And for a stomach-churning “where are they now” experience, here is former Senator Chris Dodd, now MPAA President’s statement calling the decision to go on strike today an “abuse of power.”
If that doesn’t keep you busy, you can write your members of Congress via this link. Or call them directly!
I, for one, will still be on Twitter. So will #SOPAStrike, tracking how things go tomorrow.
Share this entry
https://www.emptywheel.net/wp-content/uploads/2016/07/Logo-Web.png00emptywheelhttps://www.emptywheel.net/wp-content/uploads/2016/07/Logo-Web.pngemptywheel2012-01-18 06:00:272012-01-17 18:43:18Save the Internet!
Happy New Year folks! As we celebrate the start of the new year of 2012, we also today reach the end of the NFL regular season, and there are some big games on tap. So let’s get down to the nitty gritty. Also, ring in the new year with a little Jerry Jeff Walker. Don’t hear to much about Jerry Jeff anymore, but hot damn, he was, and is, really good.
No game is, nor could ever be, as big as the Tebowl between Baby Jesus and the man who wrongfully had Baby Jesus’ position at the start of the season, Kyle Orton. Really, the entire game is only between Tebow and Orton, or so it seems from the week’w worth of blather at ESPN. In all seriousness though, it truly is pretty compelling theater. The Chefs can play, as they demonstrated by rolling the Pack in the only loss for the Cheese of the year. And you know Orton would love to pound the Donkos and keep them and Baby Jesus out of the playoffs. For Denver, if they win they are in; if they lose they are not (well, unless Oakland loses to the Bolts, in which case the Donks would still win the division with a lousy 8-8 record). Simple. I would take the Chefs pretty easily here, but the game is at Mile High, and that matters. Still gonna go with the KC BBQ, but Tebow will play his heart out; Baby Jesus is nothing if not a gamer. That leaves the AFC West division championship, and its playoff berth up to the Rayduhs and Bolts game, where the edge has to ride with Carson Palmer and the ghost of Al Davis, in the Black Hole, over the Bolt who are just done (as is Norval, finally, it would appear).
The other win or go home game that is must see theater is the ‘Boys at the Gents in the NBC Sunday Night finale. Winner takes the NFC East and moves on to the playoffs, loser is toast. Here, too, the game is a tale of two quarterbacks Good/Bad Eli and Tony Romeo. They are both like Gump’s damn box of chocolates, you never know what your are gonna get; consistently inconsistent and all over the road. Romo does have a bruised up hand from the Eagles game, but no way he does not play, and a pretty fair bet he plays well. Everything points to the Giants here, including them playing at home, but I am going with a ‘Boys upset.
Ray Lewis and the Ravens are in Cincy for a key game for both teams. The Ravens lock up their division with a win, and a first round home game (and homefield throughout if the Pats lose to the Bills) in the process, which is key because the Ravens have been a bad road team this year. The Bengals, on the other hand are young and hungry for a wildcard spot, which they would nail down with a win. This could be a great game, no idea who wins it, but either way it is hard to see the Patsies losing to Buffalo when the number one seed is still on the line.
Then we have the “lose or go home” game. Colts at Jags. Both these teams have been woeful for the season, although the Not-Peytons have a shocking two game winning streak going. The problem for the Colts is, of course, a win against the Jags might well put them out of Luck. Andrew Luck that is. Thing is, Jags may well want another QB in the draft and have nothing to gain with a win either. Jacksonville has already fired its coach, Jack Del Rio, and the franchise was just sold. In short, they are a mess. This will be a really interesting game to see who loses the best and how.
The last of the killer klashes this week is another Black and Blue grudge match, this time between the Kitties and the Cheese. The Pack has nothing to play for having already wrapped up the NFC top seed and home field throughout the playoffs. If Rodgers plays at all, it will likely not be much. Look for Matt Flynn to get most of the time behind center, with Graham Harrell getting a little game experience too. The Kitties, however, need to win to keep the fifth seed, which could mean the difference between playing the Giants/Cowboys winner or the Saints. That is healthy motivation. Lions should win this one, but if they do, it will be their first win on the Frozen Tundra in 20 years.
Titans at the Texans also has some playoff implication, but not many. Titans slim hopes for making the postseason show depend on a win against the Texans, and a LOT of help. Texans get Andre Johnson back and that is good because they need to get some game chemistry between him and young TJ Yeats before the playoffs begin. I rate this as a toss-up. The rest of the teams are pretty much just playing out the string.
We will either update or, more likely, just put up a new thread for all the college bowl extravaganza starting Monday. So, let us all take a Tee Bow, and raise a frosty. Commence trashing!
Share this entry
https://www.emptywheel.net/wp-content/uploads/2016/07/Logo-Web.png00bmazhttps://www.emptywheel.net/wp-content/uploads/2016/07/Logo-Web.pngbmaz2012-01-01 05:02:082012-01-01 05:02:08Seasons End New Year’s Trash
As we stand on the doorstep of President Obama signing into law the new NDAA and its dreaded controversial provisions, there are two new articles out of interest this morning. The first is an incredibly useful, and pretty thorough, synopsis at Lawfare of the new NDAA entitled “NDAA FAQ: A Guide for the Perplexed”. It is co-written by Ben Wittes and Bobby Chesney and, though I may differ slightly in a couple of areas, it is not by much and their primer is extremely useful. I suggest it highly, and it has condensed a lot of material into an easily digestible blog length post.
The administration has said that its covert, targeted killings with remote-controlled aircraft in Pakistan, Yemen, Somalia and potentially beyond are proper under both domestic and international law. It has said that the targets are chosen under strict criteria, with rigorous internal oversight.
….
“They’ve based it on the personal legitimacy of [President] Obama — the ‘trust me’ concept,” Anderson said. “That’s not a viable concept for a president going forward.”
The article goes on to state how the CIA, and the majority of voices in the White House, are fighting tooth and nail for continued utmost secrecy lest any of our enemies somehow discover we are blowing them to bits with our drones. This is, of course, entirely predictable, especially now that the former head of the CIA leads the military and the former military chief for the greater Af/Pak theater which has long been ground zero for the drone kill program, Petraeus, is the head of the CIA.
But then the Post piece brings up our old friend, the OLC:
The Justice Department’s Office of Legal Counsel has opposed the declassification of any portion of its opinion justifying the targeted killing of U.S. citizen Anwar al-Awlaki in Yemen this year. Awlaki, a propagandist for the Yemen-based al-Qaeda affiliate whom Obama identified as its “external operations” chief, was the first American known to have been the main target of a drone strike. While officials say they did not require special permission to kill him, the administration apparently felt it would be prudent to spell out its legal rationale.
….
Under domestic law, the administration considers all three to be covered by the Authorization for Use of Military Force that Congress passed days after the Sept. 11, 2001, attacks. In two key sentences that have no expiration date, the AUMF gives the president sole power to use “all necessary and appropriate force” against nations, groups or persons who committed or aided the attacks, and to prevent future attacks.
The CIA has separate legal authority to conduct counterterrorism operations under a secret presidential order, or finding, first signed by President Ronald Reagan more than two decades ago. In 1998, President Bill Clinton signed an amendment, called a Memorandum of Notification, overriding a long-standing ban on CIA assassinations overseas and allowing “lethal” counterterrorism actions against a short list of named targets, including Osama bin Laden and his top lieutenants. Killing was approved only if capture was not deemed “feasible.”
A week after the Sept. 11 attacks, the Bush administration amended the finding again, dropping the list of named targets and the caveat on “feasible” capture.
“All of that conditional language was not included,” said a former Bush administration official involved in those decisions. “This was straight-out legal authority. . . . By design, it was written as broadly as possible.”
I would like to delve into a second, and equally misleading, meme that has been created by the self serving and inconsistent secret law Obama has geometrically expanded from the already deplorable Bush/Cheney policy set: the false dichotomy in the kill or capture element of the Read more →
Share this entry
https://www.emptywheel.net/wp-content/uploads/2016/07/Logo-Web.png00bmazhttps://www.emptywheel.net/wp-content/uploads/2016/07/Logo-Web.pngbmaz2011-12-20 11:07:352011-12-20 12:08:23Drone War Secrecy and Kill or Capture
Yeah, we are in the doldrums between end of the college football season, start of the playoff and Super Bowl stretch for pro football and the start of the baseball season. Oh, and, of course, March Madness. Here is what I am having an, uncomfortably, hard time giving a darn about: the NBA.
