EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

09.24.10

Who Needs Windows Back Doors When It’s So Insecure?

Posted in Asia, Microsoft, Security, Windows at 3:11 pm by Dr. Roy Schestowitz

Mohammad Mosaddeq

Summary: Stuxnet is allegedly part of a plan to infect computer systems in Iran for political reasons, according to an increasing body of evidence

SO, it’s starting to look like Stuxnet [1, 2, 3, 4, 5, 6, 7, 8, 9, 10] was part of a plot to derail Iran’s nuclear programme [1, 2]. Stuxnet makes use of zero-day Windows vulnerabilities rather than back doors. Will governments finally realise that foreign governments can use Windows against them? Software freedom is essential to one’s autonomy.

The debate about Stuxnet and Iran is only starting. So far we’ve come across the following reports (there are many more):

i. Advanced Computer Worm Was Specifically Designed to Attack Iranian Nuclear Reactor, Experts Say

The sophisticated computer worm called Stuxnet, which has been targeting industrial operations around the world, was likely designed to take out Iran’s new Bushehr nuclear reactor, cybersecurity experts say. It’s the first known cyber-super-weapon designed to destroy a real-world target, reports the Christian Science Monitor.

Researchers studying the worm say it was built by an advanced attacker with plentiful resources — possibly a nation-state. Initially, experts thought it was designed for industrial espionage, but upon examining its code, they now think it was built for sabotage.

ii. Synchronize Your OpenOffice Documents With Google Docs, Zoho And WebDAV Servers Using Ooo2gd

iii. Microsoft confirms it missed Stuxnet print spooler ‘zero-day’

Contrary to reports, a bug that Microsoft patched last week had been publicly discussed a year and a half ago, security researchers said this week.

Microsoft confirmed Wednesday that it overlooked the vulnerability when it was revealed last year.

The vulnerability in Windows Print Spooler service was one of four exploited by Stuxnet, a worm that some have suggested was crafted to sabotage an Iranian nuclear reactor.

iv. Stuxnet virus may be aimed at Iran nuclear reactor

A highly sophisticated computer worm that has spread through Iran, Indonesia and India was built to destroy operations at one target: possibly Iran’s Bushehr nuclear reactor.

That’s the emerging consensus of security experts who have examined the Stuxnet worm. In recent weeks, they’ve broken the cryptographic code behind the software and taken a look at how the worm operates in test environments. Researchers studying the worm all agree that Stuxnet was built by a very sophisticated and capable attacker, possibly a nation state, and it was designed to destroy something big.

[...]

One of the things that Langner discovered is that when Stuxnet finally identifies its target, it makes changes to a piece of Siemens code called Organisational Block 35. This Siemens component monitors critical factory operations, things that need a response within 100 milliseconds. By messing with Operational Block 35, Stuxnet could easily cause a refinery’s centrifuge to malfunction, but it could be used to hit other targets too, Byres said. “The only thing I can say is that it is something designed to go bang,” he said.

Whoever created Stuxnet developed four previously unknown zero-day attacks and a peer-to-peer communications system, compromised digital certificates belonging to Realtek Semiconductor and JMicron Technology, and displayed extensive knowledge of industrial systems. This is not something that your run-of-the-mill hacker can pull off. Many security researchers think that it would take the resources of a nation state to accomplish.

[...]

Now that the Stuxnet attack is public, the industrial control systems industry has come of age in an uncomfortable way. And clearly it will have more things to worry about. “The problem is not Stuxnet. Stuxnet is history,” said Langner. “The problem is the next generation of malware that will follow.”

Any politically-motived Windows worm shows that technology and politics cannot be separated and they come at a high cost to the public (a side effect). Some people point fingers at Israeli hackers.

Malware believed to be targeting Iran’s Bushehr nuclear power plant may have been created by Israeli hackers

[...]

However Graham Cluley, senior consultant with the online security company Sophos, warned against jumping to conclusions about the target of the attack, saying “sensationalist” headlines were “a worry”. Clulely is wary of reports linking Stuxnet with Israel: “It’s very hard to prove 100% who created a piece of malware, unless you are able to gather evidence from the computer they created it on – or if someone admits it, of course.”

But he said that its characteristics did not suggest a lone group. “I think we need to be careful about pointing fingers without proof, and I think it’s more appropriate – if true – to call this a state-sponsored cyber attack rather than cyber terrorism.”

