back to article Stuxnet was the opening shot of decades of non-stop cyber warfare

The famous Stuxnet attack against Iran is credited by some as forestalling the alternative: a bombing raid by Israel against Iran’s nuclear facility. The use of such cyber-weapons in the future, however, may mean more countries end up in low-level conflicts more or less continuously. Military strategists are still grappling …

  1. amanfromMars 1 Silver badge

    The Great Game Morphs into Sublime Mind Control with Global Operating Devices ‽ .*

    Professor Ben Israel, a retired major general in the IDF, stated that the Stuxnet attack showed that cyber-weapons are a known phenomenon and that “Israel should be prepared more”. He credits it for spawning a complete revamp of Israel’s cyber strategy that in no small part helped fuel the growth of Israel’s security startups.

    That is beautifully ambiguous, and not a little worrying for all that is and who be vulnerable, for further thought upon the statement regarding the known phenomenon, attacking cyber-weapons, has one realising ... Israel** should prepare for more and prepare more ..... although that is more suited and booted for CyberIntelAIgent Security and Virtual Defence Vector and Sectors, rather than being in any way associated and thought responsible for the launch of any remote weapons attacking system.

    One is dumb reactive to second and third party BIOS, the other is a party and partnering to AI and SMARTR NEUKlearer and HyperRadioProActive with IT ..... for Creative Communications Crashing Command with Crushing Controls.

    * Yes, it sure does with IT Command and Control of Perfect Messages.:-) The doubt and disbelief that may have you disagreeing, is entirely yours and the result of a lack of certain specific streams of information from Advanced IntelAIgent Sources which be akin to Loded Nodes.

    ** All states with actors and non state actors are in the same boat as Ben Israel perceives Israel to be. All are pawns in Great Games Plays

    1. Anonymous Coward
      Windows

      Re: The Great Game Morphs into Sublime Mind Control with Global Operating Devices ‽ .*

      Ok. That clears that up then.

  2. Roger Kynaston
    Mushroom

    What happens when real people get killed

    The trouble with military action is that people will be in the line of fire. Unless this sort of thing targets purely military systems civilians are going to be damaged/killed. Most IT infrastructure is aimed at supporting a countries civilians. Let us suppose that a future Stuxnet is able to make a nuclear reactor melt down ( I know that this is extremely unlikely given all the safety cutouts and such like in that industry). Would such a thing then be classed as a war crime? After all, dropping some ordinance on the reactor would be.

    1. Dan Wilkie

      Re: What happens when real people get killed

      Why would dropping ordnance on a reactor be a war crime?

      For a start, there was that bombing of the Syrian reactor by the Israelis a few years ago. As long as you can argue that it's a military target, which can usually be argued in the case of most reactors as they "could" be used to enrich fuel for weapons (whether could or are should be the required benchmark is a different question altogether - the pen on my desk could be used as a weapon the next time somebody breaks the coffee machine but that doesn't become a valid military target).

      1. Naselus

        Re: What happens when real people get killed

        "Why would dropping ordnance on a reactor be a war crime?"

        If the side that doesn't do it wins, then they get to decide it's a warcrime. That's pretty much how Nuremberg worked, tbh - mass-bombing civilians wasn't a crime because the allies did it too. 'Planning an aggressive war' was included, because only the Axis powers were doing that in the 1930s (it apparently only counts if you're planning it against white people).

      2. Anonymous Coward
        Anonymous Coward

        Re: What happens when real people get killed

        "Why would dropping ordnance on a reactor be a war crime?"

        Because it is reckless and can cause widespread contamination and death of civilians. Think about it, it is essentially the equivalent the boogeyman of the "dirty bomb", which we decry as a terrorist act and something which would be a crime against humanity due to its indiscriminate lethality.

    2. Bumpy Cat

      Re: What happens when real people get killed

      Bombing a nuclear reactor is most definitely a war crime - explicitly so. This is classed as "an installation with dangerous forces", and the two examples given in LOAC (Law of Armed Conflict) training are dams and nuclear reactors.

      The reactor in Syria that Israel bombed was not active, and was years away from having nuclear material on site, so it is not a war crime. Moreover, Syria denies it was a reactor installation and Israel is keeping mum on the strike, so if no one is willing to press a case then it won't go any further.

      Current war crimes legislation dates to 1948, in the aftermath of WW2. The Allies deliberately included actions that they arguably committed during the war (mass bombing) because no-one wants to see that again. It has been done since then - possible examples are the Syrian crackdown on Hama in 1982 and Russian actions on Grozny in 1994-96 - but only in "internal" actions so who is the party who can bring this to trial?

  3. Anonymous Coward
    Windows

    ...

    Ok then. That clears things up.

  4. allthecoolshortnamesweretaken

    Was Stuxnet the opening shot?

    1. Anonymous Coward
      Anonymous Coward

      I don't think so

      There are many other particularly bad virus and malware that predate Stuxnet. Most came from unscrupulous criminals looking for a fast buck.

      1. A Ghost
        FAIL

        Re: I don't think so

        Would you care to name just one of them that was comparable to stuxnet?

        As far as I can see, the whole thing is so complex that it can't even be properly reverse engineered. It's actually a framework and not a single malware. What is known about it, is that it would have taken the work of several (perhaps dozens or more) of the top coders on the planet to bring it to fruition.

        Those familiar with the control systems that it was designed to attack, for a start. Then those well versed in obfuscation techniques to hide its tracks in the first place. Then those familiar with reverse engineering and anti-debugging techniques, to stop the code being traced in soft ice and IDA etc. , not to mention those capable of coding the on-the-fly encryption that put paid to all of that even if you could overcome those hurdles. Not too mention the fact that stuxnet would activate just by plugging in the usb stick it was on (the supposed vector), even if auto-load was off for your drives. Many didn't even know this was possible.

        Many frameworks came after (see fanny etc.) but stuxnet was kind of the first at this level of deep sophistication. Hence the fingers pointing at those that had the means, the motive and possibly the opportunity, i.e. Israel and the US.

        Happy to be corrected, but I think stuxnet was pretty much the first of this kind of thing that alerted people to the fact that such intricate and complex 'cyber war' was being waged, thought it's a moot point in my eyes.

        What I really want to know is why my Norton Anti-Virus doesn't pick up on it. It's a conspiracy I tell you. Then again, I probably shouldn't have plugged in that usb stick I found outside the house into the tumble dryer, so I do take some responsibility.

  5. martinusher Silver badge

    Stuxnet did more damage than good

    Planting malware in a commercial SCADA system might seem a major coup but the reality is that all it did was alert people to the need to actively manage sensitive systems. In essence it killed the market for a major Simens product and the Windows platform it ran on. Obviously the market wouldn't die overnight -- inertia, especially management inertia, is a powerful force -- but anyone who's designing a control system will think long and hard about what platform it runs on and what connectivity they'll give it.

    1. A Ghost
      Mushroom

      Inertia, is indeed a very powerful thing

      You should have seen the 'inertia' when the missus was drying the kids laundry and the tumble dryer burst into flames, vaulted out the kitchen window, hurdled half way down the street, smashed through two garden fences, broke through Mrs. Johnson's massive bush (it's still there, I checked [well, what's left of it]), and inserted itself in the neighbours garden shed, where, as bad timing would have it, they were filming an impromptu amateur porn flick, titled 'Mrs. Johnson's manky plot'.

      Now, that is inertia.

      But I take your point, none the less.

    2. Anonymous Coward
      Anonymous Coward

      Re: Stuxnet did more damage than good

      In order to "kill the market" for Siemens SCADA there has to be an alternative product that would be used instead that is secure. Care to tell us what that is? My understanding is that SCADA is the only option for certain critical industrial tasks, and if it does have any competition in that field there's no evidence its security is any better. It would be like having a major hack on Android and saying "oh well we'll use iOS instead" without considering that iOS may have its own vulnerabilities that could be leveraged in the future.

  6. Anonymous Coward
    Mushroom

    Ian Fleming got there first

    Ian Fleming got there first: in 'Diamonds Are Forever' the villain's lair is destroyed when invalid data is fed into the computer.

    Although, I somehow suspect that whoever smuggled Stuxnet into the Iranian plant didn't do it like this.

    1. A Ghost
      Mushroom

      Re: Ian Fleming got there first

      when invalid data is fed into the computer.

      You never forget your first divide by zero!

      Is that a bloody iPhone 5 in her keks or is she just happy to be there?

      Fleming was ahead of his time, for sure.

  7. Number6

    Neuromancer

    Sounds a lot like a William Gibson novel. Spooky that it was written in 1984. As with the book of that title, some seem to be using it as manual, not a work of fiction.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon