11.12.13

Kaspersky: Russian Nuclear Plant Runs Windows, Gets Infected With Malware Developed by the NSA (Stuxnet)

Posted in GNU/Linux, Microsoft, Windows at 7:10 pm by Dr. Roy Schestowitz

Tsar Bomba mushroom cloud
Tsar Bomba mushroom cloud

Summary: New example of the high cost of Windows and a new example of FUD in the press, attributing an attack on SCADA to “Linux”

BY NOW, owing to leaks, people know where Stuxnet came from. Israel and the United States developed it and then used it to derail facilities in Iran. It is cyberwar, and it was started quite proactively. A lot of businesses around the world suffered from Stuxnet too, demonstrating quite clearly that the NSA’s criminal behaviour has a high price; others pay the toll, not just US taxpayers. Given the special relationship between Microsoft and the NSA, Stuxnet’s reliance on Windows is not surprising; it’s well known by now.

Putting aside the old news about Stuxnet, Kaspersky claims that Stuxnet infected a Russian nuclear plant. This is extremely dangerous because the US and Russia/USSR have been very close to nuclear war on numerous occasions in the past 30 years. A lot of people don’t know this because such material takes decades before it’s declassified.

“A lot of people don’t know this because such material takes decades before it’s declassified.”With clever phishing scams, not even strong passwords that computer scientists tend to choose can provide protection and it is no secret that Free software is penetrable due to incompetence during setup [1] or even delay in patching/maintenance (new examples in [2-8]). Underlying languages/frameworks can sometimes be the culprits [9,10], but that doesn’t mean that in practice it is easy to crack a GNU/Linux system. Evidence suggests that it is hard.

Having had Windows malware issues in space (USB sticks inside Windows), the International Space Station (ISS) recently moved to Debian GNU/Linux [1. 2]. But this weird article tells a dubious story. It says that ISS got a malware infection from Russian astronauts and then adds this sentence: “The reason is that the space station uses computer-controlled SCADA systems in order to manage various physical components of the satellite. As these systems are based on Linux, they are open to infection.”

“The problem is prevalent in proprietary software not just of Microsoft and the solution may be to simply ban the use of proprietary software.”Really?

Stuxnet malware has been targeting SCADA systems and they run Windows. We’ve sent almost a dozen E-mails back and forth to verify the facts and we are pretty sure the above is a lie. Sosumi says “the rhetoric is made as if linux is the problem [...] the whole thing is fishy [...] it’s like I said, the article is done as if linux was the problem” (it’s not).

iophk wrote: “I would think that the PR people for all the major distros would be all over that article correcting it and demanding a retraction.” He later said: “If you have any contact at Red Hat and Canonical, they might want to find some way of correcting this article [...] It makes it look like the previous Windows infections were Linux.”

Nice FUD they got there.

“Hackers”, in the mean time, are being demonised by Microsoft, which simply misuses the term [11]. The US government cannot seem to understand that relying on Windows in critical systems is a bad idea [12,13] because even fonts open a back door [14,15]. The problem is prevalent in proprietary software not just of Microsoft [16] and the solution may be to simply ban the use of proprietary software [17]. It is improperly reviewed.

Related/contextual items from the news:

  1. SSL Study Shows Most Sites Incorrectly Configured

    Black Hat research takes a deep look at SSL security and finds it lacking due to a number of common configuration issues.

  2. Ubuntu: 2014-1: OpenSSH vulnerability
  3. Gentoo: 201310-17 pmake: Insecure temporary file usage
  4. Gentoo: 201310-16 TPTEST: Arbitrary code execution
  5. Gentoo: 201310-18 GnuTLS: Multiple vulnerabilities
  6. Gentoo: 201310-19 X2Go Server: Arbitrary code execution
  7. Debian: 2786-1: icu: Multiple vulnerabilities
  8. Debian: 2787-1: roundcube: design error
  9. Is PHP Secure?

    In a classic watering hole attack, hackers compromised a well-known, respected high-traffic Website and planted malware in a bid to infect unsuspecting visitors. On Oct. 24, Google began to flag PHP.net as being a site hosting malware, i.e., potentially a watering hole.

  10. PHP.net Compromised. Served Malicious JS
  11. M$ Denigrates Hackers
  12. DHS hammering out cybersecurity planning
  13. Database hacking spree on US Army, NASA, and others costs gov’t millions

    Federal prosecutors have accused a UK man of hacking thousands of computer systems, many of them belonging to the US government, and stealing massive quantities of data that resulted in millions of dollars in damages to victims.

  14. Microsoft in a TIFF over Windows, Office bug that runs code hidden in pics
  15. Not Again! M$’s OS Executes Data In Images…

    It’s such a simple concept. Data should not be executed. Images are data. But, no, M$ does not get that and randomly executes code contained in some TIFF images. Out of the bowels of M$’s complexity comes yet another invitation to millions of bad guys to post TIFFs all over the web damaging the systems of millions of users.

  16. 38 million Adobe users hacked, not 3 million

    Adobe has revealed the massive hack it suffered a month ago was far bigger than initially reported, with attackers obtaining data on more than 38 million customer accounts.

  17. [Bruce Schneier:] Understanding the Threats in Cyberspace

    The primary difficulty of cyber security isn’t technology — it’s policy.

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New


  1. Links 27/11/2020: Systemd 247 and Cockpit 233

    Links for the day



  2. A Free Speech Deficit Harms Software Freedom

    Free software and Software Freedom cannot possibly succeed if we keep accepting or even just tolerating systematic censorship of opinionated people in our community; failing to speak out on this matter (for fear of supposedly offending someone, risking expulsion) is part of the problem — complicity by passivity



  3. Perception of Difficulty

    New poem by figosdev



  4. IRC Proceedings: Thursday, November 26, 2020

    IRC logs for Thursday, November 26, 2020



  5. Cartoon: After Gambling With Workers' Savings the EPO Can Do Real Estate

    New EPO cartoon from EPO insiders (the one on the right certainly looks a lot like António Campinos and the one on the left can be his EUIPO ‘import’ or Benoît Battistelli‘s INPI ‘import’)



  6. Free as in Freedom Should Not be Associated With Cost

    It's important to remind people that so-called 'free' services (Clown Computing, centralised spaces that 'farm' their so-called 'users') aren't really free; we need to advocate freedom or free-as-in-freedom alternatives



  7. [Meme] UPC's Pyrrhic Victory

    Contrary to what Team UPC says, what happened earlier today is hardly a breakthrough



  8. Many Thanks to Free Software, the Demise of Software Patents (in Europe and the US), and So Much More

    On a positive note we're heading into the end of November, one month before Boxing Day; we take stock of patent affairs that impact software developers



  9. Links 26/11/2020: PHP 8.0, Proxmox VE 6.3, UNIGINE 2.13

    Links for the day



  10. 29,000 Blog Posts and Recent Site Improvements

    Over 29,000 blog posts have been posted here, but more importantly we've made the site a lot more robust and resilient, accessible in more formats and protocols (while improving transparency, too)



  11. [Meme] Trump is Out. Now It's Time to Pressure the Biden Administration/Transition Team on Software Freedom Issues.

    The Biden transition is in motion and tentative appointments are underway, based on news reports (see our Daily Links); now is the time to put pressure, e.g. in the form of public backlash, to ensure it's not just another corporate presidency



  12. Boycott ZDNet Unless You Fancy Being Lied to

    ZDNet's Catalin Cimpanu continues to lead the way with misinformation and lies, basically doing whatever he was doing to land that job at ZDNet (after he had done the same elsewhere)



  13. The UPC and Unitary Patent Song

    On goes the UPC symphony, as the Unified Patent Court (UPC) is almost here, always coming "real soon!"



  14. Open Letter to the German Greens on UPC and Software Patents: Don’t Betray Your Voters and Your Promises, or You Will Regret it

    Dear Members of the German Greens in the Bundestag. By Benjamin HENRION.



  15. [Meme] One Step Away From Replacing Patent Examiners With 'Hey Hi' (AI)

    If it's not legal for 'Hey Hi' (AI) to get a patent, why should it be legal for patents to be granted by those who are invisible (and sometimes in de facto house arrest)?



  16. European Patent Office (EPO) Reduced to 'Justice Over the Telephone' and Decree by E-mail

    The EPO is trashing the EPC and everything that the Office was supposed to stand for, as it wrongly assumes demand for monopolies (typically from foreign corporations) comes before the rule of law and Europe's public interest



  17. Making Free Software Work for Users

    The latest reply to a non-developer concerned about software freedom; guest post by figosdev



  18. IRC Proceedings: Wednesday, November 25, 2020

    IRC logs for Wednesday, November 25, 2020



  19. Links 26/11/2020: AV Linux 2020.11.23 and Blender 2.91 Release

    Links for the day



  20. Links 25/11/2020: GamerOS and Biden Transition in Motion

    Links for the day



  21. An Orwellian December

    With December around the corner and states tightening the screws on the population (or employers on employees) at least we can look forward to spring



  22. The Non-Technical (or Lesser Technical) Software User That Wants Software Freedom

    Assuming that Free software should care about what users — not only developers — really want (and need) it’s important to understand how they view the current situation (with growing waves of corporate takeover and compromises, even expulsions)



  23. The European Patent Office Should be Run by Patent Examiners (Scientists), Not Politicians

    Europe would be better off (and patent quality much improved) had people with an actual grasp of science and reality were in charge of the EPO, not a money-chasing kakistocracy (which is what we have now)



  24. Member of the EPO's Boards of Appeal Explains Why VICOs (or ViCo/Video Conferences/Virtual 'Hearings') Are Not Suitable for Justice

    It's interesting to hear (or see/read) what people inside the EPO have to say about the "new normal" when they enjoy a certain level of anonymity (to avert retribution)



  25. Open Source Initiative (OSI) Co-founder Bruce Perens: Open Invention Network (OIN) is Protecting the Software Patent System From Reform and OSI Approves Faux 'Open' Licences (Openwashing)

    Richard Stallman was right about the OSI and the fake 'movement' that claims to have 'coined' the term "Open Source" (it wasn't a new term at all; it had been used in another context and the Free software community spoke of things like "Open Hardware" years earlier)



  26. IRC Proceedings: Tuesday, November 24, 2020

    IRC logs for Tuesday, November 24, 2020



  27. Making JavaScript Suck Less

    "Other than that, the first rule of JavaScript is: Do not use JavaScript. But this article is for people who break the first rule."



  28. Microsoft 'Moles' Inside WINE Project? WINE Should Bring Windows Users to GNU/Linux, Not the Other Way Around.

    The press release above (link omitted, it was pinned in several sites) is a cause for concern; after Microsoft infiltrated OSI and the Linux Foundation (both are now GitHub boosters, in effect diverting projects to Microsoft’s proprietary monopoly) it’ll be important to watch this space



  29. Links 25/11/2020: Raspberry Pi 400 With Touchscreens, Animation Framework in GTK/GNOME

    Links for the day



  30. [Meme] Things Will Get Amusing When/If EPO Proceedings Are Cancelled Due to Patent Trolls Suing the Platforms Using Software Patents (Granted by the EPO)

    The management of the EPO is so proud to be granting illegal software patents in Europe; this clear abuse of authority can come back to bite it in the rear


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts