Stuxnet exploited weaknesses in Windows 7. Windows 7 is made by Microsoft. Microsoft is based in the United States. Stuxnet hit computers running Windows 7 in Iran. Those computers were being used to help Iran make nuclear materials.
Just sayin.
Is it a secret way of infiltrating our enemies systems as some in the comments suggest this post is meant to say?Probably not.
Is it an interesting anecdote about our globalized economy that shows one of the most famous U.S. companies’ products is being used for a program the U.S. is dead-set on shutting down. Yes.
It’s especially interesting when all we hear about are the sanctions and other efforts being levied against Iran aimed at halting the country’s nuclear ambitions.
Of course we don’t want to restrict the sale of Windows around the world. This is just one of those unavoidable occurances that makes you stop for a second in the midst of a serious story and say, “how bout that.” And a blog, which this is, is a great forum to air such things.
{ 49 comments… read them below or add one }
Another case for switching to MacOSX ;-)
Or Unix. Or DOS for that matter. Or disconnecting from the internet and returning to the stone age.
Simply saying "switch to Mac" is like saying avoid IEDs by "not going off base".
As somebody who does a lot of work with different computers, your analogy is great.
Mac is full unix you do know right?
No its based on the unix backbone it is not full fledge unix!
You my friend are very wrong. Since I am a unix/linux/windows administrator let me learn you. Leopard is the first operating system with open source BSD code to be certified as fully UNIX compliant.[43] Certification means that software following the Single UNIX Specification can be compiled and run on Leopard without the need for any code modification.[35] The certification only applies to Leopard when run on Intel processors per http://en.wikipedia.org/wiki/Mac_OS_X_Leopard. I can compile any linux code without running x11 now as I did in the past. I don't need xwindows any longer darwin is built into the OS.
Previously OS X was not fully linux compliant, it had a unix kernel, with an proprietary apple front end. What that meant in the end result was that OS X resided inside of unix at the time, almost like virtualization but not quite. Currently there is only the unix kernel, the OS is compiled in that kernel, meaning there is not an OS sitting on top of anther OS but it is simply a single OS. In short on intel processors OS X has been fully unix compliant since 2007, hense the greater security. Feel free to look these facts up for your self. Also note that OS X is the largest UNIX user base period.
not to pound apple, but if govt. switched to macOS then what happens when people target it for virus and infultration. its basically easier just fewer people try, thats a main reaseon.
"its basically easier", source required for that.
Unix and unix like systems are harder to infiltrate than Windows. You need the explicit permission to run programs on a unix system, especially those that modify the system which need root permission. On windows, you can just browse a website and have malware autorun on a windows system.
90%+ of computers on Earth run on Windows, what a shocker that people target it.
they are a target because of volume. They are easily susceptible because of bad design though. Self executing code, store all important configuration info in one registry to corrupt or hijack, we system level security ect. Unix and others such as as/400 aka i-series/p-series aka system 36 and all of the mid range and main frames don't seem to have these problems.
What Stuxnet was going after was the centrifuge technology driven by a Siemen's software system built on top of Windows. So the sale came from Germany. In fact, it may have beneficial to the West that it was built on such an easy to exploit operating system. That Trojan seems to have done the job diplomatic efforts have previously failed to do. Throw in a few sticky bombs on lead scientist vehicles, and the glorious Islamic Republic is set back quite a bit with their bomb building efforts.
You can only blame microsoft for so long; if you have a router and a software firewall; or even better keep your computers off the web there's not much someone can do to get into your system remotely.
True, but Stuxnet could have entered the system via USB memory sticks.
All I know is on Unix SELinux gets paranoid really fast, unless I go into su and setenforce 0. On windows variants before Vista crap could run on the background without you knowing it. On Vista and 7 you had to approve all processes at least once, but I guess that system could be bypassed? However I would have to defer on the latter to someone with more IT experience with windows.
They normally bypass it by injecting code that executes in applications like PDFs on the web. My main issue with windows as others have mentioned is self execution of code. WTF!
That sounds kind of like the exploit that was previously used to jailbreak iPhones, until iOS 4 was patched.
This blog is going downhill fast. In a previous post you questioned whether the US government was responsible for the attacks on Wikileaks at the same time other news agencies were reporting the a hacker titled The Jester (well known in the hacking community) was the one who did it. Now you make an even weaker claim against Microsoft. That's like suggesting GM is repsonsible for the latest 7-11 robbery because the thief used Sunfire as the getaway car. What are you thinking?
So what's the matter?Microsoft had sell operating systems to iranians?OH MY GOD!WHAT THE FUCK?!Seriously,i dont understand what is the great news there.
This is one of the stupidest, dumbed down stories ever on DefenseTech.
You can buy Coca-Cola in Iran, too. I'm sure that's a plot to give them all diabetes, right?
U.S. Secretary: God Damn he's found our bio warfare program.
lol
Hey, DT writer just saying it was curious, he winked at the idea of taking it seriously. Basically MS stuff is just vulnerable, period and that's the price user pay. Written off a Puppy Linux disc bypassing my messed up XP-install HD.
Someone from 4chan's obviously hacked defensetech. This is actually anger inducing. I heard some of the scientists wear Nikes too. Just saying.
Given that Windows 7 is an operating system commercially available off the shelf in a high street electronics store to Jeff Blogs off the street in 99% of the computer-using world, I don't think Microsoft can be realistically expected to prevent a nation-state getting hold of a copy if it wants to.
As noted, if you can get Coca-Cola….
An iteresting question, did Iran pay for either the Siemens software or the Windows software? Somehow I really doubt it.
Well, software for your new(old) nuclear reactor isn't exactly a firefox plug in. So yes, that was part of the deal with the German or Russian contractor.
And if I was Iran I wouldn't pay for Windows even if they payed me to use it. Oh.. And I still wouldn't use it. They're quite paranoid about the US as I understand.
And they can use what? About every major OS originated in the US.
Linux
2 of the founders were from the US Richard Stallman and Andrew S. Tanenbaum. Linus was from Helsenki, but I believe he was a student of Tenebaum The GNU project was started long before Linus got involved. But yes I concede your point that it wasn't completely developed in the US….Nor was it completely developed in Europe either though for that matter. Look up Minx and GNU.
CgP4N5 Good point. I hadn’t thought about it quite that way. :)
Defense cyberwar reporting hits a new stupid low – Windows 7 is riddled with vulnerabilities – claiming it's a government conspiracy because it's made in America is just a joke.
If the reporters here weren't high on crack all the time they would be reporting that windows 7 now scans your computer for documents that might link you to terrorism and reports back to MS about it. There is a real story you lazy bums.
Ur always off topic have you ever noticed that. Were you diagnosed with adhd or do you like being a d1ck?
Any citations on that one, Oblatski?
Any OS designed for use by the masses is going to have security holes. Security is a trade off with usability, in IT or anywhere else. Most OS compromises are because of users being deceived or malicious conduct like stuxnet.
Windows is a great OS, you can’t measure it’s value by shortcomings of the world it operates in
It works OK for the average user, but why would Iran use it for their top-secret nuclear program?…..
The system wasn't designed with "top secret nuclear program" in mind, it was designed for commercial centrifuges, where they assume nobody is going to target it. I wonder if the CIA didn't just put Stuxnet in at the factory. Colby would've been proud, and it would echo of the pipeline sabotage of waybackwhen.
I am not in the know but I would suppose its because that's what the Siemens developed their software to run on. Windows has the best, most mature development suite for any OS out there. I say this as a linux developer, who never runs windows, who mostly works on the command line.
Its a good choice for a lot of reasons, windows administrators are cheap and plentiful, it has an intuitive interface, great enterprise support, as well as excellent centralized deployment and management tools. You simply don't have that out of the box, full enterprise support that windows does in unix environments.
As for the vulnerability malicious AUTHORIZED ADMINISTRATORS stole the Encryption Keys and signed the virus with it so it could propagate across the network as an authorized application. If you have a malicious Admin on your network who has root access, you are f'd regardless of your OS.
Sorry for the rant, but seriously, its the user who is the big security whole these days not the OS. If it makes anyone feel better, because this stuxnet deployment happened via an admin, they can't really do anything about it until they find out who did it, because that malicious admin can simply redeploy it.
I didn't know that admins were involved. It brings back the quote "Who watches the watchmen"…
It had to have been an admin, inserting a hacker who could breach security undetected figure out their layout then steal encryption keys and keep on doing it every time they invalidated the keys and resigned their apps.
Most likely they figured that some intelligence service managed to sneak the virus in via a compromised box got their key somehow and signed it. So they probably did a clean reinstall with resigned apps with New encryption keys. Pretty straight forward and easy to do. Then the virus came back, and then they realized the enemy was in their ranks and had access to their core systems. That means they can't trust anyone and have to re-vet everyone. Apparently that didn't work the organization is too big and the pool of talent too small.
