washingtonpost.com
I know it's long but bear with me if you're interested.
It appears (after reading more articles) that the threat of a "serious" disaster is lower than it was last fall/winter when the worm was first released with 4 zero-day vulnerabilities. Since this finding has been made public, I believe it could have really good or really bad repercussions.
I'm very curious about the source of the worm, but I don't think it should be made public.
Source:
non-state actor
Good: If it is found that a non-state entity was the source with very private funding, it could lead to some thawing in an already existing gov't cyber warfare environment. I think Gov'ts don't realize the value of worms like Stuxnet being available in their arsenal (mutual-destruction from the cold war isn't really a relative term in cyberspace yet..it's more like containment/trial-and-error probing) and are vulnerable to the risk of contracting high-risk programs like this. Tearing down specific honey-pots (forum sites frequented by known terrorists and drop intel) and unintentionally destroying other servers in the attack is a very stark contrast to this worm that was developed around the same time.
could be good/could be bad: Someone could've leaked a tip to the group who "discovered" the worm so that a gov't could buy the worm. Free advertising through legitimate channels of news of powerful malware. Maybe an African country decides that it wants vengeance on the "white man's burden?"
Bad: An attack could happen. Hackers may or may not develop variants of the code or techniques used in this worm to develop their own attacks. Starting to wonder how energy markets/companies would be affected by certain types of energy being destroyed in an attack. Who gains/loses?
state actor:
Good: kinda hard at the moment to see this being a good thing for any gov't in terms of maintaining peace. Unless of course the intention is to grab more power from this. Smart for themselves, but seriously dangerous.
Bad: very bad if it's Israel. Many people see Israel as a sort of irresponsible kid brother of the US. Any western gov't would be just as bad because it sends a message to other non-western gov'ts of existing ideological difference that those misgivings are even truer (propaganda for terrorists, etc.) Wouldn't be surprised if Russia or satellite USSR country had a hand in it. Neither would Germany surprise me either. Siemens equipment is targeted and could buffer future assets by having a upper-hand in this experience vs. their competitors. Not much for them to lose.
I know it's long but bear with me if you're interested.
It appears (after reading more articles) that the threat of a "serious" disaster is lower than it was last fall/winter when the worm was first released with 4 zero-day vulnerabilities. Since this finding has been made public, I believe it could have really good or really bad repercussions.
I'm very curious about the source of the worm, but I don't think it should be made public.
Source:
non-state actor
Good: If it is found that a non-state entity was the source with very private funding, it could lead to some thawing in an already existing gov't cyber warfare environment. I think Gov'ts don't realize the value of worms like Stuxnet being available in their arsenal (mutual-destruction from the cold war isn't really a relative term in cyberspace yet..it's more like containment/trial-and-error probing) and are vulnerable to the risk of contracting high-risk programs like this. Tearing down specific honey-pots (forum sites frequented by known terrorists and drop intel) and unintentionally destroying other servers in the attack is a very stark contrast to this worm that was developed around the same time.
could be good/could be bad: Someone could've leaked a tip to the group who "discovered" the worm so that a gov't could buy the worm. Free advertising through legitimate channels of news of powerful malware. Maybe an African country decides that it wants vengeance on the "white man's burden?"
Bad: An attack could happen. Hackers may or may not develop variants of the code or techniques used in this worm to develop their own attacks. Starting to wonder how energy markets/companies would be affected by certain types of energy being destroyed in an attack. Who gains/loses?
state actor:
Good: kinda hard at the moment to see this being a good thing for any gov't in terms of maintaining peace. Unless of course the intention is to grab more power from this. Smart for themselves, but seriously dangerous.
Bad: very bad if it's Israel. Many people see Israel as a sort of irresponsible kid brother of the US. Any western gov't would be just as bad because it sends a message to other non-western gov'ts of existing ideological difference that those misgivings are even truer (propaganda for terrorists, etc.) Wouldn't be surprised if Russia or satellite USSR country had a hand in it. Neither would Germany surprise me either. Siemens equipment is targeted and could buffer future assets by having a upper-hand in this experience vs. their competitors. Not much for them to lose.