Rolling Stone Magazine Writes About Computer Security

It's a virus that plays AC/DC, so it makes sense. Surreal, though.

Another article.

EDITED TO ADD (8/13): Original post on the F-Secure blog. Iran denies the story.

Posted on August 9, 2012 at 1:46 PM • 26 Comments

Comments

SadButMadLadAugust 9, 2012 2:41 PM

I call some bunkum on the story. How could a virus play music at max volume. All that needs to be done is turn volume using the physical knob. Or even better, unplug the speakers.

NobodySpecialAugust 9, 2012 2:47 PM

Does this mean that Iran's secret nuclear weapons program will now come under attack from the RIAA? That could be a win-win war!

Fred PAugust 9, 2012 2:51 PM

@ SadButMadLad-

I have three computers at my work desk; none of them have a physical volume control nor external speakers, but all of them have sound (from internal speakers).

Mind you, it's not difficult to turn the sound down or off - if you have privileges or are willing to turn off the computer (or know another way to turn off the sound).

That said, it seems that this "news story" is little better than heresay - it appears to be based off of a single e-mail, with an allegedly verified source address.

ScaredAugust 9, 2012 3:47 PM

It should have played The Funniest Joke in the World. If it could be translated to German, why not Farsi? (Provided no translator sees more than one word at a time)

LinkTheValiantAugust 9, 2012 3:54 PM

Does this mean that Iran's secret nuclear weapons program will now come under attack from the RIAA? That could be a win-win war!

I can see a Cory Doctorow novel framework already.

Thinking about it more seriously, this could be a real annoyance. Max volume is well above most peoples' comfort level. Assuming the malware disables software control of sound levels, it would be beyond most end-users' ability to stop without turning off the computer. (Or opening the tower and cutting the power connection to the speakers.) Just imagine getting back from lunch and discovering that one's workspace has been rendered 100% distracting.

Of course, it would have been rather more effective had the malware authors remembered that lunchtime in Iran isn't quite the same as it is in other time zones.

WooAugust 9, 2012 4:34 PM

A computer virus with a taste for good music... now that's really a novel idea.

Jimbo JimmyAugust 9, 2012 8:47 PM

Wouldn't the creator of such malware want it to remain undetected as long as possible? A state created piece of malware surely wouldn't do this, right?

JoeAugust 9, 2012 9:14 PM

@Jimbo Jimmy

I suppose it depends on what the purpose was. If it was merely to disable their equipment, then it would be better to leave it there undetected. If it is to send a message that we are coming after you and that we can do what we want with your systems, then this makes sense.

I'm still not sure if it's true though.

Ygnor AmusAugust 10, 2012 12:23 AM

@ kingsnake:
You have a cruel imagination.

What I am curious about is the vector of infection, not of this instance particularly, but in any instance where a nuclear facility and the presumably highly intelligent personnel who operate it are involved. Obviously you can't telnet into the bloody thing. But why would anyone be able to use even a physical medium without great difficulty? Also, would or could a unix environment be as effectively affected?

~ Ygnor Amus, but honestly curious

AC2August 10, 2012 12:43 AM

He he, should lead to a rewrite of that line from Ronin...

Spence: You ever kill anybody?

Sam: I hurt somebody's senses once, by playing Justin Beiber loudly.

Neil in ChicagoAugust 10, 2012 1:06 AM

Sadly, it's not odd to find this in Rolling Stone. They're an important source of genuine, responsible journalism.

Chris WAugust 10, 2012 2:36 AM

Got a real hoax vibe here. If that supposed scientist was truly sending such emails, he surely isn't anymore, they won't even bother with a trial for treason.

But I used to get this alot with a colleague of mine, he would leave his cellphone on his desk in the next office with one of the most annoying of ringtones. (No, not J.B.)
He was support manager so was called frequently.
I'm certain most of you have similar experiences. ;)

SamAugust 10, 2012 2:39 AM

As Mikko says on the original blog post:

"I'm not sure what to think about this. We can't confirm any of the details. However, we can confirm that the researcher was sending and receiving emails from within the AEOI."

vwmAugust 10, 2012 3:59 AM

Besides there being not much confirmation that this actually happened at AEOI, there is even less confirmation that it was targeted.

LesAugust 10, 2012 7:28 AM

What's more likely: a spoofed email from Iran, or a targeted worm whose purpose is to slightly annoy the cleaning staff?

Bob TAugust 10, 2012 9:12 AM

@Scared

It should have played The Funniest Joke in the World. If it could be translated to German, why not Farsi? (Provided no translator sees more than one word at a time)

Two words and they might end up in hospital for a month.

jacobAugust 10, 2012 2:01 PM

Cute. Personally, I think "big balls" or "dirty deeds done dirt cheap" may have been more appropriate...

paranoia destroys yaAugust 10, 2012 3:33 PM

I think they also used this on my local radio station They play a AC/DC song every other hour, but never many other classic rockers.

Dirk PraetAugust 11, 2012 12:00 PM

The kind of thing we would all like to believe, but I know of very few secret agencies publicly exhibiting a sense of humour. At least not intentionally, that is.

Clive RobinsonAugust 11, 2012 4:13 PM

@ Dirk,

but but know of very few secret agencies publicly exhibiting a sense of humour. At least no intentionally, that is

One springs to mind immediately and that's the "Fairy Cakes" PDF supposadly done by one of the British "MI's" working out of Hanslope Park.

Dirk PraetAugust 11, 2012 4:27 PM

Indeed. I totally forgot about that one. I should have made that non-British secret agencies.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..