I guess the only practical thing they can do now is break the operation into smaller isolated pieces and accordingly decrease their yields.
Do you all REALLY think Iran with a few nuke is anything for the USA to worry about?!
Iran is surrounded and being threatened by counties who possess over 12,000 nukes. You really think Iran would be dumb enough to try and nuke someone when they would be nuked back to the stone ages?!
Dont be mad at me, I am trying to open your eyes to the bull **** propaganda you eat and breathe that tells you we need to attack Iran. It is called ‘WORLD VIEW WARFARE’ and it was invented by Hitler and the Nazis. They control what you ‘THINK’ by pumping you with garbage. How many times to we have to catch the news lying to us? We know they lied for the Iraq war.
Look at the TOLL of these wars! More American soldiers have COMMITTED SUICIDE then have been killed by enemy! *** does this tell you all!!! Our country is BANKRUPT, we cant afford these wars in the first place.
We are not any more safe from TERROR now then 2001, IN FACT WE ARE MUCH WORSE! Why?! Well let me explain: We now have many more enemies, who want blood from us! Either we killed their families or sent them to Guantanamo we just make more enemies every day we fight.
AND LETS TALK ABOUT BORDER SECURITY! LOL! – we are so worried about terrorist but are borders are wide open enough that poor Mexicans have no problem crossing our borders and are flooding our country?! It would be much easier to pull off 9/11 today then it was in 2001.
And then lets look at 9/11 shall we. the 1st THREE STEEL BUILDINGS in HISTORY to fail from fire! And they conveniently fell in their footprints which normally takes a very skilled demolition team to do, but hey were are suppose to believe these astronomical odds were somehow defied on 9/11. Just like a Passport that made it though a jet blowing up into a fireball that supposedly melted the steel around it, but the paper passport made it intact to the ground, lol. How dumb are you people.
Oh and the Pentagon hit by a civilian JET LOL, ARE YOU ******* KIDDING ME, the most defended military building in the world and it’s weakness is a big, slow civilian Jet. lol. Not to me ntion the Jet would have needed a Friendly military responder to get even close to the pentagon air space without being SHOT DOWN! The pentaon has its own air defenses. And we are suppose to believe
they cant defend the pentagon from a civilian jet that was in the air over 40 min, is ******* hilarious.
USA is not the good guys anymore – we are doing the same thing the NAZI’s did in ww2 but we have different uniforms. I dont know how a president gets a peace prize when he is occupying other countries illegally, just goes to show how retarded and corrupt our world is today.
But hey you want to believe all that propaganda garbage go ahead, me I like to use my brain and think for myself, a dying breed I know. LOOK UP ENGINEERING CONSENT BY EDWARD BERNAYS – WAKE THE **** UP, YOUR ALL JUST PROPAGANDA LED MINDLESS ZOMBIES. America isnt America anymore and if you like you freedom you better look around you because your kids will not be enjoying the freedoms we let slip away…..
Dude, go take your medicine
Now go and run along and don't forget your medicine!
Uh, is this your first time on a sane blog?……
"The pentaon has its own air defenses"
I used to think that before 9/11, but I guess not. Also, it would be more likely to trip a false positive and shoot down an airliner heading into Ronald Reagan. As for the Twin Towers, it joins the conspiracy theory pantheon such as those regarding ANFO and the Alfred P Murrah Federal Building in OKC. I guess if we don't buy a rebar building and collapse it with ANFO or airplanes we'll never know.
Anyone remember how the Anti-Trust lawsuit against MicroSoft was dropped suddenly? As part of the settlement, MicroSoft added backdoors, traps and tracking routines in WIndows so the US could track pedophiles and spies.
No, I don't. But I'm running Linux (which probably has its own backdoors). Then again, considering how unsecure Windows can be, do you really need to write in exploits as much as find them and simply never disclose them?
Then again, I wonder what percent of users leave Remote Assistance on…
Iran couldn't be using Windows 7, because Microsoft is not allowed to export to Iran. http://www.microsoft.com/exporting/faq.htm?siteID…
But what are the chances that they actually bought the OS? lol…
umm I think they were using pirated versions of Windows 7 they found off bit torrent whilst downloading goat porn.
You guys forgot how China had access to Microsoft's code. They used this technique to attack Google. Why not IRAN?
replace linux with unix wherever I wrote that…I must have been sleepy or something. :)