South Capitol Street

According to a top Computer expert from Germany the Stuxnet virus which as been wreaking havoc on the Iranian nuclear program is just as effective as a military strike. Actually it is more effective,  it has set back Iran’s quest for nuclear capability by at least two years which is the best that can be hoped for with a military strike. And it was done without all the “mess” and human suffering which comes with a military strike

Little by little scientists are beginning to understand Stuxnet a computer worm developed with the sole purpose of doing what sanctions were not able to do, slow down the Iranian march to nuclear weapons. During the past year, Stuxnet the computer worm with a message from the biblical Queen Esther, not only crippled Iran’s nuclear program but has caused  a major rethinking of computer security around the globe (if you want to know how Stuxnet works click here).

According to a report in the Sunday NY Times, Stuxnet was tested in the Dimona facility in Israel’s Negev desert. Dimona is the (officially non-existent)plant where Israel runs its (officially non-existent) nuclear weapons program

Over the past two years, according to intelligence and military experts familiar with its operations, Dimona has taken on a new, equally secret role — as a critical testing ground in a joint American and Israeli effort to undermine Iran’s efforts to make a bomb of its own.

Behind Dimona’s barbed wire, the experts say, Israel has spun nuclear centrifuges virtually identical to Iran’s at Natanz, where Iranian scientists are struggling to enrich uranium. They say Dimona tested the effectiveness of the Stuxnet computer worm, a destructive program that appears to have wiped out roughly a fifth of Iran’s nuclear centrifuges and helped delay, though not destroy, Tehran’s ability to make its first nuclear arms.

“To check out the worm, you have to know the machines,” said an American expert on nuclear intelligence. “The reason the worm has been effective is that the Israelis tried it out.”

Officially US and Israeli officials will not discuss what has been going in the middle of the Negev, but new clues point to the fact that thevirus was designed as an American-Israeli project to sabotage the Iranian program.

In recent days, the retiring chief of Israel’s Mossad intelligence agency, Meir Dagan, and Secretary of State Hillary Rodham Clinton separately announced that they believed Iran’s efforts had been set back by several years.  Clinton cited the “weak” sanctions, which have supposedly damaged Iran’s ability to buy components.  Dagan, told the Israeli Knesset in recent days that Iran had run into technological difficulties (Stuxnet) that could delay a bomb until 2015.

As the virus continues to infect Iranian computers computer experts across the world are trying to figure out where Stuxnet came from. There is nothing but circumstantial evidence and it all points to the US and Israel). For example

In early 2008 the German company Siemens cooperated with one of the United States’ premier national laboratories, in Idaho, to identify the vulnerabilities of computer controllers that the company sells to operate industrial machinery around the world — and that American intelligence agencies have identified as key equipment in Iran’s enrichment facilities. Seimens says that program was part of routine efforts to secure its products against cyberattacks. Nonetheless, it gave the Idaho National Laboratory — which is part of the Energy Department, responsible for America’s nuclear arms — the chance to identify well-hidden holes in the Siemens systems that were exploited the next year by Stuxnet.

There is also the fact that computer scientists who are analyzing the computer worm have found a file name that seemingly refers to the Biblical Queen Esther.  Deep inside the computer worm that some specialists suspect is aimed at slowing Iran’s race for a nuclear weapon lies what could be a fleeting reference to the Book of Esther, the Old Testament narrative in which the Jewish Queen Esther pre-empts a Persian plot to kill all the Jews. One of the key files in Stuxnet was named “Myrtus” (myrtle) by the unknown designer. The biblical Esther’s original name was Hadassah, which is Hebrew for myrtle.

Officially, neither American nor Israeli officials will even utter the name of the malicious computer program, much less describe any role in designing it.

But Israeli officials grin widely when asked about its effects. Mr. Obama’s chief strategist for combating weapons of mass destruction, Gary Samore, sidestepped a Stuxnet question at a recent conference about Iran, but added with a smile: “I’m glad to hear they are having troubles with their centrifuge machines, and the U.S. and its allies are doing everything we can to make it more complicated.”

