Stuxnet and the Dawn of Cyber Warfare.

So there has been an increasing amount of attention at a newly discovered, seemingly targeted computer virus called Stuxnet that apparently damaged or destroyed Iran's new nuclear facility. While hacking and electronic espionage are nothing new, Stuxnet is the first publicly known targeted virus (It infects lots of machines, but it was designed to only damage certain ones.)

The speculation is that Israel launched this weapon(?) in an attempt to delay or destroy Iran's nuclear weapon program.

The worry is that this is just the opening salvo, and that other actors will now be emboldened to a launch their own attacks, and that they may even be able to modify Stuxnet to help them.

You can read more here.

Is this a big deal, is it the start of something new?

It was inevitable. I'm also not really surprised that Israel was the first nation-state to do it. Pretty clever on their part, and I'd much rather see a virtual war than something which will lead to civilian casualties. If it came down to choosing between an airstrike or a cyberattack, then good on Israel for going with a cyberattack.

It's just a worm/rootkit that uses several Windows zero-day exploits to propagate itself. The only interesting thing about it is that it appears to be targeted at Siemens control systems, which led to the speculation that it was targeted at Iran. Like all other supposed cyber "weapons", this one hasn't done any significant damage and will be forgotten in a month or so.

There's a remote chance that this might finally convince people that cyber "warfare" is nothing of the sort, but I doubt it - the media has too much fun playing it up.

Edit: Stuxnet is absolutely not the first targeted worm, either. There have been plenty of worms and viruses that have targeted specific pieces of software, with World of Warcraft being an obvious and well-known example. In short, the NPR article is sensationalist crap.

Well and do you really think that Iran would be stupid enough to have their nuclear weapons program run on computers accessible through the net?

There's a remote chance that this might finally convince people that cyber "warfare" is nothing of the sort, but I doubt it - the media has too much fun playing it up.

How so? I mean, the Chinese invented the concept, and they and the Russians have extensive expertise in it, with the US as a latecomer. So why is it not warfare, and what are consequences of not treating it as inter-state conflict?

I recall the NPR discussion had some legal considerations, but you seem to be taking a different stance. Please forgive me if I read it wrong and you're just talking about the law of war.

None of this is new, it just might be getting more press.

Right, that's what I thought.

Aetius wrote:

It's just a worm/rootkit that uses several Windows zero-day exploits to propagate itself. The only interesting thing about it is that it appears to be targeted at Siemens control systems, which led to the speculation that it was targeted at Iran. Like all other supposed cyber "weapons", this one hasn't done any significant damage and will be forgotten in a month or so.

There's a remote chance that this might finally convince people that cyber "warfare" is nothing of the sort, but I doubt it - the media has too much fun playing it up.

Edit: Stuxnet is absolutely not the first targeted worm, either. There have been plenty of worms and viruses that have targeted specific pieces of software, with World of Warcraft being an obvious and well-known example. In short, the NPR article is sensationalist crap.

This is not just NPR, and I think the big difference is that the targeting here was directed at a specific computer/machine/industrial complex, ie it was designed to to a) infect a certain type of nuclear control software [Siemens control systems], but do nothing other than spread until b) it found the specific machine that it wanted to destroy. As far as not having an impact, it seems plausible that Stuxnet has at least contributed to delaying the start of Iran's new nuclear plant.

Other articles and analysis: NY Times and the Guardian, and a Christian Science Monitor piece that examines Israel's possible role.

fangblackbone wrote:

Well and do you really think that Iran would be stupid enough to have their nuclear weapons program run on computers accessible through the net?

This virus was spread via thumb drives, not the net.

Badferret wrote:

This virus was spread via thumb drives, not the net.

It uses both - most modern worms use multiple infection vectors. Stuxnet uses the .lnk vulnerability for thumb drive infection, and the remote print spooler vulnerability for moving around on networks.

