******************** THIS BLOG HAS MOVED TO WWW.LEGALINSURRECTION.COM ********************

This blog is moving to www.legalinsurrection.com. If you have not been automatically redirected please click on the link.

NEW COMMENTS will NOT be put through and will NOT be transferred to the new website.

Thursday, September 30, 2010

Another Jewish Historical Reference Found In Stuxnet Code

The New York Times reported on a possible reference to the Book of Esther in the Stuxnet code.  Queen Esther, of course, saved the Jews of Persia from the evil Haman, as celebrated in the Jewish holiday Purim.

Now, a Symantec researcher has found a reference in the code to an obscure date in 1979 which just happens to be the date on which the Iranian revolutionaries executed a prominent Iranian Jew.  As reported at ThreatPost:
A Symantec researcher filled in more critical details about the Stuxnet worm here, demonstrating the worm's ability to take control of programmable logic controllers (PLCs) by Siemens Inc. and disable machinery connected to them.

Liam O'Murchu of Symantec, speaking at the Virus Bulletin Conference here, provided the first detailed public analysis of the worm's inner workings to an audience of some of the world's top computer virus experts. O'Murchu described a sophisticated and highly targeted virus and demonstrated a proof of concept exploit that showed how the virus could cause machines using infected PLCs to run out of control....

As for suggestions that Israeli intelligence may have authored the virus, O'Murchu noted that researchers had uncovered the reference to an obscure date in the worm's code,  May 9, 1979, which, he noted, was the date on which a prominent Iranian Jew, Habib Elghanian, who was executed by the new Islamic government shortly after the revolution.
Here is a portion of the Wikipedia entry on Elghanian:
On May 9, 1979, Elghanian was executed by a firing squad in Tehran sending shock waves through the closely knit Iranian Jewish community. He was the first Jew and one of the first civilians to be executed by the new Islamic government. This prompted the mass exodus of the once 100,000 member strong Jewish community of Iran which continues to this day.
Was this an Israeli attack with snippets of code manipulated to mock the Iranians, or a false flag operation meant to blame the Israelis?

Somewhere, someplace, someone is laughing.  We just don't know who.

Follow me on Twitter, Facebook, and YouTube
Bookmark and Share


  1. A quick internet search reveals that also on May 9, 1979: A Unabomber bomb injured Northwestern University graduate student John Harris. And Prime Minister Pierre Trudeau Addressed Liberal Party Campaign Rally, Maple Leaf Gardens, Toronto!

    I have read that the Stuxnet worm periodically calls home over the internet to, among other tasks, report back on collected data and obtain programming updates from its command and control -- two servers in Malaysia and Denmark have been identified so far. I also read that Stuxnet can make some big thing(s) go "boom!" if its creator(s) decide. I would agree with Ahmadinejad on one thing. This is waaaaay beyond the intellectual capacity of sons of monkeys and pigs. He can't have it both ways.

  2. According to wikipedia,


    this virus is specifically designed to destroy very particular computers. I'm not a software security expert but it sure sounds to me like this virus has not yet done its job. Iran officials have only identified the infection and cannot proceed with its nuclear program under these conditions.

    Worse yet, the virus was probably designed to destroy their network and only their network and in a very complicated manner including the ability to morph and adapt. Wiki indicates that it is very difficult to know whether the virus has been eradicated and that attempts to disable it could very well trigger massive damage. They are the only ones with that specific version of the virus. Can they risk proceeding? Ever?

    What it amounts to is that Iran may be sitting on a self-destruct mechanism for the entire country. A useless suicide machine. And they can't be sure that anything they do can stop it.

    I recommend that Iran junk the entire system and start all over again from scratch. It's only money. Or maybe they can send everything back on warranty and get a free replacement.

  3. I just sit back and watch in rapt amazement at the sheer brilliance of the Israelis.

    A thousand IDF sorties over Iran could hardly do more damage than a few lines of malicious code.

    Not a single shot fired.

    And the thumb in the eye referencing Esther... Wow.

    This will make for a fantastic book someday.

    p.s., Professor: I am searching desperately for a certain Prius here on Cape Cod that is so festooned with bumper stickers of the liberal persuasion as to render all photographs shown here so far to be rank amateurs. I'll forward a photograph. Wish me luck.

  4. Bogus story:

    In most of the world, 05-09-1979 is September 5, 1979.

  5. "an extremely sophisticated and targeted virus", which breaks through security, copies itself, updates itself and controls the device it infects - has mysterious references to dates and biblical verses?

    Given the degree of difficulty in creating such a virus, and its intent, is there any doubt that it would be thoroughly scrubbed for extraneous information that has no function in its intent? In other words, whatever "clues" there are in the code as to its origin, something like dates and biblical verses, which have no purpose, can only be things put in there because the writer wants them discovered. To what purpose?

  6. @Dr. Ed - so maybe put there by someone who uses the American way of rendering dates? Or maybe just coincidence? Or maybe deniability?

  7. Perhaps its the birthday of the programmer? That would put him or her at 31 years old.

  8. "They have created a myth in the name of the Stuxnet code and consider it above global approvals, our national interest and the transfer of nuclear know-how."

    -- Malmud Ahmadinnerjacket

  9. They're making the wrong connections! It's not the Jews behind the virus.. it's BATMAN! The hebrew word they found in the code - 'Myrtis' - was actually a typo; it was supposed to be 'Myotis', a name of one of the audio tracks for Batman Begins, and is a genus of bats. Also, they date May 5, 1979 is referring to the May 1979 issue of Batman #311 - the enemy of the issue is Doctor Phosphorus, who was created by -- a nuclear reactor core!

    See? Batman's behind it all!

  10. The laughing you hear is me, Professor, it's me! And it's really more aptly described as hysterical shrieks of glee.

    This is so brilliant, I am in awe.

  11. If this was an Israeli project, it has amply repaid every penny of support the West has given to Israel since 1948.

  12. Why would a country put in code phrases that would link the creation back to themselves? The whole point behind it is to do damage in an anonymous manner.

    Pretty sure this is a case of apophenia.

  13. Hi.
    There's more to it as it seems.:)
    If you type D E U S (God) in Hebrew letters,
    Same key strokes will write - S T U X (N E T) in English !


  14. BTW, the name O'Murchu - properly Ó Murchú - is pronounced trisyllabically as Oh Murr-uh-khoo, with the 'kh' pronounced like 'ch' in the Scottish word 'loch'. It's one of the most common of Irish surnames being englished as Murphy. 'Liam' is the Irish for William/Bill etc.