The award is judged by a group of retired senior US military and intelligence personnel, and past winners. This year the award to Julian Assange was unanimous.
Previous winners and ceremony locations:
Coleen Rowley of the FBI; in Washington, D.C.
Katharine Gun of British intelligence; in Copenhagen, Denmark
Sibel Edmonds of the FBI; in Washington, D.C.
Craig Murray, former UK ambassador to Uzbekistan; in New York City
Sam Provance, former sergeant, U.S. Army, truth-teller about Abu Ghraib; in Washington, D.C.
Frank Grevil, major, Danish army intelligence, imprisoned for giving the Danish press documents showing that Denmark’s prime minister disregarded warnings that there was no authentic evidence of WMDs in Iraq; in Copenhagen, Denmark
Larry Wilkerson, colonel, U.S. Army (retired), former chief of staff to Secretary Colin Powell at the State Department, who has exposed what he called the “Cheney-Rumsfeld cabal”; in Washington, D.C.
http://original.antiwar.com/mcgovern/2010/08/15/can-wikileaks-help-save-lives/
Not sure yet where this year’s award ceremony will be held, but I’ll be there.
“b:\myrtus\src\objfre_w2k_x86\i386\guava.pdb … What significance might these words have?”
That there are Windows systems involved. “HTH”. w2k_x86 ??? Okay, okay, if it is aimed at Bushehr, they’ve been a long time building the thing. But …
Coming soon, a new theory, OMG, this reactor is built on cowboy software running on obsolete high-street silicon, Why Oh Why will nobody see that it’s our _duty_ to the whole *world* to stop it ?!?!?
Night night …
Glenn,
Richard Robinson,
I sense that I’m pissing you off with this. Still, I think I should point out some things.
I find Geekheim’s centrifuge scenario far more convincing than the Bushehr reactor being the target, if Iran’s nuclear industry is the target at all. The Bushehr theory seems like typical Mainstream Media sensationalism.
Glenn, you’re overlooking that it is much easier to make something stop working than to make it work right. I wasn’t suggesting that Stuxnet was designed to cause a meltdown. But setting back Iran’s uranium enrichment program (Geekheim page 1189) seems quite plausible to me.
With only about 100,000 infections worldwide after six to twelve months, Stuxnet is a rather slow replicator by Windows virus standards. At peak, the Slammer worm was doubling itself every 8.5 seconds.
Assuming the screenshot on the AP site is genuine, then Bushehr was or is running unlicenced Windows XP, for system monitoring. If that system is of no importance, why have it? If it is important, it’d better work, Stuxnet or not.
My motorcycle instructor once asked the class which bolt on a motorcycle was the most dangerous. “The wheel spindle”, “The singing arm”, came the replies. “No”, he said, “it’s the one that’s loose”.
Glenn,
here’s someone who thinks security in industrial process control is not taken seriously enough:
http://www.pbs.org/wgbh/pages/frontline/shows/cyberwar/interviews/weiss.html
Does anyone know if Garreth Williams was working on a cyber-warfare project?
I watched the BBC 2 documentary, the 1st episode of a series on the Iraq invasion/ occupation last night.
1) The accounts from army/insurgents are fascinating and intriguing in terms of urban guerrilla warfare and stuff we already knew – i.e. that the occupation was handled appallingly badly.
2) That the USA/UK sent a 100,000-strong death squad into Iraq in the form of a private army.
3) The narrator takes his cue from the narrator of the early 1970s British series, ‘The World At War’. The lugubrious tone is one of inevitability. This was not an inevitable war; this was a deliberately-engineered destruction of a country and the theft of its resources. To be fair, one of the Resistance gets to say this.
4) I am not interested – not the least bit interested – in hearing soldiers/diplomats/miscellaneous spooks say that it was an error or that it was incompetantly handled or in seeing them swallow heavily when described the rescue of deaths of their comrades. I am not the least bit interested in allowing them on-screen redemption of any kind. I am nauseated by the sight of a faux confessional box a la Richard Nixon and David Frost. The only soldiers I have any respect for are those who stood up AT THE TIME, when it mattered, and deserted.
5) The only non-combatant civilian voice we hear is that of the Chief Surgeon from one of the hospitals in Fallujah, Iraq. His testimony is harrowing: operating without water or anaesthetic and using what appeared to be Cola as a ‘sterlising agnet’. NO casualties from the 2nd battle of Fallujah because the US Marines shot all prisoners.