Robear wrote:

How so? I mean, the Chinese invented the concept, and they and the Russians have extensive expertise in it, with the US as a latecomer. So why is it not warfare, and what are consequences of not treating it as inter-state conflict?

Because cyber "warfare" accomplishes very little in reality. It's completely powerless, except perhaps for gathering intelligence, generating spam, or temporary DoS attacks. The NPR article and others play it up as something terribly dangerous, when in fact it's nothing of the sort - the most rudimentary security procedures render cyber "warfare" entirely ineffective (which, notably, the Iranians are now incentivized to take).

I recall the NPR discussion had some legal considerations, but you seem to be taking a different stance. Please forgive me if I read it wrong and you're just talking about the law of war.

No, what I'm mocking is the fact that this is "warfare". Intelligence gathering, yes. Illegal, probably. But warfare? Hardly. The fearmongering when it comes to worms and viruses and cyber "warfare" is off the charts. It's the perfect storm, benefiting unscrupulous anti-virus corporations, the media, and national governments all at the same time.

It's like bioweapons - they are put up as this great weapon of mass destruction when in reality they are almost completely ineffective.

Because cyber "warfare" accomplishes very little in reality.

So the capability of shutting down power grids, water systems, military and intel networks, financial markets and the like on a national scale would accomplish little? Or are you saying it's like a gun on a shelf - people worry about it but really it's not dangerous until it's actually loaded and used?

IMAGE(http://3.bp.blogspot.com/_Fc3MQ-NoGw4/TCJCo7Xv7YI/AAAAAAAAFvY/R-7K9wkmcow/s1600/terminator.jpg)

First thing that came to mind, then I read the name well, and surprise, I still had the same mental image.

Closer to Neuromancer, really. Or, at least, the old Russian cyber wars that are mentioned in that world's previous history.

Robear wrote:
Because cyber "warfare" accomplishes very little in reality.

So the capability of shutting down power grids, water systems, military and intel networks, financial markets and the like on a national scale would accomplish little?

No, it would accomplish a lot. Sadly, cyber "warfare" is completely incapable of doing anything like that, a lack of capability which is highlighted by Stuxnet.

So what you're saying is that a targetted attack on industrial control systems can't actually damage the control systems? Here's an alternative viewpoint... (WaPo article)

The discovery of Stuxnet, which some analysts have called the "malware of the century" because of its ability to damage or possibly destroy sensitive control systems, has served as a wake-up call to industry officials. Even though the worm has not yet been found in control systems in the United States, it could be only a matter of time before similar threats show up here.

"Quite honestly you've got a blueprint now," said Michael J. Assante, former chief security officer at the North American Electric Reliability Corporation, an industry body that sets standards to ensure the electricity supply. "A copycat may decide to emulate it, maybe to cause a pressure valve to open or close at the wrong time. You could cause damage, and the damage could be catastrophic."

Joe Weiss, an industrial control system security specialist and managing partner at Applied Control Solutions in Cupertino, Calif., said "the really scary part" about Stuxnet is its ability to determine what "physical process it wants to blow up." Said Weiss: "What this is, is essentially a cyber weapon."

The reason I'm asking is that you keep making your assertion without supporting it. How do you distinguish the effective tools of cyberwar from it's supposedly ineffective nature? What's the basis for your argument that cyberwarfare is ineffective?

Maybe you'd prefer Bruce Schneier as a source? He's pretty well respected in the security field.

Even today, Schneier argues not that cyberwar is ineffective, but that we're not currently in one. He rates it at the same level of risk as a ground invasion.

We need to be prepared for war, and a Cyber Command is just as vital as an Army or a Strategic Air Command. And because kid hackers and cyber-warriors use the same tactics, the defenses we build against crime and espionage will also protect us from more concerted attacks. But we're not fighting a cyberwar now, and the risks of a cyberwar are no greater than the risks of a ground invasion. We need peacetime cyber-security, administered within the myriad structure of public and private security institutions we already have.

Being able to disrupt functions in a setting that involves nuclear material is pretty god damn scary. A Chernobyl type situation in Iran would complicate things in the Mid East.

Prevailing winds there are from the SE, are they not? So it's the 'Stans and maybe India/China which would be affected.

Robear wrote:

So what you're saying is that a targetted attack on industrial control systems can't actually damage the control systems?

I'm saying there's no evidence of that, and never has been.

The discovery of Stuxnet, which some analysts have called the "malware of the century"

The media, hyperbolizing? Say it isn't so.

The reason I'm asking is that you keep making your assertion without supporting it. How do you distinguish the effective tools of cyberwar from it's supposedly ineffective nature? What's the basis for your argument that cyberwarfare is ineffective?

You're the one who keeps making assertions without supporting them. I would distinguish the effective tools of cyberwar by their effectiveness ... except that there aren't any. Show me evidence of effective cyber warfare, where a network attack has been used to destroy a physical object or kill someone, remotely, in the wild. You can't, because it hasn't been done. What the breathless Washington Post article you cited carefully overlooks is that, by all accounts, Stuxnet was a complete failure - it didn't reach the systems it supposedly targeted, and it infected a bunch of unrelated systems. Plus, it relied on infection vectors that would have been soundly defeated by the even the most trivial defenses - a basic firewall and not allowing automatic execution of unknown code from newly mounted devices.

Maybe you'd prefer Bruce Schneier as a source? He's pretty well respected in the security field.

Oh absolutely:

And so the threat of cyberwar is being grossly exaggerated and I think it's being done for a reason. This is a power grab by government. What Mike McConnell didn't mention is that grossly exaggerating a threat of cyberwar is incredibly profitable.
Even today, Schneier argues not that cyberwar is ineffective, but that we're not currently in one. He rates it at the same level of risk as a ground invasion.

As I noted above, he actually argues both - that cyber "warfare" is laughably ineffective and massively overhyped, and that the risk is the same as a ground invasion - i.e., ridiculously low. In the article you quoted, he's arguing that it shouldn't be called cyber "warfare" at all, because it's not.

MaverickDago wrote:

Being able to disrupt functions in a setting that involves nuclear material is pretty god damn scary. A Chernobyl type situation in Iran would complicate things in the Mid East.

If there was any proof at all that such things could be accomplished by attacks via the internet, I'd be slightly concerned. Since there's not, I think we should focus on the much more serious and much higher probability problem of Israel or the U.S. bombing Iran to try to stop their nuclear development.

Yeah. I gave examples and you just asserted, and I'm the one making unsupported claims?

Show me evidence of effective cyber warfare, where a network attack has been used to destroy a physical object or kill someone, remotely, in the wild. You can't, because it hasn't been done.

There is evidence that in 1982, the CIA used a Trojan horse installed in SCADA control software in a turbine control system to literally blow up a Soviet gas pipeline. It was at the time the largest non-nuclear explosion and fire imaged from space. This was reported by a US National Security Adviser, Thomas Reed.

That was 28 years ago. Maybe, you know, they've gotten a little bit better at it in that time. Interesting that the same software was targetted then and now.

Quote:

And so the threat of cyberwar is being grossly exaggerated and I think it's being done for a reason. This is a power grab by government. What Mike McConnell didn't mention is that grossly exaggerating a threat of cyberwar is incredibly profitable.

So what? Neither of us is arguing that we are *in* a cyberwar. You said cyberwarfare was completely ineffective, and you've offered only your opinion that computer code can't cause serious damage to support it. Schneier, on the other hand, argues that not only does it exist, but that it requires actual war to bring it out, since a lot of effort is put into developing useful attacks and defenses. So what he's saying is "We're not in a cyberwar, even with Stuxnet" and what you're asserting is "Cyberwar is impossible".

Quote:

And so the threat of cyberwar is being grossly exaggerated and I think it's being done for a reason. This is a power grab by government. What Mike McConnell didn't mention is that grossly exaggerating a threat of cyberwar is incredibly profitable.