Stuxnet works by exploiting previously unknown security holes in Microsoft’s Windows operating system. It then seeks out a component called Simatic WinCC, manufactured by Siemens, which controls critical factory operations. The malware even uses a stolen cryptographic key belonging to the Taiwanese semiconductor manufacturer RealTek to validate itself in high-security factory systems.

Should the whole world be flooded with Windows worms just because of political altercations of few nations? Should a better operating system like GNU/Linux be used to mitigate international threats. When does the cyber threat become greater than nuclear threats in an age when everything from food production to energy extraction [1, 2] and travel depends on connected computers? Without energy and transportation, food cannot be grown, cultivated, and delivered; that is where the most fundamental needs can or cannot be met, especially at times of natural disaster or war, so leaving one’s critical systems (that’s almost any system) under Microsoft’s reign is a strategic blunder. Proprietary software is subjected to the sovereignty of its sole maker.

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New


  1. 'Best' of Both Worlds: GNU/Linux Freedom + Malware With Keyloggers and DRM

    Running a Microsoft-controlled GNU/Linux instance under Vista 10 ("Windows Subsystem for Linux") in the age of virtual machines, dual boot and containers makes as much sense as chopping some carrots to go with the veal meal to appease vegetarian diners



  2. First They Bribe the Employer, Media Lynch Mobs May Follow

    The 'cancel culture' lynch mobs, which leverage social causes (or marginalised groups), remain a convenient means by which to oust one's political/business opposition; but money too is a massive contributing factor and the more one has of it, the easier it is to control media narrative and subversive focus



  3. Upcoming Series Teaser: The Bribery Operation of William Henry Gates III

    Bribery goes a very long way when it comes to the megalomaniac who pays the media to portray him as the world's most generous person



  4. Windows Ransomware Must Not be Unspeakable When People Die in Large Numbers Due to That (and Windows Has Intentional Back Doors)

    Loss of electronic patient records, ransom and downtime among the severe consequences of deploying Microsoft inside hospitals; yet the media rarely names the real culprit (manslaughter charges theoretically possible) and nobody gets punished except those who offer real solutions



  5. IRC Proceedings: Saturday, May 30, 2020

    IRC logs for Saturday, May 30, 2020



  6. Burning the House That Richard Stallman (RMS) Built: An Open Letter to GNU Maintainers Who Opposed RMS

    An open letter to people who petitioned RMS to step down and who outsource GNU projects to Microsoft (GitHub)



  7. Links 30/5/2020: Godot Editor Under Web Browsers, Alpine Linux 3.12.0 and EasyOS 2.3

    Links for the day



  8. EPO's Illegal Patents and Massive Corruption Go Unnoticed by Corporate Media and Sites That Cover Patent News

    Very major corruption scandals still emerge in Europe's second-largest institution and illegal patents get granted as well as promoted; somehow, perhaps miraculously, this no longer seems to bother anybody in the media (corruption and radical policies have been gradually 'normalised')



  9. Never Mind If GNU/Linux Works Better Inside Hospitals and Free Software Not Only Safer But Vastly More Efficient...

    With lives on the line one might expect hospitals to choose what's most secure and generally works best; but in practice there seems to be a leaning towards what bribes best



  10. Sick Alexander Ramsey is Using a Public Health Crisis to Lie About the Unitary Patent, Whose Fall Made Him Redundant and/or Obsolete

    Weaponised media continues to manufacture utterly ridiculous puff pieces for Team UPC, containing intentional lies from beginning to end



  11. IRC Proceedings: Friday, May 29, 2020

    IRC logs for Friday, May 29, 2020



  12. They Came, They Saw, He Died

    Microsoft is an inherently sociopathic company; today's story of AppGet is an important reminder that Microsoft has not changed and isn't changing (Maui is another week-old example of trademark-hijacking tactics by Microsoft)



  13. Microsoft-Connected CloudGuru Doesn't Care About GNU/Linux and Now It's Gradually Killing the BSD/Linux-Centric Jupiter Broadcasting (Bought by Linux Academy)

    Assuming Docker is being 'killed' by Microsoft (or at least hijacked to push Windows, Azure and so on) while the GitHub-hosted (Microsoft) CloudGuru, whose co-founder comes from Microsoft, ‘finishes the job’ with Linux Academy and its assets, it’s time to take stock of a pattern/trend that ruins the media too



  14. What Happened to Docker is a Cautionary Tale About the Not-So-New Microsoft

    It’s hardly shocking that Docker collapsed (mass-scale layoffs) after the company had gotten close to Microsoft and got rid of its very own founder (a Red Hat veteran) while the software is being killed off/co-opted by Microsoft (all over the news this week; we’ve omitted links by intention as it’s only puff pieces, no investigative journalism anywhere); we only ask one thing: is anyone paying attention and, if so, what are the lessons learned?



  15. If You Want to Support and Follow Us 'Properly', Really Simple Syndication (RSS) is Most Reliable and Robust to Censorship

    Our longstanding position on social control media (we reject it and don't participate in it) is only proven ever more justified now that the mere idea of fact-checking is seen as controversial if not illegal



  16. Links 29/5/2020: Genode OS 20.05 and FSF Video Conferencing Service

    Links for the day



  17. IRC Proceedings: Thursday, May 28, 2020

    IRC logs for Thursday, May 28, 2020



  18. Weaponised Media Promoting an Illegal Patent System (UPC), Exploiting Major Pandemic in the Process

    The whole 'unitary' scam/ploy (merely a Trojan horse for litigation and low-quality/invalid patents) is being promoted by Thierry Breton as EU Internal Market Commissioner (in spite of illegalities and constitutional issues), merely reinforcing the view that the EU is rather complicit in the abuses perpetrated by Team Battistelli; the media in the pockets of oligarchs and litigation firms (fronting for these oligarchs) plays along, as usual



  19. Links 28/5/2020: OpenSSH 8.3, New Mesa Release, Raspberry Pi 4 News, Fedora 32 Elections

    Links for the day



  20. The EPO Became a Very Radical Institution

    Projection tactics are doomed to say more about the people who utilise them than about anybody else; the EPO has become so autocratic and corrupt that corruption is seen as normal and workers who explain this corruption are framed as "irrational" or "crazy" or "radical"



  21. IRC Proceedings: Wednesday, May 27, 2020

    IRC logs for Wednesday, May 27, 2020



  22. Allegations That Microsoft Will Ruin Besieged Clinics and Hospitals to Retaliate Against Those Who Name the Culprit

    With a broader picture coming into view, as per the above index, we're starting to wrap up the series while issuing a call for more stories and eyewitness testimonies, exposing the nature of attacks on hospitals (those almost always target Microsoft and others' proprietary software, which is technically unfit for purpose)



  23. Microsoft Has Ideas...

    Based on the pattern of media coverage, composed by Microsoft MVPs and Microsoft-affiliated blogs/sites, confusing the public about the meaning of GNU/Linux is reminiscent of an "Extend" phase



  24. ZDNet Proves Our Point by Doing Not a Single Article About Linux (RC7), Only About Linus and Windows Clickbait Junk

    It seems abundantly clear that nobody wants to cover the actual news about Linux and instead it’s all about which PC Linus Torvalds is using (gossip/tabloid); ZDNet‘s latest two articles are an example of this…



  25. UPC Lies That Make One Laugh...

    IP Kat and Bristows (overlaps exist) are still pretending that the UPC is coming because reality doesn’t seem to matter anymore, only self-serving agenda



  26. Canonical Continues to Help Promote Windows Instead of GNU/Linux or Ubuntu

    Thrice in the past week alone Canonical used the official “Ubuntu Blog” to help Microsoft instead of GNU/Linux and it is part of a disturbing trend which lends credibility to jokes or rumours about a Microsoft takeover; it's not like many people use this thing, either (Canonical helps Microsoft shore up a dying/languishing EEE attempt)



  27. Links 27/5/2020: CoreOS Container Linux Reaches Its End-Of-Life, 2020 GNOME Foundation Elections Coming

    Links for the day



  28. IRC Proceedings: Tuesday, May 26, 2020

    IRC logs for Tuesday, May 26, 2020



  29. GNEW Seedlings vs. Free Software Deforestation

    “The idea of the GNEW Project really is about keeping the goals of the GNU Project alive — hopefully, they won’t destroy or co-opt too much of the GNU Project, that people like the Hyperbola devs can’t fix it with BSD.”



  30. Joi Ito Already Admitted on the Record That Bill Gates Had Paid MIT Through Jeffrey Epstein

    An important exhibit for the accurate historical record (because MIT has been trying to deny truth itself)


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts