32 comments

[ 19.6 ms ] story [ 3147 ms ] thread
It's never been confirmed this was a "U.S. - Israeli" attack, if there was any attack in the first place.
The code has been analysed and it is well known how it worked and what it does. How can it not be called an attack?
> if there was any attack in the first place.

So Stuxnet just randomly self-assembled on the Internet, to attack very specific air-gapped industrial controllers?

It evolved over billions of memory bit errors from the Code Red virus.
Well that is basically how we came into existence, right? Its not like some all powerful creator programmed our DNA. So, the same random events can happen with computer viruses.
It is orders of magnitude of orders of magnitude less likely.
It has never been confirmed it's anything but it's been extensively researched and it's pretty obvious what it was.

It's not like this highly-targeted Siemens controller worm was a cryptojacker written by a bored teenager.

Could have been a very sophisticated false flag self sabotage for no visible reason. (Not that I believe that, or think that it shouldn't be called an attack)
This is true of literally anything and therefore is not helpful to the discussion.
In the same way it was never confirmed that Israel has nuclear weapons?
Even if this happened, why would someone confirm it and how will it be confirmed? Does US or any other country confirm that they are carrying out espionage program in other parts of world?
Interesting how the whole world was in an uproar over Assange endangering lives and this gets a free pass. We should make up our minds about stuff like this, either Assange should be treated as a reporter or this reporter is endangering lives.

I hope that whoever this mole was that he/she has good life insurance and no kids. Based on this info it should be trivial to figure out who it was and even if the journalist got it wrong there will likely be repercussions against the people implicated here.

What are you trying to say here? It sounds like you're suggesting that to support investigative journalism at all, one must also support the wholesale compromise of national security secrets. But people obviously, empirically support one and not the other.
He's trying to frame the conversation in such a way that makes it seem like criticism of Assange is inherently misconstrued and misplaced, rendering it ineffectual.

He's clearly got a bone to pick and it isn't a truth bone.

The article heavily implies that the Dutch mole was executed years ago.
Not necessarily. All it says is two of their intelligence sources refused to answer the question of whether or not he was executed.

They reported Iran executed some number of people who were believed to be moles or otherwise guilty of harming the program. According to the sources, Iran doesn't seem to know with certainty if they got the right people, or if the executed individuals were merely unwitting carriers who got infected.

It's also possible they didn't care so much and considered this sort of incompetence/negligence (of course, not such a fair accusation given their adversaries) a capital offense. They may have executed everyone involved, wittingly or not, to serve as a deterrent and increase future OPSEC. Many it's just a bonus for them if a mole also got caught in the net.

This is kind of like a game theory puzzle: if he was executed and you say he was, you give them valuable information. Same if he wasn't and you say he wasn't. You could lie, but Iran's intelligence reading this article may suspect you'll lie. Or they may think it's a double bluff or something.

The safest move to cause the least damage and give Iran as little info as possible may be to say the mole may or may not have been executed. There's also the possibility that the sources fuzzed the story a bit: there may have been more than one mole, or, less likely, zero moles. Intelligence is always cat-and-mouse mind games, with fact and fiction often intermixed carefully.

Your little game theory puzzle actually just goes to show that 'intelligence' is mostly FUD.

There was a great article posted the other day on HN suggesting that MI5 had not, in it's entire history during the cold war, unearthed any concrete evidence of, or caught any, Russian spies (save for two instances uncovered incidentally by local police, and one who was a royal and hence never charged).

But none of that mattered. The appearance of subterfuge and counter, is much more important than any actual success. And as you suggested, there needn't have been any mole at all, for the events to play out exactly as they did.

no one looks for a corpse, so it's easy to say he was executed, it will be safer for the guy. lots of intelligence people and also people working in specialist groups of army have a need to protect their identities etc. death is a good cover. if there is no proof he died, then likely he didn't. implying things doesn't make them true necessarily.
There was a lawsuit about the publication of this book a few weeks ago. The Dutch intelligence service had redacted parts of it, if which they said it endangered lives. The journalist thought they redacted too much, the court disagreed. So I think the info that is left is relatively safe.
assange endangered lives of western people, western government condemned that, as they try to protect western people. do you have any point to your little story or are you just angry with the world? if its trivial to found out who this person was, please enlighten us to his identity. because i'm pretty sure you won't find it so trivial....
Co author is Kim Zetter the Wired journalist who has been covering Stuxnet for years and wrote a great book on it “Countdown to Zero Day”.
For those interested in this topic but not interested enough to read 450 pages about it, I would encourage you to check out the book and only read the chapters that seem interesting.

While the book is somewhat chronological and story-driven, there's still a ton of interesting info packed into it that I think a lot of HN readers would love.

>Germany contributed technical specifications and knowledge about the industrial control systems made by the German firm Siemens that were used in the Iranian plant to control the spinning centrifuges

may be it is all just a smoke screen and parallel construction, and the virus was just included in the next patch update :) Wouldn't be the first time. The parallel construction is obviously needed to make Iranians and the likes to continue hunting for moles (sucks to be executed as a mole for an USB drive that you have no idea about found in your house), tightening security and wasting their money/resources in all the other ways while still continuing to buy Siemens/etc.

When has a vendor previously put a virus in a patch update?