Forgot your password?
typodupeerror
Government Security The Military United States Politics

Schneier Calls US Stuxnet Cyberattack a 'Destabilizing and Dangerous' Action 351

Posted by timothy
from the excuse-me-while-I-pluck-out-your-eye dept.
alphadogg writes "Revelations by The New York Times that President Barack Obama in his role as commander in chief ordered the Stuxnet cyberattack against Iran's uranium-enrichment facility two years ago in cahoots with Israel is generating controversy, with Washington in an uproar over national-security leaks. But the important question is whether this covert action of sabotage against Iran, the first known major cyberattack authorized by a U.S. president, is the right course for the country to take. Are secret cyberattacks helping the U.S. solve geopolitical problems or actually making things worse? Bruce Schneier, whose most recent book is 'Liars and Outliers,' argues the U.S. made a mistake with Stuxnet, and he discusses why it's important for the world to tackle cyber-arms control now."
This discussion has been archived. No new comments can be posted.

Schneier Calls US Stuxnet Cyberattack a 'Destabilizing and Dangerous' Action

Comments Filter:
  • Nonsense! (Score:5, Funny)

    by fuzzyfuzzyfungus (1223518) on Tuesday June 19, 2012 @09:28AM (#40368981) Journal
    How could contributing to the spread of clever computer-intrusion technologies(both with things like Stuxnet, and with the pernicious habit of doing business with the sort of slimy vulnerability-sellers whose customers want to exploit, not patch, them), possibly be a bad idea for a country whose citizens, businesses, government, and R&D capabilities are overwhelmingly dependent on computerized infrastructure?

    That's crazy talk.
    • by eldavojohn (898314) * <eldavojohn.gmail@com> on Tuesday June 19, 2012 @09:35AM (#40369079) Journal

      How could contributing to the spread of clever computer-intrusion technologies(both with things like Stuxnet, and with the pernicious habit of doing business with the sort of slimy vulnerability-sellers whose customers want to exploit, not patch, them), possibly be a bad idea for a country whose citizens, businesses, government, and R&D capabilities are overwhelmingly dependent on computerized infrastructure?

      I have to disagree with you here. To ensure that your businesses and citizens and government and infrastructure are sound, you should always be investigating modes for attacks and publishing them. My logic is that if the United States Government is able to develop this, then so is China's, Russia's, India's, etc so get it out in the open already. In fact, your claim almost seems to advocate security through obscurity. If you want to ensure that people aren't pilfering data without your knowledge, publish your exploits and what you see as "contributing to the spread of clever computer-intrusion technologies" could just as well be seen as "telling SCADA and other makers to pull their heads out of their asses and fix this." Also, your statements can apply to every single country now, even third world countries are largely dependent on networking hardware to function.

      The reason this is a "destabilizing and dangerous" action was because it was effective -- not because the US Government secretly given hackers a bunch of ways to hack every computer ever made. Also, the US kind of lost the "moral high ground" now when someone hacks their nuclear facilities with the intent of disabling our capabilities. Use an effective cyber attack against a nation state that does not have similar capabilities ... "destabilizing and dangerous" is a definition of what you can expect the repercussions to be.

      • by fuzzyfuzzyfungus (1223518) on Tuesday June 19, 2012 @09:52AM (#40369305) Journal
        I apologize if I wasn't clear; but my point was that possessing electronic offense and improving electronic defense are directly at odds with one another(and, as you note, we are hardly the only country with a supply of adequately smart geeks.)

        If you want to use an attack, you need a vulnerability. If you want to use an attack against a really clueful adversary, you may need a really juicy vulnerability, a set of zero-days(as with Stuxnet) or that nifty code-signing trick with Flame, or the like. This is where the trouble starts:

        Your attack people now have a direct interest in keeping certain vulnerabilities unfixed. Since much of the world's software is widely used, and has a reasonably publicly visible update process, there is no viable way to sneak out some kind of 'Important vulnerability fix for Win32 systems in the US only'. Either you keep the bug secret, leaving your own people vulnerable, in the hopes that you can hit the other guy before he discovers the problem, or you protect everyone from that vulnerability by getting it fixed.

        Having US 'national security' types researching vulnerabilities is a good thing; but only if they do so with the intent of getting them fixed(US-CERT vulnerability reporting, for instance, makes us stronger.) That is how you 'get it in the open'. Things like Stuxnet and Flame were based on vulnerabilities that were kept in the dark(during which time they could have been used against us) for as long as possible.

