any kind of significant scale.
You can maybe drive a truck, but there is a lot more to a logistics pipeline then actually driving the truck. Without power the whole scheduling automation etc. has to be done manually, and it's by now simply impossible to do every automated job manually again.
Your logistics pipelines could maybe run at a few percent efficiency if every step is manual, but by then your trucks will be raided on the streets.
They are still pumps: a physical system. Give me a couple hours and I can get gasoline out of any gas station without needing electricity. Of course I will destroy large parts of the machine in the process. I'll get my gas, and so will anyone else while that turns the crank. The pump will need to be replaced to use normally afterwards.
The bigger worry is gasoline in tanks is good for at most a month. The refinery is much harder to start/operate without power. They have their own backup power on site (I assume) so this might or might not be a real worry. If it is I'll just brew some ethanol.
Maybe you would, would people everywhere? Also, the tanks are underground, encased in concrete, with a submersible pump, and there are no power tools.
Might be possible to get to them. But that's solving one problem. If we're talking continent scale blackout it's also unclear what that gets you.
Typical backup power is measured in hours or days. Black start time scale for a blackout that scale is potentially significantly longer than that.
Long before petrol in refineries runs out our logistics system that distributes food to people has failed. The water system probably has failed. Now if you're in the countryside with a full pantry and a stream next to you that might not matter too much. You'll sit this one out. But if you're in the middle of New York?
My first thought when this happens is society will get itself going again in a few weeks. I wouldn't want to be the looter who robbed a gas station in the trouble. By time it was obvious that society isn't getting back together the gas in their tanks is bad so I wouldn't want it. I'd be more interested in robbing the hardware store to get shovels, and other supplies for gardening so that I can live long term. Hopefully my neighbors are helping as well, division of labor is helpful.
This assumes I survive. Anyone who is this interested in destroying society is probably going to use other means as well to kill people at the same time.
It highlights the shipping "chokepoints" where disruption causes potential food crisis for where the ship had intended to deliver its payload. If the infrastructure which manages these pathways is attacked, the security of these regions is in jeopardy.
> I'm having a hard time imagining a virtual WMD that is worse than the instant obliteration of millions of people.
Incidentally, my impression has always been that, at least with the comparatively low-yield atomic weapons that have actually been used, it's not the instant obliteration that's the biggest problem, but rather the lingering effects of fallout and radiation sickness.
If you can shut down enough utilities (electricity, mobile telecommunications, television & radio station, water treatment plants, access to water...) at the same time on a wide enough area, it would be devastating.
If you took out a dam in Montana the following chain of dam failures would cut the United States in half all the way to the Gulf of Mexico and destroy US agricultural output. The US produces 40-50% of the world Soybean and Corn supply. Long term you're probably talking billions of deaths due to food shortages.
Dams are dangerous beasts. The KMT breached some dikes in the 1930s for the purpose of environmental warfare, and in the process killed half a million peasants and displaced millions more.
I'm not sure it would be. I don't think we've considered all that can happen with a sophisticated worm.
The problem with leveraging nukes is MAD. With worms, you can do a lot of damage without even knowing who did it. Think the Anthrax attacks in 2001 x 1000.
With worms, you can do a bunch of damage over a long period of time without getting discovered. What's the US going to do, start a nuclear war over it? No, see MAD above.
I mean if a worm could figure out how to stop shipping (say simultaneously disable control / start systems of vehicles or gas pumps), people will start to starve after a few days, then probably total chaos will happen leading to a bunch of deaths. That's just a single scenario.
How about if a worm took control of all the air traffic towers simultaneously and change the information so that controllers would start crashing planes everywhere.
I know nuclear war has been played out on tv and in movies for the last 70 years or so, but I don't see an all out nuclear war between two states lobbing hundreds of warheads at each other ever happening. At least not intentionally. Any type of nuclear detonation would either be accidental, or very isolated.
Mosul dam in Iraq was in serious trouble and some argued that it might collapse after the second Iraq war. If it's ever breached the disaster could kill as many as 1.5 million people living in the city below and displace a further 5 million. It's not beyond the realms of possibility that a Stuxnet aimed at the dam's control systems could kill more people than at attack with nuclear or chemical weapons.
A significant amount of how our society approaches technology issues almost seems like everyone has agreed that they WANT a gigantic catastrophe. Like they want to see an action-movie-scale real life supervillain to emerge who uses technology to severely harm people. I won't be surprised when one nutcase has prison doors flying open, planes falling from the sky, ATMs nationwide spilling into the streets, stock market prices spinning randomly, electrical grids frying themselves and everything attached, all at the same time.
You're 100% right, but you should use the word cyber, not virtual.
I know hackers hate the word cyber because grandma uses it, but it's the right word for it. The stand-in "computer based" almost works, but it doesn't cover things like hacking radios.
Eh, I'm not so sure. One of the biggest appeals of our current WMDs is they can take out the enemy's WMDs in addition to infrastructure. An attack that paralyzes an entire nation's computer network and sends self-driving cars crashing into substations doesn't mean anything to the group of guys in a bunker/submarine with the keys to the 50 year rocket powered by vaccum tubes
Even more interesting and along the same lines of thought, Stuxnet was probably considered a failure in the eyes of its creators. The fact that we're discussing it, analyzing it, and patching its exploits is probably the exact opposite of what its creators wanted for it, even if at a point it did have the desired affects.
But now, everyone's wiser, so the game just got more complex.
No, I'm sure whoever created it doesn't consider it a failure.
Its mission was to destroy some expensive industrial centrifuges and set back Iran's nuclear program. And it destroyed some centrifuges precisely as it was designed to. At that point discovery is inevitable, but whatevs because "mission accomplished".
> It's mission was to destroy some expensive industrial centrifuges and set back Iran's nuclear program. And it destroyed some centrifuges precisely as it was designed to. At that point discovery is inevitable, but whatevs because "mission accomplished".
I think it might be considered a partial success, but mostly failure. It did successfully set back Iran's nuclear program and destroy some centrifuges, but it spread too widely so it was probably detected much more quickly than desired.
Also, if it had been discovered only at the nuclear fuel plant, Iran might have kept quiet about it out of embarrassment, allowing it to be deployed elsewhere. Instead it was picked up by a major AV vendor and dissected very publicly.
perhaps, but perhaps the creators don't know of any more holes. Or perhaps the creators knew about more, but the focus on security that this created resulted in not just the holes stuxnet used being closed, but the others. Or perhaps the creators know about more, but their targets have added layers of security and so they can't actually get their next worm where they want it.
A lot of unknown. Those who's job it is to secure systems have their own tricks.
Kinda makes you wonder why they didn't build a way to detect when it had reached its target so that they could have the remnants on other machines removed.
"Russia has hacked into many of our government entities and domestic companies in the energy, nuclear, commercial facilities, water, aviation and critical manufacturing sectors"
Forbes doesn't have a Russian bias. It has a business model bias. In short, it milks its good name while paying a low per click rate.
This combination is very, very attractive to propaganda operations. People who see themselves as writers cannot make an actual living there, but writing for a publication their parents recognize feeds their ego.
This can work either overtly or more subtly. They can simply reward useful perspectives with clicks, or they can offer additional steady money work through other channels. Either way they have an entirely deniable useful idiot.