One interesting part of the program is that it was put in motion by President Bush. Yes liberals, this time you can say it, Bush did it.

The project’s political origins can be found in the last months of the Bush administration. In January 2009, The New York Times reported that Mr. Bush authorized a covert program to undermine the electrical and computer systems around Natanz, Iran’s major enrichment center. President Obama, first briefed on the program even before taking office, sped it up, according to officials familiar with the administration’s Iran strategy. So did the Israelis, other officials said. Israel has long been seeking a way to cripple Iran’s capability without triggering the opprobrium, or the war, that might follow an overt military strike of the kind they conducted against nuclear facilities in Iraq in 1981 and Syria in 2007.

The construction of the worm was so advanced, it was “like the arrival of an F-35 into a World War I battlefield,” says Ralph Langner, the computer expert who was the first to sound the alarm about Stuxnet. Langner, who runs a small computer security company in a suburb of Hamburg, had his five employees focus on picking apart the code and running it on the series of Siemens controllers neatly stacked in racks, their lights blinking.

He quickly discovered that the worm only kicked into gear when it detected the presence of a specific configuration of controllers, running a set of processes that appear to exist only in a centrifuge plant. “The attackers took great care to make sure that only their designated targets were hit,” he said. “It was a marksman’s job.”

For example, one small section of the code appears designed to send commands to 984 machines linked together.

Curiously, when international inspectors visited Natanz in late 2009, they found that the Iranians had taken out of service a total of exactly 984 machines that had been running the previous summer.

Interesting coincidence?

But as Mr. Langner kept peeling back the layers, he found more — what he calls the “dual warhead.” One part of the program is designed to lie dormant for long periods, then speed up the machines so that the spinning rotors in the centrifuges wobble and then destroy themselves. Another part, called a “man in the middle” in the computer world, sends out those false sensor signals to make the system believe everything is running smoothly. That prevents a safety system from kicking in, which would shut down the plant before it could self-destruct.

“Code analysis makes it clear that Stuxnet is not about sending a message or proving a concept,” Mr. Langner later wrote. “It is about destroying its targets with utmost determination in military style.”

This was not the work of hackers, he quickly concluded. It had to be the work of someone who knew his way around the specific quirks of the Siemens controllers and had an intimate understanding of exactly how the Iranians had designed their enrichment operations.

The reason why Stuxnet had knowledge of the workings of the Iranian centrifuges may have to do with the fact that those same type of centrifuges showed up in Dimona.

The account starts in the Netherlands. In the 1970s, the Dutch designed a tall, thin machine for enriching uranium. As is well known, A. Q. Khan, a Pakistani metallurgist working for the Dutch, stole the design and in 1976 fled to Pakistan.

The resulting machine, known as the P-1, for Pakistan’s first-generation centrifuge, helped the country get the bomb. And when Dr. Khan later founded an atomic black market, he illegally sold P-1’s to Iran, Libya, and North Korea.

The P-1 is more than six feet tall. Inside, a rotor of aluminum spins uranium gas to blinding speeds, slowly concentrating the rare part of the uranium that can fuel reactors and bombs.

How and when Israel obtained this kind of first-generation centrifuge remains unclear, whether from Europe, or the Khan network, or by other means. But nuclear experts agree that Dimona came to hold row upon row of spinning centrifuges.

“They’ve long been an important part of the complex,” said Avner Cohen, author of “The Worst-Kept Secret” (2010), a book about the Israeli bomb program, and a senior fellow at the Monterey Institute of International Studies. He added that Israeli intelligence had asked retired senior Dimona personnel to help on the Iranian issue, and that some apparently came from the enrichment program.

“I have no specific knowledge,” Dr. Cohen said of Israel and the Stuxnet worm. “But I see a strong Israeli signature and think that the centrifuge knowledge was critical.”

…Dr. Cohen said his sources told him that Israel succeeded — with great difficulty — in mastering the centrifuge technology. And the American expert in nuclear intelligence, who spoke on the condition of anonymity, said the Israelis used machines of the P-1 style to test the effectiveness of Stuxnet.

