by fiddler
This is a continuation of Newton's Third Law which had two updates at that link and was starting to get a bit unwieldy. After the page break: hubris in the pursuit of profit, the Stuxnet virus, and the US Chamber of Commerce, but not all at once.
Switched.com, in How Aaron Barr Infiltrated Anonymous, and Why He Decided to Do It, notes how profit-driven Barr was in his pursuit of the identities of Anonymous:
Based on e-mails he sent before beginning his mission, it's clear that Barr's motives, from the very beginning, were profit-driven. A social media fanatic, Barr firmly believed that he could use data from sites like Facebook and LinkedIn to identify any hacker in the world, including members of Anonymous. "Hackers may not list the data, but hackers are people too so they associate with friends and family," Barr wrote in an e-mail to a colleague at HBGary Federal. "Those friends and family can provide key indicators on the hacker without them releasing it...." He even wanted to give a talk at this year's Bside security conference, titled "Who Needs NSA when we have Social Media?" But, long-term security implications aside, Barr knew exactly what he would do once he obtained data on Anonymous' members. "I will sell it," he wrote.
However, his singleminded pursuit apparently made his co-workers concerned:
Some of his colleagues at HBGary, however, soon became uneasy with the direction that Barr was taking his investigation. In exchanges with his coder, he insisted that he was not aiming to get anyone arrested, but simply wanted to prove the efficacy of his statistical analysis. In an e-mail to another colleague, though, the coder complained that Barr made many of his claims based not on statistics, but on his "best gut feeling." Others, meanwhile, feared retribution from Anonymous, and with good reason.
Forbes.com: It seems that while Anonymous was raiding HB Gary, they may have found and taken a copy of the Stuxnet virus, a worm that crippled Iran's nuclear facility.
“Anonymous is now in possession of Stuxnet – problem, officer?” tweeted user by the name of Topiary. Topiary’s profile describes the user as an online activist and a “Supporter of Anonymous Operations, WikiLeaks, and maintaining freedom on the Internet.”To me, two huge questions arise from Anonymous’ claim:
1. Are they actually in possession of Stuxnet? 2. Can they do anything with it?The answer to both questions, of course, is maybe. But let’s dive a little deeper.
Recently, Anonymous has been in the news for its high profile attacks on software security firm HBGary, after Aaron Barr, the CEO of HBGary’s sister firm HBGary Federal, claimed to have acquired the names of senior Anonymous members and threatened to release them to the public. Forbes’ Parmy Olson has done a fantastic job covering that affair.
This is where the possibility for Anonymous getting its hands on Stuxnet increases. In a post this morning, Olson quotes a source from Anonymous who briefly rattles off the contents of a slew of emails uncovered during the HBGary takedown. “Three different malware archives, two bots, an offer to sell a botnet, a genuine stuxnet copy, and various malware lists,” are supposedly among the contents.
Could this be pure posturing? Sure. But it doesn’t seem out of the question that a security firm would have high level information on one of the most threatening viruses out there.
So let’s pretend that Anonymous does, in fact, have a copy of the Stuxnet worm in their possession. Can they do anything with it? We’ve already seen Stuxnet’s efficacy in attacking Siemens Supervisory Control And Data Acquisition (SCADA) systems attached to very specific industrial machinery. The complexity of the worm allowed it to infiltrate deep into Iran’s nuclear facilities before unleashing its payload. A report by Symantec today updated their September dossier on the virus and revealed that the attacks started in June of 2009 and ended in May 2010, around a month before the attacks were even noticed.
The worm’s complexity, however, could also render it mostly useless in Anonymous’ hands. I’ll let Schneier get into the weeds on some of the details, since he does a great job of explaining:
So, unless the Anonymous hackers want to control industrial centrifuges, we should be alright? Not so fast. Theoretically, it would be possible to dismantle the virus and implant a separate payload, effectively piggy-backing another virus on the Windows-based attack code. This is no walk in the park coding exercise, to be sure, but Anonymous has proven their impressive abilities in the past. If such a deconstruction and reconstruction were to be pulled off, it could have wide-reaching consequences. In August 2010, the Stuxnet virus was reportedly infecting over 60,000 computers in Iran, not causing any harm but eager to spread until it found a place to release its payload....Here’s what we do know: Stuxnet is an Internet worm that infects Windows computers. It primarily spreads via USB sticks, which allows it to get into computers and networks not normally connected to the Internet. Once inside a network, it uses a variety of mechanisms to propagate to other machines within that network and gain privilege once it has infected those machines. These mechanisms include both known and patched vulnerabilities, and four “zero-day exploits”: vulnerabilities that were unknown and unpatched when the worm was released. (All the infection vulnerabilities have since been patched.)
Stuxnet doesn’t actually do anything on those infected Windows computers, because they’re not the real target. What Stuxnet looks for is a particular model of Programmable Logic Controller (PLC) made by Siemens (the press often refers to these as SCADA systems, which is technically incorrect). These are small embedded industrial control systems that run all sorts of automated processes: on factory floors, in chemical plants, in oil refineries, at pipelines–and, yes, in nuclear power plants. These PLCs are often controlled by computers, and Stuxnet looks for Siemens SIMATIC WinCC/Step 7 controller software.
If it doesn’t find one, it does nothing.
The link to the second Forbes article, "Victim of Anonymous AttackSpeaks Out" was not working when I tried it, though other Forbes blog posts are loading easily.
ThinkProgress: Bank of America wasn't the only client of HB Gary whose dealings were revealed via Wikileaks. Hunton & Williams, the same firm that acted as go-between for HB Gary and Bank of America, also connected HB Gary with the US Chamber of Commerce. The purpose: sabotaging their political opponents, including ThinkProgress.
According to e-mails obtained by ThinkProgress, the Chamber hired the lobbying firm Hunton and Williams. Hunton And Williams’ attorney Richard Wyatt, who once represented Food Lion in its infamous lawsuit against ABC News, was hired by the Chamber in October of last year. To assist the Chamber, Wyatt and his associates, John Woods and Bob Quackenboss, solicited a set of private security firms — HBGary Federal, Palantir, and Berico Technologies (collectively called Team Themis) — to develop tactics for damaging progressive groups and labor unions, in particular ThinkProgress, the labor coalition called Change to Win, the SEIU, US Chamber Watch, and StopTheChamber.com.According to one document prepared by Team Themis, the campaign included an entrapment project. The proposal called for first creating a “false document, perhaps highlighting periodical financial information,” to give to a progressive group opposing the Chamber, and then to subsequently expose the document as a fake to undermine the credibility of the Chamber’s opponents. In addition, the group proposed creating a “fake insider persona” to “generate communications” with Change to Win....
The security firms hoped to obtain $200,000 for initial background research, then charge up to $2 million for a larger disinformation campaign against progressives. We don’t know if the proposal was accepted after Phase 1 was completed.
The e-mails ThinkProgress acquired are available widely on the web. They were posted by members of “Anonymous,” the hactivist community responsible for taking down websites for oppressive regimes in Tunisia, Egypt, and American corporations that have censored WikiLeaks. Anonymous published the emails from HBGary Federal because an executive at the firm, Aaron Barr, was trying to take Anonymous down. Barr claimed that he had penetrated Anonymous and was hoping to sell the data to Bank of America and to federal authorities in the United States. In response, members of Anonymous hacked into Barr’s email and published some 40,000 company e-mails....
ThinkProgress has published a series of articles investigating the Chamber and its activities. We exposed the Chamber’s efforts to coordinate a lobbying campaign on behalf of large banks, including JP Morgan, to kill significant portions of financial reform. In October, we published a series looking into the Chamber’s efforts to solicit donations from foreign corporations for the same account the Chamber used to run partisan attack ads during the midterm campaign, as well as the Chamber’s participation in secret fundraising meetings convened by the billionaire plutocrats David and Charles Koch....
In a later ThinkProgress post, ChamberLeaks Primer: How The US Chamber Plotted To Smear Unions And Undermine Political Opponents, it appears that Barr's moneymaking plans went awry when the Chamber of Commerce wanted HB Gary to work on spec for at least a month:
...Yesterday, ThinkProgress released an exclusive investigation into the underhanded and surreptitious campaign waged by a lobbying firm representing the U.S. Chamber of Commerce, a right-wing association representing big business. The report detailed how Hunton & Williams, a lobbying firm hired by the Chamber, solicited “private security” companies to investigate the Chamber’s political opponents, including ThinkProgress, the labor coalition Change to Win, SEIU, US Chamber Watch, and StopTheChamber.com. Their tactics included planting false documents, creating fake personas, and targeting opponents’ families and children.In response, the Chamber of Commerce said these were “baseless attacks” because the Chamber had “never seen the document in question.” In addition, they mention that the security firm in question (presumably HBGary) had not been “hired” by the Chamber or on the Chamber’s behalf.
