Stuxnet Malware Mystery Deepens: Another Hint Of Israeli Origins

From Haaretz:


While Stuxnet is, without a doubt...beyond the shadow of a doubt...both the most dangerous piece of malware ever (it specifically targets control systems for industrial machines) and the most expensive to design...and while there are just a few countries on Earth right now that could possibly, or would possibly, spend the millions in R&D and commit the criminal acts to breach secret signing keys from two major companies....and all the other incredibly exotic criminal acts...including being in possession of no less than 4 unheard-of Microsoft Windows exploits which were used to propagate this thing from PC to PC until it could reach it's real target...

All of those things and half a dozen more, admittedly, point fingers at Israel. Israel has acquired, encouraged a certain type of reputation over the decades for being extremely vengeful in retaliation and not caring about collateral damage. Everything...all of it...has so many things "typical" of an Israeli operation...

But I am still not sold Israel had anything to do with it. And here's why:

It starts with a little side-note about brilliant people, who are usually the ones who can do forensics on these sorts of malware: They have exceptional pattern-finding abilities. Pattern finding abilities are an essential element of intelligence. Think about every IQ test you ever took. Remember all those "Which of these comes next in the sequence?" questions. That's all about how well you can find the pattern given precious little information.

But the problem is, there is a fine line between being blessed with an uncommonly-keen pattern matching ability and having a brain which pattern matches too much. Paranoid schizophrenics are a great example of brains which play this particular game too well. For some people, like the famous John Forbes Nash, Jr. (on whom the movie "A Beautiful Mind" is based) the brilliance dances just on the line between sanity and madness.

And because the level of expertise and access to information and money and hardware and flat-out diabolical brilliance was so great in the creation of this malware, and because the creators knew this thing would be analyzed more than any piece of malware ever created...and what type of minds would be analyzing it, at the lowest level...The clues in the malware (more of which I'm sure will come out over weeks and months to come) were intentionally left there. And I am convinced the clues were no less well-tailored than any other part of this thing.

IMO, there is a high probability that an entire basket of extremely obscure "clues" were enmeshed with the malware, all designed to be seized upon by minds who feed off of, thrive off of mysteries like this...and to lead them to a conclusion which they will have felt they have unraveled themselves but which was intentionally planted for their finding.

That would be on par with the rest of the design of this thing, which is a piece of software so uniquely devastating that the security community patted themselves on the back years ago when they cogitated that such a thing as this could hypothetically exist in the first place.

So, if a week from now you see a news report that if looking at the binary code of this malware in base-1948 a Star of David resolves itself out of ones and zeros, or that the malware contains an encrypted jpg of Alan Dershowitz's moustache- taken during a 1985 trip...to ISRAEL...just remember those things did not wind up in there by accident any more than the "myrtus/guavva" pair or the "19790509" marker.

Could they be signs of bravado from Israeli computer warfare specialists? Absolutely. But there are other explanations and only time will tell, if ever.

This infection is world-wide and PC's and industrial systems all over the world are infected. Every government which runs Siemens PLC's in their infrastructure (which is a LOT) are under the gun here, not just Iran. Whomever created this does not want the heat and it would make sense to try as hard as possible to transfer the blame to somebody else for its creation.

PB

If it was the bravado you mention, someone was trying to implicate the Israelis or the Israelis did it to give themselves plausible deniability on the order of "why would we leave such an obvious clue?".

...question of who created the original Stuxnet will be essentially moot as security companies scramble to deal with copycat malware using modified Stuxnet worms to do their bidding.

PB

I think that proves it conclusively.

Good grief.