This is a continuation of Newton's Third Law which had two updates at that link and was starting to get a bit unwieldy. After the page break: hubris in the pursuit of profit, the Stuxnet virus, and the US Chamber of Commerce, but not all at once.
Switched.com, in How Aaron Barr Infiltrated Anonymous, and Why He Decided to Do It, notes how profit-driven Barr was in his pursuit of the identities of Anonymous:
Based on e-mails he sent before beginning his mission, it's clear that Barr's motives, from the very beginning, were profit-driven. A social media fanatic, Barr firmly believed that he could use data from sites like Facebook and LinkedIn to identify any hacker in the world, including members of Anonymous. "Hackers may not list the data, but hackers are people too so they associate with friends and family," Barr wrote in an e-mail to a colleague at HBGary Federal. "Those friends and family can provide key indicators on the hacker without them releasing it...." He even wanted to give a talk at this year's Bside security conference, titled "Who Needs NSA when we have Social Media?" But, long-term security implications aside, Barr knew exactly what he would do once he obtained data on Anonymous' members. "I will sell it," he wrote.
However, his singleminded pursuit apparently made his co-workers concerned:
Some of his colleagues at HBGary, however, soon became uneasy with the direction that Barr was taking his investigation. In exchanges with his coder, he insisted that he was not aiming to get anyone arrested, but simply wanted to prove the efficacy of his statistical analysis. In an e-mail to another colleague, though, the coder complained that Barr made many of his claims based not on statistics, but on his "best gut feeling." Others, meanwhile, feared retribution from Anonymous, and with good reason.
“Anonymous is now in possession of Stuxnet – problem, officer?” tweeted user by the name of Topiary. Topiary’s profile describes the user as an online activist and a “Supporter of Anonymous Operations, WikiLeaks, and maintaining freedom on the Internet.”
To me, two huge questions arise from Anonymous’ claim:
1. Are they actually in possession of Stuxnet? 2. Can they do anything with it?
The answer to both questions, of course, is maybe. But let’s dive a little deeper.
Recently, Anonymous has been in the news for its high profile attacks on software security firm HBGary, after Aaron Barr, the CEO of HBGary’s sister firm HBGary Federal, claimed to have acquired the names of senior Anonymous members and threatened to release them to the public. Forbes’ Parmy Olson has done a fantastic job covering that affair.
This is where the possibility for Anonymous getting its hands on Stuxnet increases. In a post this morning, Olson quotes a source from Anonymous who briefly rattles off the contents of a slew of emails uncovered during the HBGary takedown. “Three different malware archives, two bots, an offer to sell a botnet, a genuine stuxnet copy, and various malware lists,” are supposedly among the contents.
Could this be pure posturing? Sure. But it doesn’t seem out of the question that a security firm would have high level information on one of the most threatening viruses out there.
So let’s pretend that Anonymous does, in fact, have a copy of the Stuxnet worm in their possession. Can they do anything with it? We’ve already seen Stuxnet’s efficacy in attacking Siemens Supervisory Control And Data Acquisition (SCADA) systems attached to very specific industrial machinery. The complexity of the worm allowed it to infiltrate deep into Iran’s nuclear facilities before unleashing its payload. A report by Symantec today updated their September dossier on the virus and revealed that the attacks started in June of 2009 and ended in May 2010, around a month before the attacks were even noticed.
The worm’s complexity, however, could also render it mostly useless in Anonymous’ hands. I’ll let Schneier get into the weeds on some of the details, since he does a great job of explaining:So, unless the Anonymous hackers want to control industrial centrifuges, we should be alright? Not so fast. Theoretically, it would be possible to dismantle the virus and implant a separate payload, effectively piggy-backing another virus on the Windows-based attack code. This is no walk in the park coding exercise, to be sure, but Anonymous has proven their impressive abilities in the past. If such a deconstruction and reconstruction were to be pulled off, it could have wide-reaching consequences. In August 2010, the Stuxnet virus was reportedly infecting over 60,000 computers in Iran, not causing any harm but eager to spread until it found a place to release its payload....
Here’s what we do know: Stuxnet is an Internet worm that infects Windows computers. It primarily spreads via USB sticks, which allows it to get into computers and networks not normally connected to the Internet. Once inside a network, it uses a variety of mechanisms to propagate to other machines within that network and gain privilege once it has infected those machines. These mechanisms include both known and patched vulnerabilities, and four “zero-day exploits”: vulnerabilities that were unknown and unpatched when the worm was released. (All the infection vulnerabilities have since been patched.)
Stuxnet doesn’t actually do anything on those infected Windows computers, because they’re not the real target. What Stuxnet looks for is a particular model of Programmable Logic Controller (PLC) made by Siemens (the press often refers to these as SCADA systems, which is technically incorrect). These are small embedded industrial control systems that run all sorts of automated processes: on factory floors, in chemical plants, in oil refineries, at pipelines–and, yes, in nuclear power plants. These PLCs are often controlled by computers, and Stuxnet looks for Siemens SIMATIC WinCC/Step 7 controller software.
