Am I wrong, but are most leaks on Wikileaks US-centric information, or are they the only leaks that get press? We're talking about leaks that don't do much for freedom. Leaks that are a small part of a bigger political game.
Can Anonleaks or Anon people actually get and publish information about oppressive regimes, atrocities and cover-ups (maybe publish on wikileaks itself)... stuff that is unlikely to leak by whistle blowing attempts alone? Maybe content from the UN HRC, which they don't do anything about, and instead focus on Israel. Ugly corporate activities would be interesting: environmental and human catastrophes in mining, arms, energy and pharmaceutical businesses.
Imagine all the shit going on in China right now, or conspired manipulation of global financial markets, or rigged elections in supposed democracies: to me this is much more important than Aaron Barr's emails or the Stuxnet source.
It is clear that Anonymous are potent, but how can that be directed so that the Anon mind can be a powerful force for good: white-hat hacking with less ego and more conscience.
Almost surely. Who has the source to Stuxnet? Whatever American or Israeli agency commissioned it. Anon has no connection to them. Their sole connection is to a small security company, which has no connection to the unknown agency either. All they would have is access to is whatever is in the wild - the compiled binary.
I'm no security researcher, but it seems to me that there are two interesting parts to Stuxnet:
1. The infection mechanism it uses to spread (no idea what the technical term is for this)
2. The payload it uses to damage nuclear reactors
The vulnerabilities exploited by (1) are supposedly already patched, so that isn't going to do anyone much good. And unless anon hopes to take out a nuclear enrichment facility (and since they probably aren't all the same, we're only talking about some portion of those) I don't see what good (2) would do them.
So while this is probably a great way to drum up an 'OMG HACKERZ!!' scare, I just don't see why this is really a big deal. To say nothing of the fact that, being a virus, Stuxnet can't really be all that hard to find a copy of.
Edit: Changed reactors to enrichment facilities in the list and fixed the list formatting.
Corrected, my mistake. I even managed to get it right the first time in the paragraph below that, it must be the sleep deprivation catching up with me.
I believe the point is that "to damage nuclear reactors" conjures a far different (and more explosive) mental image than "to damage nuclear enrichment facilities", even if the economic impact is the same.
I believe Stuxnet messed with the software that ran some fairly esoteric, though nevertheless commercially produced and sold machinery for enriching uranium. Siemens gear I think.
The problem is that intustrial installations of the type stuxnet targets usually cannot be patched at all because changing anything important in a system like that requires a full reevaluation of compliancee with all current security and other regulations as if the installation were new. And this can easily cost tens or even hundreds of millions in hardware changes if the requirements for new installations have become stricter since when the installation was built (which is quite common for nuclear facilities).
One disturbing bit: Anonymous has a lot of members who work currently or used to work in IT and at ISPs. Of those no longer in such positions, a lot of them are close friends with others who currently still work in such places. It's totally like that bit from Fight Club, but instead of being the ones that make your sandwich and vacuum your floors, they're the ones that install your code and backup your databases.
In another way, this is very reassuring. With Internet access being spread between 200,000 ISPs in the US and Canada, the prospect of a top-down commanded Internet blackout seems awfully slim.
Universal lesson -- if a part of your society is built out of bullsh#t, it's going to be riddled full of holes and secret passages. If a part of your society is built of bullsh#t, there will be a disaffected contingent looking for meaning, who will find the time and the means to communicate. It's been true for thousands of years, and I don't see it stopping.
I doubt that HBGary had the source to Stuxnet. Even the source is not that useful. Its infection vectors are known. It does not really use novel worm techniques. They would not be able to sign a different rootkit payload without the stolen certs. The source does not give you control of the command and control infrastructure, so they cannot use or update any of the currently infected machines (this is speculation, I do not know the specifics of Stuxnet in this regard). The PLC payload is useless and would have to be rewritten and tested for a different target. Basically, having a copy of Stuxnet and/or the source for it is useless for using it as a weapon.
The source would be great for the people looking for evidence of who wrote it and what their intentions were, but that is about it.
I really hope Anon keeps a happy attitude. I don't want to see the governments getting stupid on everyone because they feel the must do something about things they really have no control over.
What I mean is this: Anon or others with similar resources will always be able to take governments to brinkmanship. I say that because governments always want to have the upper-hand. Of course, in some places (like the internet), the only way they can really have the upper-hand is to destroy it, because its very nature (evolution and breadth) means they will never be able to maintain the upper-hand. They are only one player, a good one, but they aren't the referee.
The article only mentions "a genuine stuxnet copy" (the Stuxnet "application") whereas the headline title mentions "source code to Stuxnet" which implies the C or assembler or code was used to create Stuxnet in the first place (which be an incredible find indeed).
The article seems rather ridiculous in any case. I recall an analysis of Stuxnet describing it as a conventional virus and it became visible specifically because like other viruses, it spread through a variety of systems.
Several posters elsewhere in the comments seem to think it's the source code.
Regardless, this is precisely the sort of headline that a fear slinging, technophobic, "series of tubes" politician will latch on to. Doubly so in this case, what with HBGary's political connections...
"... I recall an analysis of Stuxnet describing it as a conventional virus and it became visible specifically because like other viruses, it spread through a variety of systems. ..."
I read another open source report, NYT "Israeli Test on Worm Called Crucial in Iran Nuclear Delay" (Broad, Markoff & Sanger) ~ http://www.nytimes.com/2011/01/16/world/middleeast/16stuxnet... detailing how Stuxnet was a very specifically designed piece of code targeted for the Siemens made controller called a "P.C.S.-7" and a configuration for specific number of machines. A tailored cyber attack, the work of a trained marksmen not a random shooter.
It is very unlikely that they have the source (judging by the article). Rather, they have a copy of the virus executable. Still, the same probably applies.
the face of journalism's changed since I was a kid; I've talked with plenty of journalists researching stories, and things like twitter posts and linkedin profiles are part of the landscape now. we as readers like to put much of the onus on the writer, in this day and age it's probably more important for the reader to be aware and informed as well.
They may be part of the landscape but that doesn't mean taking them at face value is good journalism. And I think the reliability of journalism has a large impact on how aware and informed it's even possible for a reader to be.
As much as we like to think journalists are doing public service, they are working for commercial organizations struggling to make money. One aspect of being informed is recognizing that news organizations are companies trying to make money, and those incentives aren't necessarily aligned with fair and balanced reporting. All the 'tiger mom' stuff is a perfect example of this; much of the hoopla surrounding it stems from the inflammatory title that the editor chose for it... definitely sold a lot of papers and a lot of her book.
The best part is when the author explains how Stuxnet attacks SCADA, then goes on quoting Schneier: "(the press often refers to these as SCADA systems, which is technically incorrect)".
