[HN Gopher] Stuxnet is embarrassing, not amazing (2011)
___________________________________________________________________
Stuxnet is embarrassing, not amazing (2011)
Author : rdpintqogeogsaa
Score : 98 points
Date : 2022-06-12 12:30 UTC (10 hours ago)
(HTM) web link (rdist.root.org)
(TXT) w3m dump (rdist.root.org)
| raldi wrote:
| What did Bulgarian teenagers do back in the early 90's? The link
| is dead.
| jwilk wrote:
| https://web.archive.org/web/20030505063801/http://vx.netlux....
| [deleted]
| axg11 wrote:
| Hiding and obfuscating the payload is pointless in this case. The
| author doesn't seem to understand the reasons why a group would
| go through the trouble of obfuscation or other similar
| techniques.
|
| Stuxnet was a one-time operation with a very limited opportunity
| window. Target systems were airgapped. A large part of the
| success of the operation relied on a human penetrating that air
| gap. A successful operation would be attributed to either Israel
| or USA immediately. What is the benefit of obfuscation?
| sokoloff wrote:
| Exactly. All that matters is that the scoreboard reads "Stuxnet
| - 1; Iran - 0 (Final)"
| hotpotamus wrote:
| Considering that Iran went on to develop uranium enrichment
| capabilities it hardly seems like Stuxnet was a final win,
| though it certainly delayed them.
| mike_d wrote:
| In World War 2 the British developed "exploding rats." The
| idea was to pack rats with explosives and leave them near
| boilers. The person shoveling fuel would eventually find
| the rat and shovel it in to the furnace to dispose of it -
| where a relatively small explosion would cause the pressure
| vessel to rupture and take out an entire train or
| industrial facility.
|
| A single shipment of 100 explosive rats was sent across the
| border and was intercepted. What resulted was a massive
| amount of German energy spent on trying to detect rat
| shipments and having to consider exploding rats in their
| threat model for every further operation.
|
| Stuxnet not only delayed the the Iranian nuclear efforts,
| it made everything a hundred times more complex going
| forward because they realized not even air gapped computers
| were safe. Not to mention they no longer trust any of their
| monitoring or instrumentation, which Stuxnet made a point
| of faking... imagine trying to debug even the smallest
| issue when you don't trust a single piece of data.
| cronix wrote:
| Delaying has always been the point, whether it's Stuxnet or
| technology export bans or assassinating 4 scientists in the
| streets working on the program.
| twbarr wrote:
| The damage goes way beyond delaying them one time, it also
| makes it way harder to use COTS hardware in the future.
| It's going to be a lot harder to get work done when you
| can't just buy a computer off Amazon.
| axg11 wrote:
| Long term effects of Stuxnet are unclear. In the short
| term, it was a huge win in delaying the programme and
| sending a message that even air gapped systems are at risk.
| In the long term, Stuxnet put the programme and every
| adversary on notice that they should increase focus on
| security practices.
| spacemanmatt wrote:
| Yeah, effective trumps every possible hindsight criticism.
| gnuvince wrote:
| Yeah, the author of the article sounds like a teenager/young
| adult who seems unable to evaluate objects along multiple
| dimensions.
| [deleted]
| night-rider wrote:
| Exactly. Nothing wrong with going for a bunch of low hanging
| fruit in an attack. If the simple stuff doesn't work you need
| to do obfuscation and have good OPSEC
| px43 wrote:
| Yeah, the author definitely doesn't really have a clue what the
| requirements are for various forms of intelligence operation.
|
| It should be noted, however, that there apparently was a
| significant amount of animosity from the NSA towards unit 8200
| for "turning up the volume" on the payload. Usually NSA really
| really really doesn't like catching attribution for stuff, and
| Mossad is more known for trying to send a message with obvious
| attributions (motorcycle assassinations etc). It was supposedly
| delivered from TAO to 8200 as a very covert weapon, and 8200
| stripped off a bunch of the limitations in order to increase
| the odds of successfully completing the mission.
|
| I'm not actually referencing the Wikipedia article, so I don't
| know if what I'm saying is reflected in there, but it's a good
| read either way:
| https://en.wikipedia.org/wiki/Operation_Olympic_Games
| mike_d wrote:
| Stuxnet was assembled from a standard implant framework that
| is shared across "Five Eyes" countries. Everyone writes
| modules of various types that implement a standard API and
| share them across teams. For example, if the Australians need
| to compromise a diplomatic machine in Singapore, the UK may
| have a module already written a keylogger that hooks Pinyin
| (software for typing in Mandarin).
|
| When the Israeli's pushed it to 11 they brought down a ton of
| scrutiny on the framework as a whole. Which is why people
| started discovering links to other sophisticated malware
| families - like Kaspersky's discovery that Stuxnet and Flame
| used the same LNK vulnerability which was not known to the
| public at the time. The "QWERTY" keylogger in the Snowden
| leaks was identified as part of the Regin malware family.
|
| They effectively gave every nation on the planet a trail of
| breadcrumbs to either find western espionage tools, or
| strongly attribute tools they had previously found.
|
| This also refutes most of the articles points, they _could_
| have done all these things but SOP is to do the least amount
| of shady shit to get the job done. Being extra cool guy just
| makes it more likely to trigger an anti-virus system that
| detects a specific trick.
| DisjointedHunt wrote:
| Exactly. The cost of failure was deemed greater than the cost
| of success with attribution. It's just the way covert ops
| works.
|
| If you asked the leaders of this op, in retrospect, if they
| were starting off from scratch, would they accept the result we
| saw where Irans nuclear enrichment capabilities were delayed
| long enough for more information about their secret work to be
| known with more certainty. . .all of them would take it in a
| heartbeat.
| bee_rider wrote:
| I'm not in the field, so it is definitely possible that my way
| of looking at it is just completely wrong-headed, but -- what
| about repeating the attack? If the program had remained hidden,
| maybe they could re-use some parts? Also, is it possible that
| other parties (badguys) gained some capability by analyzing the
| program?
| axg11 wrote:
| How could it remain hidden? The programme heads would think
| it was an accident? This was a devastating setback to the
| entire programme. There would surely be an investigation to
| ensure a repeat could not happen.
| ncmncm wrote:
| They could have used it on somebody else. Iran is not going
| to brag about having been hacked.
| 2Gkashmiri wrote:
| So imagine the scenario if iran made stuxnrt against Israeli
| nuclear facilities let alone american ones.
|
| Imagine the outrage "how dare you" and "attack on the
| constitution and national integrity of the country" and "causus
| belli" among other things but its being made as an achievement.
| Isn't this american propaganda?
| zen_1 wrote:
| hatware wrote:
| 95% of politics is American propaganda.
| emkoemko wrote:
| this ain't as bad as how many scientists Israel assassinates in
| Iran, if Iran tried doing the same ....
| fortran77 wrote:
| Iran tries to do the same at least once a week. For example:
|
| https://www.i24news.tv/en/news/middle-east/levant-
| turkey/165...
|
| Of course you know this.
| emkoemko wrote:
| opened that link......... how is a response the same?
|
| "imminent" threat after the killing of a senior Islamic
| Revolutionary Guards Corps (IRGC) officer attributed to
| Israel's national intelligence agency, Mossad.
| zen_1 wrote:
| For anyone else unfamiliar with that website:
|
| >i24NEWS is an Israeli-based international 24-hour news and
| current affairs television channel located in Jaffa Port,
| Tel Aviv, Israel.
| shadowgovt wrote:
| Of course. From a point of view sympathetic to Iran's self-
| defense and militarization interests, stuxnet is an attack on
| national sovereignty.
|
| That having been said, if Iranian agents were able to conduct a
| similar operation in the US on a US weapons-grade enrichment
| program, my personal opinion, as somebody categorically in
| favor of nuclear non-proliferation and long-term disarmament,
| would be "Well done, point to your team."
| kcb wrote:
| Yea no foreign states ever attack/hack American facilities. /s
| [deleted]
| xwdv wrote:
| The context of this article makes more since when you realize the
| author is an Iranian sympathizer.
| fortran77 wrote:
| Agreed.
| oblak wrote:
| What does that even mean?
| remflight wrote:
| kerakaali wrote:
| [deleted]
| wepple wrote:
| The idea of "secure triggers" seems like it wouldn't work here.
| Your options are:
|
| - have a large enough set of input parameters that it's
| infeasible to guess-attack them, but risk even just a single
| parameter not being correct in your target system and therefore
| your payload never executed (completely undermining the entire
| operation)
|
| - your key space has enough variability input to prevent the
| above, making it easy to guess or brute-force, and revealing the
| payload trivially.
|
| Also, it would either way be easy for your target to reverse
| because they have full access to the target parameters.
| irobeth wrote:
| What you're describing is the Gauss payload:
| https://securelist.com/gauss-abnormal-distribution/36620/
| draw_down wrote:
| Well, I thought it was pretty impressive. Maybe I'm just a rube
| though.
|
| Also, with this encryption based approach, at some point the code
| needs to run on the systems it targets. So if someone is affected
| by your payload, by definition they can observe a key that
| unlocks the payload.
| zmgsabst wrote:
| > It does not use virtual machine-based obfuscation, novel
| techniques for anti-debugging, or anything else to make it
| different from the hundreds of malware samples found every day.
|
| Okay? ... simplicity is a virtue.
|
| They also addressed that, to where we don't know what most of
| their malware even does:
|
| >> The name originated from the group's extensive use of
| encryption. By 2015, Kaspersky documented 500 malware infections
| by the group in at least 42 countries, while acknowledging that
| the actual number could be in the tens of thousands due to its
| self-terminating protocol.
|
| > The longer they remained undetected, the more systems that
| could be attacked and the longer Stuxnet could continue evolving
| as a deployment platform for follow-on worms.
|
| Stuxnet wasn't meant as a long term penetration: they hit a
| specific target with a one-time cyber weapon.
|
| For reference, when their tools leaked in 2016, exploits from
| 2013 were still zero-days.
|
| >> In August 2016, a hacking group calling itself "The Shadow
| Brokers" announced that it had stolen malware code from the
| Equation Group. [...] The most recent dates of the stolen files
| are from June 2013, thus prompting Edward Snowden to speculate
| that a likely lockdown resulting from his leak of the NSA's
| global and domestic surveillance efforts stopped The Shadow
| Brokers' breach of the Equation Group.
|
| Source:
|
| https://en.wikipedia.org/wiki/Equation_Group
| [deleted]
| motohagiography wrote:
| My impression at the time was that the code was developed by
| separate teams who did not necessarily know what they were
| working on, and then integrated by someone cleared for at least
| part of the real operation. I speculated that the people
| repsonsible for deploying it would have been in the tactical area
| of humint agency that was more indexed on direct outcomes than
| using techniques _any_ more sophisticated than were strictly
| necessary to accomplish their specific objective, as why risk or
| waste the advantage of shipping something with additional
| tradecraft baked into it?
|
| I remember thinking they could have at least used hashes of
| registry entries to detect the modules they were looking for if
| they wanted to protect the identity of target, but then again,
| the processor load of the hashing operations would have been a
| significant IoC. Stuxnet was a straight tactical hack to solve a
| specific problem, which was to delay that nuclear program. It was
| not just a threat or demonstration of capability to serve as a
| deterrent.
|
| An example of a demonstration of capability was the silk road
| arrest, where the FBI mainly used it as a signal to create
| uncertainty about the absolute security of Tor hidden services,
| so that people understood they did not have impunity. They didn't
| break tor, but they showed tor wouldn't protect you if they
| wanted you. Stuxnet wasn't about demonstrating that they could
| get at you, it was to delay the nuclear program to give time to
| negotiations and potential outcomes other than iran achieving a
| weapons program.
|
| What we call 'cyber' now is in support of variously tactical and
| strategic objectives, and while the criticisms of the code are
| valid, it's worth evaluating the tools in that higher level more
| abstract context as well.
| jwilk wrote:
| What does "IoC" mean?
| devinmcafee wrote:
| Indicator of compromise
|
| https://en.m.wikipedia.org/wiki/Indicator_of_compromise
| GordonS wrote:
| Indicator of Compromise.
| mypastself wrote:
| As far as I recall from Kim Zetter's book _Countdown to Zero
| Day_ , the development work was indeed likely split into
| several individual sections: the actual payload targeting
| specific models of programmable controllers was made with
| extreme care and attention, and the worm portion didn't need to
| be.
|
| So to offer an imperfect analogy, the author of this article is
| addressing how lame Google's UI is, discounting the algorithm
| underpinning the search engine.
|
| (I actually wouldn't recommend Zetter's book. It's fairly dull,
| with several chapters enumerating every software failure of
| U.S. critical infrastructure she found during research. For
| once, the movie was better.)
| dc-programmer wrote:
| That part of the book stuck with me because she said the NSA
| (and friends?) gave the most important tasks to the A team
| and the rest to the B team just like a software company
| would. Ever since I've been conscious about what "team" I am
| assigned to at my own private sector job.
|
| I didn't know there was a movie, but I found the book mostly
| boring too. She dived deep(ish) technically in three areas:
| malware, nuclear centrifuges, and policy.
|
| Who exactly is that for? I enjoyed the long description of
| the program itself but I doubt most non-tech people would.
| The scientific background on centrifuges was painfully dry to
| me. By far the best part of the book was the human interest
| stories about the security researchers who found and reverse-
| engineered Stuxnet.
| mypastself wrote:
| Yeah, the A-team/B-team split is how I remember it, and it
| definitely made sense for this particular project (and
| other projects most of us are involved with on a daily
| basis).
|
| Alex Gibney did the adaptation, and while it's necessarily
| far more superficial than the book, it's much more
| engaging. It's also nice to put faces to some of the names.
|
| https://m.imdb.com/title/tt5446858/
| lrhegeba wrote:
| "Who exactly is that for?" is the fitting question
| separating an average from a good writer. Average writers
| often deliver "look how much work i did", resulting in a
| lot of unnecessary fillers and boredom. Good writers
| contemplated who they are writing for and edit accordingly.
| As a reader i appreciate it when my time is respected. Of
| course YMMV, so not an easy problem to solve as a writer.
| dc-programmer wrote:
| That's a heuristic I would buy.
|
| The charitable interpretation is that she wanted to write
| "The Book" on Stuxnet. But it seems like a weird thing
| for a journalist to attempt. It's like if Carreyrou spent
| 100 pages describing micro-fluid physics in Bad Blood.
| dmix wrote:
| > It does not use virtual machine-based obfuscation, novel
| techniques for anti-debugging, or anything else to make it
| different from the hundreds of malware samples found every day.
|
| Being just like hundreds of other malware seems to be a pretty
| good idea. Blending in is a big part of spy tradecraft.
| jesuspiece wrote:
| Low effort article here. Author clearly lacks a grasp on the
| point/woes of obfuscating payloads
| stavros wrote:
| This article seems like a lot of "Stuxnet didn't do enough to
| hide", but the author misses the fact that it didn't _need_ to
| hide, judging from the fact that it worked.
|
| If it's stupid but it works, it's not stupid. The author is
| missing the point by lambasting Stuxnet for not having a feature
| it didn't need.
| itsoktocry wrote:
| > _The author is missing the point by lambasting Stuxnet for
| not having a feature it didn 't need._
|
| Indeed. It's my understanding that to this day we don't
| _officially_ know who built /launched it. Mission accomplished?
| staticassertion wrote:
| It's not official but it's irrelevant - no one is going to
| take the US to court over it, which means the only thing that
| matters is that everyone knows who did it, and they do.
| TacticalCoder wrote:
| If Stuxnet was made to stop Iran from getting nuclear weapons,
| here's a headline from _today_ (which may btw be the reason why
| articles on Stuxnet are reappearing now):
|
| _" Iran is closer than ever to a nuclear weapon as Biden runs
| out of options"_.
| emkoemko wrote:
| maybe the USA should of stayed in the deal that prevented this
| from happening?
| tyingq wrote:
| You could read that as "Stuxnet set Iran back approximately 10
| years".
| cokeandpepsi wrote:
| It also helped in negotiations, if we didn't withdraw from
| JCOPA that headline wouldn't be the same
| spacemanmatt wrote:
| I would also read something into U.N. monitoring which they
| recently ejected.
| aaronbrethorst wrote:
| Gee, I wonder why Iran restarted its nuclear program...
|
| https://trumpwhitehouse.archives.gov/briefings-statements/pr...
|
| https://foreignpolicy.com/2020/05/08/iran-advances-nuclear-p...
| no-dr-onboard wrote:
| I'm surprised this article is still making its rounds. Two points
| have always stood out to me:
|
| 1) you never empty the barn on a nation state attack. If you know
| the systems you're targeting are primitive, you don't go in with
| the F-35 of initial compromise schemas. Aim for +10 over the
| enemies ability to counter, not +1000.
|
| 2) the level of overestimation of federal cyber weapons is too
| damn high. Is it impressive? Absolutely. Is it the best? No.
| Check in with your private Israeli intel firms for that kind of
| James Bond stuff. What sets nation states apart are their ability
| to acquire and perform highly redundant and critically targeted
| attacks. The NSA would be hamstrung without the cooperation of
| the CIA and so on. It's not technical prowess, it's money and
| coordination.
| tptacek wrote:
| It comes up regularly in part because there's a lot of pop-sci
| reading for people to do on Stuxnet, and so people in 2022
| generally feel like they know a lot about it, which makes it
| easy and fun to dunk on a 2011 take. What's embarrassing about
| the whole scene is that actual analysis of Stuxnet is almost
| besides the point of this blog post; it's pretty clear that
| some of the most strident takes on this thread are from people
| that haven't read any of it before.
| tetha wrote:
| Hm. Stuxnet feels less like a normal software project, and more
| like a NASA mission.
|
| Something like a botnet can run updates and patches, and you have
| a much easier time to iterate, optimize and also to fail in less
| than catastrophic ways. Sure, you lose some nodes, but you infect
| some nodes, so be it.
|
| Something like Stuxnet is more like the mars rover. You
| eventually fire it off, and then it has to work correctly
| autonomously. Once the boosters are going, you cannot fix it
| anymore. Once Stuxnet is in that facility, there are no more
| patches. It has to work. And if it's discovered, you've probably
| blown your only chance.
|
| In such a setup, simplicity and options with known and explored
| failure modes are good.
| srvmshr wrote:
| I liken the Stuxnet ops to be like if targetting Osama bin
| Laden with a sophisticated custom-made virus transmitted
| through his children. It delivers its payload once, and does
| very little collateral damage to others.
|
| The virus itself was sophisticated in the way obfuscation was
| incorporated, using 4 zero-days.
| daniel-cussen wrote:
| They did in fact target Osama bin Laden with mandated
| vaccines for boys for some very very important ailment to
| which there could be no religious objections...to get DNA
| material they could track down to him. That's how I heard it.
| seaourfreed wrote:
| It still got a job done. Embarrassing that people found out by
| the Israeli side screwed up. But this is how cyber attacks will
| be... They make some impact. Then everyone learns the tech used.
| Then everyone secures the vector they used. Rinse and repeat.
| Used too often, and all attack vectors will be closed.
| arnon wrote:
| Unfortunately this sounds like fairly typical armchair commentary
| from someone who doesn't understand the decisions around building
| and deploying something like this at this scale...
|
| Sometimes, yeah, you need to rush things because your window of
| opportunity is now or never.
| status200 wrote:
| I agree, if something worked, then it was exactly as
| sophisticated / obfuscated as it needed to be.
| MontyCarloHall wrote:
| The blog author Nate Lawson [0] runs a small cybersecurity
| consulting company [1].
|
| It's not surprising that a small independent consultant would
| bikeshed over trivial imperfections in something like Stuxnet
| while ignoring the much bigger picture of the operation. I bet
| the vast majority of security holes he finds in his line of
| work are relatively minor exploits (e.g. poor key handling,
| unpatched software, etc.) that would be devastating to his
| small business client if exploited but totally irrelevant to an
| operation like Stuxnet. It is akin to a custom gunsmith
| criticizing an ICBM for its ugly paint job.
|
| As Pauli would say, Lawson's argument is not only not right, it
| is not even wrong.
|
| [0] https://www.linkedin.com/in/natelawson
|
| [1] http://www.rootlabs.com/ (yes, his own site ironically is
| not HTTPS)
| Threeve303 wrote:
| It is also a concern when developing these "weapons" that
| after using them, they could potentially be reverse
| engineered. In that context a successful payload that appears
| poorly constructed could be intentional.
|
| Either way, for the mission goals it was a success.
| staticassertion wrote:
| When you're on the defense side (I am) you often read a lot
| of research and watch conference talks about cutting edge
| stuff. It makes you wonder - why don't attackers do these
| things?
|
| I actually asked a criminal I was in contact with once why he
| didn't attempt to perform an attack a certain way that I
| thought would be very lucrative and significant. His answer
| was that there was no point, he made thousands of dollars a
| month with very little effort, and he was more interested in
| refining his existing work through improved C2 communications
| as opposed to what I had been suggesting (academically, I
| never supported that work).
|
| The title's a bit clickbaity too of course. The end is more
| reasoned:
|
| > However, I think the final explanation is most likely.
| Whoever developed the code was probably in a hurry and
| decided using more advanced hiding techniques wasn't worth
| the development/testing cost.
|
| Yes, naturally that is exactly what happened. There is no
| question at all that the NSA has people capable of doing more
| advanced work, they just really don't have to.