Quote:

Even today, Schneier argues not that cyberwar is ineffective, but that we're not currently in one. He rates it at the same level of risk as a ground invasion.

As I noted above, he actually argues both - that cyber "warfare" is laughably ineffective and massively overhyped, and that the risk is the same as a ground invasion - i.e., ridiculously low. In the article you quoted, he's arguing that it shouldn't be called cyber "warfare" at all, because it's not.

Nope, you mis-read him; he's arguing that the attacks of the last year or two should not be called cyberwar, because they are not. He still holds to the conclusion from his original article in 2007. First the end of the recent article, then the other one.

We need to be prepared for war, and a Cyber Command is just as vital as an Army or a Strategic Air Command. And because kid hackers and cyber-warriors use the same tactics, the defenses we build against crime and espionage will also protect us from more concerted attacks. But we're not fighting a cyberwar now, and the risks of a cyberwar are no greater than the risks of a ground invasion. We need peacetime cyber-security, administered within the myriad structure of public and private security institutions we already have.
Cyberwar is a moving target. In the previous paragraph, I said that today the risks of an electronic Pearl Harbor are unfounded. That's true; but this, like all other aspects of cyberspace, is continually changing. Technological improvements affect everyone, including cyberattack mechanisms. And the Internet is becoming critical to more of our infrastructure, making cyberattacks more attractive. There will be a time in the future, perhaps not too far into the future, when a surprise cyberattack becomes a realistic threat.

And finally, cyberwar is a multifaceted concept. It's part of a larger military campaign, and attacks are likely to have both real-world and cyber components. A military might target the enemy's communications infrastructure through both physical attack -- bombings of selected communications facilities and transmission cables -- and virtual attack. An information warfare campaign might include dropping of leaflets, usurpation of a television channel, and mass sending of e-mail. And many cyberattacks still have easier non-cyber equivalents: A country wanting to isolate another country's Internet might find a low-tech solution, involving the acquiescence of backbone companies like Cable & Wireless, easier than a targeted worm or virus. Cyberwar doesn't replace war; it's just another arena in which the larger war is fought.

People overplay the risks of cyberwar and cyberterrorism. It's sexy, and it gets media attention. And at the same time, people underplay the risks of cybercrime. Today crime is big business on the Internet, and it's getting bigger all the time. But luckily, the defenses are the same. The countermeasures aimed at preventing both cyberwar and cyberterrorist attacks will also defend against cybercrime and cybervandalism. So even if organizations secure their networks for the wrong reasons, they'll do the right thing.

In neither article does he claim that cyberwar attacks are "completely incapable of doing anything like that". Instead, he argues that it *is* possible, but that the defenses are the same as those against cybercrime. He argues that hyping a cyberwar is foolish and dangerous, but in no way does he argue that we should not prepare for one, or that it is impossible for cyber attacks to do damage. Here's his definition:

Cyberwar -- Warfare in cyberspace. This includes warfare attacks against a nation's military -- forcing critical communications channels to fail, for example -- and attacks against the civilian population.

Like I do, he cites potential attacks on power grids, financial markets and communications infrastructures as possible.

A cyberattack that shuts down the power grid might be part of a cyberwar campaign...

Likewise with attacks on portions of the Internet, military communications and the like.

Once again, the sweeping statement is inaccurate.

Great Schneier summary of the facts on STUXNET:

http://www.schneier.com/blog/archive...

Mixolyde wrote:

Great Schneier summary of the facts on STUXNET:

http://www.schneier.com/blog/archive...

Interesting read, and while I agree that we will likely never know the full story, it still seems plausible to me that this could have been Israel targeting Iran and taking subtle claim for it.

There has been scuttlebutt for years that Israel wanted to bomb Iran's nuke plant/program but that the US wouldn't let them, maybe they decided that a cyber attack was the next best thing to actually dropping bombs.

