* Posts by ProfessorLarry

4 posts • joined 22 May 2011

How Britain could have invented the iPhone: And how the Quangocracy cocked it up


Not Invented Here?

History is riddled with tales of inventors who were screwed over or not credited or who just missed out. And very often, history eventually reveals that whatever we may have thought, some widget or technique was actually invented earlier or by someone else. Somebody or some company or some country gets (or takes) the credit, and that's what the history books and the patent offices record. Consider the big Darwin celebrations and the "rediscovery" of Alfred Wallace and how the Royal Society conspired...

Hell, I am co-inventor with a US patent on the technique that Apple used to let users know they were actually ejecting a disc not discarding it in the recycle bin yet never received a shilling or even a thank you. That's just how things work in the real world.

In the frenetic and fractured world of high tech, a majority of good things are no doubt independently "invented" by many people at more or less the same time. Most of them will never be recognized or benefit. And most will not even have a dysfunctional quango to pass the blame onto.

--Prof. Larry Constantine (pen name, Lior Samson)


Prof casts doubt on Stuxnet's accidental 'great escape' theory


I would love to join the conversation

I would enjoy getting into the dialogue, but the moderators seem not to have accepted my post in response to the various comments. I would humbly request the moderators restore/allow my responses.

I do not think being Jewish or not is germane to the discussion; Jews in and out of Israel have many different positions on Middle East politics and are as capable of impartiality (or not) as any other ethnic/religious group.

To Ross K, whether art imitated life or life art is a bit messy in this case. In 2003, I designed a Stuxnet-style attack on U.S. infrastucture as part of my notes for Web Games. It took me 7 years to write the novel, but I finished the manuscript just before Stuxnet was reported in summer of 2010. It took another 5 months for the book to go through editing and revision to make it into print. Bad timing on my part, but again, it hardly relates to expertise or its absence. In any case, I am not trying to tout my expertise, but attempting to argue that there is a reasonable technical basis for questioning Sanger or his sources or both.

I am sorry if some of the technical details are muddled by the format of a live podcast interview. I intend to get a more properly argued and annotated piece published. I did try to clarify some of my intent in the deleted earlier comment. If the moderators do not release it, I will attempt to reconstruct and re-post later.

In any case, my real agenda is to stir up enough discussion that mainstream media begin a closer examination of all of Sanger's claims. I can only comment with any confidence on this one small matter.

--Larry Constantine (pan name, Lior Samson)


Another shilling's worth

I am delighted by the discussion here, since bringing these issues into the open was my immediate agenda. Understand, a podcast interview is not conducive to the most precise semantics or the finest technical details. I want to apologize if I left some unnecessary ambiguities in my ad hoc answers. I turned to that forum (thank you, Steven Cherry) because none of the mainstream media--print or electronic--would touch the story, a curious matter in itself.

As to how wild or widespread the infection was, what I was trying to highlight was that there was never any worldwide indiscriminate spread of Stuxnet by email or Web, as with much malware, but something much more limited based on direct system-to-system connection or sneakernet communication through removable media. As some of the experts here have pointed out, there are some holes (e.g., VPN) that might have allowed Stuxnet to reach beyond the LAN to infect other LANs. In any case, whether 100,000 is a lot of infections or small compared to many other worms, the analysis shows a small number of very tight clusters tied closely to initial points of infection.

I concur that Ralph Langner, a colleague of mine, is probably one of the go-to guys on the PLC side of Stuxnet. And I will underscore, that all my sources are secondary, as I was not directly involved in the forensic analysis.

My main point is that Sanger's narrative is flawed. Whether it is a journalistic failure, sloppy semantics, or disinformation is not for me to say, as I have no access to Sanger or his sources. But the fact that his reporting is being accepted so credulously and that the press is not taking on the story of flaws in his articles and book is troubling.

As to the actual initial infection and route into the facilities at Natanz, my understanding had been that the point of entry was not by directly carrying a doctored USB drive into this highly secure plant, but by infection of adjacent or closely related facilities, with the software then spreading itself as it could until it found the right installation of STEP 7 with precisely the right project files representing the particular frequency-controlled motor configuration. On the other hand, Raviv and Melman, who have sources inside Mossad and the IDF, suggest that the patient-zero USB was carried into the plant by Siemens maintenance engineers under direction of German intelligence (BND) collaborating with HaMossad. I cannot say. What we do know is that in one version of Stuxnet, the first infection (not at Natanz) was within 12 hours of the last compilation timestamp. If accurate, it does suggest that versions might have been hand delivered to specific targets. And it has already been established that Mossad operatives were in Iran at the time.

Perhaps we will someday know the real story, but it is not the one Sanger told, at least on some pivotal details.

--Prof. Larry Constantine (pen name, Lior Samson)


Stuxnet-style SCADA attack kept quiet after US gov tests


What air gap?

Many in the field have known for years that firewalls are often effectively transparent and airgaps are routinely crossed via many routes. Modern PLCs cannot be fully isolated, because new code must be downloaded by way of PLC programming software the must itself be maintained up-to-date (as I argued over at InformIT and in a new article in Cutter IT Journal).

All the way back in 2003, I designed a Stuxnet-style attack on the U.S. power infrastructure that became the plot driver for the Lior Samson thriller, Web Games (Gesher Press, 2010). I have long argued that bright and determined hackers could pull of a real, devastating attack--no nation-state or clandestine services needed. It's nice to finally be validated, but also a bit unsettling. How long before the attack scenario leaves the field of fiction (as in Web Games) and becomes dangerous reality?