Just as appropriate filler info, I used to “Love This Game”. No joke. I had Phoenix Suns season tickets since before the start of the Kevin Johnson/Tom Chambers years, straight through the Charles Barkley fun and into the after-period where the doldrums set in. Chuck was the icing on our cake, but the stadium was already a sellout and the team already a serious contender in the league championship well before he came. That said, there has never been, before or after, quite the excitement and buzz that Sir Charles brought. It was a magical time, even if it was second fiddle to Air Jordan and the Bulls (though by the slightest of margins in 1993). The point is, Jordan is gone, the Chuckster is gone, Magic and Bird are gone; it is all gone. There are only a couple of stars that have the panache and balls of the old crowd left in the league, such as Kobe Bryant and Dirk Nowitzsky. I would love to say there is a “new generation” taking over in the NBA. But, unless you consider Kobe the “new generation”, the new generation in the NBA is a bunch of self entitled, selfish, jerk punks like “King” LeBron James. Bleech.
Navy has brought the big battleship guns and beat Army (again) in a surprisingly hard fought and close battle of the armed forces. Congratulations Navy! Which brings us to the real Trash, pro football. The NFL! Yea!
Aaaaannnddd the big game today is, of course, the TEBOWL! That’s right T and the Bows take on Da Bears. Both teams come into the game with a 7-5 record and playoff aspirations. If there is a team in the league that has the defense to bust up the Baby Jesus train, it is the Bears. Urlacher and the boys are tough and disciplined. But the Broncos have been kicking ass and taking names on defense lately too, and Chicago will not have Jay Cutler or Matt Forte. That is bad news, Bears fans. Also, the game is at Mile High, which is a tough venue. Should be pretty interesting to see if the messiah can keep it up.
The Rayduhs, who are tied with the Tebows at the top of the AFC West, travel to The Frozen Tundra to visit Mr. Rodgers’ Neighborhood. Hard to pick against the Pack here, but Oakland is a pretty good team. Carson Palmer seems to be settling in, but running back Darren McFadden (right foot) and big-play receivers Jacoby Ford (left foot) and Denarius Moore (right foot) are all out. Combined with a porous pass defense, that spells trouble for the Raiders.
The other interesting game is the Cowboys and Giants. The ‘Boys are 7-5 and the Gents have slid to 6-6, but this game will be for the NFC East lead heading down the stretch, so it is critical. Romo has been playing pretty well lately, and rookie DeMarco Murray from Oklahoma is an emerging star at running back. The Giants have been all out of whack on both sides of the ball. The game is in the Big D. Everything seems to be lined up for a Dallas win. So I am taking the Giants here.
The Bills are out Randiego’s way to meet the Bolts. Both clubs have fallen off the face of the earth, and are at 5-7. Will be interesting to see which one actually wants to step up and win a game here. Maybe they can actually pull off a rare tie here; that would be fitting. Houston at Cinci will be a good test to see if the Bengals can capitalize on the Texans being without a first line QB and big play Andre Johnson. TJ Yeats kept the team in the game and won last week, this will be another good test of how he will hold up. The Kitties host the Vikings. Ponder has a touchy hip, but likely will start; Adrian Peterson is hobbled, but will also likely play after missing last week’s game. Suh, of course, is suspended and, hopefully, won’t crash his car on the way to the local sports bar to watch his team play. Detroit ought to be able to win this and get back on track. If not, stick a fork in them. Patsies are at the Skins and should make pretty easy work of that. The rest of the games are just not particularly noteworthy.