Badferret wrote:
Mixolyde wrote:

Great Schneier summary of the facts on STUXNET:

http://www.schneier.com/blog/archive...

Interesting read, and while I agree that we will likely never know the full story, it still seems plausible to me that this could have been Israel targeting Iran and taking subtle claim for it.

There has been scuttlebutt for years that Israel wanted to bomb Iran's nuke plant/program but that the US wouldn't let them, maybe they decided that a cyber attack was the next best thing to actually dropping bombs.

It's certainly plausible, but at least according to the analysis I've read, pure speculation. Anything Israel could do to Iran is plausible, because we can imagine them doing anything, because they're Israel.

The sooner this leads to me drinking tea in a Hong Kong dive before I "jack in" and merge with the internet to do virtual battle with a metaphorical katana, the better.

SpacePPoliceman wrote:

The sooner this leads to me drinking tea in a Hong Kong dive before I "jack in" and merge with the internet to succumb to glossolalia, the better.

Fixed.

Hong Kong? Let's see what the The Master has to say about that....

The Japanese had already forgotten more neurosurgery than the Chinese had ever known. The black clinics of Chiba were the cutting edge, whole bodies of technique supplanted monthly, and still they couldn't repair the damage he'd suffered in that Memphis hotel.
Robear wrote:
Show me evidence of effective cyber warfare, where a network attack has been used to destroy a physical object or kill someone, remotely, in the wild. You can't, because it hasn't been done.

There is evidence that in 1982, the CIA used a Trojan horse installed in SCADA control software in a turbine control system to literally blow up a Soviet gas pipeline. It was at the time the largest non-nuclear explosion and fire imaged from space. This was reported by a US National Security Adviser, Thomas Reed.

So one incident of deliberate software sabotage by the manufacturer 28 years ago is all you have?

That was 28 years ago. Maybe, you know, they've gotten a little bit better at it in that time. Interesting that the same software was targetted then and now.

Of course it was similar software; it's the software that controls various mechanical systems. As Schneier notes, calling this software SCADA is incorrect, though common. And they haven't gotten any better at it in that time. If they had, wouldn't there be examples of sabotage and explosions all over the place?

You said cyberwarfare was completely ineffective, and you've offered only your opinion that computer code can't cause serious damage to support it.

It's not my opinion - the facts are that cyber "warfare" is laughably ineffective. Take car accidents as a comparison - we do have a significant problem with car accidents, over 30,000 people are killed every year in the United States. Where are the deaths attributed to cyber warfare? The damage? The smoking rubble?

Schneier, on the other hand, argues that not only does it exist, but that it requires actual war to bring it out, since a lot of effort is put into developing useful attacks and defenses. So what he's saying is "We're not in a cyberwar, even with Stuxnet" and what you're asserting is "Cyberwar is impossible".

I'm not asserting that cyber "warfare" is impossible, I'm asserting that it is ineffective; something that needs to dealt with, but nothing to worry about (similar to terrorism in that regard, actually).

From a Rand report linked in Schneier's blog:

Predicting what an attack can do requires knowing how the system and its operators will respond to signs of dysfunction and knowing the behavior of processes and systems associated with the system being attacked. Even then, cyberwar operations neither directly harm individuals nor destroy equipment (albeit with some exceptions). At best, these operations can confuse and frustrate operators of military systems, and then only temporarily. Thus, cyberwar can only be a support function for other elements of warfare, for instance, in disarming the enemy.
Once again, the sweeping statement is inaccurate.

If by the "sweeping statement" you mean "cyberwarfare is ineffective", then it's completely accurate - you've presented little to no evidence of any kind of effective cyber warfare. In comparison to software bugs, cyber "warfare" attacks don't even register on the same scale in terms of economic loss or danger to humans - and even that risk can be almost entirely eliminated by the simplest and most basic security measures.

As I said, in a month this'll be forgotten, and we'll be back to dealing with the real network security threats like spam, phishing, and Windows.