However, as Marcy Wheeler wrote, their response is a “carefully worded nondenial denial.” In reality, the reason why the Chamber can claim not to have “hired” HBGary is because until as recently as a week ago, the security firm was working on spec. As Wheeler pointed out, a February 3 email shows that Hunton & Williams simply got “HBGary to do a month of work for free to decide whether they want to hire them.”...
Indeed, leaked emails show that Hunton & Williams met with the security firms in late 2010, including a November 3 meeting at H&W’s offices and a phone discussion on November 8.
On January 13, 2011, an email shows that the private security firms assumed the project was “a go.” However, an email on February 3 showed that Hunton & Williams wanted the firms to work on spec “and then present jointly with H&W to the Chamber” on or around February 14. Then, after their work was approved, the security firms planned to “begin enduring work at agreed upon rates (approx. $250-300k per month for the entire team – both services and license fees).”
It is not clear if that meeting will still happen after HBGary’s emails were leaked.
Techdirt has more on the Chamber of Commerce deal, including screenshots of the Themis report.
Meanwhile, the Chamber of Commerce denies it all. I'd be surprised if they were to reply to some of the more knowledgeable comments.
Right wing hack(er)s? Whoda thought?
Posted by: bobbyp | February 11, 2011 at 09:31 PM
I beg you, please, never read Forbes on technical matters. That Forbes reporter is just beyond ignorant. First of all, lots of people have copies of Stuxnet; its a virus after all. Second of all, Stuxnet is damn near useless now: it included some zero-day vulnerabilities that have long since been patched. Third, viruses are not custom made pieces of art; they're more like meals at a cheap chinease restaurant: you pick from a range of choices in different columns and an international criminal network delivers your creation for a fee. Anonymous isn't technically very skilled and there's nothing they could get from Stuxnet that isn't already public knowledge.
Posted by: Turbulence | February 11, 2011 at 09:45 PM
The guy who delivers my Chinese food is part of an international criminal network?
Who knew?
Posted by: Bernard Yomtov | February 11, 2011 at 10:14 PM
Sounds a lot like the GWB/Texas Air Nat'l Guard docs that got Dan Rather canned from CBS.
Posted by: Snarki, child of Loki | February 11, 2011 at 11:25 PM
Snarki,
I've always wondered if Rather was snookered.
But, but, this...this is unbridled money power going to excess. The question is, what is out there that can effectively mount an opposition to the C-of-C's unbridled financial clout?
$15 donations to Obama are not going to cut it.
Posted by: bobbyp | February 11, 2011 at 11:39 PM
Turbulence, Forbes may not be the last word on computer-related matters, but it is one of the big names in the business world for those who often hire others to understand computers for them. I think it's worthwhile to include it, if only to notice the level of intelligence (or not) that the business world is reading.
Every source I list does not have equal weight, but I try to choose sources that do not completely duplicate one another, so that overall there will be as complete an account as possible. Any time you have a better source for something I've written, or a link with a commentary that adds something I haven't found, please do feel free to post it in a comment.
Posted by: Fiddler | February 12, 2011 at 12:13 AM
"Second of all, Stuxnet is damn near useless now: it included some zero-day vulnerabilities that have long since been patched."
You're assuming older production facilities actually try to keep their Windows installations current, or have the budget to do so. Not always true.
Posted by: TJ | February 12, 2011 at 11:36 AM
You're assuming older production facilities actually try to keep their Windows installations current, or have the budget to do so. Not always true.
I'm assuming that Anonymous has neither the interest nor ability in attacking a major industrial facility. The code in Stuxnet is narrowly targeted to probably just one facility, which, if is Iranian, has definitely had its windows installations patched by now. Porting it to another industrial facility would require lots of hardware to test against, and there's no reason that Anonymous cares about any one large industrial plant.