The Crystal River nuclear plant, seen from across adjacent wetlands, back in 2007 when it was actually functional. (Wikimedia Commons)
Almost single-handedly, reporter Ivan Penn at the Tampa Bay Times (formerly known as the St. Petersburg Times) has been informing the world of the disgusting spectacle taking place only sixty miles southwest of my home at the Crystal River nuclear power plant in Florida. The plant has been shut down since Progress Energy decided in 2009 that they could save $15 million in the costs of managing the replacement of the plant’s steam generators by managing the project itself. The ongoing mismanagement of the project has resulted in at least three major cracks in the containment building for the reactor and a projected cost of at least $2.5 billion to repair a plant that was designed to operate only through 2016. The second crack came when repairs were attempted on the first crack. And yes, these crackers just couldn’t learn, and the third crack came while they were contemplating how to repair the second crack instead of bringing in experts who actually knew what they were doing.
In a November 6 article from this year, Penn describes many of the details above about how Progress Energy chose not to use one of the two experienced engineering firms to manage the project in order to save $15 million in management fees. But because representatives of one of those firms, Bechtel, were present as part of the construction phase of the project, Progress still received warnings about the strategy they had chosen:
One warning:
Charles Hovey was an experienced construction foreman who had worked on similar projects at other nuclear plants. Progress, he observed, planned to use a different procedure to cut into its containment building.
“I have never heard of it being done like this before and I just want to express my concerns to you one last time.”
Another warning:
“Why are we doing tendons different here than all other jobs?” site supervisor John Marshall asked in an e-mail sent to Sam Franks, another Bechtel supervisor. Read more →
Share this entry
https://www.emptywheel.net/wp-content/uploads/2016/07/Logo-Web.png00Jim Whitehttps://www.emptywheel.net/wp-content/uploads/2016/07/Logo-Web.pngJim White2011-12-05 10:40:162011-12-05 13:12:20Florida Containment Dome Crackers: How Saving $15 Million Ended Up Costing $2.5 Billion
Because there hasn’t been an immediate, multinational hue and cry to bomb Iran over the leaked IAEA report, both Israeli Prime Minister Benjamin Netanyahu and David Albright, the designated point person for fomenting fears over Iran’s nuclear program in the United States, have been reduced to using their best Billy Mays voice to boom out “But wait, there’s more!” Netanyahu’s blathering has been dutifully written down and published by Reuters while Albright has found a willing mouthpiece in the Washington Post’s Joby Warrick
Netanyahu told his cabinet yesterday that Iran is closer to getting the bomb than the IAEA report suggests. Here is how Reuters reported his remarks:
“Iran is closer to getting an (atomic) bomb than is thought,” Netanyahu said in remarks to cabinet ministers, quoted by an official from his office.
“Only things that could be proven were written (in the U.N. report), but in reality there are many other things that we see,” Netanyahu said, according to the official.
The Israeli leader did not specify what additional information he had about Iran’s nuclear program during his cabinet’s discussion on the report by the U.N.’s International Atomic Energy Agency (IAEA) released last week.
Yup, Netanyahu is telling us he knows more about Iran’s nuclear technology than the rest of the world knows, but he won’t give us details and he can’t prove it. And, of course, it is important to believe everything Netanyahu says.
Meanwhile, in Washington, Joby Warrick saw fit this morning to devote an entire article to building the case that Vyacheslav Danilenko was transferring crucial nuclear technology to Iran rather than helping Iran to develop nanodiamond technology. The accusations against Danilenko come almost exclusively from David Albright and a “report” on Danilenko prepared by Albright’s Insitute for Science and International Security. Warrick does include one brief quotation from a former CIA Iran analyst on how analysts characterize the flow of information into potentially covert programs and a statement from Josh Pollack of Arms Control Wonk. I will return to the Pollack quote below.
Now that Danilenko’s work on controlled high explosives detonations creating nanodiamonds has been put forward as a potentially peaceful use of the technology he was helping to develop in Iran, those who promote the view that Iran is working hard now to develop a nuclear weapon find it necessary to provide a stronger connection between Danilenko’s work and development of a bomb trigger device. At the same time, Danilenko has responded to press inquiries with a direct “I am not a father of Iran’s nuclear program” and “I am not a nuclear physicist.” Read more →
We have an interesting phenomenon underway here in Phoenix – the outright commercialization of political campaign ads. It is the handiwork of a Scottsdale sushi restaurant, Stingray Sushi. In short, a corporation is using a political race as a straight up advertising vehicle for their product, without officially supporting or donating to either candidate. The ploy started off just riffing on hot button political issues such as:
“Bill Clinton Likes My Sushi”
“Larry Craig Likes Our Bathrooms”
“Blagojevich is the Best Tipper”
Stingray then morphed into playing off of a local initiative drive on the ballot. But now they have stepped square into a heated political race between competing candidates.
The current, and heaviest manifestation of this novel activity by Stingray to date, is the current Phoenix Mayor’s race, which will be decided on November 8. The race itself is supposedly non-partisan, however it pits longtime uber-Republican operative Wes Gullett, who was the chief of staff for disgraced (and convicted) Governor Fife Symington and has served in several administrative and campaign capacities for John McCain over the years, against a moderate, but fairly clear Democrat, former City Councilman Greg Stanton.
If the question is “is this legal”? Yes, it appears to be quite legal under both state and federal campaign law, although Stingray has had to put stickers on their signs advising that it is “Not authorized by any candidate or candidate’s campaign committee.”
The ad campaign is the brainchild of a local ad and political consultant by the name of Jason Rose. I will have to give Jason credit here, it is pretty inventive and has certainly captured the imagination of Phoenix residents. Everybody has seen them, even my high school daughter talks about them. My wife thinks they are hilarious catch phrases now. Anytime I mention politics, she blurts out “Mayors Are Yum Yum!”.
Now, here is the better question – where does this go from here? Stingray is playing both sides of the electoral race fence in this campaign, but it is hard to believe others necessarily will do the same. Will bigger corporations exercise their right to free political speech decreed in Citizens United by branding themselves to a particular candidate? Is it a good thing to have electoral races clouded by raw corporate advertising pitches as opposed to actually taking a side?
I honestly do not know the answers to the questions raised, not the plethora of others that arise from this ad campaign. But I doubt it is a one off deal, you can expect to see other similar ad campaigns attached to elections in the future. What do you think??
Share this entry
https://www.emptywheel.net/wp-content/uploads/2016/07/Logo-Web.png00bmazhttps://www.emptywheel.net/wp-content/uploads/2016/07/Logo-Web.pngbmaz2011-10-27 16:03:442011-10-27 16:03:44Commercializing Campaign Ads: California Roll For Mayor
Aerial view of the Torkham crossing from Pakistan's Khyber Agency into Afghanistan. (ISAFMedia photo.)
Last week’s visit by a delegation of high-ranking US officials to Pakistan featured the ironic use of the US Secretary of State to deliver a newly militarized message to the Pakistanis regarding the way forward, with the introduction of the “fight, talk, build” catchphrase. Although the US clearly urged Pakistan to attack the Haqqani network in its safe haven in North Waziristan, it appears that Pakistan is taking part of the message to heart and is attacking militants, but the attacks are in the Khyber Agency, two agencies away from North Waziristan. At the same time, we learn that the Haqqanis are now insisting that if they take part in talks with the US, the talks must include the Taliban in a leading role.
Pakistan’s Dawn informs us through an AFP story that Pakistan’s army has ordered over 18,000 civilians to evacuate portions of the Kyber Agency because of military action there:
At least 18,000 people have fled their homes in Pakistan’s tribal district of Khyber, fearing a fresh onslaught of fighting between the army and Islamist militants, officials said Tuesday.
Families streamed out of the district, a flashpoint for Taliban and other violent groups on the Nato supply line into neighbouring Afghanistan, after the army ordered them to leave because of military action going on in the area.
/snip/
“Around 3,200 families, up to 18,000 people, have arrived in the Jalozai refugee camp and we are making arrangements to facilitate them,” Adnan Khan, spokesman for the disaster management authority of Khyber Pakhtunkhwa province, told AFP.
It will be interesting to see if the US accepts this action by Pakistan as a good faith effort to respond to last week’s demands. Cutting down on the frequency of attacks on US convoys into Afghanistan might help to soften the US reaction to Pakistan’s refusal to carry out attacks on the Haqqanis in North Waziristan. The Torkham Crossing is the most heavily used supply route into Afghanistan and it sees a steady stream of tankers delivering fuel. These tankers often are subject to attack in Pakistan, so if the current action in Kyber reduces those attacks, the US should see this as a positive development.
Meanwhile, the Haqqani network tells Reuters that they will not take part in direct talks with the US unless the Taliban play a lead role:
The Afghan Haqqani insurgent network will not take part individually in any peace talks with the United States and negotiations must be led by the Taliban leadership, a senior commander told Reuters on Tuesday.
“They (the Americans) would not be able to find a possible solution to the Afghan conflict until and unless they hold talks with the Taliban shura,” said the Haqqani group commander, referring to the Taliban leadership council.
/snip/
“This is not the first time the U.S. has approached us for peace talks. The Americans had made several such attempts for talks which we rejected as we are an integral part of the Taliban led by Mullah Mohammad Omar,” he said.
The fact that the Haqqanis now are laying out the conditions for taking part in talks would appear to be progress toward talks eventually taking place. The question now becomes how much the US will insist on its “fight” part of “fight, talk, build” preceding the actual talks.
Share this entry
https://www.emptywheel.net/wp-content/uploads/2016/07/Logo-Web.png00Jim Whitehttps://www.emptywheel.net/wp-content/uploads/2016/07/Logo-Web.pngJim White2011-10-25 10:35:492011-10-25 10:35:49Pakistan Update: 18,000 Flee Khyber Area, Haqqani Insist Taliban Must Lead Talks
Welcome to TebowWheel. We are done with that national security and legal shit; we’re going ALL TEBOW, ALL THE TIME baybee! Now, I hear Rosalind is fixing to riot this place or something because she can’t find a Trash post to trash up. Fine, riot away, just PLEASE do it very quietly, mmkay? Cause I gots a little severe head trauma going on here. Aspirin doesn’t help. Excedrin doesn’t help. Tylenol and Advil don’t help either. Freaking vicodin doesn’t even help. I am currently looking for a guillotine delivery service. That might work….
Okay, sorry about being so tardy here but things happened starting about happy hour time yesterday. Bad things; very bad things. Here are a few things I either learned or remembered the hard way during the ramble through the bramble:
1) I’m too old for the kind of party expedition work I used to easily do.
2) No matter how much mescal seems like a good idea at the time, it just never is. (after four decades, those worms are still nasty).
3) So, it turns out there is a bar in Scottsdale that has live singing and dancing midgets. The Britney Spears midget was every bit as nasty as the fucking mescal worm.
4) I may have to rethink that propofol shit Michael Jackson mainlined, cause nothing, I mean nothing, works for shit. Just blinking my eyes causes unimaginable excruciating pain.
5) Falling asleep on the pool diving board is not a sound plan. Don’t think I was there that long, but then the sun started coming up. Damn near rolled into the pool.
Okay, I’m a gonna post this now cause that uppity Wheel woman is bugging me. She called my telephone this morning. That was rude, sounded like a freaking air raid siren rattling in my head. Then she started asking me questions and stuff; that didn’t work well. So, Sparty just ran off about 16 points and took the lead against Russell Wilson and the Wisconsin Badgers. Great game so far. Except that grounding in the endzone crap. That wasn’t good. Aw ferchristsakes, freaking Sparty just blocked a kick and recovered the ball in the endzone for another touchdown right before the end of the first half. Jeebus.
So, MORE TEBOW to come. I’ll bet Baby Jesus could cure my head.
Share this entry
https://www.emptywheel.net/wp-content/uploads/2016/07/Logo-Web.png00bmazhttps://www.emptywheel.net/wp-content/uploads/2016/07/Logo-Web.pngbmaz2011-10-22 21:27:112011-10-22 21:33:08Tebow Christ Superstar!: Wash Yer Hands & Seal The Fishes Fate
Duqu isn’t Christopher Lee in Attack of the Clones, but it is the newest computer malware to hit mainstream consciousness. It’s attracting attention mainly because it is based on the same software source code base as the Windows portion of Stuxnet. If you haven’t heard about Duqu, check out the Wired article that first alerted me to its existence. If you are interested in the technical details, you need to read the excellent write-up by Symantec (pdf link).