If it doesn’t find one, it does nothing.
The link to the second Forbes article, "Victim of Anonymous AttackSpeaks Out" was not working when I tried it, though other Forbes blog posts are loading easily.
ThinkProgress: Bank of America wasn't the only client of HB Gary whose dealings were revealed via Wikileaks. Hunton & Williams, the same firm that acted as go-between for HB Gary and Bank of America, also connected HB Gary with the US Chamber of Commerce. The purpose: sabotaging their political opponents, including ThinkProgress.
According to e-mails obtained by ThinkProgress, the Chamber hired the lobbying firm Hunton and Williams. Hunton And Williams’ attorney Richard Wyatt, who once represented Food Lion in its infamous lawsuit against ABC News, was hired by the Chamber in October of last year. To assist the Chamber, Wyatt and his associates, John Woods and Bob Quackenboss, solicited a set of private security firms — HBGary Federal, Palantir, and Berico Technologies (collectively called Team Themis) — to develop tactics for damaging progressive groups and labor unions, in particular ThinkProgress, the labor coalition called Change to Win, the SEIU, US Chamber Watch, and StopTheChamber.com.
According to one document prepared by Team Themis, the campaign included an entrapment project. The proposal called for first creating a “false document, perhaps highlighting periodical financial information,” to give to a progressive group opposing the Chamber, and then to subsequently expose the document as a fake to undermine the credibility of the Chamber’s opponents. In addition, the group proposed creating a “fake insider persona” to “generate communications” with Change to Win....
The security firms hoped to obtain $200,000 for initial background research, then charge up to $2 million for a larger disinformation campaign against progressives. We don’t know if the proposal was accepted after Phase 1 was completed.
The e-mails ThinkProgress acquired are available widely on the web. They were posted by members of “Anonymous,” the hactivist community responsible for taking down websites for oppressive regimes in Tunisia, Egypt, and American corporations that have censored WikiLeaks. Anonymous published the emails from HBGary Federal because an executive at the firm, Aaron Barr, was trying to take Anonymous down. Barr claimed that he had penetrated Anonymous and was hoping to sell the data to Bank of America and to federal authorities in the United States. In response, members of Anonymous hacked into Barr’s email and published some 40,000 company e-mails....
ThinkProgress has published a series of articles investigating the Chamber and its activities. We exposed the Chamber’s efforts to coordinate a lobbying campaign on behalf of large banks, including JP Morgan, to kill significant portions of financial reform. In October, we published a series looking into the Chamber’s efforts to solicit donations from foreign corporations for the same account the Chamber used to run partisan attack ads during the midterm campaign, as well as the Chamber’s participation in secret fundraising meetings convened by the billionaire plutocrats David and Charles Koch....
In a later ThinkProgress post, ChamberLeaks Primer: How The US Chamber Plotted To Smear Unions And Undermine Political Opponents, it appears that Barr's moneymaking plans went awry when the Chamber of Commerce wanted HB Gary to work on spec for at least a month:
...Yesterday, ThinkProgress released an exclusive investigation into the underhanded and surreptitious campaign waged by a lobbying firm representing the U.S. Chamber of Commerce, a right-wing association representing big business. The report detailed how Hunton & Williams, a lobbying firm hired by the Chamber, solicited “private security” companies to investigate the Chamber’s political opponents, including ThinkProgress, the labor coalition Change to Win, SEIU, US Chamber Watch, and StopTheChamber.com. Their tactics included planting false documents, creating fake personas, and targeting opponents’ families and children.
In response, the Chamber of Commerce said these were “baseless attacks” because the Chamber had “never seen the document in question.” In addition, they mention that the security firm in question (presumably HBGary) had not been “hired” by the Chamber or on the Chamber’s behalf.
However, as Marcy Wheeler wrote, their response is a “carefully worded nondenial denial.” In reality, the reason why the Chamber can claim not to have “hired” HBGary is because until as recently as a week ago, the security firm was working on spec. As Wheeler pointed out, a February 3 email shows that Hunton & Williams simply got “HBGary to do a month of work for free to decide whether they want to hire them.”...
Indeed, leaked emails show that Hunton & Williams met with the security firms in late 2010, including a November 3 meeting at H&W’s offices and a phone discussion on November 8.
On January 13, 2011, an email shows that the private security firms assumed the project was “a go.” However, an email on February 3 showed that Hunton & Williams wanted the firms to work on spec “and then present jointly with H&W to the Chamber” on or around February 14. Then, after their work was approved, the security firms planned to “begin enduring work at agreed upon rates (approx. $250-300k per month for the entire team – both services and license fees).”
It is not clear if that meeting will still happen after HBGary’s emails were leaked.
Meanwhile, the Chamber of Commerce denies it all. I'd be surprised if they were to reply to some of the more knowledgeable comments.