Viewing a single comment thread. View all comments

ramriot t1_j4gpbr8 wrote

Specifically it would need to be to go unnoticed inside the Iranian facility's air-gapped network.

The supposition from evidence presented is that before it was ever seen in the wild it was introduced into possibly inadvertently via a single compromised thumb drive containing a required update to the windows Scada control programming software brought into the facility by a 3rd party engineer.

Later "public" appearances appear to be from proximal but unrelated sources & showed variations in code content that suggest a lower skilled operator had altered the original code.

4

CupResponsible797 t1_j4gqei2 wrote

It seems wholly unsurprising that malware targeting a specific airgapped network would also spread through other networks through whichever means are used to breach the airgap.

> Later "public" appearances appear to be from proximal but unrelated sources & showed variations in code content that suggest a lower skilled operator had altered the original code.

What modifications are you referring to? This documentary makes a vague claim that Israelis modified the spreading code to be more aggressive, but doesn’t really substantiate it.

The documentary certainly doesn’t claim that the changes made by the Israelis weren’t necessary for the operation to succeed.

10

MagnetsCarlsbrain t1_j4gsrx9 wrote

I haven't seen the doc but I've read Countdown to Zero Day and I'm not sure I agree (or maybe I'm misunderstanding). The worm was designed to spread as aggressively as possible, but to remain imperceptible on any system except for the target system.

While they probably planted it in close proximity to the target, they had to know that it was going to spread throughout the world. I don't think that was the result of taking it a step too far, rather it was a result of the core strategy.

9

duffmanhb t1_j4i5jof wrote

That's interesting. I had no idea that it was recoded and rereleased into the wild. Could it have been Israel? It definitely doesn't sound like something the US would do. Maybe Iran after discovering it tried to repurpose it?

I was always under the impression that it got out because the original attack vector was via a USB with some boss's naked wife on their, incentivizing him to bring it into the office... Then they also brought it out

1

CupResponsible797 t1_j4l9n0h wrote

>I had no idea that it was recoded and rereleased into the wild. Could it have been Israel? It definitely doesn't sound like something the US would do. Maybe Iran after discovering it tried to repurpose it?

This didn't actually happen. At best there was some disagreement between the responsible nations about how aggressive the spreading functionality should be.

1