I've been arguing about this for the last three days. Mostly around the reason that "complexity" is not strictly the same thing as "sophistication" when it comes to software. Noobs will conflate the two, but experienced programmers will agree that -- just to illustrate my point -- some code which solves a complex problem in a very clever way while also being very clean and easy to maintain will be considered strictly more sophisticated than some other code solving a similar problem which simply has a higher degree of complexity than the former. There is a subtle difference when it comes to software, and this subtlety needs to be considered in this question. Now, I think Stuxnet is a fantastic suggestion to this question, for a number of reasons:
1) The legal, ethical, technical challenges of creating the software.
2) The ability of the software to remain hidden in (sophisticated) environments rich with (sophisticated) organizations looking for exactly this kind of thing.
3) The stealth of the entire research, design, development, and deployment phases of the project.
4) The highly specialized nature of the target.
5) The scale of the entities involved.
6) All of this sophistication and we can't even see the source code (decompilation doesn't count).
This is frankly some impressively sophisticated software. Also, incidentally, the Quora poster's company looks like a fun place to work (with good programmers on the team). Some of his other answers are thoughtful and interesting to read, too, if you get the chance.
On complexity vs sophistication: During the cold war, a US company noticed the USSR had stolen the plans for a natural gas pipeline system, but not the software.
In response, the US introduced an integer overflow bug that was uptime dependent, and took something like 6 months to hit. The bug simultaneously cranked up the pumps and closed all the valves in the network.
It was known that the Soviet economy would crash in under a year without the ability to cheaply move natural gas, so they couldn’t test long enough to find this.
A year or so later, the DoD’s seismographs detected the largest non-nuclear explosion in human history.
The main impact wasn’t the explosion or the short-term economic damage. The main impact was that the USSR stopped trusting stolen software, which set them way further back, economically and militarily.
Arguably, that ~one line of code was infinitely more sophisticated than stuxnet.
Also, this story seems to be taking on a life of its own. You have some details that were not in previous rounds. Integer overflow based on uptime was not in the original unverified story.
How do you even define sophistication in context of computer software? Let me try by defining the opposite. What would be unsophisticated computer program? I would say it is brute force algorithm. It is unsophisticated because it uses simple logic and iterative approach to achieve aim in inefficient manner. So sophisticated program is:concise(non-iterative), efficient (doesnt use too many steps to arrive at destination) and uses non-simplistic modeling of given problem. Anyone has anything better :)?
> On complexity vs sophistication: During the cold war, a US company noticed the USSR had stolen the plans for a natural gas pipeline system, but not the software.
I think this account might be a bit wrong. The one I read said that the CIA acquired a "shopping list" of Western technology that the USSR wanted to acquire. It included the pipeline control software, so they arranged for a trojaned version to become available to the Soviet shoppers.
Apparently this was a pretty common Soviet activity. Their electronics technology was behind the West's, in general. IIRC, many US semiconductor designs has little cartoons on the dies to taunt the Soviet reverse engineers.
I want to second this. The things I wrote throughout my career that I'm most proud of aren't very complex.
I find it very satisfying to understand a problem so well, up to the point you can find a simple and elegant solution to it. It makes the solution easier to reason about with other team members, and easier for the team to maintain it later.
I see this as making your domain expertise available as a framework for the other team members.
This is my idea of sophistication in the software development world.
Simplicity is always a sign of a quality solution. I’m not sure why anybody would ever conflate complexity with quality or sophistication. I wrote some very complex code in college, but it wasn’t very high quality.
To date, my most complex piece of software in terms of how it was implemented was a simple calculator written in my first programming course. About a week before I started it, I had learned about regular expressions (the programming construct, not the formal language construct).
The basic implementation was a calculator that could add, sub, mul, div, pow, and sqrt. Bonus points were awarded for adding additional functionality including lettered variables. It started with a relatively clean shunting-yard implementation, but my use of regular expressions quickly fixed that.
My calculator worked under most circumstances, but that thing is an eye sore. I'll never get rid of that source code. I like to go back and look a few key pieces of software I've written through the years.
Yes, in my experience, solving a problem / feature well involves three steps:
1. Get the code to work
2. Clean up the code
3. Simplify the code
1 is self explanatory. 2 involves removing any logical redundancy, separating and cleaning the logic into methods, etc. 3 involves simplifying logic and logical mechanisms.
Most developers only do step 1 and maybe step 2. Step 3 is where beauty comes in.
If I could organize my thoughts around this concept, it would probably make a pretty good article. I don't know who the source is but a good quote goes something like this, "real genius isn't solving the complex, it's solving the complex in a simple way."
Indeed. I think that the mark of sophistication is not complexity but irreducible complexity. Sophisticated solutions are those that have been reduced to their simplest form.
I'm wondering why do you think this is true? Using stuxnet as an example, would it not be better if they used every feature within reason that would add to the likelihood of success? Why does reductive elegance make an application of technology superior to an inelegant solution? Does final effectiveness not overrule the developer's aesthetics?
I'm asking in honesty, not using the question to merely attack your opinion. I recognize there are things I have probably not considered.
Referring back to my natural gas pipeline example, just install the nasty centrifuge control software at the factory.
It is easier and more likely to succeed. Also, stuxnet has now been repurposed by multiple governments and criminal organizations. So, it’s creators built a symmetric capability, and gave it to their adversaries, when they could have used asymmetric capabilities that are more expensive to reproduce.
[edit: Also, it is still well within the Iranians’ capabilities to build a bomb, and our recent foreign policy greatly increases the chances that hard liners will take over and restart the program.
Contrast this to the outcome of the broader cold world strategy, which was a regime change to a relatively US-friendly government.]
If you are a state actor, it's not difficult to gather a couple of programmers from the "antivirus" and security field and build something that is hard to detect.
It would be impressive if it was the work of a teenager but it's not.
The SCADA stuff was novel and interesting though and goes above and beyond your average malware both in what it did and the idea to do it in the first place.
A really creative hack, so to speak. (or destructive? anti-destructive? shrug)
And just to reiterate. They built a rootkit that stealthily sabotaged an effort to build nuclear weapons in a way that just made it look like the people who were trying to do it were just incompetent...
You also somehow need access to the industrial grade target platform in some way shape or form which is not something a teenager has lying around in their room nor extensive knowledge about to this extent.
You can buy the Simatic PLCs they targeted on ebay for a few hundred bucks.
Industrial automation stuff like this is a common part of the "technical high school" curricula where I live. (of course only on the "press this button and then that happens" level)
Ha, generally true probably, but in my case as a teen I got my hands of a bunch of old industrial PLCs and built all kinds of interesting things in my room. :-) Ladder logic is how I got started programing, I didn't even have my own computer back then.
If this short read piked your interest in Stuxnet, I can recommend the book "Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon".
It explains in great detail how Stuxnet worked and, which I found the most exciting, how it was discovered and reverse engineered.
Whilst I enjoyed the multiple viewpoints it provides (some claim that Stuxnet was actually quite sloppily written, depending on numerous factors), it happened to be one of those books which wrote 100 pages worth of information in 400 pages instead and dragged every little point on. YMMV.
If you read this book purely for its informational value, I agree with your assessment.
That being said, I read it mostly for entertainment and I think the author did a good job of packaging a lot of factual information into a captivating story.
That being said, not all parts are created equal. There are quite a few pages dedicated to looking at the number of centrifuges Iran was installing and amount of gas they enriched, as this were the metrics Stuxnet was affecting. To me, that was as exciting as reading a company's monthly inventory report.
But I guess that's to be expected in a book that tells a true story instead of just being based on true story.
