CupResponsible797 t1_j4gnhkz wrote
Reply to comment by ramriot in Zero Days (2016) - Stuxnet, a piece of self-replicating computer malware that the U.S. and Israel unleashed to destroy a key part of an Iranian nuclear facility, and which ultimately spread beyond its intended target. [01:53:51] by Missing_Trillions
>Though had it not been misused after initial targetting we would most probably have never heard of it.
How was Stuxnet “misused” after initial targeting? It was inert outside of the specific systems targeted.
OwlBeneficial2743 t1_j4hes8j wrote
I believe that others used one or more of the zero days in subsequent malware; Flame was one. I don’t think it’s been proven Flame wouldn’t exist without Stuxnet, but it’s likely.
CupResponsible797 t1_j4hgmur wrote
Flame was developed by people involved in developing Stuxnet, no surprise that they would share elements. There's little indication that Flame is "subsequent malware", everything we know indicates that they were developed at around the same time.
Stuxnet development started around 2005
Flame development started at least as early as 2006
In fact, there are strong indicators that the people who developed Flame provided guidance and technical assistance to the less sophisticated Stuxnet developers. It's difficult to imagine that the development of Flame would have hinged on Stuxnet in any way.
>I believe that others used one or more of the zero days in subsequent malware;
Such as?
ramriot t1_j4gpbr8 wrote
Specifically it would need to be to go unnoticed inside the Iranian facility's air-gapped network.
The supposition from evidence presented is that before it was ever seen in the wild it was introduced into possibly inadvertently via a single compromised thumb drive containing a required update to the windows Scada control programming software brought into the facility by a 3rd party engineer.
Later "public" appearances appear to be from proximal but unrelated sources & showed variations in code content that suggest a lower skilled operator had altered the original code.
CupResponsible797 t1_j4gqei2 wrote
It seems wholly unsurprising that malware targeting a specific airgapped network would also spread through other networks through whichever means are used to breach the airgap.
> Later "public" appearances appear to be from proximal but unrelated sources & showed variations in code content that suggest a lower skilled operator had altered the original code.
What modifications are you referring to? This documentary makes a vague claim that Israelis modified the spreading code to be more aggressive, but doesn’t really substantiate it.
The documentary certainly doesn’t claim that the changes made by the Israelis weren’t necessary for the operation to succeed.
MagnetsCarlsbrain t1_j4gsrx9 wrote
I haven't seen the doc but I've read Countdown to Zero Day and I'm not sure I agree (or maybe I'm misunderstanding). The worm was designed to spread as aggressively as possible, but to remain imperceptible on any system except for the target system.
While they probably planted it in close proximity to the target, they had to know that it was going to spread throughout the world. I don't think that was the result of taking it a step too far, rather it was a result of the core strategy.
duffmanhb t1_j4i5jof wrote
That's interesting. I had no idea that it was recoded and rereleased into the wild. Could it have been Israel? It definitely doesn't sound like something the US would do. Maybe Iran after discovering it tried to repurpose it?
I was always under the impression that it got out because the original attack vector was via a USB with some boss's naked wife on their, incentivizing him to bring it into the office... Then they also brought it out
CupResponsible797 t1_j4l9n0h wrote
>I had no idea that it was recoded and rereleased into the wild. Could it have been Israel? It definitely doesn't sound like something the US would do. Maybe Iran after discovering it tried to repurpose it?
This didn't actually happen. At best there was some disagreement between the responsible nations about how aggressive the spreading functionality should be.
Viewing a single comment thread. View all comments