05.30.15

The Lessons of Stuxnet: Never Use Microsoft Windows

Posted in Microsoft, Security, Windows at 4:26 pm by Dr. Roy Schestowitz

The NSA is playing with nukes

Missiles

Summary: Windows is sufficiently ‘NSA-compatible’ for remote compromise and physical damage (sabotage) to highly sensitive, high-risk equipment

MANY news reports from around Friday [1-13] made it abundantly clear that Stuxnet, an Israel- and US-made virus that targets Microsoft Windows, was deployed not only in Iran (which uses Windows and Microsoft Linux) but also deployed (albeit unsuccessfully) in North Korea.

It is worth noting that Stuxnet was developed not only in the US but also in Israel and much of Microsoft’s software development for ‘security’ is also done in Israel, so it might not detect Stuxnet (by design).

“Imagine the media reaction if some nation’s government tried to install viruses in nuclear facilities in the US…”News from North Korea should remind any nation with military facilities (that’s about every nation on Earth) to dodge Microsoft Windows. Turkey, for instance, reportedly moved its army to GNU/Linux and several other nations make similar moves for security reasons. In order to explain North Korea’s resistance to the infection some corporation media likes to highlight “near-complete isolation” (see below) rather than reliance on GNU/Linux. The ToryGraph (see below) calls Stuxnet a “computer virus” even through it is uniquely a Microsoft Windows virus. Imagine the media reaction if some nation’s government tried to install viruses in nuclear facilities in the US…

This is by no means defence of North Korea; it’s just that the story makes is abundantly clear that, Microsoft’s special relationship with the NSA aside, Windows is a target. Even Western governments target it. The NSA habitually said that it worried about attacks on its electric grid while hypocritically enough it is attacking nuclear facilities in other countries, never mind the risk of “blowback” or the “fallout” (pun intended) such aggressive actions may consequently bring. Pentagon would label this an “act of [cyber] war”.

Related/contextual items from the news:

  1. NSA eggheads tried to bork Nork nukes with Stuxnet. It failed – report

    The NSA tried to wreck North Korea’s nuclear weapons lab using the centrifuge-knackering malware Stuxnet, and ultimately failed, multiple intelligence sources claim.

  2. Pyongyang 1, NSA 0: U.S. Tried and Failed to Hack North Korea’s Nuclear Infrastructure

    By almost completely shutting itself off from the rest of the world, the North Korean government has denied its people and society access to the fruits of the digital communications revolution. It has also reportedly helped stymie a U.S. cyberattack on the country’s nuclear infrastructure modeled on the so-called Stuxnet virus the United States and Israel used against Iranian centrifuges.

  3. The NSA reportedly tried — but failed — to use a Stuxnet variant against North Korea

    Right around the time that the Stuxnet attack so famously sabotaged Iran’s nuclear program in 2009 and 2010, the U.S. National Security Agency reportedly was trying something similar against North Korea.

    The NSA-led U.S. effort used a version of the Stuxnet virus designed to be activated by Korean-language computer settings, but it ultimately failed to sabotage North Korea’s nuclear weapons program, according to a Friday Reuters report, which attributed the information to people familiar with the campaign.

  4. NSA tried Stuxnet cyber-attack on North Korea five years ago but failed

    The US tried to deploy a version of the Stuxnet computer virus to attack North Korea’s nuclear weapons programme five years ago but ultimately failed, according to people familiar with the covert campaign.

  5. Report: US tried Stuxnet variant on N. Korean nuke program, failed
  6. US tried to bring down North Korean missile programme with computer virus
  7. Report: U.S. failed to sabotage North Korean nuclear program with Stuxnet-twin
  8. Report: US cyberattack on North Korea was ineffective
  9. Why Did a US Cyber Attack on North Korea Fail?
  10. US Tried, Failed To Sabotage North Korea Nuclear Weapons Program With Stuxnet-Style Cyber Attack
  11. US Reportedly Launched Stuxnet Attack Against North Korea
  12. US Failed at Planting Stuxnet-Style Computer Bug in N. Korea Nuke Program
  13. US reportedly tried to destroy North Korea’s nuclear program with a Stuxnet-type virus
Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

This post is also available in Gemini over at:

gemini://gemini.techrights.org/2015/05/30/stuxnet-in-northkorea/

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New


  1. Links 4/3/2021: Pardus 19.5 is Out and Free Software Foundation Gets Consulting Grant

    Links for the day



  2. IRC Proceedings: Wednesday, March 03, 2021

    IRC logs for Wednesday, March 03, 2021



  3. The Free Software Foundation Should Re-add Richard Stallman to the Board

    Dr. Richard Stallman is missed by many who perceive him to have been wrongly treated; putting Stallman back in the Board (at the very least) would help the image of the Free Software Foundation more than the newly-announced work with Community Consulting Teams of Boston



  4. Free Software Calling

    Fewer people are willing to "put up with the shit" given by so-called 'Big Tech', seeing that it's mostly about social control rather than enablement or emancipation



  5. Meme: EPO Management Totally Gets 'Tehc'

    The bestest patent office in the whole wide world is besting the “hey hi” (AI) cutting edge; don't worry about exam and certification integrity



  6. The EPO's Software Blunders Are Inevitable Outcome of Technically Clueless Management Which Grants Illegal Patents on Software

    The "clusterfuck" which the EPO has become is negatively affecting not only EPO staff but also stakeholders, who sink into depression and sometimes anger, even fury, at great expense to their health; this is how institutions die (for a quick but short money grab, a culmination of corruption which piggybacks half a century of goodwill gestures)



  7. Links 3/3/2021: OpenSUSE Leap 15.3 Beta, GNU Denemo 2.5, and NomadBSD 1.4

    Links for the day



  8. What Free Software Organisations Can Learn From Australia's Rape Crisis

    Reprinted with permission from Daniel Pocock



  9. Microsoft Weaponises (and Further Spreads) Racism to Distract From Its Own Incompetence (and 'Five Eyes' Collusion for Back Door Access)

    Racist Microsoft is at it again; we're meant to think that China is evil for doing exactly what the United States has been doing but more importantly we're told not to blame Microsoft for shoddy code and back doors (classic blame-shifting tactics and overt distortion of facts, as we saw in the wake of SolarWinds backdoors)



  10. GNU/Linux News Sites Need to Promote Software Freedom, Not Binary and Proprietary Blobs Merely Compiled for GNU/Linux

    There has been lots of proprietary fluff in GNU/Linux 'news' sites so far this week; it merits an explanation or clarification, e.g. why we should generally reject proprietary stuff and instead promote Free/libre alternatives



  11. Links 3/3/2021: OpenSSH 8.5 and Absolute64 20210302 Released

    Links for the day



  12. IRC Proceedings: Tuesday, March 02, 2021

    IRC logs for Tuesday, March 02, 2021



  13. Links 3/3/2021: IPFire 2.25 Core Update 154, Red Hat Satellite 6.8.4, Kiwi TCMS 10.0

    Links for the day



  14. Links 2/3/2021: KDE Plasma 5.21.2, Qt 6.1 Beta, Refund of Pre-installed Windows

    Links for the day



  15. 'GatoKeeper'/IP Kat (AstraZeneca) Still Suppressing and Censoring the Public Views or Internal EPO Talks About EPO Corruption

    The suppression of comments critical of the EPO‘s administration (especially corruption scandals surrounding António Campinos and Benoît Battistelli) is a real problem; those ought not be a taboo subject in comments (where bloggers used to speak about those issues openly and regularly)



  16. Pocock on Removing Cognitive Bias Around Consent

    Reprinted with permission from Daniel Pocock



  17. IRC Proceedings: Monday, March 01, 2021

    IRC logs for Monday, March 01, 2021



  18. Links 2/3/2021: Maui 1.2.1, RSS Guard 3.9.0

    Links for the day



  19. ZDNet Really Hates Golang (Maybe Because Microsoft Does)

    The Golang programming language seems to be the target of intense FUD campaigns from sites connected to Microsoft, so it’s likely a bit of a Nemesis/endgame to Microsoft monoculture (unlike Rust, which Microsoft has already pocketed and is actively besieging to promote Microsoft monopoly and hardware monoculture)



  20. Links 1/3/2021: KStars 3.5.2, ET: Legacy 2.77, Flameshot 0.9

    Links for the day



  21. Five Years of António Campinos Coverage in Techrights (We Correctly Predicted His Presidency in March 2016)

    We've warned about António Campinos since March of 2016; well, António Campinos isn't just EPO President right now but he's also an oppressor who demonises the union of the EPO's staff



  22. In 2021 the EPO Works for Parasites Instead of Scientists (and It Cannot Even Hide That Anymore)

    Europe's second-largest institution is working for those who attack instead of create (or those who attack actual creators, with lousy and sketchy patents as ammunition)



  23. Links 1/3/2021: Manjaro ARM 21.02 and First Linux 5.12 RC Released

    Links for the day



  24. IRC Proceedings: Sunday, February 28, 2021

    IRC logs for Sunday, February 28, 2021



  25. On Gangstalking and Victim-Blaming

    Reprinted with permission from Daniel Pocock



  26. If the Web Can Be Increasingly Replaced (or Complemented) by Gemini and IPFS Etc., Then Large Monopolists Will Try to Dominate Those

    Monopolists and sociopaths won't be clapping and cheering for whatever stands a chance of replacing the Web (or Big Banks); if they ever embrace those replacements, it'll be to dominate and in turn undermine these



  27. Links 28/2/2021: Nitrux 1.3.8 and Kraft 0.96

    Links for the day



  28. Techrights Over 3 Internet Protocols and From the Command Line, Using Either Curl/Wget/Text Editor (Over WWW) or IPFS or Gemini

    A quick demo of how Techrights can be accessed without a browser, either over gemini:// or over http://



  29. The Command Line for Weather and Football Scores, Among Other Stuff

    A lot of stuff can be done from the command line and productivity (not to mention privacy) enhanced by automation and scripting over the Web (or even Gemini, as we shall show in a future video)



  30. You Know Gemini Space is Getting a Lot Bigger When You Need to Implement DDOS Protection

    Techrights is currently working on tools or programs that help detect and respond to DDOS attacks (or abusive over-consumption of pages) over gemini://


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts