06.05.12
The United States and Israel Use Microsoft Windows for Cyberwar With Collateral Damage
Coup OS
Summary: Confirmation that Stuxnet was created by bureaucrats for their political purposes comes from sources with special government relationships
TECHRIGHTS wrote about Stuxnet many times before, e.g.:
- Iran Shows the Downside of Using Proprietary Software
- Ralph Langner Says Windows Malware Possibly Designed to Derail Iran’s Nuclear Programme
- Windows Viruses Can be Politically Motivated Sometimes
- Who Needs Windows Back Doors When It’s So Insecure?
- Windows Insecurity Becomes a Political Issue
- Windows, Stuxnet, and Public Stoning
- Stuxnet Grows Beyond Siemens-Windows Infections
- Has BP Already Abandoned Windows?
- Reports: Apple to Charge for (Security) Updates
- Windows Viruses Can be Politically Motivated Sometimes
- New Flaw in Windows Facilitates More DDOS Attacks
- Siemens is Bad for Industry, Partly Due to Microsoft
- Microsoft Security Issues in The British Press, Vista and Vista 7 No Panacea
- Microsoft’s Negligence in Patching (Worst Amongst All Companies) to Blame for Stuxnet
- Microsoft Software: a Darwin Test for Incompetence
- Bad September for Microsoft Security, Symantec Buyout Rumours
- Microsoft Claims Credit for Failing in Security
- Many Windows Servers Being Abandoned; Minnesota Goes the Opposite Direction by Giving Microsoft Its Data
- Windows Users Still Under Attack From Stuxnet, Halo, and Zeus
- Security Propaganda From Microsoft: Villains Become Heroes
- Security Problems in iOS and Windows
- Eye on Security: BBC Propaganda, Rootkits, and Stuxnet in Iran’s Nuclear Facilities
- Eye on Security: ClamAV Says Windows is a Virus, Microsoft Compromises Mac OS X, and Stuxnet Runs Wild
- Windows Kernel Vulnerability for Thanksgiving, Insecurity Used for Surveillance Again
- Cablegate Reveals Government Requesting Access to Microsoft Data, Kill Switches
- Use Microsoft Windows, Get Assassinated
This whole fiasco has been a good advocacy tool for GNU/Linux and software freedom. Security is a matter of national security. It is now confirmed that governments themselves used proprietary software from Microsoft to impose subversive will upon others. To quote:
In 2011, the US government rolled out its “International Strategy for Cyberspace,” which reminded us that “interconnected networks link nations more closely, so an attack on one nation’s networks may have impact far beyond its borders.” An in-depth report today from the New York Times confirms the truth of that statement as it finally lays bare the history and development of the Stuxnet virus—and how it accidentally escaped from the Iranian nuclear facility that was its target.
Here is another take on the subject:
Now, a stunning article in this morning’s New York Times recounts in surprising detail the origins of the cyber weaponry development and deployment program – code named Olympic Games – launched under President George W. Bush, and continued under the administration of Barack Obama. The article is based on a book to be published by Crowne on Tuesday, titled Confront and Conceal: Obama’s Secret Wars and Surprising Use of American Power,” to be published by Crown on Tuesday.
For those that have followed the Stuxnet saga over the years, the article will answer some of the most intriguing questions that have arisen, including the following:
* Who was in charge? According to the article, the Stuxnet project was a U.S. initiative, rather than an Israeli-led mission. The reason the Israeli’s were invited to the table was to encourage them to rely on cyber attacks rather than physical attacks in order to slow down Iranian nuclear advances.
* How did Stuxnet work? The worm was based on information obtained from an initial “beacon” penetration, which then mapped and broadcast complete Natanz facility computer/centrifuge control designs to the software’s handlers. Stuxnet was then installed on to the air gapped system via the usual network vulnerability – a USB port, via an infected thumb drive.
* How did Stuxnet escape into the wild? A programming error to a module of uncertain authorship (e.g., U.S. or Israeli) allowed Stuxnet to migrate onto an engineer’s laptop. When that laptop was later connected to the Internet, it moved out and found other Siemens systems to infect.
The Goodbye Microsoft Web site had another take on it. The whole accusation that such allegations were a mere “conspiracy theory” is no more. Now it’s a fact. While the FBI conveniently names Russian people “cyber criminals” it is actually the US government that arguably engages in cyber crime, with external costs to the private sector, too. It’s all just a matter of perspective. Those who control the source code control the users.
“I don’t have / won’t have use of WMA or Flash,” writes one reader, “but this segment of this NPR show supposedly has some critique of Microsoft as being completely insecure… I got that 2nd/3rd hand… I have contacted them to complain about Flash / WMA and asked that they use a universal format instead… It’s buried in the site, but there is a link for the MP3… It was a disappointing set of interviews. None even touched on the unique vulnerability of Microsoft products.”
Notice how all the latest Stuxnet coverage hardly ever mentions Microsoft or Windows. It’s criminally poor journalism. █
