Stuxnet Worm May Have Targeted Iranian Reactor

yuna49 writes "Analysis of the Stuxnet worm suggests its target might have been Iran's nuclear program. "Last week Ralph Langner, a well-respected expert on industrial systems security, published an analysis of the Stuxnet worm, which targets Siemens software systems, and suggested that it may have been used to sabotage Iran's Bushehr nuclear reactor. A Siemens expert, Langner simulated a Siemens industrial network and then analyzed the worm's attack. Experts had first thought that Stuxnet was written to steal industrial secrets, but Langner found something quite different. The worm actually looks for very specific Siemens settings — a kind of fingerprint that tells it that it has been installed on a very specific Programmable Logic Controller (PLC) device — and then it injects its own code into that system."

Re:They Can't Be That Stupid...

[Caerdwyn]

One of the most effective ways to penetrate a company is to drop a couple of USB sticks in their parking lot with some "special" autoinstalled software. Someone sees it, picks it up, takes it in side and plugs it in to see what's on it. A few boring things, maybe a naked picture of someone, and a rootkit.

I've worked for a couple of companies which have had security audits performed on them that included hiring outside firms to do "social engineering" penetration tests to see how good the employees are about that sort of thing. It's strange... someone who won't be fooled by "we're from IT and need your password" sweet-talk and who would never open an attachment to an email will happily stuff a flash drive into their computer. The penetration testing firms tell me they almost always get a hit with the USB drive trick. (And, for the record, one of my companies passed the test, 100%. Woot! Let's not talk about the other, though...)

So yeah, physical devices > air-gap.

Re:World War III

Iran wants to provoke a conflict with Israel. It doesn't want to start one. There is apparently an Islamic sect that believes in their version of Rapture and they believe it will be triggered by Israel's attack on Iran. Iran cannot be the aggressor here - that's the belief at least. Iran will then be saved by the 12th Imam. And that's the Islamic version of Rapture.

"Our revolution's main mission is to pave the way for the reappearance of the 12th Imam, the Mahdi," Ahmadinejad said in the speech to Friday Prayers leaders from across the country.
      http://analysis.threatswatch.org/2005/11/understanding-ahmadinejad/

There are a number of crazzy sites that "predict" stuff about him,
      http://www.satansrapture.com/hitler2.htm

"Bush said: 'God said to me, attack Afghanistan and attack Iraq.' The mentality of Mr. Bush and Mr. Ahmadinejad is the same here - both think God tells them what to do," says Mr. Mohebian, noting that end-of-time beliefs have similar roots in Christian and Muslim theology."
    http://www.csmonitor.com/2005/1221/p01s04-wome.html

Really, it's in Israel's best interest that Iran starts hostilities and the sooner the better, before Iran gets nukes.

Iran will not start hostilities :)

Re:So....the CIA wrote it?

[mrops]

Apparently you have never called an Iranian "Arab". Iranians take it personally.

Iranian's don't like being called Arabs; A) They are Persians, B) They feel proud being associated with the Persian empire and the culture they inherited.

In fact, during my miss-fortunate discussion calling an Iranian an Arab, I felt the individual almost felt insulted.

Re:So....the CIA wrote it?

[amicusNYCL]

Yeah, that sounds familiar. Several years ago there was an article in National Geographic about Persia and the current Persians. It was a very interesting read, much of it talked about the ability to lie or deceive, which is a very important trait to have. Since Persians as a people have been conquered or invaded so many times, they have learned that they cannot speak openly about what they believe. They make a big show of being hospitable (and actually are), they smile and talk, but the people interviewed mentioned how this isn't actually what they're like. In private they're different, but in a culture that is constantly being invaded and attacked, they've learned that it is in their interests not to openly talk about what they really believe. No doubt many Persians harbor ill feelings towards Arabs and the religion they brought with them, they still see them as invaders.

Re:Doing it wrong, if so

[Will.Woodhull]

What everyone including parent post has so far overlooked is that the announcement of this story is ALL BY ITSELF damaging to the Iran nuclear development effort.

Whatever the goal of Stuxnet might be, Iran must now spend time and effort checking whether all kinds of computer control systems include hidden time bombs... things that might do anything from overspinning centrifuges until they break to overheating core enough to warp the fuel rods and force their replacement. And the only sure way that Iran can proceed from this point is to replace all the PLCs with homegrown technology... but it would take them a decade or more to develop that technology on their own. I don't think they have any microchip manufacturing capability at all.

All this has been accomplished at the very low cost of publicizing a few factoids within a very suggestive framing in such a way that third parties are going to fall all over themselves to do further investigation in ways that can only magnify the perceived risks. This is a perfect con game. The more so because even if someone comes out and says its a con, Iran cannot afford to rely on that. Stuxnet might not even have a payload, but it will still cause the Iran nuclear effort months of delay. Long enough, probably, to lay the groundwork for Son Of Stuxnet, whatever that might be.