I'm not asserting that cyber "warfare" is impossible, I'm asserting that it is ineffective; something that needs to dealt with, but nothing to worry about (similar to terrorism in that regard, actually).
If there was any proof at all that such things could be accomplished by attacks via the internet, I'd be slightly concerned. Since there's not, I think we should focus on the much more serious and much higher probability problem of Israel or the U.S. bombing Iran to try to stop their nuclear development.

You assert here that there's no proof such things *could* be accomplished by attacks via the internet. Well, that's before - now it's something to be dealt with, but nothing to worry about. That's a change. I'll put my money with Schneier; not only is this possible, but we'll see it if we ever get into a war with a state capable of it.

Wired wrote:

There is debate on whether the term "cyberwarfare" is accurate, with some experts stating that "there is no cyberwar," and that the word is "a terrible metaphor." Other experts, however, believe that this type of activity already constitutes a war.

Richard A. Clarke wrote:

[Cyberwarfare is] actions by a nation-state to penetrate another nation's computers or networks for the purposes of causing damage or disruption.

William J. Lynn, U.S. Deputy Secretary of Defense wrote:

as a doctrinal matter, the Pentagon has formally recognized cyberspace as a new domain in warfare . . . [which] has become just as critical to military operations as land, sea, air, and space.

Alexander Merezhko wrote:

...cyberwar is defined as the use of Internet and related technological means by one state against political, economic, technological and information sovereignty and independence of any other state.

Aetuis, you're espousing that there's been little to no damage from cyber warfare. While it's true there's been little physical damage, and little to no known deaths, the economic damage is massive. Unfortunately, you won't know much about it, because it happens in a world you don't know much about. It's a lot like the true damage of espionage. You may be familiar with some high profile cases, but true economic damage on the order of billions of dollars isn't exactly talked about in the open on a regular basis. Just look at pages like this http://cicentre.net/wordpress/ and you'll get an idea of how active the dark world of espionage, and to an extent, cyber warfare, actually is, and this is just the stuff the free press knows about.

The fact that all the major governments of the world are investing billions of dollars in both offensive and defensive cyber capabilities should be telling enough. I mean, the US just stood up a joint military command just for these issues, and already had the NSA and others. While many people here think the US government is an incompetent bureaucracy that just pisses away money on pork, they generally don't do things for no reason at all - it just might be reasons you don't know about.

And if it was just the US, then maybe I could see your point, but it's every major global power.

[quote wrote:

wikipedia] * In 1982, computer code stolen from a Canadian company by Soviet spies cause a Soviet gas pipeline to explode. The code had been modified by the CIA to include a logic bomb which changed the pump speeds to cause the explosion.

* The United States has come under attack from computers and computer networks situated in China and Russia. See Titan Rain and Moonlight Maze.

* In the 2006 war against Hezbollah, Israel alleges that cyber-warfare was part of the conflict, where the Israel Defense Force, (IDF) intelligence estimates that several countries in the Middle East used Russian hackers and scientists to operate on their behalf. As a result, Israel has attached growing importance to cyber-tactics, and has become, along with the U.S., France and a couple of other nations, involved in cyber-war planning. Many international high-tech companies are now locating research and development operations in Israel, where local hires are often veterans of the IDF's elite computer units.[45] Richard A. Clarke adds that "our Israeli friends have learned a thing or two from the programs we have been working on for more than two decades."

* In 2007, McAfee, Inc. alleged that China was actively very involved in "cyberwar." China was accused of cyber-attacks on India, Germany and the United States, although they denied knowledge of these attacks. China has the highest number of computers that are vulnerable to be controlled, owing at least partially to the large population.

* In April 2007, Estonia came under cyber attack in the wake of relocation of the Bronze Soldier of Tallinn.[47] Estonian authorities, including Estonian Foreign Minister Urmas Paet accused the Kremlin of direct involvement in the cyber attacks. Estonia's defence minister later admitted he had no evidence linking cyber attacks to Russian authorities. In the attack, ministries, banks, and media were targeted.

