14 DAY TRIAL // The Anonymous collective Crowdleaks has published the decompiled code of a Stuxnet sample obtained by the Anonymous collective during their recent hacking of HBGary's computer systems.
The code was uploaded to Github by an Anonymous a Crowdleaks member going by the name of Laurelai Bailey. A special @stuxnetsource Twitter account was also set up to post updates about it.
The repository originally contained partial Stuxnet code obtained with the open source Boomerang decompiler.
However, following requests for contributions, someone submitted dumps generated with Hex-Rays, a decompiler extension for IDA Pro, the de facto reverse-engineering tool used by malware researchers.
Laurelai wrote on Twitter that people's interest has been higher than initially expected, with the code being forked 15 times already.
The Anonymous Crowdleaks member also offers the original binary for research purposes to anyone interested, but asks them to share back better source code if they obtain it.
The issue of whether Anonymous' the decision to release the source code is a dangerous one or not is debatable.
As far as the original binary goes, Anonymous is already well known for its strong views on freedom of information, so it's not really surprising to see it posting sensitive data like this online.
Also, people should keep in mind that disassembled code is very hard to use because it is missing a lot of important details.
Yes, it's great for understanding what something does, because a lot can be determined from how functions are coupled together, but actually extracting large chunks of decompiled code and repurposing it in a usable way would be painstaking work.
Even if a talented programmer could do that, it would probably be more feasible for them to take all the details already known about Stuxnet and create their own version from scratch. At best, the decompiled code can serve as inspiration.
Update February 23, 2011: It has been brought to our attention that Laurelai Bailey is a member of Crowdleaks, a crowd journalism website dedicated to freedom and information which has its roots in Anonymous' Operation Leakspin, but is now separated from the group. We have modified our story to reflect that. The original title of this article was: Anonymous Publishes Decompiled Stuxnet Code.