6) I wanted to hear the voices of women and children. There were none. We get Wootton Bassett every day. War widows fill our newspapers. Where are the Iraqi war widows? The orphans? You would get the impression from the 1st episode that there were no women and children in Iraq who were able to speak. If they were too afraid, then there should have been actors reading from their testimonies. There were no testimonies. Perhaps there will be, later in the series. But there were women and children in Fallujah when the US Marines attacked. Silence.
7) The moment Iraq was invaded was the moment the British people LEARNED that they had no democracy; it was a de facto revelation of a situaion of coup d’etat. We are ruled by the Military-industrial complex; democracy is s pantomine. The most important action a state can take is to go to war. Millions marched in the streets of Britain; the British people were overwhelmingly against the attack on Iraq. They were completely ignored. Politicians ask why people are disengaged. They are disengaged because the state’s operations have been laid bare and there is a loss of faith in the UK in democracy. When it mattered, democracy did not matter.
8) The BBC – for raising the possibility that the government might have lied to the people – was deliberately defenestrated, purged of dissent – after the Iraq invasion by the security and intelligence machine – ex-spooks (now Govt ministers) on the Board of Governors, etc. – and now in essence functions as a toothless organ of state propaganda.
This is a brief resume. I’m sure there will be more.
Far from the BBC being defenestrated, Suhayl, it appears that they jumped out of the window themselves with gusto, those with critical voices were silenced or sidelined.
I saw the monotone programme last night and it was the most hopefull programme for some time, because it showed the cooperation, regardless of religious differences and Saddams flagging influence, what resolve Iraqi people have to help themselves.
The insurgency managed to organise itself within 3 month and fight back, despite the chaos and turmoil that was designed into this attack.
Opposition to the current shower in power seems to be ongoing and unless the wealth of the nation is equally shared amongst Sunni’s Shiites Kurds and Shias, this will go on to fester, giving plenty of scope for the US to stay ad nauseum.
Thanks for that critique Suhayl. I missed it. Glad now that I did.
Some more on Stuxnet –
I read through this quite detailed paper last night:
http://www.eset.com/resources/white-papers/Stuxnet_Under_the_Microscope.pdf
Glen regarding -“sending in a blind virus to cause a meltdown is pure science fiction”
A meltdown is not what i had in mind when mentioning explosions and “immediate physical crisis”. I think you are being dismissive about this worm, which is the most sophisticated ever discovered – by quite a clear margin.
When the worm detects http is accessible (by innocently checking microsoft update), it then sends an encrypted message to mypremierfutbol.com. which contains details about it’s hosts network position and installed Seimens PLC software and drivers.
That is its standard message, it also listens and can receive encrypted updates and executable code, to report anything, and install anything on the host system and attached PLC.
The worm is around half a megabyte in size, consisting of modular, compressed, encrypted C,C++ libraries and drivers and PLC code.
The PLC rootkit, installed from windows through corrupted drivers, is fascinating itself, hiding and refreshing itself on the PLC in case of problematic reads and writes.
The recipents of the worms http messages (whoever they are), can use their resources to determine perhaps exactly where and what each infected host is attached to, and can design and send instructions to each instance perform on a schedule.
Having such hidden telemetry and potential control on critical parts of an enemys plant facilities. I think could be used to cause more than minor annoynances and outages in those facilities.
Clark, I dont think there are really any grounds to suggest Microsoft were in on the stolen security certificates. And USB drives are notorious for carrying viruses (always check your new sticks before using them)
– But this worm’s usb exploit is a new one, and the authors of that paper suspect it was a mistake by the developement team to include it. That it made the worm spread too quickly and led to its detection.
Suhayl… I missed that programme, I’ll see if it’s available online. Your points above are all very fair indeed. Point 4, that it was all just a mistake made in good faith by the Powers That Be, is such a blatantly false claim, I’m amazed they are still saying it. When we were trying to ‘wrong-foot’ SH (with suggestions of painting a military plane with UN colours in the hope it would attract fire or even just a radar lock) , when the ‘facts were being fixed around the policy’, when we’d need second resolutions but then apparently didn’t after all, when we were claiming SH was refusing to disarm even while Al-Samoud missiles were being destroyed on TV, when we claimed the inspectors were being kicked out of Iraq even while Blix was appealing to _us_ for more time to complete the inspection for 100% verification – well, what’s another lie on top of that, in claiming it was all just an honest mistake?
My wife tells me one of the strongest impressions she had was when a large group of clearly frightened Iraqis were appealing to a camera crew before the war started, saying, “Please – don’t do this! We are no threat to you, we have no weapons, we haven’t done anything to you!”
I wonder how we’d have treated their civilians if, oh let’s say China was planning to invade us, and they sent reporters here to gauge our reactions.
*
Clark: I’m not annoyed at you in the slightest – sorry for giving that impression! I am a bit sceptical about all this, though. It might have been introduced to throw a few spanners in the works, with the happy side effect that we can jump up and down in feigned horror that the Iranians are _still_ pressing ahead despite such obvious danger. How can the be so reckless, oh those SOB’s, maybe there should be a ‘surgical strike’ on the reactor for everyone’s safety such as when Israel destroyed Iraq’s reactor under construction at Osirak. And so forth.
Ingo,
my impression at the time was that the government decimated the BBC. However, looking back at reports I see, for instance, that Greg Dyke offered his resignation, expecting it to be rejected by the Board of Governors – but it was accepted.
The combination of Dr Kelly’s ‘suicide’, Alastair Campbell’s tirade and the various resignations (though I thought I remembered sackings) did seem to be very effective at bringing the BBC back into line, just when the government needed them ‘On Message’ for Iraq.
Glenn,
Richard Robinson,
on reflection, I think that Langner has been a bit sensationalist about Stuxnet, too, as the Bushehr reactor suggestion seems to have come from him. But to be fair, he did get Stuxnet into the Mainstream Media.
It’s a funny situation, eh? Israel has hundreds of nukes that hardly ever get a mainstream mention. US/UK decimate Iraq and it’s a “mistake”. Iran, NPT signatory with a fatwa against nukes, is constantly in the mainstream for a bomb they might be able to build, some years hence. Muslims in possession of sugar are described as “terrorists” – “suspects” if they’re lucky. Then something like Stuxnet appears, with (I maintain) vast destructive potential, but we have no idea who built it. Should the Mainstream mention it or not? They can’t tell if it’s from the ‘good’ guys or the ‘bad’ guys!
Mark Golding,
another drone article for you:
http://blog.eset.com/2010/08/25/rise-of-the-machines-navy-uav-goes-awol-malware-or-skynet
Crab,
yes. Knowledge of Siemens’ password insecurity in Step 7 has been available on-line for years, so no complicity there. There’s no evidence that Microsoft the company are complicit in Stuxnet (though I wouldn’t put it past them), but with so many new Windows exploits used in Stuxnet, I think that a leak from within Microsoft has to be regarded as probable. But is this not the way of the Military Industrial Complex? Most employees are just civilians doing their jobs. But some are more than that, and can exploit ‘trade secrecy’. Be safe – publish the source code.
crab – thanks for that esnet link. Bouncing around from that, they have a lot of good stuff in it. There’s some good solid actual examination of the exploits&propagation stuff – which, I notice, is dated from mid-July. Obvious question: where is the new news ? Why does that make it hit the headlines now ? And their current stuff still seems to be firmly talking of the difficulties in determing possible payloads.
Clark – what I’m pissed off at is the “telephone game” nature of this, the echo-chamber.
My original point was, that the “OMG, this thing could target a whole country” line is exactly the same headline that was flung around a few years ago re: concerning the attacks on Estonia. I’m not interested in the “but this one does Y, and that one only does X” line of thought – it’s reasonable enough for those that are interested in the techy details, but the point I’m aiming at is that the headline has been used before, so anybody who uses “this is the first time that …” as part of the headline makes it looks as though they are passing along something that they haven’t actually applied any of their own thought to. Or, if they don’t actually _remember_ those headlines, then maybe they just don’t have enough knowledge to evaluate the stuff they’re passing on. I have no special knowledge or understanding, I’m just an unremarkable amateur geek. My point is only that it’s not unreasonable to expect someone who claims to know about these things to know at least as much. http://en.wikipedia.org/wiki/2007_cyberattacks_on_Estonia
It’s like – if somebody offers you their services as a taxidriver (as opposed to a journo) and you notice that one of their tyres is quite obviously flat, wouldn’t you be thinking “FFS, shouldn’t they have thought to kick it already ? I’m not sure I want to take this ride”.
At which point, it would be easy to go spinning off into the usual name-calling ad-hominem stuff (which *does* piss me off, not Clark), and is the opposite of my intention. This is not a football match with a media article standing in for the team, support it in its entirety, right or wrong. What I’m trying to say is, that one bit is wrong _doesn’t_ necessarily disprove other bits, but it indicates that people are passing on stuff they’re getting from other sources, without necessarily having given all of it a good-enough kicking first. It’s a headline that sells, people with livings to make are selling it. And, of course, the conspiracy-inclined could be asking, “who, out there, might have an interest in wanting us to think that ?”. For any value of “that” we can think of …
It is interesting stuff, I’ll be curious to see what the final conclusion is.
The technical stuff I’ve found on Stuxnet is nearly all “it does so-and-so to Windows”. The really juicy stuff – what it does to actual industrial processes – is rare and contradictory. If Langner is right, Stuxnet identifies a specific routine written for a specific (set of identical) machine(s) in a specific factory or plant, and modifies its parameters. Unless the operators of that factory or whatever publicly state that Stuxnet targeted their machinery, we will never know what Stuxnet was intended for. So if Stuxnet was aimed at an installation that is cloaked in secrecy, we will probably never know.
“If Langner is right, Stuxnet identifies a specific routine written for a specific (set of identical) machine(s) in a specific factory or plant”
Yes, I noticed comments to that effect. The implication seems to be that each s/w installation needs a lot of individual setting-up for the details of that specific process (so, maybe Siemens know, do they do it themselves ? Or was that the Russian contractors ?), so you’d need similar knowledge to make use of the opportunities once even you have the software inside the setup. And some discussions show how it tests for ‘net connections and then “calls home”, raising possibilities about gathering such information (??), while other people state that the absence of any such activity shows how it must be a once-off attack-and-destroy thing … and, maybe they’re looking at different instances ? Or are they all based on the same hexdump ?
And, I wondered if all that has any bearing on the bit about the hard-wired don’t-change passwords – are they universal factory settings, or are they maybe installed-in-place and unique to that installation ? It would still be a bad idea and hard to see a good reason for, but would make a difference to our perception of the risk.
I’m going all Rumsfelt, basically. There are Things We Know We Know. Sometimes, when we give them a good kicking we notice that what we actually do know is that person A has got a piece published about how person B said that somebody somewhere knows something. How (or whether) we know which bits of that are actually the case, is another matter.
“If Langner is right, Stuxnet identifies a specific routine written for a specific (set of identical) machine(s) in a specific factory or plant, and modifies its parameters.”
The Esnet paper details how the windows worm is modular and can recieve updates. So Langer’s particular routine could be one that was custom made for the equipment at a particular node of the infection. The system is capable of that, the makers were capable of designing and delivering a generic PLC rootkit -there is little reason that they would not use their abilities to customise some of the rootkits, and be able to co-ordinate failures and disturbance to the targets plants.
I was surprised at finding such an informative study as Esnet peice. Imagine the hype we would have if this was something discovered in Western systems. I think the rest of the details will be tech stuff. But basically yes – Iran has been targeted and infected with the most dangerous and sophisticated computer virus ever seen.
It looks like Iran has been lucky with the infection getting spotted early, from how it spread too far and out of network control over the USB stick vector.
This thing and its percussions would have been impossible to take care of during a physical strike/invasion.
“The Esnet paper”
I made the same typo earlier, and meant to correct/apologise – it’s “eset”, not “esnet”. Risks confusion, because esnet exists, and is a US govt (DOE) network, while the people doing this work, eset, are an AV firm.
woohps – im terrible for it!
me oot.
Richard,
Siemens wrote the password into the Step 7 PLC programming suite either (1) such that it couldn’t be changed or (2) advised against changing it (I’ve read of both scenarios). The password has been available on the Internet for ages. That made it easy for Stuxnet in Windows to subvert Step 7. Many steps up to here are well documented. What Stuxnet does to the target PLCs seems to be a matter of disagreement so far.
Yes, there are loads more articles than actual pieces of research.
Suhayl Saadi,
did you notice my question to you of September 30, 2010 1:46 AM? So far, those two words are the only clue as to who wrote Stuxnet. Who would use those words?
Israhell.
EXCLUSIVE-Cyber takes centre stage in Israel’s war strategy
* Iran’s Stuxnet worm has fingers pointing at Israel
* Israelis seen weighing “deniable” tactics against foe
By Dan Williams
JERUSALEM, Sept 28 (Reuters)
http://af.reuters.com/article/energyOilNews/idAFLDE68R0GB20100928?sp=true
The striking thing about the BBC Iraq documentary for me was the endless repetition of the word ‘insurgency’ when quite clearly what they were talking about was the resistance.
Oh the BBC, once proud and characterful, today vain and duplicitous.
Somebody,
I think that Israel has to appear high on the list of suspects for the creation of Stuxnet. The following article was published by Ynet in July ’09, just a month after the earliest estimated date of Stuxnet’s release:
http://www.ynetnews.com/articles/0,7340,L-3742960,00.html
We’re still hopelessly short of actual evidence. Myrtus? Guava? These words were found in Stuxnet’s code.
The arrogance inherent in that word “insurgents”. As if all the people of Iraq should have welcomed the invasion, and anyone who didn’t and instead fought back was rebelling against rightful authority. The same arrogance that characterised the British media’s attitude to the arrest of Navy personnel in Iranian / disputed waters.
“We’re still hopelessly short of actual evidence. Myrtus? Guava?”
Yes. And, who dug that string out of the code, and what other bits of text did they not mention ? There are some seriously flaky-looking stories about how, it’s latin for the shrub myrtle and if ‘myrtle’ is translated into Hebrew it just might be a really stretched and mangled reference to something in the Old Testament … and who thought of that translation/conection and fed it into the media ? I can’t see how it’d be the first (or second or third) thing that’d arise if you start wondering what ‘myrtle’ or ‘guava’ might signify. I could just as well say that the Scots used to use it to flavour beer when they couldn’t get hops and claim that that proves it’s all Ken MacLeod’s work.
What’s this noise about Pakistan closing the Khyber Pass to NATO ?
The USA is also high on the suspects list, having set up a department with this particular purpose:
http://www.nytimes.com/2010/09/26/world/middleeast/26iran.html?_r=3&src=me
Richard, that string is detailed in the Eset article. I’m just wondering what sort of person would have chosen those two particular words.
Here’s an interesting little thing (well, for me, anyway).
Someone shows up on a motorbike forum, who clearly knows nothing about bikes and has no interest in them. Nevertheless, that user has the name Mezher xxx zheye L!v!n! (with the s’z replaced by z’s, and the a’s by e’s, etc., and separated to thwart search engines). The avatar for that user is the Israeli flag. On the profile page of that user, we find a picture of a freaking tank and :
Other stuff about me:
would love to join the IDF ( mahal brigade )
Real Cute. 8 posts to date, joined 29/9/10. It doesn’t take long before this user decides to put this into a thread about protests about bikes being able to park without paying the full car charges:
—-start quote
funny that you should mention protests
but according to my uncle , who phoned a few hours ago , there were a number of protest marches on the West Bank today
IDF soon put paid too them 😉
—-end quote
Another user of that forum objects to this, and is told:
—start quote
you have too understand , this years bottle/stone thrower is next years sniper/suicide bomber/terrorist . its a sad fact and true .
i agree that sometimes the security forces can be a little heavy handed , but all in all the safety/security of the Isreali people is paramount .
lets bury the hatchet here eh? no more politics & religion
—-end quote
This is also objected to, and I’ll save you the guessing – the charge of anti-semitism is hauled out.
Luckily, it doesn’t appear that the UK motorcycling community was particularly shocked and cowed by that accusation. Here is that small thread:
http://www.motorcyclenews.com/MCN/community/Forums/Categories/Topic/?&topic-id=401945
It’s worth a minute of your time.
It looks to me as if the megaphone desktop crew are putting out feelers all over the place. It also looks like they really don’t get it very, very badly – racism against muslims just isn’t working out as well as they thought. And screaming “Anti-semitism!” doesn’t work as well as the manual said it should.
Not sure if this has been posted Clark re myrtle and guava etc
http://www.nytimes.com/2010/09/30/world/middleeast/30worm.html?_r=2
a~
Remember a horrible liqueur called Myrte when on holiday in Corsica years ago. Sickly and very alcoholic!
Somebody,
thanks for that link. There is definitely some disinformation there:
‘Shai Blitzblau, the technical director and head of the computer warfare laboratory at Maglan, an Israeli company specializing in information security, said he was “convinced that Israel had nothing to do with Stuxnet.”
“We did a complete simulation of it and we sliced the code to its deepest level,” he said. “We have studied its protocols and functionality. Our two main suspects for this are high-level industrial espionage against Siemens and a kind of academic experiment.” ‘
1) No one else has claimed to have completely disassembled Stuxnet, as some of its code is encrypted.
2) With four highly valuable ‘zero day’ exploits, there is essentially no chance that Stuxnet is an “academic experiment”.
3) Stuxnet was contacting servers after it had infected PCs, until those connections were re-routed.
4) Nothing Blitzblau has said rules out Israel anyway.