The expert added that Israel worked in collaboration with the United States in targeting Iran, but that Washington was eager for “plausible deniability.”

One thing can’t be denied, the Stuxnet worm has been a major obstacle to Iran’s desire to obtain nuclear weapons, saving Israel from having to attack Iran at least for a while.  Who ever developed the virus lets hope they are working on a follow-up because 2015 is not that far away.

Please email me at [email protected] to be put onto my mailing list.
Feel free to reproduce any article but please link back to http://yidwithlid.blogspot.com

YID With LID

Doctors in Berlin have declared that an American living in Germany has been cured of HIV, reports AIDSMap.com. The man, now identified as Timothy Ray Brown, underwent a bone marrow transplant to treat a second bout of leukemia. But doctors chose a compatible donor with a rare genetic mutation. That mutation eliminates a specific site […]
Michigan Messenger

In a way Iran is like the character Rocky from the movies. Every time the Sylvester Stallone character would be in the middle of getting the crap beaten out of him, he would scream “you ain’t so bad,” but the audience would know better because they would see the blood flying every time the poor guy would get hit.

The computers running the centrifuges enriching uranium in Iran were infected by the Stuxnet computer work sometime last spring. As the virus has built its way throughout the Iranian computer network, it has caused the centrifuges to speed up and slow down in ways that burn them out causing them to break down. It is  the most sophisticated cyber-weapon ever created. Scientists who have examine  the worm describe it as a cyber-missile designed to penetrate advanced security systems. It targeted and took over the controls of the centrifuge systems at Iran’s uranium processing center in Natanz, and it targeted the massive turbine at the nuclear reactor in Bashehr.

Last week Iranian President Ahmadinejad, after months of denials, reluctantly admitted that the worm had penetrated Iran’s nuclear sites, but he said it was detected and controlled. His statement was like Rocky’s “You aint so bad!”

How do we know? Because a US site that has been studying the Stuxnet worm has been inundated with requests for information from Iran:

Eric Byres, a computer expert who has studied the worm, said his site was hit with a surge in traffic from Iran, meaning that efforts to get the two nuclear plants to function normally have failed. The web traffic, he says, shows Iran still hasn’t come to grips with the complexity of the malware that appears to be still infecting the systems at both Bashehr and Natanz.

“The effort has been stunning,” Byres said. “Two years ago American users on my site outnumbered Iranians by 100 to 1. Today we are close to a majority of Iranian users.”

He said that while there may be some individual computer owners from Iran looking for information about the virus, it was unlikely that they were responsible for the vast majority of the inquiries because the worm targeted only the two nuclear sites and did no damage to the thousands of other computers it infiltrated.

At one of the larger American web companies offering advice on how to eliminate the worm, traffic from Iran has swamped that of its largest user: the United States.

Perhaps more significantly, traffic from Tehran to the company’s site is now double that of New York City.

Ron Southworth, who runs the SCADA (the Supervisory Control and Data Access control system that the worm specifically targeted) list server, said that until two years ago he had clearly identified users from Iran, “but they all unsubscribed at about the same time.” Since the announcement of the Stuxnet malware, he said, he has seen a jump in users, but few openly from Iran. He suspects there is a cat-and-mouse game going on that involves hiding the e-mail addresses, but he said it was clear his site was being searched by a number of users who have gone to a great deal of effort to hide their country of origin.

Byres said there are a growing number of impostors signing on to Stuxnet security sites.

“I had one guy sign up who I knew and called him. He said it wasn’t his account. In another case a guy saying he was Israeli tried to sign up. He wasn’t.”

The implication, he says, is that such a massive effort is a sign of a coordinated effort.

Because it benignly hides in computers and back up systems,  some scientists have claimed that there is only one way of getting rid of the virus, throw out every computer involved with the Iranian nuclear program and get new ones, otherwise they will continually be re-infecting themselves. It is unlikely that Iran would take the time (a year or more) to take that drastic step.

No one knows for sure where the virus came from, but there is evidence that Israel is probably behind the Stuxnet worm, evidence of biblical proportions. If not Israel maybe the virus is a sign from God. Computer Scientists who are analyzing the computer worm have found a file name that seemingly refers to the Biblical Queen Esther, the heroine from the Book of Esther the Old Testament narrative in which the Jews pre-empt a Persian plot to destroy them (ancient Persia is today’s Iran).

Wherever it came from, any virus that is slowing down Iran’s quest for nuclear weapons is doing God’s work. Now if those same people could develop a virus that could shut down WikiLeaks. 

Please email me at [email protected] to be put onto my mailing list.
Feel free to reproduce any article but please link back to http://yidwithlid.blogspot.com

YID With LID

How much do the bloggers of the Daily Kos hate conservatism and the limited-government ideas that informed America's founding? They associate them with Satan…and with disease. Blogger Kevin Tully is really angry about the election returns and wondered if  "all of us, [are] being played like one huge, oxygen starved, exhausted, gullible fish?  Is the destruction of the environment and civil society absolutely necessary to maintain the "American Dream?" He suggested on Thursday that the American Dream is a deadly disease we spread globally:

The “American Dream” is a worldwide viral phenomenon – with many more potentially dire consequences than AIDS or Avian Flu. We have exported this thing from one end of the earth to the other – it’s like the gifted puppy that can never be housetrained, it grows up, still, so cute and familiar – your proud of your gift, it craps on the floor and tears down the curtains – it’s [sic] new owners overlook the crap; the dog is so cute – however, you can’t get over the crap and torn curtains when you visit.

This past weeks [sic] election was a referendum on the puppy. The rhetoric and the outcome were very predictable: The folks that are still very proud of the puppy were very persuasive and voted, most of us other folks – stayed home.

read more

NewsBusters.org blogs

How much do the bloggers of the Daily Kos hate conservatism and the limited-government ideas that informed America's founding? They associate them with Satan…and with disease. Blogger Kevin Tully is really angry about the election returns and wondered if  "all of us, [are] being played like one huge, oxygen starved, exhausted, gullible fish?  Is the destruction of the environment and civil society absolutely necessary to maintain the "American Dream?" He suggested on Thursday that the American Dream is a deadly disease we spread globally:

The “American Dream” is a worldwide viral phenomenon – with many more potentially dire consequences than AIDS or Avian Flu. We have exported this thing from one end of the earth to the other – it’s like the gifted puppy that can never be housetrained, it grows up, still, so cute and familiar – your proud of your gift, it craps on the floor and tears down the curtains – it’s [sic] new owners overlook the crap; the dog is so cute – however, you can’t get over the crap and torn curtains when you visit.

This past weeks [sic] election was a referendum on the puppy. The rhetoric and the outcome were very predictable: The folks that are still very proud of the puppy were very persuasive and voted, most of us other folks – stayed home.

read more

NewsBusters.org – Exposing Liberal Media Bias

(David Post)

. . . Alexandra Pajak, a grad student at the University of Georgia, has made a recording by assigning different pitches to the different DNA sequences. From the snippets available, it sounds pretty good (especially for such a nasty little micro-organism). And it raises the question: With all of the recent controversy surrounding the patentability of genetic sequences (about which I’ll have a good deal more to say in an upcoming posting), perhaps we’ve been barking up the wrong tree (as it were): DNA sequences are copyrightable “musical works”!!

The Volokh Conspiracy

For the past few weeks there have been reports of a computer virus attacking only computers being used to operate Iran’s nuclear facilities. Iran is blaming the United States and Israel for the virus, however new information released in today’s New York Times indicates that the virus may just very well be a sign from God.

You see, Computer Scientists who are analyzing the computer worm that is slowing down Iran’s attempt to develop nuclear weapons may have found a file name that seemingly refers to the Biblical Queen Esther.

Deep inside the computer worm that some specialists suspect is aimed at slowing Iran’s race for a nuclear weapon lies what could be a fleeting reference to the Book of Esther, the Old Testament narrative in which the Jews pre-empt a Persian plot to destroy them.