* In September 2007, Israel carried out an airstrike on Syria dubbed Operation Orchard. U.S. industry and military sources speculated that the Israelis may have used technology similar to America's Suter airborne network attack system to allow their planes to pass undetected by radar into Syria. Suter is a computer program designed to interfere with the computers of integrated air defense systems

* In 2007, the United States government suffered an "an espionage Pearl Harbor" in which an "unknown foreign power...broke into all of the high tech agencies, all of the military agencies, and downloaded terabytes of information."

* In 2007 the website of the Kyrgyz Central Election Commission was defaced during its election. The message left on the website read "This site has been hacked by Dream of Estonian organization". During the election campaigns and riots preceding the election, there were cases of Denial-of-service attacks against the Kyrgyz ISPs.

* Russian, South Ossetian, Georgian and Azerbaijani sites were attacked by hackers during the 2008 South Ossetia War.

* In 2008, a hacking incident occurred on a U.S. Military facility in the Middle East. United States Deputy Secretary of Defense William J. Lynn III had the Pentagon release a document, which reflected a "malicious code" on a flash drive spread undetected on both classified and unclassified Pentagon systems, establishing a digital beachhead, from which data could be transferred to servers under foreign control. "It was a network administrator's worst fear: a rogue program operating silently, poised to deliver operational plans into the hands of an unknown adversary. This ... was the most significant breach of U.S. military computers ever and it served as an important wake-up call", Lynn wrote in an article for Foreign Affairs.

* On March 28, 2009, a cyber spy network, dubbed GhostNet, using servers mainly based in China has tapped into classified documents from government and private organizations in 103 countries, including the computers of Tibetan exiles, but China denies the claim.

* In July 2009, there were a series of coordinated cyber attacks against major government, news media, and financial websites in South Korea and the United States. While many thought the attack was directed by North Korea, one researcher traced the attacks to the United Kingdom.

* In December 2009 through January 2010, a cyber attack, dubbed Operation Aurora, was launched from China against Google and over 20 other companies. Google said the attacks originated from China and that it would "review the feasibility" of its business operations in China following the incident. According to Google, at least 20 other companies in various sectors had been targeted by the attacks. McAfee spokespersons claim that "this is the highest profile attack of its kind that we have seen in recent memory."

* In September 2010, Iran was attacked by the Stuxnet worm, thought to specifically target its Natanz nuclear enrichment facility. The worm is said to be the most advanced piece of malware ever discovered and significantly increases the profile of cyberwarfare.

Robear wrote:

So what you're saying is that a targetted attack on industrial control systems can't actually damage the control systems?

I'm saying there's no evidence of that, and never has been.

The Iranians now say that some of their centrifuges were physically damaged by Stuxnet.

Iranian President Mahmoud Ahmadinejad on Monday admitted that "software installed in electronic equipment" damaged "several" of the country's uranium enrichment centrifuges, according to an AFP report.

"They were able to disable on a limited basis some of our centrifuges by software installed in electronic equipment," Ahmadinejad responded to reporters after he was asked whether his country's nuclear program encountered problems.

Shoal7 wrote:

Aetius, you're espousing that there's been little to no damage from cyber warfare. While it's true there's been little physical damage, and little to no known deaths, the economic damage is massive. Unfortunately, you won't know much about it, because it happens in a world you don't know much about.

Right, so in this world, massive economic damage isn't noticeable? Umm ... okay. The "massive economic damage" is trivial compared to real internet problems like spam.

Jerusalem Post[/url]]However, the International Atomic Energy Agency said in a report last week that a one-day outage did occur within Iran's Natanz nuclear plant earlier this month.

Yawn. Call me when they actually do something significant.

So if County A steals 10 billion dollars worth of R&D annually from Country B, is that not massive economic damage to Country B and a net gain to Country A? Especially if B must now redesign some of the previous R&D (especially if it's military), and spend even more money.