Amid the mass of published analysis of the Stuxnet virus, Iran's most obvious vulnerability to cyber-war has drawn little comment: much of the Islamic Republic runs on pirated software. The programmers who apparently cracked Siemens' industrial control code to plant malware in Iran's nuclear facilities needed a high degree of sophistication. Most Iranian computers, though, run on stolen software obtained from public servers sponsored by the Iranian government. It would require far less effort to bring about a virtual shutdown of computation in Iran, and the collapse of the Iranian economy. The information technology apocalypse that the West feared on Y2K (the year 2000) is a real possibility.
On August 25, before the Stuxnet story broke, Brandon Boyce reported on the website Neowin.net:
The Iranian Research Organization for Science and Technology (IROST), an organization directly connected to the Iranian government, is charged with evaluating and advising policymakers on science and technology issues. They are also host to a large FTP server full of pirated software. Searching the FTP you will be able to find a wide range of applications all legal to download and use if you are an Iranian citizen. The FTP server, which was discovered by TorrentFreak, was open to anyone around the world, but shortly after being discovered access was cut off. Initially, they password-protected the FTP and then they cut off access completely to anyone outside of Iran. The server was host to multiple versions of software applications, including Microsoft Office 97 to 2010 or Photoshop 5.5 through CS3, along with appropriate serial numbers, cracks and keygens.
Even the software that the Iranian authorities use to block Internet access is apparently stolen. Wikipedia reports, "The primary engine of Iran's censorship is the content-control software SmartFilter, developed by San Jose firm Secure Computing. However, Secure denies ever having sold the software to Iran, and alleges that Iran is illegally using the software without a license."
#1
The only weapons on which Iran can rely are unguided missiles that require no electronic controls and simply shoot in the general direction of a target.
aka terrorists. And the Persians have been using them successfully for decades, if not centuries
#2
One recent study found that over 12% of all private computers in South Korea were infected by bots that resist erasing by Registry. Iran would be even more vulnerable. And in a country riddled with angry ethnic minorities, intelligence gatherers would have no shortage of walk-ins.
#3
Microsoft has reportedly come out with a patch, or series of patches, for Stuxnet. But if you don't pay for the license, you can't get support. I've said it before: If you're gonna use Microsoft products you gotta keep up with the patches. It keeps a lot of system administrators very, very busy applying all the patches that a typical Microsoft installation requires. It's what you call job security, which is great if you don't mind working with crap.
#6
No OS is ever completely safe. Fact is, I'll admit, they all have to be patched from time to time. But from my own purely subjective perspective, Microsoft has a long history of being more vulnerable than any of the others. UNIX and Linux are also more scaleable and stable, IMHO. That's part of the reason why I get such a big kick out of this whole Stuxnet story. The other part is, as was brought out in this article, the Iranians were using bootleg software. It's always good to see people like that get screwed. Finally, having dealt with a number of different types of customers, I can just imagine the conditions under which the Iranian software engineers are working. Poor bastards.
#7
Windows provides services linyucks and unix can't touch, because that's what the consumer wants. More services means more potential points of exploit. If Windows was as simplistic in its approach to services as linyucks and unix are, the exploits would all be against the applications. Have fun patching that...
Posted by: M. Murcek ||
10/14/2010 16:29 Comments ||
Top||
#8
Excel is pretty good, or, at least it was before 2007. You can keep the rest.
#2
Class if 2014 was born in 1992? Suddenly I am feeling old. I guess I'll not be buying anymore green bananas.
Ah slide rules. I remember taking a basic engineering course in the operation of a slide rule. It was not as easy a course as I thought it was going to be. The slide rule later gave way to the hand calculator and computer. The Osborne computer is not on the list either.
A multi-volume chronology and reference guide set detailing three years of the Mexican Drug War between 2010 and 2012.
Rantburg.com and borderlandbeat.com correspondent and author Chris Covert presents his first non-fiction work detailing
the drug and gang related violence in Mexico.
Chris gives us Mexican press dispatches of drug and gang war violence
over three years, presented in a multi volume set intended to chronicle the death, violence and mayhem which has
dominated Mexico for six years.
Rantburg was assembled from recycled algorithms in the United States of America. No
trees were destroyed in the production of this weblog. We did hurt some, though. Sorry.