Posted by: Turbulence | February 12, 2011 at 12:01 PM
You're assuming older production facilities actually try to keep their Windows installations current, or have the budget to do so.
Or actually *want* to keep them current. In early 2011, webmasters are typically seeing over 40% of visitors still using Windows XP. I was shocked when I saw this at w3schools, so I checked the stats on some of the sites I maintain. This is pretty much what I see, too: a plurality are still on XP, even though MS is making every effort to get them to move on.
Posted by: Doctor Science | February 12, 2011 at 02:58 PM
Some of us are still on XP for a pretty simple reason: it has finally been around long enough to (mostly) work properly. Are there bugs, not to mention remaining security holes? Sure.
But it is a whole lot better shaken out than Windows 7. (We won't even speak of those poor souls who got stuck on Vista.) Because the fact is that Microsoft does not show any signs of having a decent Quality Assurance testing process. The best that can be said of it is that it isn't quite as bad as it was in the 90s -- when nobody sane would put up a new Windows release for at least a year after public release, just so that at least the very worst of the bugs would mostly have been addressed.
A computer operating system does not have to be this bad. No set of code will be perfect, but it is possible to come a lot closer. And some other vendors do. All that is required is a decent testing process, and a willingness to spend the money to do the testing. Instead of leaving it to the public to find and report problems.
Posted by: wj | February 12, 2011 at 04:39 PM
My uni has been on XP and will be moving for the next school year starting in April. This is because 2011 was given as the date for the end of downgrade rights from Windows 7. Reading more about it, the computer center might have been able to hold off till 2014. But as with most of the stuff related to Microsoft, the more I read, the more confused I get...
Posted by: liberal japonicus | February 12, 2011 at 07:51 PM
lj, If it helps any my company upgrade to Windows 7 went substaantially better than the upgrade to XP.
I personally suffered through Vista enough to get it to work, making Windows 7 seem essentially perfect.
But in all my years of supporting MSFT desktops this is the biggest advance in a single step, by a lot. Meaning everyone should want to get there if you run Windows.
Posted by: Marty | February 12, 2011 at 08:07 PM
We have Vista. Yesterday, my wife's entire Documents folder disappeared, and she spent most of the day trying to recover it. She couldn't even locate any of the files.
I got home, did some Googling, did some searching around the entire hard drive (no luck), finally downloaded Shadowexplorer and found and restored (and then backed up, which we hadn't done in a while) all of the files.
If you google "lost Documents folder", you'll see how many people this has happened to.
Posted by: Slartibartfast | February 12, 2011 at 08:50 PM
Thanks Marty, the computer center did a survey of all the teachers, with several options though I don't remember exactly what they were. I'll have to ask if they will give me the breakdown. I chose move to windows 7, with the caveat that we make sure we can identify and help students facing problems.
Posted by: liberal japonicus | February 12, 2011 at 09:37 PM
Slightly related is this
After the announcement of the partnership between Nokia and Microsoft this morning workers voiced their concern with the deal by walking out of Nokia facilities. It is believed that as many as a thousand workers marched out today (or took the day off using flex time) so that the company would know that they don’t believe the partnership is in their best interest, even after CEO’ Stephen Elop’s startlingly frank “burning platform” memo earlier this week.
Posted by: liberal japonicus | February 12, 2011 at 11:24 PM
"a plurality are still on XP, even though MS is making every effort to get them to move on."
IMO, it would be a lot higher than that, if MS weren't making such strenuous efforts to deny users the choice of staying with XP. I use a computer 10 hours a day, and I purely LOATH MS operating systems since XP. It's got nothing to do with reliability, they just get in the way of me doing whatever I happen to want to do.
Posted by: Brett Bellmore | February 13, 2011 at 09:58 AM
lj, (on the Nokia syory) and they say people aren't religious anymore......technology is the new religion.
Posted by: Marty | February 13, 2011 at 10:13 AM
Because the fact is that Microsoft does not show any signs of having a decent Quality Assurance testing process.
Users *are* the MS Quality Assurance testing process.
Vista was (and is) crap. Windows 7 is actually a nice and solid platform.
The product line I support runs primarily on MS platforms. A non-trivial amount of the time of the development organization is spent keeping up with the unending stream of MS platform releases. Not just NT -> XP -> 7, or Server 2000 -> 2003 -> 2008, but also service packs, security patches, etc.
Quite often changes between platform releases don't really add new capabilities. Most often service packs and patches address security related issues.
MS users truly do subsidize a lot of the quality and reliability effort for MS platforms. It's really annoying.
Keeping up with new and improved language features, infrastructure changes, and changes to the development environments are another whole set of issues.
It's hard to argue for "increased productivity" if you have to re-learn the environment every year or two.
When you have near-monopoly, the tail wags the dog.
Posted by: russell | February 13, 2011 at 10:21 AM
I love the Chamber of Commerce's denial. It's a transparent lie.
Posted by: Rob in CT | February 14, 2011 at 01:02 PM
Snarki and Bobbyp, The Raw Story's editor ran something at the time that said that the White House withheld a document that would have cleared the accusations against Dan Rather. I also think it's possible that he was set up for a fall. One of the problems journalists always face is that, when all else goes away, your reputation rests on the reliability of your sources, who don't always tell the truth.
Posted by: fiddler | February 14, 2011 at 07:15 PM
"Newton's Third Law, 4th UPDATE, Saturday 2/12, 5:50 p.m. EDT"
Um, no one has ever used titles like this at ObWi. And there are very good reasons for that.
I realize Eric hasn't explained this, or given instructions. That is, unless he's sending instructions directly one on one, rather than copying all of us, as theoretically is supposed to be the case between the front pagers.
But given the ongoing confused communications, I'm putting this here, and you'll understand why, I hope, and if not, write me.
The house style is a title.
Name of author underneath, italicized. Put in a link under your name if you like, or not, as you wish.
The dates are automatically appended by the software. Duplicating that in the title is both unnecessary and counter-productive.
If you wish to add an Update to a post, reopen the post in Typepad, put "UPDATE" at the bottom of the post, THEN a timestamp, so we all know that the automated software timestamp at the bottom of the post isn't the last time the post was updated, and five years from now, or next week, it's clear when the post was updated.
If this is NOT done, then there's no way to tell when the "update" part was added, and tremendous confusion results, as people will start yelling at you as to why you did or did not including information that was or was not available at the time of the update. Especially since a post might be updated a year, two years, or six years later, let alone a week, a month, six months, two hours, or five minutes later.
Worse, people won't know if you're taking into account what's been said in comments, WHICH ARE TIME-STAMPED, and AGAIN you'll get people really mad because either it looks like you're ignoring their comments, or worse, stealing their comments and links without credit.
We've all seen this many times over the years. If we've in fact been reading ObWi for many years, or been blogging at a large blog for many years, or paid attention to how large blogs work for many years. You can consult anyone who has run a large blog for several years about this.
I can also point to many past discussions of this made on the blog over the years many times as to how this should work, why, and how to stop people from getting into pointless time-wasting arguments about this stuff, because we kept having those until we rapidly settled into Best Practice, circa 2004-2006, give or take.
If an update is done under an hour, or at least a half hour, don't worry about it, and obviously this also depends on the nature of the post, whether it's more time-related or more timeless.
But this is also why it's for the best that until such time as we're a blog that's running dozens of posts a day, we try to avoid commenting on news of the last hour or so, unless, of course, we're switching to such a style.
But last I looked, my understanding was that posts are supposed to be limited to under a couple or 3-4 per day per poster, or not. Again, for reasons that I hope are obvious, this is, um, not entirely clear at present.
Otherwise, update as many times as you like, or as few times as you like.
If you decide that too many updates per post have become unwieldy, which happens if there are too many, then making a new post is fine, is the best idea, and using a new title is fine, and that's best, because these posts are mirrored by many sites, and if you re-use the same title, the RSS feed, the Twitter feed, and all the mirror sites, will simply see you re-using the same title, and you will be unread by 90+ percentage of the readership that doesn't read directly, which is to say, most people.
Ditto that reusing the same post title, with a time-stamp will not work on Mememorandum; and on through all the mirrored repost sites. They'll all barf and reject the post as apparently being the same as the other posts with the same title. Again, the post won't be read by most of the actual readership. This is ALSO what will happen via the Twitter feed, and RSS feeds, I think, but can't say without access to the SuperUser password, so only Eric or Slart could speak to that.