That use of the word “Myrtus” — which can be read as an allusion to Esther — to name a file inside the code is one of several murky clues that have emerged as computer experts try to trace the origin and purpose of the rogue Stuxnet program, which seeks out a specific kind of command module for industrial equipment.

In the Biblical Story of Esther, the vizier to the Persian king tries to destroy the Jewish people, in the end he is defeated by a Jewess named Esther who becomes queen of Persia and her uncle Mordecai. Since Iran is the modern day Persia, and the computer virus is meant to stop the destruction of the Jewish People, could this be a message from God, from Israel,  something put in just to confuse or maybe something put in the virus just to make the paranoid Iranians even more nervous.

Not surprisingly, the Israelis are not saying whether Stuxnet has any connection to the secretive cyberwar unit it has built inside Israel’s intelligence service. Nor is the Obama administration, which while talking about cyberdefenses has also rapidly ramped up a broad covert program, inherited from the Bush administration, to undermine Iran’s nuclear program. In interviews in several countries, experts in both cyberwar and nuclear enrichment technology say the Stuxnet mystery may never be solved.

There are many competing explanations for myrtus, which could simply signify myrtle, a plant important to many cultures in the region. But some security experts see the reference as a signature allusion to Esther, a clear warning in a mounting technological and psychological battle as Israel and its allies try to breach Tehran’s most heavily guarded project. Others doubt the Israelis were involved and say the word could have been inserted as deliberate misinformation, to implicate Israel.

“The Iranians are already paranoid about the fact that some of their scientists have defected and several of their secret nuclear sites have been revealed,” one former intelligence official who still works on Iran issues said recently. “Whatever the origin and purpose of Stuxnet, it ramps up the psychological pressure.”

The Stuxnet virus attacks only a certain type of Siemens industrial control computer, the type used by

by Iran:

“What we were told by many sources,” said Olli Heinonen, who retired last month as the head of inspections at the International Atomic Energy Agency in Vienna, “was that the Iranian nuclear program was acquiring this kind of equipment.”

Also, starting in the summer of 2009, the Iranians began having tremendous difficulty running their centrifuges, the tall, silvery machines that spin at supersonic speed to enrich uranium — and which can explode spectacularly if they become unstable. In New York last week, Iran’s president, Mahmoud Ahmadinejad, shrugged off suggestions that the country was having trouble keeping its enrichment plants going.

There is no way to determine where the virus came from, US, Israel or some crazy hacker.  There are even reports that the virus may have come from Russia.

Ralph Langner, a German computer security consultant who was the first independent expert to assert that the malware had been “weaponized” and designed to attack the Iranian centrifuge array, argues that the Stuxnet worm could have been brought into the Iranian nuclear complex by Russian contractors.

“It would be an absolute no-brainer to leave an infected USB stick near one of these guys,” he said, “and there would be more than a 50 percent chance of having him pick it up and infect his computer.”

There are many reasons to suspect Israel’s involvement in Stuxnet. Intelligence is the single largest section of its military and the unit devoted to signal, electronic and computer network intelligence, known as Unit 8200, is the largest group within intelligence.

Yossi Melman, who covers intelligence for the newspaper Haaretz and is at work on a book about Israeli intelligence over the past decade, said in a telephone interview that he suspected that Israel was involved.

He noted that Meir Dagan, head of Mossad, had his term extended last year partly because he was said to be involved in important projects. He added that in the past year Israeli estimates of when Iran will have a nuclear weapon had been extended to 2014.

“They seem to know something, that they have more time than originally thought,” he said.

Wherever it came from, any virus that is slowing down Iran’s quest for nuclear weapons is doing God’s work.

Please email me at [email protected] to be put onto my mailing list.
Feel free to reproduce any article but please link back to http://yidwithlid.blogspot.com

YID With LID

A possible reference to the book of Esther.
American Thinker Blog

Remember yesterday’s Newsstand item on Stuxnet?  I wondered where the outrageously malicious code could have originated, and suggested one of two places: China or Israel.