I hadn't read the book when I wrote the article. I tried to get all the salient facts in, with as few words as possible. "Omit needless words" - Wm. Strunk.
What I am seeing lately with malware is increasing decline in sophistication, today malware is lame compared to the malware created around 2000. I would think that level of low level knowledge is rapidly dropping. When there were still real file infectors, there were some serious nasty technologies involved (btw, todays ransomware is a very old concept (http://virus.wikidot.com/onehalf) but it was used to prevent virus removal instead of making money).
I agree. Mistfall (and z0mbie himself) was years ahead of its time.
For those not aware of Mistfall: typical viruses simply append their code to the target. To avoid detection, polymorphism was introduced: viruses generate permutations of decryption logic for the actual static but encrypted virus body. The next step was metamorphism: the virus body itself got permuted. Mistfall was one step further: it disassembled the host, merged in its own permuted body and rebuilt the host. Here is an article by the author himself [1]. This was in 2000.
In general, before hacking and cybercrime became a commercial activity, there was a lively virus writing scene, where highly skilled people played the cat and mouse game with anti virus producers, created magazines with the sources of their creations and wrote articles.
Too bad that z0mbie disappeared. Sometimes when news about elite Russian hackers hits the news I wonder if it's him.
> "merged in its own permuted body and rebuilt the host."
Actually it was even more sophisticated, it not only merged its permutated body into the host, but rather rearanged the host in a way to merge chunks of its body between the chunks of host original code, using jmp instructions to keep the code flow, where entry point was inserted on random. If he would further armored it by additional polymorphism layers for each chunk this would make it even algorythmicaly impossible to detect (on the other side, even now, no one can claim it can detect all the permutations, while the disinfection is limited to "delete infected files"). This was work of art (I was a malware analyst), todays malware is a joke compared to what z0mbie was doing (even if I could argue that there is lot to do on windows, infecting MBR and owning the Windows by serving them the calls to yourself is still (maybe I am outdated?) something to be seen. I would really love to shake his hand even if we were on oposite sides :)
Maybe it is the other way around: Todays malware (or a portion of it) is written so good that you don't know about it. Maybe someday another whistleblower will let us know.
Other than permuting itself, what did it do that was sophisticated? Code morphing viruses have been around for a very long time, much longer than 2000. Simple replication does not constitute sophistication. Even my brother in law does that.
> This driver was digitally signed by Realtek, which means that the authors of the worm were somehow able to break into the most secure location in a huge Taiwanese company, and steal the most secret key that this company owns, without Realtek finding out about it.
> Later, whoever wrote that driver started signing it with secret keys from JMicron, another big Taiwanese company. Yet again, the authors had to figure out how to break into the most secure location in that company and steal the most secure key that that company owns, without JMicron finding out about it.
Oh come on... "most secure location"? I'd wager it would be harder to break into the janitor's closet and steal his toilet paper supply than it would be to get those signing certs. If this was most companies it was stored on a public file share used by software engineers or in an open source control repository. They either got someone hired as a contractor or bribed an engineer they found on LinkedIn a couple thousand dollars.
That's not how it works. You need the private key to sign the drivers. This is not a file that developers of those companies have access too.
These keys are usually stored on a HSM. Even if you want to, you wouldn't be able to access the keys stored inside. This is specifically designed to protect against rogue/bribed personnel.
So it's highly unlikely that the stuxnet developers had possession of the key. I'd bet that they somehow had access to the HSM, to have it sign the driver for them.
Companies of this size are audited regularly, so access to the HSM is expected to be strictly controlled.
So yes, it is a pretty secure location, and a highly guarded secret. The fact that they pulled it of to break into not one, but two of those secrets is extremely impressive on it's own.
> That's not how it works. You need the private key to sign the drivers. This is not a file that developers of those companies have access too.
No, you could unfortunately get around that very easily (or rather, ignore recommendations) at least a few years ago. So I bet there are a lot of certificates and private keys lying around on disks, build servers, version control systems and probably even on developer USB sticks.
The cert and key just needs to be something signtool can access. Signtool doesn't care whether it's relatively unprotected key in system software based key store or on a HSM.
Windows 10 1607+ enforces a much stricter standard, especially if you want your driver to work in Secure Boot mode. There are also stricter requirements for driver testing and static analysis, although those depend on the driver type. Microsoft requires and checks testing tool output as a part of the driver submission before finally signing it with their cert.
Tip: If you run Windows 10 and value security (and system stability), use Secure Boot.
> I'd bet that they somehow had access to the HSM, to have it sign the driver for them.
Or were able to duplicate the HSM before it was delivered. You know, like how the NSA intercepted shipments of internet routers in transit and inserted backdoors.
I have seen HSMs in a concrete fireproof room, inside another concrete room, inside a regular room, inside a nondescript building. This one required the use of 3 persons (one to authorize entry past the 2 guys with rifles, one to unlock the vault rack with the hsm, another to authenticate to the HSM to perform work).
if the goal is to gain access to HSM’s signing functionality and you don’t need to know the HSM’s keys to gain access to its signing functionality then something else is being guarded that is essentially the key.. For example be it a machine locked in a room, then the room key is the key. Or maybe someone’s retina, or a sign-off from someone with clearance, etc. (at least in theory)
That’s a general theory though, but I’d think the same fundamentals apply
Also this only serves to prove that some powerful entity that operates on secrecy, like a government or mega corp, is likely who executed this. I’d like to fantasize some suave, determined black market salesman with a rough childhood and his band of cyber criminals broke into both of these facilities, but seeing how difficult it is to accomplish something like this, it seems more likely that someone just let them in through the front door.
> These keys are usually stored on a HSM. Even if you want to, you wouldn't be able to access the keys stored inside. This is specifically designed to protect against rogue/bribed personnel.
Sure now they often are - after many security failures 10 years ago before HSMs were widely deployed. A decade ago a much more common ‘secure’ mechanism was to store the keys on an airgapped machine that had never been connected to a network and use sneakernet to get binaries signed.
>You need the private key to sign the drivers. This is not a file that developers of those companies have access too.
The developers would need access to the private key to sign the drivers they're deploying. Convenience is the ultimate foil of most good security intentions.
> The fact that they pulled it of to break into not one, but two of those secrets is extremely impressive on it's own.
Did they break into them? Stuxnet had government backing, most articles I've read assume American or Israeli.
If it was the American government (on its own or on Israel's behalf), then it might have 'simply' applied its considerable influence to get the Taiwanese government to get Realtek and JMicron to hand over the HSMs.
You do not store certificates on an HSM, you generate the private key on it and use that to sign things. Certificates that end up in actual use are further many chains removed from the root keys.
I can tell you that even a meager telco that I've worked for has very good security to their PKI equipment and none of it is networked. Has had since before stuxnet became known. And they don't even manufacture hardware.
If you manufacture hardware and distribute drivers you are an even bigger target than a telco.
This is the most suspicious element of the whole affair. The actual security algorithms weren't compromised rather they compromised the whole environment by getting their hands on the Realtek keys.
Personally I doubt that retrieving this key involved required some act of super ninja skills espionage. I suspect somebody high up in the US government simply picked up the phone and called somebody high up in the Taiwanese government. The reality is Taiwan's security at the end of the day is wholly dependent upon US defense. There are no other options, there are no other cards in their hand. They absolutely need the US military to secure the continued existence of their nation.
