Those that have been hacked -- and those that don't know they've been hacked.

That's according to cybersecurity experts.

This is a disaster waiting to happen.

The Stuxnet worm propagates by exploiting a hole in all versions of Windows in the code that processes shortcut files, ending in ".lnk," according to...[the] Microsoft Malware Protection Center....Merely browsing to the removable media drive using an application that displays shortcut icons, such as Windows Explorer, will run the malware without the user clicking on the icons. The worm infects USB drives or other removable storage devices that are subsequently connected to the infected machine. Those USB drives then infect other machines much like the common cold is spread by infected people sneezing into their hands and then touching door knobs that others are handling.

The malware includes a rootkit, which is software designed to hide the fact that a computer has been compromised, and other software that sneaks onto computers by using a digital certificates signed two Taiwanese chip manufacturers that are based in the same industrial complex in Taiwan--RealTek and JMicron, according to Chester Wisniewski, senior security advisor at Sophos.... It is unclear how the digital signatures were acquired by the attacker, but experts believe they were stolen and that the companies were not involved.

http://www.cnet.com/news/stuxnet-delivered-to-iranian-nuclear-plant-on-thumb-drive/

First thing one does with a new secure machine is savage the USB connections.

And also connect the USB drive to a unix box and zero everything on it before you connect it to anything else.

Somewhat in the spirit in which one zaps all the drives on the new windoze box and reinstalls eveything yourself, because you need to know what is on it exactly.

What would happen if some crazy hacker got to the controls of a nuke power plant?

Don't you mean when?

...Or a major hydroelectric dam complex, or the production controls in a pharmaceutical factory, a food processing plant, or the drinking water plant for a community?

A nuke is nasty stuff but has some structural safeguards built in. Many "lesser" sites do not.

The real threat is not a crazy hacker, or terrorist. The real threat is some company or group holding those controls hostage for a price or to forward an agenda.

Oops, we already had that.

Einstein was heard to mention something like the use of our technology by men with the mindset like we have would be the doom of civilization.

With all the computer controls, heck, they could even steal votes.

The thing about nukes, tho, it only takes a few seconds to start a mass calamity.

My point was that Nukes have always been dangerous. While this kind of attack on one could certainly cause death or disaster on a massive scale, that same degree of threat exists as long as nuke plants operate (and likely long after sad to say). Nukes are inherently a disaster that could happen at almost any time. Ask the folks living near or even not so near to Fukushima Daiichi about that...Or review the operating logs from TMI or Chernobyl.

The insidious nature of tools like STUXNET is that they can be tailored for a particular function but when loose in the wild generate unpredictable side effects. Like Drones they can produce collateral damage even when applied to the task they were supposed to be designed for.

One thing Fukushima did was wake people up to the fact that reactors will melt down in a matter of hours if their cooling system isn't operating - and that can obviously happen for a number of reasons.

Keep up the good work. It may actually help save some lives.

And what I watched on YouTube.

Since they have put backdoors and spy portals into everything, they have made everything that more vulnerable. What people thought was good encryption was a joke. They are building the doors for hackers.

However, unless you're actually in the government, they can't do anything other than publish "best practices". Which are routinely ignored.

Hackers create the preceived need for more spying. Why would the NSA oppose them?

The NSA was never meant to be used domestically.

The military has its own NSA flavor: INSCOM. It used to be the Army Security Agency.