Wednesday, December 1, 2010

Hack and Sack

You may have heard recently that a computer worm infiltrated and seriously debilitated two Iranian nuclear facilities. I'll admit that when I first heard about this, my reaction was one of awe. The more details that come out, though, the more it becomes clear (yet again) that the real battlefields are in a virtual world; that the largest military in the world can't necessarily keep a nation from being brought to its knees.

When word first spread of the worm, the popular belief was that the creators of the worm - the "Stuxnet worm" - were those most likely to be harmed by the production of those facilities, the Israelis.  This theory was based on a word found in the worm ("Myrtus"), which may have been an intentional reference to a biblical figure who saved Israelis from the Persians. Couple this with the wide smiles sported by Israeli officials when asked about Stuxnet, and the theory didn't seem that wild. "Oh, those Jews and Persians. They'll never get along, will they?"

I actually had my own conspiracy theory. It wasn't the Israelis. It was the U.S., or the Chinese, or the Russians, and they were merely practicing on the Iranians for a bigger target.

As the worm has been studied, some new information has emerged. Check out this FoxNews article for the details (if you read one linked article in this post, read that one). I don't know about you, but that article blew me away. (By the way, yet another blow to Microsoft's security credibility. And was anyone else surprised to see a nation using Windows as the OS to control their nuclear facility?).

Now, as coordinated and precise as the attack was, I suppose it actually shouldn't be that surprising. I think it's generally understood that governments, militaries and even large corporations have divisions whose sole purpose is to poke holes in the defense of their opposition and infiltrate or destroy. Wikileaks recently let it out that it was the Chinese government that hacked Google in early 2009. There are reports of China and Russia hacking into U.S. electrical grids. Heck, in 2002 the U.S. tried to sell the Chinese a bug-ridden plane for the Chinese President. We even have our own cyber-intelligence division here at TLATL, but it mostly consists of Coovo calling up the authors of our rival blog The Lou and The Loop and pretending to be their mom and asking if they remember her maiden name because she forgot it again.

If our governments and national infrastructure aren't safe, neither are the big banks. So my question to everyone is, how scared should we be? Is it pointless to be paranoid about things out of our control, or are there any, even small, steps we can take to protect ourselves? Friend of TLATL Joel once wrote to me "Paranoia will destroy ya." True, but stories like these still make me feel a little helpless.

Hope that cheered everyone up! And if you get any calls from your mom asking for her maiden name, just tell her it's "passw0rd".

1 comment:

Ryan said...

Great post, Roller. Yeah, totally shocked they were using Windows 7 to run the facility and had usable USB ports on their machines.

Not sure how much this hurts Microsoft though as they really only need to be Dilbert proof not NSA proof.

Your larger point is a wise one, these battles are taking place at the microchip level. But China is the real deal. They're not as inept or resource poor as the Iranians.

I'm still trying to figure out how Asians type their characters on western keyboards. Meanwhile, I chuckle everytime I replay the sound of Kim Jong Il saying "Herro Hans Brix" in that one Team America movie.

No need for paranoia.... guarantee everything we type or say into a phone is 100% being recorded. We should come up with an unbreakable code based on the SLUH yearbook. Let's call Loren Peace.