This is the lesson of Stuxnet: "private" actors aren't. At the end of the day the US government has demonstrated again and again that it can compel cooperation from virtually every technology firm in the "free world." It's not a card to be played lightly but it's absolutely there. Thanks to Snowden we know the NSA regularly compromises Cisco telecom equipment created for export [1][2] and that the US government is working closely with all the major tech firms[3].
And this is why the US does not want China exporting Chinese phones, electronics, telcom kit, chips and social software. There's absolutely no problem when "private companies" in the US, Korea, Japan and Taiwan export this equipment and technology because these companies are squarely under the thumb of the US. Now that China is getting in on the game everybody is freaking the fuck out precisely because they understand perfectly what it means for "private companies" in China to have a significant chunk of the market.
Of course the Chinese also understand exactly what's going on here and this is why they've established the Great Firewall and why they're absolutely determined to homegrow all their technology needs. Right now China imports an absolutely extraordinary amount of chips and it is probably their greatest security weakness [4].
So this is what it comes down to: every large corporation that matters is likely a phone call and/or secret warrant away from literally giving its private keys to some government actor, likely the US or China. Any data stored by these corporate systems should be considered readable and writable by the government. Any service secured by these corporate systems should be considered accessible and ultimately under the control of these governments. These corporations will not risk either their continued existence or the possibility of fat government contracts in order to protect their customers from these governments. Individuals who depend upon these corporations are therefore completely at the mercy of these government actors.
All of this is a long way of saying that security of digital assets cannot be outsourced.
IMO, the sophistication of the final worm that made it out to security researchers doesn't have anything on the process that must have been used to develop it. Take the normal iterative development process, except that:
You don't know anything at all about the design of your targeted system and networks.
Even getting a little information about it requires writing sophisticated malware, using various spy capers to get the malware near the target systems, and somehow exfiltrating data from airgapped systems over the internet, where the whole mission is blown if anyone detects your data movement.
You may need dozens of iterations of adjusting the software to try and dive a little bit deeper, getting it snuck into the target systems (hopefully by a built-in update over the net), gathering information on the network architecture, then exfiltrating that data back out.
Always a tough balance of spread-happy enough to infect highly protected airgapped systems in a top-secret facility, but not so spread-happy to get out on the open net and infect half of the world, where it will inevitably be discovered eventually. This is probably where they eventually screwed up.
How long to detect that they're using this particular model of PLC with this particular centrifuge, buy your own copy of them, dig up someone who actually knows about these things, collaborate with them to figure out a sneaky way to screw things up just a little bit, build ways to get your virus onto the target system to do its damage, etc.
I'd assume that there was a team somewhere with a big library of zero-day exploits and a bunch of ace developers, but no starting knowledge of the target. Someone gave them the order to figure out a way to hack and screw up the Iranian nuclear program, maybe with the helper that some other org has a guy that can deliver any product near the program. They must have spent years devising ways to get in, slowly gathering info about their target, figuring out a way to achieve the assigned goal of screwing things up without getting detected. Now that would be a hell of a project to work on.
>You don't know anything at all about the design of your targeted system and networks.
>They must have spent years devising ways to get in, slowly gathering info about their target, figuring out a way to achieve the assigned goal of screwing things up without getting detected.
I'd speculate that given who the intended targets were (Iran, North Korea) and who would have an interest in disrupting their enrichment operations (Israel, US), and given the level of intelligence gathering activity that both of these nation can (and ostensibly do) engage in, that the team tasked with creating this virus had plenty of information to go on from the start.
Centrifuge models with firmware revision, network topologies, deployed server configuration, etc were likely known in advance.
The IAEA was all over Iran's nuclear production facilities for a decade. The CIA has been all over them as well. There really wasn't nearly as much impenetrable mystery as you imagine. For a very long time, Iran was completely cooperative with the IAEA to an absurd degree. Even the big CIA report said they were building power plants, not bombs, and they saw no evidence any bomb project existed. (Of course they hedged that for political reasons by sticking a 'absence of evidence isn't evidence of absence and they might have a super duper extra secret lab 500 miles underground' on the end which was reported in the media as 'secret Iran nuke project confirmed') It wasn't until that point that Iran realized the US really didn't care whether they were building a bomb or not, and it didn't matter how much they cooperated, they were going to be targetted regardless. Hell, at one point they offered to give up their entire nuclear program and all their facilities to the IAEA if the IAEA would run a power plant for them, and the west even turned that down.
> that driver started signing it with secret keys from JMicron
I think this is the scariest part of the worm. Not only do the people writing it have access to zero-days, they also somehow have (possibly physical) access to the private keys of two large corporations.
Nah, this is almost easy. In comparison, Flame used a previously-unknown (and still unknown AFAIK) method to compute MD5 collisions on a certificate, which was used for a signature.
Also: we only know about this because one of the world's best hash-collision experts, Marc Stevens, wrote a tool to detect the method of collision used when we have two different cleartext with the same hash.
He's also one of the minds behind shattered.io ; which happened because Google decided to invest some resources on his research (estimated at around ~300k). Imagine if he "simply" took a job working for an intelligence agency ?
Both from Taiwan I see. So if the parties involved have some pull with their government it could be that. They also could of: bought them, cracked them or as you said stolen them.
It seems obvious to me. Want to illegally snoop on someone’s iMessages? Don’t compromise Tim Cook’s plausible deniability, just get an asset to climb the ladder until they can touch the systems that send the list of keys to the target device. Same goes for signing malware binaries for evil maid against iOS devices, chromebooks, et c. There are controls you can put in place as an organization to make this harder, but not impossible; eventually human beings are going to be handling keys and senior management isn’t always going to be in the room to make sure NSLs aren’t being handed out.
“Keep this quiet or go to the same jail in which Manning was tortured basically to death” is a pretty persuasive argument.
The fact that Google was asleep at the wheel so long wrt encryption of internal network WAN links (I mean, wikipedia has an article about the double-hull sub that the navy uses to tap intercontinental fibers) suggests to me that most Googlers (and despite organizational differences, also most Apple and FB and Amazon staff (outside of govcloud)) simply aren’t thinking about the illegal lengths to which the military will go to obtain huge amounts of information about possible threats to their safety, security, or persistence methods (e.g. whistleblowers).
It’s like the industrial rank and file never read the military-industrial complex speech, even while hearing their bosses take off from Moffet using taxpayer jet fuel. [1]
If I were to guess, probably many different types of media. Music CDs, DVDs disks, usb.
Maybe those types of facilities are 99% focused on keeping data from leaving. But employees were bringing plenty of media to listen to while watching the monitors before stuxnet.
A typical facility would likely scan that incoming media and pass it to you later if it was okay’d. You aren’t allowed to ever take that media out again, however.
Yeah, if you've got a big budget, state sponsoring, and years to plan how to steal a signing key from a foreign company, I'm not going to bet against you.
What is the legal situation with this? I mean, forget for a second that illegal things are done all the time, I presume it would be unconstitutional were the CIA or NSA found to be paying google engineers? How big of a scandal would this be, or is it kind of tacitly understood in the way that black-budgets for large projects are?
It would almost be as big a scandal as someone sharing internal slides showing secret programs to illegally and unconstitutionally spy on every person with a cellphone in their own country.
Or perhaps a video of a high ranking intelligence official lying to congress under oath, whilst answering questions received in advance, and then never being prosecuted for perjury to cover up such illegal activity.
I am just your average software dev with zero knowledge of malware creation, speculating here, and might come across as a fool.
The author sensationalizes the effort of the creators, painting a Holywoodesque scenario where they break into every possible software company to steal keys to misrepresent the software, going undetected by every possible security company etc. Since this is a Quora post, I can live with him playing to the gallery.
Given the amount of speculation of involvement of US and Israeli intelligence agencies, and the task this worm was assigned, the real effort might have been just about writing a USB worm that identifies specific machines and handing the USB-0 to a double agent (I stopped watching Homeland after season 5 and am rusty with the jargon). The rest of it would have been simply asking all the associated software and hardware companies, politely, to cooperate.
If any of this is true, stuxnet is anything but sophisticated. Its just lots and lots of specific API calls.
That brings up the question: what is sophistication as applied to software?
> The rest of it is all about asking the associated companies, politely, to cooperate.
What keeps this cooperation secret? It would only take one weak link at any one of those companies to reveal -- accidentally or otherwise -- that they were coerced into providing their signing keys. As soon as that got out, speculation runs amok: Are all products from said company compromised? This would be ruinous to a company, so no one in charge would agree to that without something significant -- which would be even harder to hide from the public -- in return.
Then, who asked for the key and why? Could that be traced back to the (presumably) agency in question? That weak link was weak once, there's nothing to assume that he/she won't be weak again, etc., etc.
I'm not sure that it would be ruinous. Isn't RSA still trusted? People have a tendency to overlook or even defend broken protocol when it's "the good guys"
All this speculation is wilder than what I am willing to get into. But I think the fact that the 'leader of the free world' and his buddy will wreck you beyond your worst nightmare if you go rogue should be enough motivation to not to.
They certainly wouldn't be calling lots and lots of API's, as that would likely trigger some antivirus software or at least leave traces in system logs.
The sophistication of this software is that it did all this undetected.
There was an article on here recently about the practical effects of the TLS 1.3 drafts, and how they broke proxies. I can't find it. It was talking about how the proxies choked because so many variable wire bits in TLS 1.2 stayed static for so long they rusted in place in proprietary implementations, and the proxies crashed once the values changed (despite this being a concrete protocol violation). This situation reminds me of that.
The sophistication is to do all this while remaining completelt undetected in a highly secure environment. Iran didn't find Stuxnet, it was stumbled over by Kaspersky Lab.
Just addressing the last thing you said, I think sophistication has to do with the level of knowledge required to implement. Whether that means knowledge politely asked for or through other means has implications for the difficulty of implementation but perhaps not sophistication of the software.
The title of this post is a bit misleading (and a bit click-bait-y) — this is one person's response to a quora question, and it seems like the point of his answer was more "the Stuxnet worm is a seriously complex piece of history if you don't know about it" and less "this is the definitive most sophisticated piece of software ever." I feel like we can agree that the definition of sophisticated[0] is fairly hard to quantify and rank software objectively against.
Stuxnet was able to be reverse engineered successfully so that we can know these things.
IIRC, its sequel actually used certain directory listings (registry keys or filesystem) of a target system as input to a KDF that is used to generate an AES key that is used to decrypt the next stage payload. That is, if you don’t have the exact specific system configuration that is being targeted (program names, versions, et c) then the primary function of the worm remains entirely opaque.
sorry, but this article is breathless crazy hyperbole. I am a cybersecurity expert that actually reverse engineered a nontrivial part of Stuxnet at one point, and I have reverse engineered other government-built worms and persistence mechanisms.
Driver signing keys are not nearly as difficult to steal as the answer implies; not only are they shoddily managed in most hardware vendors, they could also be purchased on the black market for about 50k$ at the time. They are still not very difficult to come by.
Zero-days (e.g. security vulnerabilities and their corresponding exploits) can be purchased on the grey market, and some are developed by government-internal teams. These are little marvels of strange engineering, but they are also a relatively common occurrence. The total market prices of the exploits in Stuxnet will have amounted to perhaps a few million $ at the time.
The Stuxnet worm’s code showed all the artifacts you would have in a large software project - including but not limited to “handwriting” where you could see that a small team of engineers and architects were excellent developers who delegated the implementation of less-important parts to engineers of lesser ability.
There have been leaner, more elegant, and similarly powerful / crazy pieces of malware.
In general, though, these things are not made of magic, and they are not the most brilliant software ever made. They are usually well-engineered by decent engineers, built by a motivated team with decent funding. Even then, mistakes creep in (Stuxnet had an infamously broken mechanism to limit propagation), multiple versions need to be rolled out, and problems & bugs plague any software system.
Now, comparing something like Stuxnet — a relatively small, well-engineered but ultimatively not terribly innovative assembly of known methods — to something like Google’s data center infrastructure (Borg/Flume/Mapreduce/Bigtable/Spanner), the Windows or Linux Kernel etc. and concluding Stuxnet is somehow superior or more sophisticated is simply false.
Stuxnet was cool etc., but I can assure you the level of sophistication is less than the Windows Kernel, the Linux Kernel, or Google’s data processing infrastructure, by far.
This is unsurprising: Stuxnet is a much smaller operation. Building Windows has probably cost many billion dollars by now. Stuxnet, on the other hand, was likely running on a shoestring budget in comparison.
Assembling a highly impactful worm is much cheaper and simpler than people think; most of our IT infrastructure is not very robust.
The respect comes with the single-mindedness of this code's approach. You would think the people doing this would have at least a little bit of The Joker in them - if they saw an opportunity to cause chaos for chaos' sake they tend to take it. Whoever did this - didn't. That is impressive focus.
I highly recommend this documentary, it explains step by step how stuxnet was found, how it was debugged (by people that debugged it) and how it was used.
_When that USB drive is inserted into a Windows PC, without the user knowing it, that worm will quietly run itself, and copy itself to that PC._ Truly magical. Anthropomorphism and personification help continue the myth of sentient, usually evil, software. Whilst scaring the heebie jeebies out of everyone.
Appendix C is my favorite part: a look at all the things that can be gleaned from television footage of the facilities, brief glances at control screens, etc.
If you come to think at it, this "worm" is really a form of life, with a certain degree of intelligence, I might add.
Just like a biological virus, it replicates itself, it hijacks a pretty secure environment, like a cell, and uses it, first to replicate even more, and second, to alter its behaviour in order to accomplish its "goals", meaning deeply hidden instructions that only activate, and this is amazing, only in certain conditions, just how a certain piece of DNA is only activated in certain conditions in the cell.
The intelligent part, in a more humane uderstanding of the term, comes when it is able to act and update in a distributed fashion orchestrated by a central command and control.
This is not just a sophisticated form of software. This is a sophisticated form of life, albeit a distructive one.
This confuses cleverness for sophistication. Yes, Stuxnet is ingenious, but mostly in concept/access to secret Windows bugs, not execution. Something like Pagerank or modern video encoders easily beats Stuxnet in terms of sophistication/complexity.
I don’t have the expertise to understand if this article is hyperobolic but it was the first article I have read in a while start to finish. The author should try his hand at fiction.
There is no conclusive evidence that stuxnet was successful at all. This article https://nypost.com/2013/05/16/stuxnet-virus-might-have-impro... actually claims opposite. With cyberwarfare and espionage everything is possible so let's not guess too much as we have really limited information.
And to think that a combination of decades of diplomatic work and years of one of the most sophisticated cyberattacks were entirely thrown away by capricious, corrupt politicians.
Is it still believed that Stuxnet was never intended to escape and infect machines worldwide? If so, I think that blunder deserves to be a more prominent part of the story.
If someone adds a layer to OS's file system such as only the know good white list app, exe, .so, .dll, .sys files with complete crypto-hash signatures are allowed to run in "lockdown" mode.
Everything else are reported and blocked.
Would it be enough to prevent such worm?
It would be interesting exercise to take an old exploitable OS (Win XP, or 10 years old Linux with known issue) add such layer to it. Put it on internet as honeypot and see what other kind of inflections it might get.
Depending on the hash, an attacker would look for collisions to get something running that could then change settings or launch other things. Failing that, you would look for flaws in the system or vulnerabilities in the OS in order to bypass it. Going deeper you run into trusted computing issues, of how do you know the verification firmware hasn't been tampered with?
The simplest approach though is if you're running Chrome, and I exploit Chrome, I'm now running as Chrome and could persist in memory at least until you shut down.
If elaborate/sneaky/surprising real world modeling is the quora answer's mark of sophistication, (which I agree with personally), then I have another "most sophisticated in 2018" nominee. And the nominee is ...
Facebook's graph database!
Consider, Facebook has modeled:
* All our PII (face scans, key dates and times in our lives (birth to death), employment history, and on and on)
* All our activities (web, real-world)
* All our relationships/interactions (facebook, web, person-to-person, person-to-business, business-to-business, face recognition over practically all digital photos, chat, audio capture from mobile? what else?)
* Data appropriately tagged and categorized: Geo-location and a million other things
* Place information
* And then, the coup de gracie ... how all that data changes over the time dimension
And it's all searchable! A search of that database must be thrilling. You can know what's going on at every level of society at any point in time. You could quantify moods, trends, money, stars and governments currently rising and falling, etc. Consider the unholy power of that graph database, nothing else must come close! Sometimes, I want to get a job there as a data researcher just so I could query it.
I wonder towards what kind of landscapes the cyber arms race will lead us.
The problem is how civilians will end up being the victims of it. What can be scary is how data can mess around the links of trust that is making society work. I hope there are people who are able to think about the problem of preventing online psy ops and other nasty things that can not cause threat, but do damage on the "data" of how society operates. As long as this problem is not fixed and the public is not educated about how computers work, I'm for limiting the use of computers in sensitive areas of society, would it be money, finance, the military, electricity and water networks, infrastructure, computers as a work tool, etc.
Funny that a couple of months a ago I received a paper mail written in russian. There are no way in hell this was not related to my address getting leaked online, this must have been related to the internet somehow.
I have a question. Since the worm travels from USB to USB, does that mean that it infected thousands (or more) of regular people USBs but did nothing, until it found itself in a purity facility? Or was the worm somehow directly sent (physically or digitally) to the facility?
Yeah, most worms like this have detective capability to work out whether they’re on the systems that they’re wanting to be on. If not, they’ll either try to clean up and vanish or just serve for further propagation.
Stuxnet was discovered because it accidentally spread too far, and ended up on a malware analysts desk.
There was a targeted supplier, an upstream vendor as the insertion point, but it spread outside of that chain.
1: What is sophisticated for a non-state actor may be semi-trivial for a state actor. Why? State actors demand access to the source code of proprietary software; state actors circumvent laws that bind mere mortals like ourselves. If you own the playing field that which is sophisticated for even the most competent and knowledgeable coders may be semi-trivial for the spooks.
2: In my opinion Stuxnet is an act of war. If Iran doesn't consider itself to be at war with Israel and the US (even though there has been no formal declaration of war) then they are not thinking straight.
If I were to enrich uranium I wouldn't let a Windows PC within a mile of the centrifuges, I'd only use locked down versions of Linux.
> State actors demand access to the source code of proprietary software
So, when China or Russia are building windows exploits, they just demand Microsoft hand over source?
Also, the idea that “locked down” Linux would do any better than windows is ridiculous. The Linux codebase is enormous and complex and full of bugs. At least if you’d said some type of high security microkernel, you could put forward forward some logical arguments.
“Throughout the history of the company, Microsoft has worked with national governments around the world to help them build and deploy more secure IT infrastructure and services to protect their citizens and national economies. In 2003, Microsoft built on these efforts to create the Government Security Program (GSP). The scope of the program has grown over time, and continues as a cornerstone of Microsoft’s efforts to help address the unique security requirements of more than 30 national governments around the world.” (Russia and China included) https://www.zdnet.com/article/does-microsofts-sharing-of-sou...
> Also, the idea that “locked down” Linux would do any better than windows is ridiculous. The Linux codebase is enormous and complex and full of bugs. At least if you’d said some type of high security microkernel, you could put forward forward some logical arguments.
It's not a `logical' argument, it's a pragmatic argument. A sufficiently tech-savvy admin can dictate the hardware on the network, roll their own kernel so that USB drivers cannot be loaded, have that image as the boot image, and use TPM if totally necessary. The reason you wouldn't want to run a high security microkernel is because those can't run regular desktop software like LibreOffice and what have you.
The other day I had an argument with a proponent of online voting. As a non-techie, he could not understand my security concerns. In his laic view, we all use internet banking every day and nobody stole all the money yet, right?
For me, there is a fairly clear argument that works - online banking, you will know if there is a problem (the money is gone), online voting, you might not even _know_ it was compromised (in a close election, skewing a few percent of the votes could change the results without it being significantly different to the polls).
So.... For people who have followed this story more closely then i have, did the hostile actor ever get identified? Last i checked it was a toss up between USA, Israel and France, was a conclusion ever drawn?
Every time someone brings up "wants to wipe out xyz", I wonder how that would play out. North Korea wants to nuke the US and SK, Iran wants to nuke Israel, Pakistan wants to nuke India, etc.
But playing the scenario in your head leaves to a simple conclusion: If either NK or Iran would deploy nukes, it would be their end. It is likely that the US will remain the only nation on this planet who dropped nukes on civilians.
Actually, none of the countries you mentioned want to nuke any other. It's all propaganda, some from the potential nukers, most of it by those on the receiving end.
While technically true, in Hiroshima were multiple military headquarters and Nagasaki were industrial city and shipyard. Just saying there there was a bit more reasoning behind the selection then "where we could kill the most civilians".
Yes, there definitely were more factors that went into that decision. But destroying factories and shipyards in populated cities wasn't the primary factor that went into the choice of weapon.
If you were the PM of Israel, would you stake the lives of 6m people on that? It would be Iran's end, but it would be too late for Israel if it came to that.
Every nation has to trust the country with nukes that they won't invade or destroy them. If you were Iran, would you trust the US not to try to invade or topple your country?
Iran isn't alone with the rhetoric of 'destroy your enemies'. North Korea and the US sell the same story, just the enemy changes. Whether the enemy is Israel, the US, or the arbitrary definition of a terrorist, the sell is ultimately a strategy to sustain support for military spending. It's hard to defend vast military spending when you have a poverty problem in your country - unless you can say you have enemies to defend against.
well to be fair, a nuclear armed country has threatened to bomb Iran back to the stone age (and has a reputation for trumped invasions in the area) as well as a vast history of interfering in the country including coup and assassinations.
Perhaps they feel threatened.
And the "wipe Israel off the face of the map" quote is contested.
> Then, specialists such as Juan Cole of the University of Michigan and Arash Norouzi of the Mossadegh Project pointed out that the original statement in Persian did not say that Israel should be wiped from the map, but instead that it would collapse.
> Cole said this week that in the 1980s Khomeini gave a speech in which he said in Persian “Een rezhim-i eshghalgar-i Quds bayad az sahneh-i ruzgar mahv shaved.” This means, “This occupation regime over Jerusalem must vanish from the arena of time.” But then anonymous wire service translators rendered Khomeini as saying that Israel “must be wiped off the face of the map,” which Cole and Nourouzi say is inaccurate.
Sure there are some in Iran who will probably say that. Just like there are some in the western countries that if inteviewed will say the same of whoever the current bogey man is. Hell, John Bolton is back
Without wanting to get in to Middle East political discussions, I don't think anyone there wants to sincerely "wipe out" another nation. The consequences would just be brutal and wouldn't be worth it.
I think Israel is much more in the business of targeted strikes on personnel and infrastructure to keep their enemies in check, something they're very capable of.
Israelis don't want to wipe out Iran (as much as Iran doesn't want to wipe out Israel- I think they have a more generic aspiration to the end of what they call Israeli regime)- but they surely want a weak, divided, impoverished Iran, and they have been lobbying the US for a long time to wage war against it. The US unilateral withdrawal from the nuclear agreement has been in Israel's wishlist for years. Not because it improves the chances of peace or because it makes Iran less of a threat- quite the opposite. But because it weakens it and improves the chances of a war.
To be fair, Iran is not trying to build a nuclear weapon, as it has been proven again and again by the thorough inspections and controls allowed by the JCPOA agreement, which the US have just undermined and probably killed for good.
You're confusing uranium enrichment with attempts to build nuclear weapons. Irans's research into nuclear weapons has ended in 2003, 15 years ago. Iran has nuclear power plants though, and uranium enrichment is needed to fuel them.
I think the reason Trump and Netanyahu are so enraged by the JCPOA agreement is that it makes concessions to Iran in exchange of.. nothing, since Iran already didn't have any active nuclear weapons research. The purpose of the continued insistence on Iran's nuclear threat is to weaken it, and the JCPOA effectively kills this strategy.
I'd love for you to be correct. I think pulling out of the JCPOA was stupid, and I'd love to be able to point out there is no risk anyway. But...
> Iran has nuclear power plants though, and uranium enrichment is needed to fuel them.
They have a single commercial reactor[0], and it doesn't need the enrichment levels they are producing.
Most reactors are light water reactors (of two types – PWR and BWR) and require uranium to be enriched from 0.7% to 3-5% U-235 in their fuel. This is normal low-enriched uranium (LEU). There is some interest in taking enrichment levels to about 7%, and even close to 20% for certain special power reactor fuels, as high-assay LEU (HALEU).[1]
Iran has over 200kg(!) of 20% enriched uranium[2]. I guess it could be for an unbuilt, experimental reactor like they claim. It seems unlikely, since they haven't pursued any contracts for a reactor like that.
Well, it also gave Iran a few billion dollars, a lot of which seems to have flowed into the coffers for Hamas, Hezbollah etc, both of which are terrorist organisations.
I recall an early analyst of Stuxnet writing that it was so complex that it was almost as if it had been written by an alien intelligence. That really captured the imagination of Slashdot for awhile.
One thing that was somewhat glossed over in the article is that stuxnet used 4 zero-days... That is it exploited 4 different software vulnerabilities that were unknown. This is a completely unprecedented level of sophistication in malware.
Would it have been easier or harder to implement Stuxnet if the target networks were running some sort of linux? Or if it would've been a mac-only facility?
Smaller platforms (which Linux and Mac OS are, compared to Windows) draw less interest (both in exploits and scrutiny against exploits), and fragmented platforms (Linux) are harder to code for (SystemV? systemd? something else entirely?). I guess that it would have required more effort - but at this level of involvement, I would say that the result would have been achieved regardless.
The stuxnet dev team managed to get their hands on the exact same centrifuges as used in Natanz, so getting replica Linux control systems would’ve been a walk in the park.
Also, “less interest” is irrelevant when we are talking about nation states picking a specific target and throwing considerable engineering resource at exploitation.
Linux and Mac have bugs just like Windows. The only reason they have a reputation of being safer is because windows dominates marketshare, so any "spray and pray" type virus will naturally target windows over mac/linux.
On the other hand, if you or your organization is the victim of a targeted hack, it makes no difference what OS you're running. Any sufficiently motivated and skilled attacker will eventually find a way to exploit it.
As long as new software continues to be released, there will always be bugs. There is no security panacea.
It's very cool in a hacker-movie kind of way, and carries a certain mystique because of the fact that nobody's ever claimed responsibility for it. I think those facts amplify its media presence.
I was waiting for someone to point out IDF (Unit 8200?) and NSA collaboration being responsible for this to come up.
The only proof we have is a smile by a an Israeli Defense leader in response to a question asked on 60 minutes (or a similarly named show)
Also the author leave a few details out such as the intermitted activation ,for example it was only activated on day 7 and day 21. and other stuff like size of this.
"Realtek, which means that the authors of the worm were somehow able to break into the most secure location in a huge Taiwanese company"
err, no. The companies gave the US access. as for all the 'unknown windows vulnerabilities' it exploited, I wouldn't be 100% surprised if Microsoft left the vulnerabilities for what ever security agency that made it.
It is worth noting the stuxnet worm version that effected Iranian nuclear facilities only attacked certain industrial controlled system built by Siemens systems otherwise the worm stays dormant. The wormed allegedly had signed drivers which could be state sponsored inside job to get signing facilitated.
Maybe because sometimes it can be relatively easy to to write some software, but much harder to find its bugs and write exploits for them? otherwise, why would bugs even exist?
people make mistakes, it is innate feature of human being. Bugs exist because it is not economically effective to find them. Bugs, given unlimited amount of resources, is possible easy to find whenever they are. Google how one guy hacked infamous HackingTeam alone. He provided some estimates how long it took him. Does it make his software the most sophisticated one on the planet? If his software is the most sophisticated, can he develop Windows alone?
IMHO monitoring/controlling a high-speed centrifuge with Windows (or with any non-real-time-OS for that mattters) is actually a huge design flaw, there is even a warning somewhere in MS documentation about Windows not being suited to Real Time operation, and RTOS are specifically used/needed for closed-loop applications (such as monitoring and controlling motors).
Ok, still seemingly the trick Stuxnet used was looping a good copy of those fancy panels and (still through windows) changing (slightly) the operating parameters of the machine, so in this case Windows (directly or indirectly) was capable of monitoring the device and change its operating status.
Are you saying that there are no zero-days for platforms other than Windows? There could just as well have been a Linux computer used as interface to the embedded system that runs the centrifuges, that could be owned.
Not really saying that, of course any OS is hackable, Linux also is not normally a RTOS with the exception of RT Linux, and possibly some other specific distro's.
What I was trying to say is that something that has a more direct connection to the device is less likely to be prone on this specific kind of attack, which is AFAICU a sort of MITM (displaying a loop of the recorded display), and of course with a very "vertical" and "dedicated" operating system there should be less chances of the "casual" insertion of a USB stick in it (and possibly even no USB port at all on the actual hardware used).
I highly recommend "Avogadro Corp: The Singularity Is Closer Than It Appears" by William Hertling to anyone interested in some good AI scifi around computer worms/virus.
I wonder how many people have Stuxnet on their devices to this day and have no idea. It would be interesting to see how this spread, from an epidemiological standpoint.
I think devising this plan altogether was a huge investment in time and patience. Consider the social engineering feats needed to get your hands on the driver signature cerificates, for example. And that's just one step in the entire sequence of lateral movement.
I can’t tell if you’re being sarcastic or not, but if not: the idea that Linux is any more secure against a nation state than windows is ridiculous. There are no shortage of regular vulns discovered in each part of the Linux OS as used by stuxnet.
Yeah, I never understood why people think like this. I often read people saying Linux is most secure or some Unix or Mac, Any operating system can be equally vulnerable, humans are writing code for it after all. And blaming Microsoft for the insecure OS seems even worse. Their OS runs on way too many machines, making it the first target. I love linux, not for the security, but just for the utilities on the command line I can use. I'd feel equally unsafe on either OS!
You can run whatever system (L4 with formal verification and written in super secure language...) as long as there no redundant checks you are already doomed from start. Stuxnet is nice example why critical system must have at least:
* Somebody periodically in person checking what happening and cross-checking results with operator
* Have alternative monitoring system, even amateur arduino system with rs-422/485 network and independent sensors, can become impenetrable wall for Stuxnet type worms.
How do you define sophisticated? Complex or elegant? Because if it's more towards the latter then I'd suggest the software that took humans to the moon and back, several times, is much more sophisticated.
But from reading the article it seems the author is aiming more for complex than elegant.
Anything complex that also does what it's supposed to does of course have some inherent elegance but that doesn't mean I'd call stuxnet elegant.
It would be elegant if they could accomplish what they did with less code, relying on fewer exploits and perhaps even without the reliance on stolen private keys from other corporations.
Having stolen private keys from hardware vendors is pretty brute force to me.
This is pure opinion. I've heard that the code for bitcoin is pretty complex too. But since this opinion, it's all a debate. I kind think the linux kernel or Windows OS might be in the running too.
TLDR; a team of state-sponsored developers & engineers with access to a huge list of vulnerabilities across windows, drivers and industrial equipment designed a worm to malfunction centrifuges used in uranium enriching with multiple hops of infection and stealth mode of operation.
Don't get me wrong, but "sophisticated" doesn't exactly mean obscure and stealth which is what stuxnet worm is all about. With access to all those vulnerabilities, i would call the worm implementation straighforward & stealth rather than sophisticated. Most likely the engineers didn't have much choice than to proceed in one possible way to be able to make it work. If one of the vulnerabilities didn't then stux.net wouldn't exist.
And then people make a fuss about Russia "hacking" the election with some dumb Facebook ads which cost less than maxed out Ford Mustang.
When on the other hand we have the state-sponsored military grade/purpose viruses used to attack other nations/regions (Flume attacked a large number of targets and countries) and nobody blinks an eye.
Engineering an election to install a malleable leader in a rival country is the holy grail if you ask me. Developing the cyber equivalent of WMDs to get what you want is a relatively blunt tool, just like how North Korea is doing but they use nukes
Those are indicative of the public’s enduring lack of technology literacy, and the media’s desire to have facts and eyeballs meet halfway. Media reports Russian election interference via digital ad spend, astroturfing, and infiltration attempts on state voting systems accurately, but the views to that reporting probably pale in comparison to the oversimplified, tweet-size “Russia hacked the 2016 US election” reporting that gets around more quickly and sticks in the public conversation.
Stuxnet is considerably more sophisticated and technologically more brazen, but won’t get the same reporting. But it’s also worth it to consider whether the lack of awareness/awe over Stuxnet vis a vis Russian election tampering is simply due to technology illiteracy, or whether media is not considering the notability of the means, just the effect of the ends.
> But it’s also worth it to consider whether the lack of awareness/awe over Stuxnet vis a vis Russian election tampering is simply due to technology illiteracy, or whether media is not considering the notability of the means, just the effect of the ends.
No, it's because the media is ultimately subservient to power regardless of what they might think of themselves. US attacks on countries designated by power as enemies -- Iran, Venezuela, Russia, etc., are only to be discussed in clinical terms, marveling at their technological sophistication, for example, never in moral terms. Bringing up any introspection of what American reaction would be if Iran did the same thing to us is virtually career suicide for a mainstream media professional. Trying to draw parallels between Russia meddling and Stuxnet, noting that Stuxnet was an attack many times worse, is cutting it dangerously close.
That may be the larger factor, but I also believe that if you control for the media perspective on the perpetrator and targets of separate incidents, something like Stuxnet and its sophistication will be given less emphasis, because its sophistication is beyond the public's technology literacy, and would be considered too "inside baseball".
To me the astro-turfing--which is still going on btw--is the most impressive/scariest part of the whole thing. It basically means there is a constant undercurrent of motivated Russian trolls tipping the scales of perception on every single news story, online poll, comments section, social platform, clickbait site, etc. It basically means that the internet is even more a reality distortion field than we imagined, and there is no real bottom. Imagine hooking up decent conversational AIs to do this, and scaling this all the way up to drown out the real conversation.
Nobody is saying not to care. Parent comment is just pointing difference in reaction to a situation ( outside actors trying to screw a country), which is hypocritical.
That kind of complacent pride is very dangerous. Do you think the facebook ads are the only route taken? And do you think that nobody else is going to refine and develop these methods? The whole world saw an opportunity last November.
What we just saw was a public alpha. There will be a beta and a final version of this system. The rewards are too great for every state-level actor to ignore and fail to develop election manipulation tools using any new technology they can get their hands on. Big data may have doomed democratic process in an irreversible way. The next couple of decades will be telling.
> What we just saw was a public alpha. There will be a beta and a final version of this system. The rewards are too great for every state-level actor to ignore and fail to develop election manipulation tools using any new technology they can get their hands on. Big data may have doomed democratic process in an irreversible way. The next couple of decades will be telling.
What we saw was the first export version for the West. Authoritarian regimes have been honing many of the same propaganda techniques on their own populations for some time.
"throwaway account for obvious reasons - I'm a devops for the C&C servers. Our process is actually quite similar to most other tech companies. We spend half our time arguing over what programming language to use (node/go/rust) and the other half arguing over whether we should use microservices."
Of course at least a few of them are reading Hacker News. I understand from the Snowden files that the teams are moderately large and then run for years. So there were likely many dozens of software developers who contributed to Stuxnet.
My guess is no, for maximal compartmentalization. They have a treasure trove of exploits and they grab one off the shelf and might need to burn it after they use it. I bet the people finding vulnerabilities have no clue how they end up getting used. Stuxnet probably got the top shelf attack vectors, and they were burned.
> The most sophisticated software in history was written by a team of people whose names we do not know.
Isn't this hyperbole? I'd grant that Stuxnet is probably the most sophisticated malware ever written, but calling it the most sophisticated software is a big stretch.
Stuxnet seems to be the product of a competent, professional, and well-funded software engineering organization that writes malware and understands the domain of computer espionage. That was unprecedented in the malware space, but it's not if you include other domains.
Considering that we have known about Stuxnet for nearly a decade, why are we still using OS technology that makes such changes/intrusions/phoning-home so easy to conceal?
A somewhat crazy guy once told me that he worked on Stuxnet. Obviously I didn't believe him. But he did seem to know quite a bit about it. How weird would it be if he wasn't lying. I mean, somebody had to work on this somewhere.
We tend to ignore the sophistication of things we are familiar with, and hype those that surprise. But that's not a fair measure of anything.