<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
</head>
<body bgcolor="#FFFFFF" text="#000000">
It is a lot of work to take compile times from various Stuxnet,
Flame, Duqu, etc. DLL's and correlate them with the list of
centrifuge replacements that the IAEA puts out from the Iranian
nuclear program. You don't have to do any of that work. Kim Zetter
has already done so, and compiled them, with some interesting human
interest interviews from AV reverse engineers into her <a
href="http://www.wired.com/2014/11/countdown-to-zero-day-stuxnet/">book</a>.
It is worth a read, less for the parts about Stuxnet perhaps, than
for how Iran operated as it hid its nuclear weapons program from the
public with pathetically transparent lies and chicanery.<br>
<br>
The book falters for predictable reasons: people not in the
Paladin-like white-hat world of AV are not going to talk to Kim
about Stuxnet. Her access to sources with insight into the world of
mirrors is essentially zero so some of the meat of the book is
re-processed from the work of Sanger (who had a General leaker to
write from). The entire last chapter (incomplete in the Google Play
version of the book) reads like a journalist wrote it, without any
internal voice. It tries to predict the future using the events of
the book by quoting from various "expert sources". It is the weakest
chapter in the book. <br>
<br>
In the same way the book, while balanced, avoids all the hard
questions. Did Microsoft have logs of the Flame authors getting
their fake certificate? Were they obviously complicit? Is the US
behind the assassinations of the Iranian nuclear scientists? Is that
going too far? Are cyber-scientists next? All the AV characters
seem mystified that nobody in the US establishment seems curious
where Stuxnet came from, or wants to put a lot of effort into
investigating it, and Kim seems oblivious when her US-CERT sources
blatantly lie to her face about it. What does it <i>mean </i>that
every AV company seems pretty good at finding every other country's
implants, but not their own country's? Mikko Hypponen <a
href="http://www.wired.com/2012/06/internet-security-fail/">has
commented</a> on the rather emotional state of things when you've
sold a product that is supposed to detect malware and it clearly is
performing poorly, since Stuxnet and Friends have been around for
almost a half-decade?<br>
<br>
Also missing is the aftermath. It's hard to talk Stuxnet without
looking at the Cyber Sword of Justice and the personalities behind
the Iranian cyber team - many of whom are public and active on
twitter/facebook/DD etc. Without a<a
href="http://imgur.com/gallery/E4tFuD6"> more global view</a> of
the conflict (and listening to Halvar) you miss <a
href="https://docs.google.com/presentation/d/1pD_BRXg6sgWdNtIEnTpZYXqQ2MEoAGdfrQsvuj9YeDA/edit?pli=1#slide=id.p">the
signs pointing directly to Sony</a>.<br>
<br>
-dave<br>
<br>
</body>
</html>