You, Fiddler, and all the recent additions, are free to do as you like, of course, but I'm explaining why you'll get bad results from it, and be read by about 90% fewer readers than a standard ObWi formatted post, formatted title, formatted attribution, and time-stamps done this way.
Moreover, if you do it the way these "Newton's Third Way" posts have been done, it makes refinding the post via title very hard, because the full title will be cut off via all these other routes.
Most people read the blog via RSS, mirror sites, the feeds, etc.
Moveover, if folks don't use keywords, on the bottom right of the Typepad software, the post becomes harder to refind.
Ditto, if we don't use the category selections on the right side of the Typepad software, stuff doesn't get listed there again can't be found by category listings on the right side of the blog itself (look at right sidebar: see?), and again won't show up by anyone reading or searching via that method.
This stuff was all put into the template to for good reason, and yet hasn't been updated since Moe Lane left, despite the multiple times new templates were announced by Hilzoy, and publius, and then never happened, because, well, I can only guess, but lack of time and technical expertise may have been the cause.
Which is why we have to update the categories, and use them, or get rid of them, or give up on letting other people make use of them.
It used to be highly useful to look up posts by subject, but that's all fallen apart, again since Moe Lane left, and turnover happened, and no one has been updating this stuff, or making sure the new bloggers knew about it.
It seems clear I need to write a guide for all the post-Sebastian, or post-Slarti front-pagers on this stuff, for at least the benefit of those who wish to have their posts findable, and have their posts read by most readerss, so everyone at least has a chance at using the software correctly, since only Sebastian and I, and possibly Slartibartfast, know this stuff. (I'm assuming they do; I'm hoping they do.)
Meanwhile, if you have questions, please direct them to me via email, at either [email protected], or [email protected].
Or, of course, do what you like; I'm just trying to help this place run in a way that works, and help out Eric and David, given that we all have limited time.
And I'm kinda busy, too, as we all are.
Meanwhile, there's the whole confusion over voting, but we'll leave that behind the scenes. This, on the other hand, is stuff everyone who might even become a front pager can benefit from knowing, as can all readers of comments benefit from knowing about how to make better use of the blog's capabilities if, um, they were actually made use of by the front pagers.
Thanks! Just my $.02.
Posted by: Gary Farber | February 15, 2011 at 02:35 AM
Stuxnet: might want to note that we covered this back on September 22, 2010, before it made the newspapers and all.
Turb at February 11, 2011 at 09:45 PM:
I can't comment on the skills of Anonymous, but would loosely say that to my limited knowledge, the rest of this is reasonably true.Fiddler:
I think this is also a valuable point and well worth making. Overall, Fiddler, I think you're doing fine posts, and welcome to ObWi, such as it is, whatever the heck it is that's going on behind the scenes, which I'm still trying to figure out, given... the situation.Posted by: Gary Farber | February 15, 2011 at 11:22 AM
If we're doing personal reports, I never had any significant problems with '95, '98, XP, or Vista, though 3.1 was a PIA.
And they all have some problems and mysteries, and I'm just a guy who pokes around, with no computer training whatever.
I've always found that it's a matter of time and poking, and there are still many things I've never grasped about any of the system, and still find mystifying, but each system, but the first major patch, has worked fine for me.
Although if anyone truly expert would like to drop by and answer a few questions for me, that would be lovely. :-)
Posted by: Gary Farber | February 15, 2011 at 11:25 AM
Also, you kids oughta get offa my lawn.
But seriously, I just use 627 and I've yet to ever find a problem that didn't turn out to be because the user, including me, simply didn't understand what they were doing, rather than some mysterious error by an inanimate object conspiring against us.
I have all sorts of mysteries about various computer issues, but I know they're my fault for not looking long enough at the O/S to understand it, not that the O/S is incomprehensible.
Bad design is another question, but that endless people can't figure out their computers is evidence of nothing more than that nobody is expert on everything, and that there are a lot of people on planet earth, and most aren't good with computers.
Including me.
My experience is that given that hundreds of millions of people use personal computers, there are no problems, no matter how idiotic, you can't find tens of thousands of people who have complained online about the problem. This is why one of the firstPosted by: Gary Farber | February 17, 2011 at 01:27 AM