|
| https://www.youtube.com/watch?v=bDJb8WOJYdA
|
| Rob Joyce gives a great talk about his work on TAO. The short
| version is that TAO doesn't have to do anything crazy, they
| just have to know who their target is and spend the time
| figuring out the environment they'll be working in - then
| they meet the bar that's beyond what that environment is
| capable of handling.
|
| Homomorphic encryption is gonna be pretty overkill. Then
| again, the NSA also leveraged the first publicly known attack
| that used an MD5 collision, which probably cost quite a bit
| of money, so they can flex when they decide it's worth it.
| mike_d wrote:
| > It's not surprising that a small independent consultant
|
| He also co-developed the content protection system for Bluray
| and was a FreeBSD committer.
|
| Judge the words, not the person.
| [deleted]
| ZiiS wrote:
| It is not just that it was unnecessary to do more, it would have
| been harmful. Stuxnet was always going to be disected after the
| attack; why give away all you best techeques.
| tptacek wrote:
| This is a whole thread of people taking a blog post from a decade
| ago out of context. Nate Lawson's blog had two major beats,
| cryptography and content protection (Lawson, an old-school vuln
| researcher, co-created the Blu-Ray BD+ content protection system
| at Cryptography Research).
|
| It's probably hard for people today to remember this, but in the
| heyday of "the blogosphere", blogs bounced stories back and forth
| between them the way you would Twitter threads today. Stuxnet was
| a topic like that. Lawson was just tying it to the stuff he wrote
| about.
|
| We've all read Kim Zetter's book by now. Instead of bouncing
| thoughts she's already written about off the post --- thoughts
| the author probably by now agrees with? --- you'd do better to
| actually _follow the links_ in the post back to Lawson 's earlier
| posts about obfuscation, reversing, and content protection.
| They're still extremely interesting.
|
| Regardless: saying that you have a better take on Stuxnet in 2022
| than Nate Lawson did in 2011 is kind of an embarrassing flex.
| ChrisArchitect wrote:
| Something new here?
|
| Lots of other Stuxnet articles/revelations.
|
| Here's some previous discussions:
|
| _11 years ago_ https://news.ycombinator.com/item?id=2112919
|
| _3 years ago_ https://news.ycombinator.com/item?id=21432467
| politelemon wrote:
| No, it is amazing, and the author is missing out on understanding
| why - it does not need to have passed an architectural and design
| review if it manages to accomplish its goal(s).
|
| Ironically, the author focuses on 'hiding the payload' as the
| thing that makes it embarrassing, as though that is self evident.
| notacoward wrote:
| It's yet another case of "I know/do X in my context, therefore
| anyone who doesn't know/do X even in another context is an
| idiot". (And yet, somehow, X is also an amazingly hard-to-
| acquire skill that should bring immense rewards to those like
| the speaker/writer who claim to have mastered it.) Such fare is
| neither curious nor newsworthy, but seems common.
| photochemsyn wrote:
| Stuxnet was a reckless operation concocted by a small group of
| American and Israel spies and hackers who thought the whole thing
| would remain secret forever. The recklessness involved setting a
| precedent by targeting industrial control systems for physical
| destruction, and also the release of the package to spread over
| the internet with no external controls. See (May 2021):
|
| https://verveindustrial.com/resources/blog/what-is-stuxnet/
|
| > "This second Stuxnet variant likely did not propagate from an
| initial infection on a susceptible PLC or controller, but rather
| gained access to one commodity Windows system through the use of
| zero-day exploits. From that one infected commodity Windows host,
| the malware moved laterally from one Windows box to another
| across the unsegmented network."
|
| Once it had been done once, similar attacks followed by other
| nation-states:
|
| > "From a historical perspective, the Stuxnet worm signaled that
| well-equipped, nation-state-sponsored actors possessed advanced
| capabilities that would set the stage for more serious cyber-
| physical attacks such as those in Ukraine, Estonia, and Saudi
| Arabia."
|
| I suppose one positive effect has been the upgrading of security
| for everything relying on industrial controls systems and PLCs,
| from nuclear reactors to railways to water supply systems.
| woodruffw wrote:
| I don't think it's likely that they believed it would remain
| secret forever. Reckless perhaps, but nation states tend to
| understand that the window of covert action is relatively brief
| and that _lots_ of external parties are interested in
| investigating the aftermath.
|
| (That's also why the "there was no special obfuscation"
| commentary is silly -- they just don't care. Obfuscation is
| pointless window dressing in these scenarios.)
| aaron695 wrote:
___________________________________________________________________
(page generated 2022-06-12 23:01 UTC)