        It's not that I advocate security through obscurity(quite the opposite, in fact), it's that in order to possess good offensive tools you must, necessarily, have knowledge of vulnerabilities that you are concealing. You had to discover them in order to build your attack system, you have to hide them in order to preserve its effectiveness. That's the problem. Possession of useful offensive capabilities implies that you are condemning everyone, your own people included, to security-by-obscurity.
        • by Sosarian (39969)

          I believe that Schneier compared this with desire for secure communications SecCom vs Signals Intelligence SigInt at the NSA in his CryptoGram newsletter.

        • Either you keep the bug secret, leaving your own people vulnerable, in the hopes that you can hit the other guy before he discovers the problem, or you protect everyone from that vulnerability by getting it fixed.

          That's what public key cryptography is for. The bug doesn't have to be a secret if it's designed to only be triggered by an attack signed by the right secret key.

          [paranoid]And Windows 8 certification means that mass market hardware is required come with the keyring for checking that signature.

      • by shentino (1139071)

        I see this as a valid reprisal against Iran's refusal to cooperate with UN weapon inspections or whatever.

        You can't stay on the moral high ground either if you just sign a non proliferation agreement and then work with nuke stuff behind everyone's back.

        • Re: (Score:2, Insightful)

          by Anonymous Coward

          Wait, why does America, Russia and China get to have thousands of nukes and Iran can't have any? Does that sound fair? Who has the moral high ground here? And why does Iran want a nuke anyway? Would it be because Israel has them? Is that fair?

          • by shentino (1139071)

            I don't have a beef with Iran having nukes per se. Rather I have a problem with them agreeing to a treaty and then slyly defying it behind everyone's backs.

          • by Teun (17872)
            It sounds very fair because the other nations have a standard of morale making it very unlikely they would use those weapons in any offensive way.

            The Islamic militants of Iran are, like de crooks in N. Korea, a totally different kettle of fish.

        • by tqk (413719) <s.keeling@mail.com> on Tuesday June 19, 2012 @10:56AM (#40370115)

          I see this as a valid reprisal against Iran's refusal to cooperate with UN weapon inspections or whatever.

          Sadaam Hussein was fighting UN weapons inspectors tooth and nail, yet he didn't even have WMDs. Perhaps he just didn't want his adversaries to know how weak he was? Considering all the sabre rattling the US's done recently, I'd be holding my cards close to my chest too were I Iran.

        • Re: (Score:2, Insightful)

          by Anonymous Coward

          "You can't stay on the moral high ground either if you just sign a non proliferation agreement and then work with nuke stuff behind everyone's back."

          If you are serious, you are about as clueless as it gets.

          There is no such thing as "moral high ground" any more.

          The only thing that matters is power. And no one with any actual intelligence
          can blame countries for wanting to have nukes, because that is the ONLY
          guarantee against being buttfucked by the US in the event US corporations
          have decided you have somethin

          • by shentino (1139071)

            Iran wanting nukes is not what I have a problem with.

            What I have a problem with is two bit countries signing treaties they have no intention of abiding by.

            Iran sucks because they lied their asses off.

    • Re: (Score:3, Interesting)

      by radtea (464814)

      The astonishing thing is that anyone in the Obama administration was stupid enough to think that secrecy could be maintained on this indefinitely. Unlike physical warfare, in which the aftermath can be sanitized and obfuscated, software never goes away.

      We all know this: full erasure of a worm in the wild is impossible to ensure, because you never know when some vital assumption is going to change. So the Iranians would have caught on eventually.

      Add to that the equal certainty that eventually a programmin

      • Re:Nonsense! (Score:5, Insightful)

        by luis_a_espinal (1810296) on Tuesday June 19, 2012 @10:05AM (#40369471) Homepage

        The astonishing thing is that anyone in the Obama administration was stupid enough to think that secrecy could be maintained on this indefinitely.

        Who says they were thinking that? Trying to keep it under wraps as long as possible (a reasonable strategy from a tactical/strategic POV) does not imply the belief it can be done so indefinitely.

        Your sentence makes a nice target against which to launch a tirade, but barring corroborating facts, it is one built on speculation.

      • by tnk1 (899206)

        Until they admit this attack, it can still be sanitized and obfuscated. It's not like the code has little comments that say: I was written by the US Government and launched by Barack Obama. They just need to deny, deny, deny. I don't see how having software proves anything.

  • Obama's Record (Score:5, Insightful)

    by MyLongNickName (822545) on Tuesday June 19, 2012 @09:31AM (#40369017) Journal

    I voted for Obama based on two things: I hated how George Bush increased deficits recklessly and I hated how the Republican cavalierly meddled in other country's affairs using military might.

    I feel like a fool.

    • Re:Obama's Record (Score:5, Interesting)

      by Mitchell314 (1576581) on Tuesday June 19, 2012 @09:41AM (#40369163)
      Normally I'd agree with you, but in this case bytes is better than bullets, IMO. If the future of warfare is more about breaking machines and less about killing people, well it is a step up.
      • Re:Obama's Record (Score:5, Insightful)

        by poetmatt (793785) on Tuesday June 19, 2012 @09:52AM (#40369303) Journal

        The only difference between machines and bullets is that it's easier to affect a far more widespread amount of machines in a more discriminate fashion.
        Disable pacemakers? Shut down a hospital's equipment? These things will kill people too.

        • Re:Obama's Record (Score:5, Insightful)

          by Kidbro (80868) on Tuesday June 19, 2012 @10:02AM (#40369423)

          This is possible, but at least it hasn't happened yet. While I'm not particularly happy about the Stuxnet attack, I couldn't accuse it of murdering hospital patients & civilians.
          The same can not be said for the gun using meat space branch of the American war machine.

        • by timeOday (582209)
          Again, sounds bad, until you compare to an actual war. Unfortunately this is an inherently political discussion so there's no avoiding pointing out that the odds of overt war (that is, real war) depend heavily on the outcome of the Presidential election.
        • by Hentes (2461350)

          On a completely different scale. Just like Stuxnet caused the death of two people while an armed attack would cause tens of thousands of casualties.

        • Disable pacemakers? Shut down a hospital's equipment? These things will kill people too.

          But that's not what this particular software does. If someone wants to repurpose Stuxnet or Flame to target pacemakers, they're going to have to do the work to make it so.

          OTOH if you make bullets intended to kill only bad guys and someone else decides to repurpose them for killing cute puppies and children, the bullets are just fine as-is, and ready to use.

      • Re:Obama's Record (Score:5, Informative)

        by MyLongNickName (822545) on Tuesday June 19, 2012 @10:07AM (#40369503) Journal

        You realize that Obama has increased troops to Afghanistan and only removed troops from Iraq when forced to by their government? Gitmo is also still open.

      • by Hentes (2461350)

        Bytes only delay the inevitable as iran won't stop its nuclear program. The purpose of this sabotage was to buy enough time for Obama to be able to attack after the elections. It's a risky gamble as the dely might not be enough, and bullets are still better than nukes.

      • by cdrguru (88047)

        The problem is, Iran doesn't have the time or expertise to retaliate with anything except bullets and bombs.

        You do understand they have to retaliate now, right? We got them where it hurts and cost them a lot of money and time. All of their Islamic buddies are now sitting around talking about how the Great Satan pulled a good one on ole Iran. The disclosure turned a painful incident into a public slap in the face. So now they can either be considered inferior by their Islamic buddies or they can slap bac

    • Re: (Score:2, Interesting)

      by Pope (17780)

      So what? Who did you vote for Senate, House, etc.? The President doesn't run the show himself.

      • by dkleinsc (563838)

        The President doesn't run the show himself, but because he's commander-in-chief, the President can and does regularly order in the troops without any declaration of war from Congress. For example, the USAF was ordered into Libya even though Congress didn't provide any funding or authorization for that mission.

        The last time Congress formally declared war was in 1942.

    • Re:Obama's Record (Score:5, Insightful)

      by vawwyakr (1992390) on Tuesday June 19, 2012 @10:23AM (#40369685)
      The problem is here in the US, we're faced with a set of false choices. Both sides are lying backstabbing scum bags, it really doesn't matter who you vote for at this point. Obama just doubled down on the proof of this. People who point fingers at one side of the other are just missing the reality of the situation and getting caught up in the gamesmanship that is going on.
      • Both sides are lying backstabbing scum bags, it really doesn't matter who you vote for at this point.

        Gary Johnson [wikipedia.org] might be thought of that way by Republicans, except he never actually lied to them. The stabs are right in the Republicans' chests. Their eyes were open and they had blades in their own hands. You might disagree with him, but he is not a scumbag.

        Unfortunately, the stabs are also less than a millimeter deep and I don't think they even damaged the threading of their clothing .. unless you vo

    • by rednip (186217)

      I became a Democrat in 2000 not because I was 'in love' with them, but as I thought that the GOP was so utterly broken that the only real choice was the Democratic Party. My old party's ongoing reliance on seemingly conflicting wedge issues (i.e. smaller government that regulates abortion access, etc), unwillingness to make political comprises, party messaging that's created on right wing talk radio, institutionalized voter suppression efforts, and many more reasons convince me that continuing to vote/supp

    • Some earlier Presidents wanted the same sort of extralegal measures done but they went to great lengths to deny they ever had anything to do with it. Congratulations folks - you got somebody ordering the same sort of shit that Bush, Reagan (and even Clinton) pretended "just happened" only this time he's not being a coward about it.
      You don't just roll back from GITMO etc in a decade no matter who is in charge. Conservative lawyers are about keeping things rolling with the minimum of change and that's who y
  • by Robert Zenz (1680268) on Tuesday June 19, 2012 @09:31AM (#40369021) Homepage
    Is there really proof that it was the U.S.? I mean besides that awesome author who has 7 sources which want to stay hidden and that "Of course it was the U.S.!" attitude...
    • by crazyjj (2598719) * on Tuesday June 19, 2012 @09:36AM (#40369087)

      Would you liked a signed letter from the CIA and NSA directors talking about their top secret program? Because, obviously vetted sources in the most reputable newspaper in the U.S., a Congressional investigation into the leak, a Presidential denial of the leak, etc. aren't enough to convince you. So I'm assuming that we need to get Leon Panetta to come over to your house and read you in on the program.

      • by Maximum Prophet (716608) on Tuesday June 19, 2012 @09:59AM (#40369387)
        A friend of mine was in the Air Force in the '50s, stationed in France. While he was there, several Soviet generals were invited to tour the facilities, and inspect the bombers. My friend stated that if he had disclosed this information, he'd have been hanged, but here they were giving it away.

        Of course, this was a controlled release of info, excluding critical operational details. Deterrence only works if the other side thinks that you have better weapons and will use them. So, yes, sometimes you do have to leave a calling card. The thing is, sometimes it looked like the US Government and the Soviet Government were in a conspiracy against their own respective peoples.
        • Deterrence is a weasel word. The word you're looking for is "Fear".

          Myself, I loosely define conspiracy as an "in" group that acts in secret to further their own aims without regard for the consequences to the "out" group. Which includes pretty much every government and corporation on earth.

          • by Maximum Prophet (716608) on Tuesday June 19, 2012 @12:10PM (#40371221)

            Deterrence is a weasel word. The word you're looking for is "Fear"...

            No, Arthur C. Clarke talked about this w.r.t. technology. There are fears that are destabilizing, and fears that stabilize. If your "enemy" thinks that you are going to come to him and take his stuff, that fear destabilizes, weapons escalation is destabilizing. If your "enemy" has good intelligence, and knows that your weapons are secure and non-mobile, that fear is stabilizing, he knows he's safe now, but if he attacks those weapons are available.
            To paraphase Mr. Clarke, more nuclear bombs, destabilizing. More spy satellites, stabilizing.

            That sad part of the human existence, is that if your "enemy" doesn't fear you in the least, and has no reason to believe you will oppose him, he *will* come and take your stuff.

      • This wasn't reported in 'The Onion' it was reported in the 'New York Times', which has been a yellow DNC mouthpiece for decades. They are about as reputable as Fox News.

        They ran this story to give Obama a boost in the polls. They needed no facts.

    • by AHuxley (892839) on Tuesday June 19, 2012 @09:46AM (#40369225) Homepage Journal
      http://www.theatlanticwire.com/global/2012/06/israeli-spies-want-credit-stuxnet/53354/ [theatlanticwire.com]
      Others want their expertise to rank with the NSA it seems :)
  • by crazyjj (2598719) * on Tuesday June 19, 2012 @09:31AM (#40369025)

    The U.S. made a mistake with Iran with that stupid "Axis of Evil" speech. I'm still not sure why that speech isn't recognized as one of the biggest diplomatic blunders in recent history. First of all, lumping Iran and North Korea in with Iraq (who Bush planned to invade) served no good purpose. It was basically an open threat to Iran and North Korea that we were going to invade them next. And, not surprisingly, both responded by ramping up their nuclear weapons programs to a feverish pace (since nukes are basically the only way to ensure that the U.S. can't invade).

    Iran was actually getting pretty moderate before that speech, even sending open condolences and holding vigils after 9-11, with fairly moderate leadership. After the speech we get Ahmadinejad and and full-on nuke program. Smart move, George.

    • by Anonymous Coward on Tuesday June 19, 2012 @09:44AM (#40369203)

      Smart move, George.

      Intentional move, with successful outcome. The POTUS needs an outside enemy so the people will forget to debate internal issues.

    • by eldavojohn (898314) * <eldavojohn.gmail@com> on Tuesday June 19, 2012 @09:48AM (#40369247) Journal

      Iran was actually getting pretty moderate before that speech, even sending open condolences and holding vigils after 9-11, with fairly moderate leadership. After the speech we get Ahmadinejad and and full-on nuke program. Smart move, George.

      You are flat out wrong. The candle light vigils held for 9-11 victims were entirely citizen events [newamericamedia.org] and had nothing to do with the government. I have two Iranian citizens as good friends and they are completely different people than Ahmadinejad and, worse, their nutjob supreme leader [wikipedia.org]. Your insinuation that Iran the nation state sent open condolences and held vigils after 9-11 is laughable and erroneous -- some of the leadership did condemn the attacks but that's as far as it went. Hate the nation not the national. Hate the religion not the religious.

      Your blame on George is also largely misplaced. They had deals with Russia to improve their nuke program long before him [wikipedia.org] and the leaders have always wanted the ultimate weapon. I know life would be simpler if everything was George W. Bush's fault but, unfortunately for you, we must face reality.

      • by crazyjj (2598719) * on Tuesday June 19, 2012 @09:58AM (#40369375)

        If you had read my statement more carefully, you would note that I said "Iran was actually getting pretty moderate before that speech", that means the people as well as the government. Yes, before that speech the people held vigils and the government sent condolences. It was only afterwards that they ramped up their dormant nuke *weapons* program and elected nutjob (by a 62% margin) to lead the country.

        Before dipshit got up and made his "Axis of Evil" speech, the people were quite sympathetic to the U.S. and their leader was Mohammad Khatami [wikipedia.org], a reformer and moderate. Guess what happened to him after W. had his "We're coming for you next, Iran" cowboy moment?

        • You said in your original post:

          It was basically an open threat to Iran and North Korea that we were going to invade them next.

          Which is sort of incorrect, the speech was given on January 29, 2002 and Iraq was invaded on 19 of March 2003. So let's look at Mohammad Khatami who was in office from 2 August 1997 – 3 August 2005 and I'll leave it to the reader to decide if it was the speech of George W. Bush on in January of 2002 or the ongoing "Operation Iraqi Freedom" that started in 2003 and was still going on when he left office that was the primary motivation for him being replaced by someone th

          • by crazyjj (2598719) *

            The cowboy moment was the speech COUPLED WITH the invasion. If you label someone part of an "Axis of Evil" and a few months later invade one of the three members, it sends a pretty clear and unambiguous message to the other two that they had damn well better prepare to be next. And that's EXACTLY what they did.

        • by dbIII (701233)
          Iran as a whole probably is more moderate. Remember that the last election of Ahmadinejad had to be blatantly rigged.
          It's a bit of a race between when the old generation lose power and when the nukes are ready.
      • some of the leadership did condemn the attacks but that's as far as it went.

        What else should they to? After all, it was only one building and few thousand victims of attack. Comparing to hundrends of thousend civilians killed and wounded by US Army. If Iranian condemnation of attack (they were not involved in) is too little, what is Obama supposed to do in Iraq, about mindless attacks he is directly responsible for?
    • First of all, lumping Iran and North Korea in with Iraq (who Bush planned to invade) served no good purpose.

      It makes good theater. Destro, Cobra Commander and Zartan all had different aims and ambitions, but they pretty much just got lumped together as Bad Guys too. The American public dislikes subtlety.

    • by tqk (413719)

      First of all, lumping Iran and North Korea in with Iraq (who Bush planned to invade) served no good purpose.

      Ah, you don't understand how the US works. Much like, "Invasion is the means by which the US teaches its citizens geography", invasions are also the beta testing ground for US munitions manufacturers. Does stealth work? Invade Iraq. Bunker busters? Afghanistan. Does mobile infantry help? Invade VietNam. Does jet tech. help? Korea. Etc.

      I'm not really sure how Afghanistan fits in, but "Combat Hospital" is my favourite show (if that means anything). HAND.

    • The U.S. made a mistake with Iran with that stupid "Axis of Evil" speech. I'm still not sure why that speech isn't recognized as one of the biggest diplomatic blunders in recent history. First of all, lumping Iran and North Korea in with Iraq (who Bush planned to invade) served no good purpose. It was basically an open threat to Iran and North Korea that we were going to invade them next. And, not surprisingly, both responded by ramping up their nuclear weapons programs to a feverish pace (since nukes are basically the only way to ensure that the U.S. can't invade).

