Beautiful. Anyone want to venture a guess as to whodunnit?

It's obviously Israel or the United States.

I'm inclined to guess Israel, since Obama hasn't done anything in his term to suggest he's going to do anything but sanctions and diplomacy against Iran. While it could be the US throwing a bone at Israel to discourage them from bombing Iran this winter, I'm really unsure. We can be sure it's not Burkina Faso, though.

A shot across the bow?

technically it is an act of war.

At least if you considering it as an attack on the infrastructure of another country.... still if they can get away with it...

Is it an act of war? Russia launched a series of attacked like this at Latvia, I believe, and NATO didn't start bombing Moscow. It's certainly a provocative act of espionage, but to call it an act of war might be stretching the point.

I'd also hesitate to call the current state of affairs between Iran and the US and Israel "peace." Iran does fund Hezbollah and Hamas and does a lot of meddling in Iraq, after all.

Early morning here and bleary eyed, but...

1) Rather too much information coming out of Iran for this to be as clear as suggested above. I'm not going for a conspiracy but the Iranians are better known for denial and obstruction than, 'Our most secret and sensitive systems have been attacked.'

2) If this attack is aimed at Siemens equipment, there should be a lot of very scared countries/companies right now. This is not a weapon that could easily be contained.

3) And could anyone explain the much quoted idea that such a complex piece of software has to be the work of a nation state? In the west, nation states tend to fund projects but the work is normally contracted. Or, put another way, the actual work is done by private companies and even individuals (often in Uni). It is in the monolithic states of a more Communist bent that such work goes the way of the official government agencies.

I do not see the hand of Israel in this. It is, at best, a temporary solution to the perceived weapons project in Iran and hardly calculated to make Iran slow down. Unless this worm has some nasty surprises in store I'd say it does not do enough for Israel.

I'd also look more closely at Russia (and not only the state). Their relations with Iran have nosedived (note the cancelled missile sale) and I would not rule out an organisation that is opposed to the Shiites. The creation of confusion, mistrust and an opportunity for over-reaction in this affair could well be the reasons for the attack.

Anyone care to guess how much it would cost to develop such a worm? Assuming money can buy the expertise, this might help to put suspects in the frame.

flashman: To your first point, Iran has been secretive. It's listing where in the country the assaults have hit, characterized them as direct attacks on Iran, suggested how security was bypassed and mentioned something of efforts to contain the attack and remove the malware, but it has not, as fat as I know, been releasing details of the attack. I don't see Iran being abnormally open. Besides, an attack on Iran is exactly what the government wants. Not only can it justify any possible actions abroad, but it can rally its people in the face of foreign aggression.

To your third point, I can easily see the NSA or some shady CIA branch doing something like this themselves. I don't see why you would rule that out. And h

Invictus: Right, so Iraq is a colony of the U. S. now?

This may be the first large-scale attack on an infrastructure-related program, but countries hack each other all the time. China, especially, has been doing it alot recently. My dad works at Pratt & Whitney, and they were just hacked by who they believe to be China a year ago and lost quite a bit of valuable information from their military branch. So to say that it is an act of war is a little bit of a stretch I think, because if it were then we'd have started throwing nukes at China by now.

@ Invictus:

So, for how long have we been funding groups aimed at undoing their revolution? And how long before the revolution did we undo the clearly manifested will of the Iranian people by installing and supporting various aristocratic governments in Iran? It's not like they started the war against America.

JECE, to my first point and your comment. We seem to be in agreement here as we both sense the possibility that the information is being manipulated by Iran rather than us having a simple 'one state attacks another' story.

As for the CIA & NSA? Quite possible, but this does not exclude the point that the work could have been done without the full knowledge of the Executive branch of Govt.

I was more concerned that in here, and with responses on the BBC site itself, correspondents seem to be rather quick to identify the US and Israeli Govts as the most obvious culprits. I think the net remains very wide, with Iran included.

I think that the biggest problem with the theory that it was a private operation is that they would have needed a large amount of funding. I'm having trouble seeing where that would have come from if it weren't a state funded operation.

Really, Bob Genghiskhan? All I said was that Iran was obviously being hostile to the West. It's blatantly funding Hezbollah and Hamas to make a peace deal even more unlikely, and is stirring up similar activities in Iraq (although the Iraqis seem not to be falling for it too much). It doesn't really matter who "caused" it, it matters that playing semantics on an "at of war" is irrelevant since Iran is already so openly hostile.

The idea that the Russians built it in is a very interesting idea. It seems a bit more likely than James Bond breaking into the plant to upload this worm.

Of course, an Israeli attack on Iran would lead to the Strait of Hormuz being closed and gas being $100 a gallon, so you'd think Russia would have a bit to gain from a showdown with Iran. Of course, I also doubt Russia really wants every country south of it to descend into a general war. Very interesting story, regardless.

> And could anyone explain the much quoted idea that such a complex piece of software
> has to be the work of a nation state?
Really it's about the work involved in finding several alternate vulnerabilities to exploit, and way it's targeted so specifically. If you can fund the sort of vulnerability that lets you infect so many computers that a government can find 30,000 instances of it within its own country alone you could make a *lot* of money using it as a botnet by regular criminal means (credit card info, bank passwords, blackmail etc), and you certainly wouldn't bundle them all up into one thing but you would put out each one one at a time to prolong the length and make it harder to block.
Then there's the fact that it's targeted at a (presumably) difficult to access system that would require specialist knowledge and access.

Plus there's the motive, that no commercial organization would benefit from doing this, and it is way beyond the realm of kids/nationalists defacing non-critical websites for kicks.
Even these Chinese security breaches usually use much more conventional means to get access to businesses with lax security, to access regular documents in typical corporate networks, which put it within the reach of typical corporate espionage, nothing so specialized and indirect as this.

Also it's not really like developing an aircraft or something which would get contracted out, there isn't really any sort of business that does this kind of thing. There are security firms that have the kind of expertise, but it's just not the kind of thing you could go to a business and get a quote/contract for because it's very hit and miss, and you could never know how much it would cost beforehand.

> Anyone care to guess how much it would cost to develop such a worm? Assuming
> money can buy the expertise, this might help to put suspects in the frame.
It'd be really hard to put a price on something like this, but it'd need a team with rare skills working on it for quite a while depending on the details


The thought of it being Russia is interesting, but since they're the ones who provided the plant itself you would think they'd have *much* easier ways to sabotage the system if they wanted to.

It could also of been carried out by Iran to keep its people focused on the idea that the world is full of foreigners who are out to get them. That fact (and I use the word fact in its broadest possible sense) that the worm doesn't seem to have done any damage or delayed the project in any way gives a bit of weight to this idea. An attempt to counter Obama's efforts to look like Mr Nice Guy in his Iranian interview, perhaps?

> That fact (and I use the word fact in its broadest possible sense) that the worm doesn't
> seem to have done any damage or delayed the project in any way gives a bit of weight
> to this idea
I've been reading up more about this, really fascinating stuff, and actually there is some evidence that it got its target in Natanz:
http://www.fas.org/blog/ssp/wp-content/uploads/NumberCentrifuges1.jpg
It's a bit speculative but it does seem like the number of operational centrifuges took a nose dive, and apparently it matches up to the time Wikileaks posted something about it (not sure on the details, still reading about it, looks like a whitepaper&presentation is coming out from Symantec for a conference on the 29th which I'm looking forward to)

From what I've read it seems like they were pretty sure it would reach the target, and it'd be a very elaborate and expensive way to rally support with the locals (who probably aren't going to be too impressed by the technical complexity of the worm). With that kind of effort it'd be much better to secure your systems

Also things like how they stole/obtained Realtek's private key so they could load drivers without triggering a warning, definitely a lot of effort went into keeping this thing hidden until it had served its purpose

"My dad works at Pratt & Whitney, and they were just hacked by who they believe to be China a year ago and lost quite a bit of valuable information from their military branch. So to say that it is an act of war is a little bit of a stretch I think, because if it were then we'd have started throwing nukes at China by now."

I think tere is a distinciton there in the 'normal' rules of war between espianage and war - Usually a spy couldn't do much to 'attack the infrastrucutre' of a country, but if in the course of their intel gathering they disabled some factories then that would push it over into 'act of war territory'

I think a lot of Chinese nationalists (i've heard the figure of 6 million computer science students in China, so just some of them messing around) have attacked America, i heard of a simple Denial of services attack made against the, eh... NSA/CIA webstie - so agents in the field weren't able to login for several hours... (in responce to a downed spy plane being retrieved from Chinese territory without involving the Chinese authorities - it is entirely believable that such a thing would annoy some 100,000 students...)

Anyway, my point is IF this attack came from some agressor aiming specifically at disabling/slowing the Iranian nuclear programme, it would count as an act of war - at least under technical definitions.

If on the otehr hand it was a random take out 'siemens equipment' and use them as a botnet - then it's more likely criminal activity which happened to hit Iran...

Check this page out: http://www.symantec.com/connect/blogs/exploring-stuxnet-s-plc-infection-process
*Definitely* not a random attack on a certain class of equipment or anything that a disgruntled computer science student could do

flashman: I would say that the

Also, if it was a U. S. agency, then the U. S. is directly responsible. Countries have a duty to make sure they know what they are doing. If some rouge North Korean general launched an attack on China, the North Korean government would have a serious problem on their hands.

Um, yeah. I would say that Iran is more using the information it has to its advantage rather than manipulating it. I doubt that it is lying or twisting the truth.

More food for thought. http://www.nytimes.com/2010/09/30/world/middleeast/30worm.html

http://www.symantec.com/connect/fr/blogs/w32stuxnet-network-operations

Ive been following this story with interest the last few days, It like something out of a William Gibson novel.
I think it has pretty much been decided that either mossad/Israeli military unit 8200 or the NSA cyberwarfare section was responsible.

I guess we are going to see a lot more of this kind of thing, especially as attacking computer systems is cheaper than aircraft carriers and missile shields for rising nations.
Asymmetric warfare meets a PC.

@ sean Decided by who? There are also others with motive, means, and opportunity. It would be very easy to pin the blame on the US or Israeli operation since many would be eager to believe it so.

My thoughts exactly warsprite.

And, given the way that Iran attacked neutral shipping during their war with Iraq to try to escalate matters diplomatically, Iran must be a bloody good contender for 'guilty party' in all this;

as would any outfit that wanted an actual physical escalation of the current conflict - and that would not be likely to be Israel. I mentioned anti-shiite stirrings above.

My reading of this is as follows, and I apologise if I appear to be treading on toes:

a) the first and fastest news came via companies associated with computer security and they were telling us that only God could have done anything so huge. Even so, the damage seems limited and nowhere near terminal enough to have been able to get Israeli blessing. If we start to hear about a meltdown I would take the Mossad line more seriously;

b) Iran has been unusually willing to let the world know what has been happening.

We are very short of information here and putting specific nations in the frame so readily seems premature.

Flashman: Responding to a small bit of your last comment, Iran has been letting the world know something is happening, not what is happening. That's the usual Iran to me.