If nuclear weapons are so bad why doesn't the US give up theirs?

[deleted]

nah i prefer my governments on the smaller side

I grew up in Eastern Europe you imbecile.

But yes indeed, it is an utter waste of time to attempt to have a reasonable conversation with the likes of you.

What a wonderful world it would be if you got your way and everybody had nuclear weapons.

Look, you grew up thinking dropping an atom bomb on Japan and marching into Iraq on false pretences was warranted and necessary. I don't think we need to have this conversation.

So, what you're saying is that only a morally bankrupt person would argue that Stuxnet was the right thing to do?

>so the more interesting debate to be had is whether or not it was the right thing to do.

Yea just like killing a murderer would be...if you're morally bankrupt

>Because a crime is still a crime. You can't kill a murderer just because it would make the world maybe a better place.

Yes, but from a legal point of view, this simply wasn't a crime.

It's pointless to debate that, so the more interesting debate to be had is whether or not it was the right thing to do.

This is really not a context in which you would normally use the term fuzzer. Stuxnet did not "fuzz" these PLCs, it performed a series of specific steps to identify its targets and cause them to break.

>And more importantly, why do you think this was wrong?

Because a crime is still a crime. You can't kill a murderer just because it would make the world maybe a better place.

Actually, backwards nutters in the US (and Iran haha) still believe in the death penalty so

Fuzzing is a method of putting unexpected stuff into function parameters. You can write a fuzzer yourself, like `for x in random(): call(x)`.

The program that generates bogus parameters for function calls. In that case values for Siemens controllers to set that will cause chaos in controlled hardware.

I could be wrong but I'm guessing by the date that the development of the exploit predates the availability of modern fuzzing software.

:) I corrected my poor spelling :)

So good

Flame was developed by people involved in developing Stuxnet, no surprise that they would share elements. There's little indication that Flame is "subsequent malware", everything we know indicates that they were developed at around the same time.

Stuxnet development started around 2005

Flame development started at least as early as 2006

In fact, there are strong indicators that the people who developed Flame provided guidance and technical assistance to the less sophisticated Stuxnet developers. It's difficult to imagine that the development of Flame would have hinged on Stuxnet in any way.

>I believe that others used one or more of the zero days in subsequent malware;

Such as?

I trust the top comment is reasonable in saying it’s impossible off a documentarian to know the full story. This is a highly classified operation of aggression from one nation state to another.

There is so much that will never be revealed, it’s naive to think someone, even the most skilled investigative journalists, could “do their research” and get the full story. There are likely still state-sponsored espionage efforts trying to fully understand how Stuxnet happened and if there exist similar capabilities or plans against other infrastructure.

If you’ve never worked with classified information it’s easy to think that everything known by the government just eventually becomes public, but SCI programs like this maybe only have a dozen people or less in the world who understand the whole picture, and a few dozen or hundred more who only know part of it.

Fuzzer?

I believe that others used one or more of the zero days in subsequent malware; Flame was one. I don’t think it’s been proven Flame wouldn’t exist without Stuxnet, but it’s likely.

Hello 1984

No need to fat-shame governments.

Good luck trying to bring literal above-the-law state actors of Israel and the US to court....

This is a great documentary!

I worked at the company that originally discovered it. Siemens SCADA software are run on Windows machines that are not connected to the Internet, and hence never patched. So any kind of malware that uses autorun exploits can get there. Knowing that, it is easy to target the machines. What is not that easy is to develop a fuzzer that once installed, will properly send disruptive commands, instead of just freezing PC.

>Considering the code is now out in the open, is being reverse engineered, and now being repurposed for other attacks?

It's 2023, Stuxnet has been out in the wild since at least the 2010. What other attacks materialized from Stuxnet being reverse engineered?

Duqu isn't a Stuxnet "strain", it's an entirely separate piece of malware developed by some of the people involved in the creation of Stuxnet.

> If the gun is the great equalizer because men, women, and children can use it to attack or defend regardless of physical strength, then this virus is also an equalizer.

Not really, the exploits get fixed as soon as they become public knowledge. Stuxnet had already been fired, and the exploits burned. All that was left was a spent cartridge.

>Releasing Stuxnet was pretty much giving everyone a "nuclear weapon." There's no longer a nuclear deterrence but a viral deterrence. Launching cyber attacks assures mutual destruction.

This is a weird take. The "dangerous" parts of Stuxnet became irrelevant as soon as it's existence became public knowledge, Microsoft issued patches and Stuxnet was rapidly reduced to nothing but a curiosity.

How do you "patch" nuclear weapons?

Stuxnet isn't the nuke-like capability here, it's the team of people sitting in Fort Meade ensuring a steady supply of 0days.