Slashdot Mirror

← Back to Stories (view on slashdot.org)

Stuxnet Worm May Have Targeted Iranian Reactor

Posted by CmdrTaco on from the stux-on-this dept.

yuna49 writes "Analysis of the Stuxnet worm suggests its target might have been Iran's nuclear program. "Last week Ralph Langner, a well-respected expert on industrial systems security, published an analysis of the Stuxnet worm, which targets Siemens software systems, and suggested that it may have been used to sabotage Iran's Bushehr nuclear reactor. A Siemens expert, Langner simulated a Siemens industrial network and then analyzed the worm's attack. Experts had first thought that Stuxnet was written to steal industrial secrets, but Langner found something quite different. The worm actually looks for very specific Siemens settings — a kind of fingerprint that tells it that it has been installed on a very specific Programmable Logic Controller (PLC) device — and then it injects its own code into that system."

19 of 322 comments (clear)

  1. So....the CIA wrote it? by wandazulu · · Score: 2, Interesting

    Sounds eerily similar to the Siberian Pipeline explosion but, had it actually worked, the consequences could have been much much worse.

    1. Re:So....the CIA wrote it? by mrops · · Score: 4, Interesting

      Apparently you have never called an Iranian "Arab". Iranians take it personally.

      Iranian's don't like being called Arabs; A) They are Persians, B) They feel proud being associated with the Persian empire and the culture they inherited.

      In fact, during my miss-fortunate discussion calling an Iranian an Arab, I felt the individual almost felt insulted.

    2. Re:So....the CIA wrote it? by dave562 · · Score: 3, Interesting

      It seems like you've been drinking too much media Kool Aid without bothering to do your own research or critical thinking. All well thought out analysis points to Iran wanting nuclear weapons as a defensive measure. Despite what you see portrayed on television, the Iranians are a bit smarter than you seem to give them credit for. Nuking Israel would result in the total annihilation of Iran. Even if they manage to get a nuke to Hamas, nuclear forensics are very advanced these days and it would be traced back to Iran.

    3. Re:So....the CIA wrote it? by Score+Whore · · Score: 2, Interesting

      Well you quoted the relevant line yourself and I don't see the word nuclear. All I see is "specific plant." However the fact that it looks for specific things in specific devices could mean that it's looking for specific weaknesses that they authors of the worm know about. A specific weakness doesn't mean a specific target.

    4. Re:So....the CIA wrote it? by ArcherB · · Score: 3, Interesting

      It seems like you've been drinking too much media Kool Aid without bothering to do your own research or critical thinking. All well thought out analysis points to Iran wanting nuclear weapons as a defensive measure. Despite what you see portrayed on television, the Iranians are a bit smarter than you seem to give them credit for. Nuking Israel would result in the total annihilation of Iran. Even if they manage to get a nuke to Hamas, nuclear forensics are very advanced these days and it would be traced back to Iran.

      Nuclear weapons, by their very nature are NOT defensive. Land mines are defensive. Bunkers are defensive. Nuclear weapons are a means of attack, thus offensive.

      Nuking Israel would result in the total annihilation of Iran.

      All part of the big plan. The fifth imam, or whichever number he is, can not return until the "world" is destroyed, much as Jesus will not return until Israel is destroyed. The difference is that Christians are not trying to destroy Israel to hasten the Second Coming.

      --
      There is no "I disagree" mod for a reason. Flamebait, Troll, and Overrated are not substitutes.
    5. Re:So....the CIA wrote it? by guygo · · Score: 2, Interesting

      No, the NSA

    6. Re:So....the CIA wrote it? by TheCarp · · Score: 3, Interesting

      Actually, I have seen some claims that it wasn't even based on military estimates as actual military estimates put the estimated loss of life for a mainland invasion at FAR LESS than the fanciful public numbers. Howard Zinn have a great talk on this called "Three Holy Wars".

      Not to mention that the invasion of the mainland wasn't necessary, Japan was pretty much defeated before the first bomb dropped.

      I liked Zinns way of asking what if we reverse the question and ask "What if we could end WWII right this moment, today, but to do it, we would have to kill 100,000 American children." Why are japanese ok to kill but, Americans are somehow deserving of life?

      I don't buy the whole us vs them meme. For me "them" is anyone who believes that fighting a war ever helped anyone.

      -Steve

      --
      "I opened my eyes, and everything went dark again"
    7. Re:So....the CIA wrote it? by amicusNYCL · · Score: 4, Interesting

      Yeah, that sounds familiar. Several years ago there was an article in National Geographic about Persia and the current Persians. It was a very interesting read, much of it talked about the ability to lie or deceive, which is a very important trait to have. Since Persians as a people have been conquered or invaded so many times, they have learned that they cannot speak openly about what they believe. They make a big show of being hospitable (and actually are), they smile and talk, but the people interviewed mentioned how this isn't actually what they're like. In private they're different, but in a culture that is constantly being invaded and attacked, they've learned that it is in their interests not to openly talk about what they really believe. No doubt many Persians harbor ill feelings towards Arabs and the religion they brought with them, they still see them as invaders.

