Slashdot Mirror
Stuxnet Worm May Have Targeted Iranian Reactor
yuna49 writes "Analysis of the Stuxnet worm suggests its target might have been Iran's nuclear program. "Last week Ralph Langner, a well-respected expert on industrial systems security, published an analysis of the Stuxnet worm, which targets Siemens software systems, and suggested that it may have been used to sabotage Iran's Bushehr nuclear reactor. A Siemens expert, Langner simulated a Siemens industrial network and then analyzed the worm's attack. Experts had first thought that Stuxnet was written to steal industrial secrets, but Langner found something quite different. The worm actually looks for very specific Siemens settings — a kind of fingerprint that tells it that it has been installed on a very specific Programmable Logic Controller (PLC) device — and then it injects its own code into that system."
Sounds eerily similar to the Siberian Pipeline explosion but, had it actually worked, the consequences could have been much much worse.
There's one non-secular country in the world that is famous for it's disregard for anyone but itself and its fundamentalist religious belief in their own specialness in the eyes of their own god, which they believe justifies their evil actions.
The truth is some evil people will do anything for wealth and power.
Brilliant - let's get one up on the Iranians by messing with their nuclear reactor controls! What could possibly go wrong?
If true, this is reckless endangerment, and the people involved - government-backed or lone wolves - should be prosecuted. Just because the Iranian government is full of militaristic and theocratic jerks does not give anyone the right to endanger the lives of any old (or young) person living or working in and around that facility. Indeed, it's the kind of stunt that can only push their ruling class farther into paranoia and fear, the kind tha leads to... nuclear weapons development.
Someday, you're going to die. Get over it.
And Iran is probably going to blame Israel and then the shit hits the fan and it's WWIII. And we're all dead. Seriously, this is the kind of stuff that gives me ulcers.
My postings are informational and does not constitute legal advice. Act on it at your risk.
The worms in the reactor will eat the fuel rods, become radioactive, mutate, and destroy/dominate the world!
* Preemptive defense against the person who will take this post seriously: I realize most mutations have no significant effect, most of the remainder are harmful, and the chances of a slightly beneficial mutation, let alone a highly beneficial mutation is highly negligible. This post is for humor sake only.
Self proclaimed typo king, and inventor of the bear destroying coffee table (patent not pending).
Looks like national cyber security is about to get a much higher priority than copyright protection.
"...Bushehr is a plausible target, but there could easily be other facilities -- refineries, chemical plants or factories that could also make valuable targets, said Scott Borg, CEO of the U.S. Cyber Consequences Unit, a security advisory group
Why in the Hell is Iran connecting their nuclear reactor to the Internet???
Either Iran is unbelievably stupid, or they've got some blindingly incompetent IT people working at that plant. And considering the international attention that plant is getting, you'd imagine that any incompetent operators would have been sent into the desert to look for minefields while wearing clown shoes long ago.
[End Of Line]
Taking the tin foil hat off, it almost sounds like a "Siemens Patch" for the PLC device - then that got me thinking, wouldn't this be an interesting way to patch other (zero day) vulnerabilities in MSFT, Adobe Reader, and other products? Maybe that would only help for Joe Public who is not patching their software anyway...
The government of Burma doesn't have that much experience in computer science though.
Just one?
What the hell planet do you live on, and how do I get there?
Self proclaimed typo king, and inventor of the bear destroying coffee table (patent not pending).
Langner: We've analysed their attack Sir,and there is a danger.Shall I have your ship standing by?
Ahmadinejad: Evacuate?! In our moment of triumph?
Maybe it's the developer tools available? The overall windows ecosystem availability?
Whatever it is, the IDEA of using windows for mission critical control systems is insane from a security perspective (along with other reasons). Given that windows was never designed for embedded use, is probably not updated for security patches with systems that are not networked (on a regular basis) and is the target of the worlds computer security issues it seems a no-brainer to stay AWAY from it. I suppose money had something to do with it and not actual real thought to the dangers of using windows for these systems.
...why ANY nuclear reactor or power plant needs to be directly connected to a computer network. I can see it having say a USB port for upgrades of controller firmware but a network connection? Nope.