Seems the answer is “B. Israel”:

DEBKAfile’s sources disclose that Israel has had special elite units carrying out such assignments for some time. Three years ago, for instance, cyber raiders played a role in the destruction of the plutonium reactor North Korea was building at A-Zur in northern Syria.

On Monday, too, the Christian Science Monitor and several American technical journals carried revelations about a new virus called Stuxnet capable of attacking and severely damaging the servers of large projects, such as power stations and nuclear reactors.

All the leaked reports agreed on three points:

1.  Stuxnet is the most advanced and dangerous piece of Malware every devised.
2.  The experts don’t believe any private or individual hackers are capable of producing this virus, only a high-tech state such as America or Israel.
3.  Although Stuxnet was identified four months ago, the only servers known to have been affected and seriously damaged are located in Iran.

Some computer security specialists report lively speculation that the virus was invented specifically to target part of the Iranian nuclear infrastructure, either the Bushehr nuclear plant activated last month or the centrifuge facility in Natanz.

DEBKAfile’s sources add: Since August, American and UN nuclear watchdog sources have been reporting a slowdown in Iran’s enrichment processing due to technical problems which have knocked out a large number of centrifuges and which its nuclear technicians have been unable to repair. It is estimated that at Natanz alone, 3,000 centrifuges have been idled.

None of the reports indicate whether other parts of Iran’s nuclear program have been affected by Stuxnet or the scale of the damage it may have caused.

Must suck being Iran.  I just love item “3″ above.  It lifts through the air like a song …

Could Russia’s sudden (yeah, I know – on again, off again) announcement of “No S-300s for you, A’jad” have anything to do with the effectiveness of Israel’s activities?

Liberty Pundits Blog

The security vendor SecureWorks has traced the virus to a cyber-jihad group called Tariq ibn Ziyad, named after an 8th-century Muslim conquerer of Spain (also the name of the “Minnesota Madrassa” we have covered here, if the name seems familiar). The symbolism of the name is indeed telling.

“Cyber jihad group linked to ‘Here you have’ worm,” by Robert McMillan for Computer World, September 10:

IDG News Service – A fast-spreading e-mail worm that crashed systems Thursday may be linked to a cyber jihad organization called Tariq ibn Ziyad, according to security vendor SecureWorks.

The “Here you have” worm spread like wildfire through some computer networks, bringing e-mail servers down and reportedly disrupting large U.S. organizations including Disney, Proctor and Gamble, Wells Fargo, and NASA (National Aeronautics and Space Administration). It’s known as “Here you have” because that is sometimes the subject line of the messages used to spread the malware.

Much of the worm’s code is identical to an earlier piece of malware that was released last month, and both worms refer to a Libyan hacker who uses the name Iraq Resistance, who has been trying to form a hacking group called Brigades of Tariq ibn Ziyad, said Joe Stewart, director of malware research with SecureWorks.

“Either this person is involved with this virus, or somebody wants to make it seem like this person’s group is involved in this virus,” Stewart said. “There are a lot of pointers to that group.”

The goal of Tariq ibn Ziyad is “to penetrate U.S. agencies belonging to the U.S. Army,” Iraq Resistance said, according to a Google translation of his post announcing the group.

Iraq Resistance did not respond to an e-mail sent to his Yahoo address seeking comment.

It’s not clear why the first version of worm did not spread widely last month — security vendor Symantec rated it a “low” risk — but Stewart said that the people behind it may have spammed more initial victims this time around. “Here you have” may also include new components that caused it to spread more effectively.

The August worm used the e-mail address [email protected], and the words Iraq Resistance appear in the binary code of the latest version of the software. Also, a back-door component of the worm — which could be used by creators to remotely log into an infected system — tries to connect to a computer that uses the Tariq ibn Ziyad name. Other components of the worm — a password stealer and the e-mail sending software – were written by Arabic speaking programmers, another clue that Iraq Resistance may be behind the worm….

Jihad Watch