      --
      "Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black
    8. Re:So....the CIA wrote it? by amicusNYCL · · Score: 1, Interesting

      Why, do Iranians look down on the Arabs or something?

      I don't think they look down on them so much as resent them. The Arabs invaded and conquered the Persians, and replaced the native Zoroastrian religion with Islam. In public the Persians generally do not speak out against the Arab rulers, but in private they most definitely resent the fact that their country is being run by Muslim Arabs instead of Persians. It's not an issue of racism so much as cultural identity, many Persians believe that the Arabs have been actively trying to destroy Persian culture and replace it with their own.

      --
      "Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black
    9. Re:So....the CIA wrote it? by Anonymous Coward · · Score: 1, Interesting

      (insert similar personal insults towards your intelligence and general ridicule of yourself here)

      [quote]Despite what you see portrayed on television, the Iranians are a bit smarter than you seem to give them credit for. Nuking Israel would result in the total annihilation of Iran.[/quote]

      Your post would make sense if Iran was a singular organic entity melted together of the collective of its people.

      As it is, the decision to dispatch a nuke towards Israel would be taken by a small group of individual people who may or may not feel any form of loyalty or 'duty of love & care' towards large numbers of Iranian individuals. If they don't feel positively about Iranians but very negatively about Israel it is supremely logical and extremely meaningful for these to dispatch a nuke.

      I would also call into question the 'annihilation of Iran' assertion you make, whilst ridiculing others. Nuclear forensics takes time. Given the size of Israel, one nuke is all it takes for the country to be gone. That leaves a number of protected nuclear-armed army units.

      Should they immediately, within five minutes, glass every city of every single Arab country? Would that be "senseful" to you, seeing as it fits within your pattern of senseful behaviour?

      Should they wait for days/weeks for the residual tests to happen? Would the rest of the world not try to stop them? Even I don't believe most governments would kill israelis for fun, but if a nuke hits Israel, would they stand by and say "Oh well, I guess the revenge has to take its course" whilst the glassing of the Middle East starts to rage? I don't think so.

      In conclusion: Your reasoning is seriously flawed. Please improve it before you disturb your betters.

    10. Re:So....the CIA wrote it? by russotto · · Score: 2, Interesting

      One thousand, three hundred and sixty-six years ago, yes. I hardly think this comes into play in modern Iranian politics.

      Ha. Grudges are held so long in that part of the world it makes the Sicilians look positively forgiving.

  2. Begun, the Cyber Wars Have. by Rashkae · · Score: 3, Interesting

    Looks like national cyber security is about to get a much higher priority than copyright protection.

  3. Re:They Can't Be That Stupid... by Caerdwyn · · Score: 4, Interesting

    One of the most effective ways to penetrate a company is to drop a couple of USB sticks in their parking lot with some "special" autoinstalled software. Someone sees it, picks it up, takes it in side and plugs it in to see what's on it. A few boring things, maybe a naked picture of someone, and a rootkit.

    I've worked for a couple of companies which have had security audits performed on them that included hiring outside firms to do "social engineering" penetration tests to see how good the employees are about that sort of thing. It's strange... someone who won't be fooled by "we're from IT and need your password" sweet-talk and who would never open an attachment to an email will happily stuff a flash drive into their computer. The penetration testing firms tell me they almost always get a hit with the USB drive trick. (And, for the record, one of my companies passed the test, 100%. Woot! Let's not talk about the other, though...)

    So yeah, physical devices > air-gap.

    --
    Everybody gets what the majority deserves.
  4. Re:World War III by Anonymous Coward · · Score: 4, Interesting

    Iran wants to provoke a conflict with Israel. It doesn't want to start one. There is apparently an Islamic sect that believes in their version of Rapture and they believe it will be triggered by Israel's attack on Iran. Iran cannot be the aggressor here - that's the belief at least. Iran will then be saved by the 12th Imam. And that's the Islamic version of Rapture.

    "Our revolution's main mission is to pave the way for the reappearance of the 12th Imam, the Mahdi," Ahmadinejad said in the speech to Friday Prayers leaders from across the country.
          http://analysis.threatswatch.org/2005/11/understanding-ahmadinejad/

    There are a number of crazzy sites that "predict" stuff about him,
          http://www.satansrapture.com/hitler2.htm

    "Bush said: 'God said to me, attack Afghanistan and attack Iraq.' The mentality of Mr. Bush and Mr. Ahmadinejad is the same here - both think God tells them what to do," says Mr. Mohebian, noting that end-of-time beliefs have similar roots in Christian and Muslim theology."
        http://www.csmonitor.com/2005/1221/p01s04-wome.html

    Really, it's in Israel's best interest that Iran starts hostilities and the sooner the better, before Iran gets nukes.

    Iran will not start hostilities :)

  5. Re:I'm still having a problem with... by amicusNYCL · · Score: 2, Interesting

    I'm still having a problem with......why ANY nuclear reactor or power plant needs to be directly connected to a computer network. I can see it having say a USB port for upgrades of controller firmware but a network connection? Nope.

    So you're saying that you can't see any use for having the two reactors on site both connected to the same control room? I mean, why the hell would people in one central location want to monitor both reactors at once, in real time, right? That's crazy!

    What do you think, that when someone needs to shut down or modify the parameters of a reactor or centrifuge that they actually walk up to the component and hit a button on it? What if they need to start 100 centrifuges at the same time, do they have 100 technicians standing there all on a giant conference call waiting for the "go" signal? If they want to check the current core temps or fuel levels, what do they do, call each one and ask them what the gauge says? What the hell do you think all of this equipment is for:

    http://www.upi.com/News_Photos/Features/The-Nuclear-Issue-in-Iran/1581/19/

    --
    "Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black
  6. Re:Windows for Industrial/control use by Hijacked+Public · · Score: 3, Interesting

    It is the developer's tools available.

    The 'mission critical control system' in this case is a PLC, which directly controls the equipment. It doesn't even require that any consumer computer be involved for that to happen, although they often are to provide for data collection or operator interfaces or the like.

    But to get the PLC to control the hardware a person has to write logic for it, which was probably done in this case with Simatic S7, which is Windows only. The bulk of the above mentioned interface and data collection packages are Windows only as well.

    With a good design an industrial control system, because it is the PLC that does the work, will run along just fine even if PC based nodes crash. The new development with Stuxnet is that the virus is running on the PLC itself.

    --
    "Sacrifice for the good of The State" - The State
  7. Re:Smooth by GameboyRMH · · Score: 2, Interesting

    Which makes sense. If those guys aren't total retards, the control PC is airgapped from the Internet, it might be on a secure LAN (as secure as they can be with Windows machines on them) but most likely airgapped. So your most probable method of infection is via flash drives.

    Now the nuclear facility is going to have guards so you release it somewhere that it will get on an engineer's PC - on their home file server from the sidewalk, send them an email to a site that will do a drive-by download, or ideally you social-engineer them into letting you switchblade their laptop (if the engineer is a guy (99% chance), pay a classy hooker to dress up nice, flirt with the guy, say she's an aspiring model and give him a flash drive with her "portfolio" containing some hastily snapped photos so it looks legit...you'd plug it in too, but you'd be more careful than someone without an IT/CompSci background). From there the virus is programmed to spread over USB storage so all you can do is hope and wait, and hopefully the virus reaches the target machine before people notice the outbreak...so you make the virus as unnoticeable as possible.

    And the Stuxnet worm was first discovered in Iran and went unnoticed for a long time...

    --
    "When information is power, privacy is freedom" - Jah-Wren Ryel
  8. Re:World War III by alexo · · Score: 2, Interesting

    Probably because they didn't need to. Israel counterattacked with conventional weapons so successfully that they were forced to give up the land they gained. It was a complete rout.

    Eventually.

    According to many sources, at the first stages of the war though, there was panic at the top. So much in fact that the nuclear option was seriously considered. Read about it, fascinating subject.

  9. Re:Doing it wrong, if so by Will.Woodhull · · Score: 4, Interesting

    What everyone including parent post has so far overlooked is that the announcement of this story is ALL BY ITSELF damaging to the Iran nuclear development effort.

    Whatever the goal of Stuxnet might be, Iran must now spend time and effort checking whether all kinds of computer control systems include hidden time bombs... things that might do anything from overspinning centrifuges until they break to overheating core enough to warp the fuel rods and force their replacement. And the only sure way that Iran can proceed from this point is to replace all the PLCs with homegrown technology... but it would take them a decade or more to develop that technology on their own. I don't think they have any microchip manufacturing capability at all.

    All this has been accomplished at the very low cost of publicizing a few factoids within a very suggestive framing in such a way that third parties are going to fall all over themselves to do further investigation in ways that can only magnify the perceived risks. This is a perfect con game. The more so because even if someone comes out and says its a con, Iran cannot afford to rely on that. Stuxnet might not even have a payload, but it will still cause the Iran nuclear effort months of delay. Long enough, probably, to lay the groundwork for Son Of Stuxnet, whatever that might be.

    --
    Will