Unfortunately, the twitterverse, blogosphere, and the computer security profession all seem to be caught up in a hype/debunking/speculation cycle that is spreading more heat than light. The primary significance of Duqu is what it tells us about the operation behind Stuxnet and Duqu, i.e. that it is an on-going enterprise conducting computer espionage and sabotage around the world. The fact that it is rather obviously (though not publicly) run by the U.S. intelligence community should concern everyone.
I’ll put up a more extensive post later (including a timeline!) detailing what the Duqu phase of the Stuxnet operation tells us about the cyberwarfare strategy of the U.S. and how it is endangering the safety and security of the U.S. and the whole industrialized world. But first, I want to remind everyone how Stuxnet was originally discovered:
… the VirusBlokAda security firm in Minsk, received what seemed to be a relatively mundane email on June 17, 2010. An Iranian firm was complaining that its computers were behaving strangely, shutting themselves down and then rebooting. Ulasen and a colleague spent a week examining the machines. Then they found Stuxnet. VirusBlokAda notified other companies in the industry, including Symantec.
This incident became curiouser and curiouser as Symantec, Langner, and others took apart Stuxnet. There wasn’t any obvious reason that Stuxnet would have caused that sort of behavior on an infected computer. I even wondered at the time whether or not Stuxnet’s cover was blown intentionally since the perpetrators moved quickly to call further attention to themselves. But, thanks to the good work of the Symantec team, we can surmise something quite revealing about the initial discovery of Stuxnet.
The rootkit component of Duqu is quite similar to, but not exactly the same as, the one in Stuxnet. In both cases, if the infected computer gets rebooted while it is infected, the rootkit wants to make sure that it is running before the operating system is fully loaded. That’s why this rootkit (both flavors, Stuxnet and Duqu) is packaged as a hardware device driver. Here’s a feature of Duqu’s driver that wasn’t present in Stuxnet (as described by Symantec on page 4 of the pdf linked above):
The driver then registers a DriverReinitializationRoutine and calls itself (up to 200 times) until it is able to detect the presence of the HAL.DLL file. This ensures the system has been initialized to a point where it can begin injecting the main DLL.
The bolded portion is the new functionality that wasn’t present in Stuxnet. As a software developer, this detail tells me a lot. The driver is checking to make sure that the hardware abstraction layer (HAL.DLL) of Windows is loaded before it proceeds with the re-infection routine. The HAL is a portion of the Windows OS that really needs to be loaded before device drivers can function properly. Between the time that Stuxnet was deployed and this later version was compiled, the Stuxnet team identified a problem (a race condition) with their software being loaded before the HAL, probably only under the rarest of circumstances. So they modified their program to take this possible condition into account.
As I thought about this, I realized that the likely impact of the Stuxnet device driver being loaded before the HAL was properly initialized would almost certainly be that the machine would continuously crash and reboot. Look again at how Stuxnet was first discovered (remember it was in the wild for at least a full year before it was noticed by any anti-virus vendor):
… the VirusBlokAda security firm in Minsk, received what seemed to be a relatively mundane email on June 17, 2010. An Iranian firm was complaining that its computers were behaving strangely, shutting themselves down and then rebooting. Ulasen and a colleague spent a week examining the machines. Then they found Stuxnet. VirusBlokAda notified other companies in the industry, including Symantec.
By November 3, 2010 (the compile date of the Duqu component), the Stuxnet team had fixed the bug that led to the discovery of Stuxnet last year. And then went almost another full year without being discovered by the anti-virus vendors. It is likely to be a lot harder to reconstruct what the Stuxnet team has been up to this time around, but it is clear that the operation is on-going and we can assume (unless specific information turns up pointing in a different direction) that the primary target is still the Iranian nuclear program.
Share this entry
https://www.emptywheel.net/wp-content/uploads/2016/07/Logo-Web.png00WilliamOckhamhttps://www.emptywheel.net/wp-content/uploads/2016/07/Logo-Web.pngWilliamOckham2011-10-20 16:48:292011-10-20 16:48:29Did Duqu fix the bug that revealed Stuxnet?
Duqu isn’t Christopher Lee in Attack of the Clones, but it is the newest computer malware to hit mainstream consciousness. It’s attracting attention mainly because it is based on the same software source code base as the Windows portion of Stuxnet. If you haven’t heard about Duqu, check out the 