Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon Read Online Free Page B
Book: Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon Read Online Free
Author: Kim Zetter
analysis team at Kaspersky Lab—Costin Raiu, Aleks Gostev, Roel Schouwenberg, Kurt Baumgartner, Vitaly Kamluk, and the rest of the company’s global group of researchers–who impressed me repeatedly with their skill and devotion to chasing down the tiniest details of very complex attacks, even though working with them often involved 6 a.m. phone calls on my end to accommodate the time difference with Eastern Europe. I’m particularly grateful to Costin for going beyond the call of duty, sometimes at the expense of time with his family, and for his remarkable wisdom, memory, and attention to detail, which helped me keep track of the many maddening facts that grew more extensive with each new discovery.
I’m also very grateful to Greg Funaro and Ryan Naraine at Kaspersky Lab who had an uncanny ability to anticipate what I needed before I knew I needed it and who had an unwavering commitment to leaving no question unanswered. Ryan’s former job as a top security journalist,combined with his technical expertise, made him the perfect liaison with the research team.
In addition to the Symantec and Kaspersky research teams, the story of Stuxnet could not be told without the work of Ralph Langner and his colleagues Ralf Rosen and Andreas Timm. Ralph’s passion for Stuxnet kept it alive in the press and brought it to the attention of mainstream media, while his extensive knowledge of industrial control systems helped the public understand Stuxnet’s broader implications for the security of critical infrastructure. I’m grateful for the many hours he spent with me on the phone and in person to help me make sense of Stuxnet’s broader context. His frank and straightforward manner cut to the heart of the issues and ensured that the public could not dismiss or overlook the importance of Stuxnet. I’m also grateful to Ralf Rosen for the time he gave to speak to me about their work on Stuxnet and for reviewing some of the completed text for accuracy.
Similarly, Boldizsár Bencsáth was immensely generous with his time and expertise, providing kind and invaluable assistance that helped me unravel a few mysteries and understand the ways in which all of the attacks were connected.
In addition to these researchers, I’m greatly indebted to David Albright at the Institute for Science and International Security, who helped not only me but also Symantec and Ralph Langner with understanding Stuxnet’s effects on Natanz and the enrichment process. Both he and Olli Heinonen, formerly of the IAEA and now a senior fellow at Harvard’s Belfer Center for Science and International Affairs, provided great insight into the Iranian nuclear program in general and to the enrichment process at Natanz in particular.
In addition, I’d like to thank Corey Hinderstein, now with the Nuclear Threat Initiative, for providing me with her firsthand memories of the press conference where Natanz was first exposed and her work uncovering the infamous satellite images.
I’d also like to thank Dale Peterson, Perry Pederson, Joe Weiss, and Mike Assante for helping me understand the wider effects of Stuxnet andweapons like it on critical infrastructure. Dale and Perry were especially helpful in reading the chapter on industrial control systems and providing feedback.
Similarly, I’d like to thank Jason Healey and Marcus Sachs for providing background information about the early days of the government’s digital warfare program and to Jason for providing perspective on the implications of Stuxnet and Flame and where we go from here. I’d also like to thank Charlie Miller and Chaouki Bekrar for their frankness in discussing the zero-day market and helping me understand the motivations that drive this market.
In addition to all of these people, there are others who sat for interviews or read through chapters or parts of chapters to provide welcomed and helpful feedback. Some of them I have named here; many others have asked to remain anonymous.
One
I’m also very grateful to Greg Funaro and Ryan Naraine at Kaspersky Lab who had an uncanny ability to anticipate what I needed before I knew I needed it and who had an unwavering commitment to leaving no question unanswered. Ryan’s former job as a top security journalist,combined with his technical expertise, made him the perfect liaison with the research team.
In addition to the Symantec and Kaspersky research teams, the story of Stuxnet could not be told without the work of Ralph Langner and his colleagues Ralf Rosen and Andreas Timm. Ralph’s passion for Stuxnet kept it alive in the press and brought it to the attention of mainstream media, while his extensive knowledge of industrial control systems helped the public understand Stuxnet’s broader implications for the security of critical infrastructure. I’m grateful for the many hours he spent with me on the phone and in person to help me make sense of Stuxnet’s broader context. His frank and straightforward manner cut to the heart of the issues and ensured that the public could not dismiss or overlook the importance of Stuxnet. I’m also grateful to Ralf Rosen for the time he gave to speak to me about their work on Stuxnet and for reviewing some of the completed text for accuracy.
Similarly, Boldizsár Bencsáth was immensely generous with his time and expertise, providing kind and invaluable assistance that helped me unravel a few mysteries and understand the ways in which all of the attacks were connected.
In addition to these researchers, I’m greatly indebted to David Albright at the Institute for Science and International Security, who helped not only me but also Symantec and Ralph Langner with understanding Stuxnet’s effects on Natanz and the enrichment process. Both he and Olli Heinonen, formerly of the IAEA and now a senior fellow at Harvard’s Belfer Center for Science and International Affairs, provided great insight into the Iranian nuclear program in general and to the enrichment process at Natanz in particular.
In addition, I’d like to thank Corey Hinderstein, now with the Nuclear Threat Initiative, for providing me with her firsthand memories of the press conference where Natanz was first exposed and her work uncovering the infamous satellite images.
I’d also like to thank Dale Peterson, Perry Pederson, Joe Weiss, and Mike Assante for helping me understand the wider effects of Stuxnet andweapons like it on critical infrastructure. Dale and Perry were especially helpful in reading the chapter on industrial control systems and providing feedback.
Similarly, I’d like to thank Jason Healey and Marcus Sachs for providing background information about the early days of the government’s digital warfare program and to Jason for providing perspective on the implications of Stuxnet and Flame and where we go from here. I’d also like to thank Charlie Miller and Chaouki Bekrar for their frankness in discussing the zero-day market and helping me understand the motivations that drive this market.
In addition to all of these people, there are others who sat for interviews or read through chapters or parts of chapters to provide welcomed and helpful feedback. Some of them I have named here; many others have asked to remain anonymous.
One
Readers choose
Megan Linski
Lin Anderson
Allan Leverone
Margaret Weis
James McCourt
Sam Crescent
Ted Dekker
Suzanne Woods Fisher
Michael Kuhar