And even with a USB connection have a failsafe ROM backup so if it starts acting strange after the update then smack the "Default" button to bring it back under control.
"Bah!" - Dogbert
Ugh, what a terrible article. There's no firm conclusions at all, just mindless speculation. Here's some gems: "The only thing I can say is that it is something designed to go bang" and "'If I had to guess what it was, yes that's a logical target' he said, 'but that's just speculation'"
This could be an interesting topic, but unfortunately, it is turned into a pointless article spewing wild guesses. And the findings are to be submitted in a closed door security meeting? WTF? I guess we'll never know.
I have programmed many PLC's in my day, but unfortunately not Siemens. Does anyone have experience with siemens that can comment on the mysterious operational block 35?
The Taliban is responsible for this, and it is a threat to the infrastructure of the United States. We'd better send troops immediately.
I can simply imagine an Mosad/CIA agent bringing it on a USB stick. Who said that some low rank technician with access to facility office LAN doesn't need additional income.
Canada?
1 2 3
I was thinking Canada myself.
Or perhaps New Zealand.
Faster! Faster! Faster would be better!
Truly it sounds like paradise. Unobtainium must exist there.
Siemens PLCs are everywhere. Same with GE and others. They run everything from nuke plants to little benchtop lathes and aerospace applications. How this person decided that it *had* to be the Iranian nuke plant baffles me.
How does he know that it wasn't targeted at various military targets? Iranian medium and short range missile installations also come to mind. Does he *have* the Siemens PLC configuration from the nuke plant in his hot little hands? Or does he even have the model numbers?
Reading TFA, no.
Peterson believes that Bushehr was possibly the target. "If I had to guess what it was, yes that's a logical target," he said. "But that's just speculation."
Well, there you go. Nothing to see here.
That's not to say that actual cyber-warfare is not happening, but to come out with wild-ass speculation and present it as newsworthy reminds me of Fox "News" and the rest of the Murdoch "empire."
--
BMO
Burma has not existed in decades. I think you might be thinking about Myanmar.
Texas? That's just a state though, not a country.
Umm... Isn't that what all worms do?
The United States, United Kingdom, Australia, Canada, France, Voice of America, The Washington Post, the BBC, ITN, The Times of India, Time and most British newspapers use Burma for the name.
Good enough for all of them, good enough for me.
https://www.cia.gov/library/publications/the-world-factbook/geos/bm.html
http://www.state.gov/r/pa/ei/bgn/35910.htm
http://news.bbc.co.uk/2/hi/europe/country_profiles/1300003.stm
http://www.diplomatie.gouv.fr/fr/pays-zones-geo_833/birmanie_551/index.html
No, Switzerland would lose too much Iranian customers doing something like that...
There's one non-secular country in the world that is famous for it's disregard for anyone but itself and its fundamentalist religious belief in their own specialness in the eyes of their own god, which they believe justifies their evil actions.
Fundamentalist Muslims are not limited to one country.
Intolerance isn't exactly limited to borders drawn on a map...
"Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black
LATVERIA!
It's Latveria, right?
Intolerance isn't exactly limited to borders drawn on a map..
No kidding. Intolerance happens to go on the Sunday Morning political shows and compare muslims with Nazis.
--
BMO
Why is it so hard to have 2 completely seperate networks? One for running everything (critical network) One for connecting to the rest of the world for email, etc. If you need to remotely monitor something - put an IP camera on it and connect it to the non-critical network...
It will always be Burma to me.
I doubt the Western Governments would do this because they would know that suspicion would eventually fall on "state enemies of Iran" including the US and Israel. Neither of those countries is that stupid.
However, an enemy of a country who is an enemy of Iran and who doesn't care if Iran's nuclear plant blows up might just pull this off. Think North Korea or maybe China.
On the other hand, maybe a Western power DID do it hoping people would think they wouldn't be "that politically stupid" and blame some other country like I just did.
Another more Mafia/Ferengi-esque possibility:
Iran failed to pay some private company or government on a contract, and that company or government is using this for purely "business" reasons. "Nothing personal Iran, but we can't sit idly by and let you not pay your invoices, what would our other customers think?"
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Where are all the posts, after parent, reminding us that the USB memory stick trick doesn't work on Linux? (or Apple)?
/.ers generally have more substantive things to say.
* Regarding title: real
As we all know security flaws can languish and go unfixed until someone exploits the defect.
It seems to me that someone that was very concerned that the reactor fail in a bad way because of the defect launched virus this now rather than later.
Also when targeting a multi national company it is necessary to look at all the resources of the company world wide. It does not matter what is collateral damage, It is important to understand the reach of that damage.
Truth is stranger than fiction, but it is because Fiction is obliged to stick to possibilities; Truth isn't. Mark Twain.
Iran already blames Israel, for pretty much everything including why the crops fail.
Brawndo has what plants crave. It's got electrolytes.
Reply to That ||
are mine!
Rick B.
While all of you go hog wild with your James Bond paranoia, the boring truth is a low level worker brought in a banned Sony music CD (with the rootkit) and the root created havoc. The issue was resolved when Sony offered 10% off the next Britney Spears CD.
Spreading Stuxnet all around the world, as opposed to narrowly targeting it, made it likely that it would be publicized (warning any potential victims) and that the command and control server(s) would be taken down.
The only reason I can imagine offhand for swatting one fly with a global flyswatter would be not knowing any IP addresses or email addresses for the Bushehr reactor's IT infrastructure. It's too high a price to pay for getting plausible deniability about what the target was.
File this guy's hypothesis under "Right or wrong, it doesn't make sense".
Whoever did this, knew EXACTLY what they were going for. That means that they had insider knowledge of the full set-up. It could be Germany, Russia, Israel, or US in that order. It is possible that Russia gave the information needed for this to another country. That would be Israel or US.
Personally, I wish that this had not been found or announced yet. I would rather that it completed its mission.
Just because the Iranian government is full of militaristic and theocratic jerks does not give anyone the right to endanger the lives of any old (or young) person living or working in and around that facility
What about the rights of all the people in Israel? Are they less valuable than the the 'innocent people' living around the nuclear weapon plant? (I say 'innocent' because most people living near a plant will probably be the workers who work at the plant, but whatever)
It would be wonderful if we could all live together singing songs and holding hands, but that isn't whats currently going on. At some point, country leaders have to make some hard choices that could hurt or kill people regardless of which way things go. So, a moral person tries to make the choice that hurts and kills the fewest people possible.
Given that Iran has publicly threatened to wipe Israel out of existence on more than one occasion, do you really think that any responsible leader is going to risk his people's safety on the chance that an oil rich hostile country is building a nuclear plant for peaceful purposes? If Iran gets nuclear technology, there are elements within the country and government that would not hesitate to employ it against Israel. You want to gamble that those elements don't end up calling the shots?
I feel sorry that bystanders have and will be killed because of this issue. However, if a nuclear exchange occurs, hundreds of thousands of Israelite and Iranians will die. What is it worth to prevent that from happening?
HA! I just wasted some of your bandwidth with a frivolous sig!
Whoever wrote Stuxnet knew the make,model, and configuration of the PLCs and associated equipment for the target system. This argues for an inside job rather than and external agent. I would put my money on Russian hackers, possibly with ties to the Russian mob, with a mole in the company.
This could be an interesting topic, but unfortunately, it is turned into a pointless article spewing wild guesses.
yeah, the writer should have called up the Mossad, and asked to talk to the author so he could get some solid facts...
Really, what do you expect from a story about what is obviously a covert operation?
HA! I just wasted some of your bandwidth with a frivolous sig!
Myanmar and Burma are both stupid spellings for a country name that has no rhotic consonants whatsoever. They're both attempts to hack Commonwealth English pronunciation into pronouncing long vowels.
And a lot of us are so hostile to the current regime that we refuse to go along with their stupid arbitrary respelling of a traditional name.
this was a high-level inside hack. somebody is going to go missing. where they came from or end up will tell you who really orchestrated this one.
oh, and by the way, note that it was a broadcast inside hack, going all over Iran and elsewhere to get to the prize.
tells you two things. one, Iran has the nuclear stuff very highly compartmented. the originators did not have access to ring 0 of the secret program despite presumably working for the contractor.
two, there should not be any commodity stuff hanging on the side of any sensitive system. the worm got all over because there were Best Buy laptops running open market software.
if this is supposed to be a new economy, how come they still want my old fashioned money?
there are two edges on that knife.
one is, "hyuk-yuk, dayamn, boy, I ain't got nothin."
the other is "you are not cleared for that information, I am not cleared for that information, I'm not going to reveal how I got that information."
think both through.
if this is supposed to be a new economy, how come they still want my old fashioned money?
Thag was a competent hunter and an asset to the tribe. We mourned many moons when he was consumed by the orange beast that burns. You sir, are an insensitive clod and an mastodon's butt.
Maybe this was an attack on Siemens, not Iran. Just Sayin'...
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
The Bushehr reactor is operated under an international agreement, allowing Iran to operate it and generate power, but keeping the fuel under control of Russia. This was negotiated in order to allow Iran the capability to operate power generating facilities but keep the fuel cycle under control, avoiding diversion to weapons development.
If anyone (outside of Iran) gets caught sabotaging the reactor, it supports Iran making the argument that outside powers (under control of the West and/or Israel) can't be trusted. It is in our best interests to see this plant suceed. It will support the idea Iran can deal sucesfully with the IAEA and others in the development of nuclear power facilities and medical uses.
Have gnu, will travel.
Pardon me, but I believe Godwin's Law was repealed by the Progressives a long time prior when they started saying that 'The treatment of muslims is like how the jews were treated!' (and thereby calling their opponents nazis, not directly, but indirectly as they always love and cherish)
I hence see no reason not to call muslims a modern form of SS.
Feel free to vote back Godwin's law, but I see no desire to do so in the Progressive movement here in Europe. And before you vote it back, remember that creating goodwill in times of war takes a large amount of unilateral gestures. It's easier to make war than peace.
Amen. I'm not really sure where people (against all evidence) get the idea that the US can cause political things to happen, anywhere in the world, through sheer force of will. As if the reason Iran's government is still in power is because we in the US haven't been paying enough attention. The fact of the matter is that who's ruling Iran has everything to do with things going on in Iran, and nothing whatsoever to do with what the US is watching on TV.
If you were serious about targeting country X's nuclear development reactors, you'd 1) make damn sure that your malware was easy to spread, but only in systems within country X, 2) make the malware highly unobtrusive and harmless to non-target systems. If you don't follow these rules, your operation will be publicized and hence compromised.
I think the idea that some western intelligence service designed and released this is, well, sort of dubious. And the article doesn't really do much to convince me otherwise - it's all complete speculation.
He was clearly talking about America...
Dude, Israel is not *that* evil. They just like poking the Palestinians with a stick by building settlements.
I really shouldn't have used someone else's email address for this account.
Dude, Israel is not *that* evil. They just like poking the Palestinians with a stick by building settlements.
They just like pissing off the rest of the Middle East by existing.
The higher the technology, the sharper that two-edged sword.
...the United States?
No, but really... all you need is some flexibility in the meaning of "non-secular" and enough dislike of the United States to accept "evil", and this matches the United States pretty well.
A razor wire fence around the whole middle east & let 'em have at it. Couple of weeks, problem solved.
I doubt the Western Governments would do this because they would know that suspicion would eventually fall on "state enemies of Iran" including the US and Israel. Neither of those countries is that stupid.
Both of those countries are exactly that stupid. Both the CIA and Mossad have a long history of ill-conceived stealth attacks on their enemies that backfire horribly.
I guess he was talking about Israel.
Persian Project Management Software as a Service
DISINFORMATION: Causes panic and, as you stated, 100s of man hours and down time spent trying to find the "truth" about whether or not there even was/is a breach in security. Plant an idea and watch it grow into a full blown perceived "reality" . Ahh, you gotta love PsyOps. F***ing 3 card monty of the battlefield. Or not...
Anybody know what the going price for a nuke is in North Korea? I'm skeptical that they can sell them at a profit at a price that any potential clients could afford.