      Iran was actually getting pretty moderate before that speech, even sending open condolences and holding vigils after 9-11, with fairly moderate leadership. After the speech we get Ahmadinejad and and full-on nuke program. Smart move, George.

      Agreed. But instead of being shunned for being the author of one of the most damaging speeches in American foreign policy history he gets a blog, a contributors spot on CNN, and gets to publish seven books.

      http://www.thedailybeast.com/davidfrum.html [thedailybeast.com]

  • all countries are doing this, and have been doing this, for years

    i never understood this "single out the USA for what everyone does" nonsense

    it seems like a defect in one's ability to keep perspective to me

    • by jythie (914043)
      Well, partly people single out the US because it is so powerful. When weaker nations do stuff the impact is limited, when the US does something it can be kinda scary because no one can really stop them... and that makes everyone a bit nervous.

      This includes people in the US. While there has been a lot of rhetoric about not needing a 'balance of power' in the world, in the end, such balance ends up being good for citizens. In a way, as citizens, out greatest ally is people on the outside who counter our g
    • by AHuxley (892839)
      No, most pasts of the world left this to university networks, private isp's, botnets, telcos/banks with backdoors over a short time...
      Their security services could be running many legal compromised savants, gangs, political groups - but it was always a distant, deniable, criminal or just hijinks.
      This is new in its directness.
    • by Hatta (162192)

      i never understood this "single out the USA for what everyone does" nonsense

      I'm not one to quote scripture often, but a good cliche is a good cliche.

      âoeWhy do you look at the speck of sawdust in your brotherâ(TM)s eye and pay no attention to the plank in your own eye? 4 How can you say to your brother, âLet me take the speck out of your eye,â(TM) when all the time there is a plank in your own eye? 5 You hypocrite, first take the plank out of your own eye, and then you will see clearly t

  • by l0ungeb0y (442022) on Tuesday June 19, 2012 @09:41AM (#40369151) Homepage Journal

    Bruce Schneier is NOT a diplomat and has fuck all experience in dealing with international affairs. And what sort of Diplomacy are we supposed to use when "Stern Letter Writing", "UN Inspections" and threats fail? Obama showed quite a bit of creativity and tact in performing an elaborate Cyber-Attack that left our best Security Researchers stumped for months and seems to have worked quite well in derailing their bomb making efforts.

    Would Schneier prefer we have gone ahead with Israel's agenda and bombed the suspected weapons making facilities and risked killing people -- even civilians? Or is he just the sort of Freedom Loving Pacifist that would have us dawdling around writing more "Sternly Worded Letters" until Iran finally trotted out a bomb and wiped out an entire city full of people?

    • by radtea (464814)

      Or is he just the sort of Freedom Loving Pacifist that would have us dawdling around writing more "Sternly Worded Letters" until Iran finally trotted out a bomb and wiped out an entire city full of people?

      Ah, cowardice and fear-mongering, the ever-eager fellow travelers of the security-industrial complex!

      When you have an actual argument, do please make it. Until then your reliance on invalid assumption and misleading innuendo makes you look pretty stupid. After all, everyone knows that war is dead last in terms of efficient, effective ways of solving international disputes, just as interpersonal violence is the least effective and inefficient way of solving private disputes. If you don't advocate interper

      • After all, everyone knows that war is dead last in terms of efficient, effective ways of solving international disputes, just as interpersonal violence is the least effective and inefficient way of solving private disputes.

        I take it you haven't been introduced to certain members of Homo homo sapiens, who will do whatever the hell they want, until someone physically stops them. They're the sociopaths, serial killers and assorted anti-social people who will happily skin their mother if they can make a buck off of it, save the world, or get their jollies off. At that point, physical violence is the most efficient way of solving the dispute.

        With regard to the "Iranian bomb": Iran is not pursuing nuclear weapons.

        Ahem?

        We know this from a very simple piece of evidence: they don't have them.

        Oooohhh.... the "I can't see it, therefore it will never exist" approach. They've bee

    • And what sort of Diplomacy are we supposed to use when "Stern Letter Writing", "UN Inspections" and threats fail?

      As an EU person, may I suggest to our US friends another option: when "Stern Letter Writing" and "UN Inspections" threats fail in Iran, to provide healthcare for poor people in US?
    • Bruce Schneier is NOT a diplomat and has fuck all experience in dealing with international affairs.

      I've been pointing this out for years - Schneier has pretty much no experience or knowledge in 90% of what he pontificates about.

    • by dbIII (701233)
      I think to Schneier this sort of thing is like going as far as using mustard gas - a line that shouldn't be crossed because then you get it coming right back at you from the other side.
      Of course it's an analogy and I'm sure nobody is stupid enough to reply that gas is far worse because it's a completely different thing. I'm just giving an example of another line that most nations will not cross for fear of backlash.

      Also, get a grip on reality. Iran gains nothing by nuking Israel but various leaders there
    • by gl4ss (559668)

      hmmh. Israel apparently did sponsor bombing of civilians in Iran.. which did more to slow down their progress than anything done to the control sw - it didn't only RISK killing scientists but it was 100% intentional killings. at least outright bombing of the facilities would be "honorable" over the table attack(in other words, regular old school dirty and mean WAR). Now, what are they going to do if Iran starts harboring cyber villains? seems it's ok for USA to do that and piss on international agreements

    • by Hatta (162192)

      Bruce Schneier is NOT a diplomat

      All the more reason to trust that his analysis is accurate and not propaganda.

    • Have any of you calling me an idiot ever considered that the real enemy for Obama was Israel and the Congressional War Hawks who have been calling for Military Action against Iran for most the last decade?

      By conducting this Cyber-Attack he not only derailed the Iranian Nuclear effort -- but he staved off Israel's promised Military Assault and quieted the voices at the Pentagon and Congress that were all for a Joint Offense with Israel against Iran.

      Sometimes the "victory" isn't against the commonly perceived

  • by Anonymous Coward

    There is only one source who says they have "evidence" and keeps pointing the finger at the US and Israel about Stuxnet, Flame, and other Trojans, and that is Kaspersky, which is a Russian AV company. Nobody else out there, be it Panda, Symantec, McAfee, or independent researchers makes these conclusions. It might just be me, but it appears that there might be a political agenda here.

    Russia has a lot to gain by making the US appear at fault for these Trojans. There is a battle now for who runs the Net, e

  • by MobyDisk (75490) on Tuesday June 19, 2012 @09:52AM (#40369291) Homepage

    I wonder if that Nobel Peace Prize burns in his hand yet.

    • Two options: take military action against Iran to prevent them destabilizing the region, and possibly starting a war. OR write a computer virus that stops them from destabilizing the region without violating any airspace, starting wars, or killing anyone.

      If doing nothing and letting Israel bomb Iran possibly leading to war is your version of "peace", then I'm glad you're not in charge. Life isn't always pleasant, sometimes you have to pick the lesser of two bad situations. In this case, no one died,
      • by Hatta (162192) on Tuesday June 19, 2012 @11:18AM (#40370447) Journal

        Two options: take military action against Iran to prevent them destabilizing the region

        Since when is a sovereign nation developing defensive capability "destabilizing"? Attacking a sovereign nation when it exercises its right to defense is far more destabilizing.

      • by MobyDisk (75490)

        All of what you say might be true. But it sure has to hurt making those kinds of decisions with a Nobel Peace Prize hanging over your conscience. (Where does he keep it?)

        I would also like to offer some perspective here:

        First is your assumption that Iran is destabilizing the region. Is Iran destabilizing the nation by building weapons? From their perspective, isn't the US the the destabilizing force since it keeps invading their neighbors? I know that isn't Obama's fault, but if he accepted that prize h

    • by alexo (9335)

      I wonder if that Nobel Peace Prize burns in his hand yet.

      Why should it? He's in good company [wikipedia.org].

  • by anwyn (266338) on Tuesday June 19, 2012 @09:52AM (#40369299)
    There is no way to prove whether a nation is engaged in offensive cyber warfare. It will always be possible to say those things were done by criminals and malefactors. "The secretary will disavow all knowledge of your actions." If those leaks had happened in China, the leakers would be shot and their families billed for the bullets. Therefore, if a treaty is signed, it will be a one-way treaty partially enforceable in the West only.

    It would be colossally foolish to sign such a treaty.

    I can not imagine such a treaty being ratified.

    Therefore, baton down the hatches a storm is coming.

  • by Maximum Prophet (716608) on Tuesday June 19, 2012 @09:52AM (#40369301)
    The real mistake was getting caught, or was it? The article says "Stuxnet didn't just damage the Natanz nuclear facility; it damaged the U.S.'s credibility as a fair arbiter and force for peace in cyberspace"

    Was the US government ever seen as a "fair arbiter and force for peace in cyberspace". Yes, many Americans played that role, but the official government?

    Deterrence only works if the other side thinks that you have better weapons and will use them. It's entirely possible that "Getting Caught" was a calculated risk, planned from the beginning. Unofficial channels may have sent the messge, "We were easy on you this time, back off, or next time we take off the gloves." Certainly, after you get caught, that's the way you want to spin it.
    • by Hatta (162192)

      Was the US government ever seen as a "fair arbiter and force for peace in cyberspace".

      The US has never even been a fair arbiter and force for peace in meatspace.

  • by Overzeetop (214511) on Tuesday June 19, 2012 @09:54AM (#40369325) Journal

    The pacific portion of WWII ended because we annihilated two cities - civilians and all - and threatened to to turn the island of Japan into a wasteland. War sucks, and shouldn't need to exist, but it does. Good? Bad? Think of it this way - do you want to be the country that doesn't have nuclear weapons because they're "against the rules," or do you want to have them because - rules or not - people are much less likely to fuck with you if they know you can destroy them?

    • by crazyjj (2598719) * on Tuesday June 19, 2012 @10:40AM (#40369873)

      The pacific portion of WWII ended because we annihilated two cities

      Yeah, except there is just one problem with that Iran = WWII-Japan analogy. Iran never attacked us, isn't at war with us, and has absolutely no imperial ambitions. But other than that, sure, Iran is exactly like Imperial Japan in 1945.

    • The pacific portion of WWII ended because we annihilated two cities - civilians and all - and threatened to to turn the island of Japan into a wasteland. War sucks, and shouldn't need to exist, but it does. Good? Bad? Think of it this way - do you want to be the country that doesn't have nuclear weapons because they're "against the rules," or do you want to have them because - rules or not - people are much less likely to fuck with you if they know you can destroy them?

      The problem with that line of thinking is this: If you know a country can destroy you, you are not going to leave them alone and HOPE that they don't. No, you going to take steps to eliminate that threat.

  • the alternatives, invasion or air bombardment, it seems reasonable.

  • by Mabhatter (126906) on Tuesday June 19, 2012 @11:02AM (#40370221)

    This was just a routine Cloak and Dagger Op. During the Cold War the CIA and KGB did "monkey wrench" ops like this all the time. Most of the time they didn't bother telling the Prez... So he couldn't accidentally apologize!

    In the grand scheme from the Prez point of view, this was the right way to go. Americans aren't really willing to start another war, and the intel in Iran's Nuclear program is so sensational and political the truth is long lost. The CIA wants to throw a digital wrench in the works that Iran claims don't exist is better than letting Israel invade their airspace with US made planes again. Iran isn't being honest with neighbors like Syria either, so "outrage" over breaking something they claimed they wernt doing is minimal.

    The bigger problem is that the military and other orgs are utterly irresponsible With their "toys". They ended up giving foreign hackers something high-end and new to hack our OWN computers with. This leads to looking for "terrorists" under every beach towel because there is all this irresponsible stuff going on even the President and industry leaders aren't warned is coming.... Because these idiots turned stuff loose and tried to cover it up.

  • by alexo (9335) on Tuesday June 19, 2012 @11:13AM (#40370379) Journal

    Has the US formally declared war on Iran?

  • Crazy is today's relevant metaphor for the United States military - industrial complex MAD, Mutually Assured Destruction, theory-driven policies for gaming ultimate zero-win war scenarios. Zero-war scenarios have yet to disarm nuclear technologies. Stuxnet, Flame, drones, et. al. advance the state of politics without the incursion and loss of life on the battlefields of nation states who have nothing left to lose but treasury of its future, youth.

  • While the wisdom of pursuing the attack can be debated, a larger question of disclosing it publicly needs to be addressed. Let's just say that doing it was of questionable benefit and it probably should not have been done.

    However, once it was done I would say that as a major component of any covert military operation there was an extreme need to keep it secret. Forever. Disclosing this has more or less committed Iran to a course of action to retaliate. There is no escaping that fact - they have to retal

  • The main reason that cyberwar is a threat is because we haven't worried about code complexity, as long as systems worked, we figured it was good enough. There are now projects in play that offer ways to manage this complexity, and reduce the number of trusted lines of code for any given function to tractable numbers. I'd even go so far as to say that it's possible to have a computer that is usable, secure and networked, with active users.

    Capability based security offers one part of the approach to making th

If I have seen farther than others, it is because I was standing on the shoulders of giants. -- Isaac Newton

Working...