Slashdot Mirror
Stuxnet Worm May Have Targeted Iranian Reactor
yuna49 writes "Analysis of the Stuxnet worm suggests its target might have been Iran's nuclear program. "Last week Ralph Langner, a well-respected expert on industrial systems security, published an analysis of the Stuxnet worm, which targets Siemens software systems, and suggested that it may have been used to sabotage Iran's Bushehr nuclear reactor. A Siemens expert, Langner simulated a Siemens industrial network and then analyzed the worm's attack. Experts had first thought that Stuxnet was written to steal industrial secrets, but Langner found something quite different. The worm actually looks for very specific Siemens settings — a kind of fingerprint that tells it that it has been installed on a very specific Programmable Logic Controller (PLC) device — and then it injects its own code into that system."
There's one non-secular country in the world that is famous for it's disregard for anyone but itself and its fundamentalist religious belief in their own specialness in the eyes of their own god, which they believe justifies their evil actions.
The truth is some evil people will do anything for wealth and power.
Nope, Israel.
The Saudis, UAE or Qatar have strong interests in Iran not going nuclear, but military computer science stuff is going to be Israel, Russia, China or the US, my money is on Israel in this one.
CIA?
Researchers studying the worm all agree that Stuxnet was built by a very sophisticated and capable attacker
doubtful.
Looks like national cyber security is about to get a much higher priority than copyright protection.
Which is why this malware has multiple infection routes, including USB sticks.
Ugh, what a terrible article. There's no firm conclusions at all, just mindless speculation. Here's some gems: "The only thing I can say is that it is something designed to go bang" and "'If I had to guess what it was, yes that's a logical target' he said, 'but that's just speculation'"
This could be an interesting topic, but unfortunately, it is turned into a pointless article spewing wild guesses. And the findings are to be submitted in a closed door security meeting? WTF? I guess we'll never know.
I have programmed many PLC's in my day, but unfortunately not Siemens. Does anyone have experience with siemens that can comment on the mysterious operational block 35?
Hence why no one knows where it came from.
Iran already blames Israel, for pretty much everything including why the crops fail. I mean, christ, they made the 100th anniversary of the original publishing of "the protocols of the elders of zion" (you know, the anti-semitic forged pamphlet) into a national holiday. It's not like things could get any worse.
The only reason that Iran doesn't attack Israel is because they know that Israel has nukes, and the will to use them with very little provocation. Even for those countries who would likely come down on Iran's side in any conflict, how many of them have any military to speak of? How many have nukes? Even one?
Really, it's in Israel's best interest that Iran starts hostilities and the sooner the better, before Iran gets nukes. In many ways it would actually stabilize the region to have Iran beat down somewhat--you know, at least from Israel's perspective.
Also, you should know by now that ulcers come from infection, not stress. Seriously, there was a Nobel Prize and everything.
You catch enchiladas by picking them up behind the head and holding them underwater until they don't kick anymore -VeGas
Siemens PLCs are everywhere. Same with GE and others. They run everything from nuke plants to little benchtop lathes and aerospace applications. How this person decided that it *had* to be the Iranian nuke plant baffles me.
How does he know that it wasn't targeted at various military targets? Iranian medium and short range missile installations also come to mind. Does he *have* the Siemens PLC configuration from the nuke plant in his hot little hands? Or does he even have the model numbers?
Reading TFA, no.
Peterson believes that Bushehr was possibly the target. "If I had to guess what it was, yes that's a logical target," he said. "But that's just speculation."
Well, there you go. Nothing to see here.
That's not to say that actual cyber-warfare is not happening, but to come out with wild-ass speculation and present it as newsworthy reminds me of Fox "News" and the rest of the Murdoch "empire."
--
BMO
Definitely. Using more conventional power generation technologies, they are a target for aerial bombing. If a nuclear power plant were to be bombed, any sort of disaster might occur making the bomber look extremely evil. (The only way they could hope to get away with it is to make the bombing look as if it came from Iran itself.) In any case, enemies would be less inclined to attack a nuclear power plant as opposed to conventional ones.
As to who is responsible for the targeted malware? I can't imagine.
One of the most effective ways to penetrate a company is to drop a couple of USB sticks in their parking lot with some "special" autoinstalled software. Someone sees it, picks it up, takes it in side and plugs it in to see what's on it. A few boring things, maybe a naked picture of someone, and a rootkit.
I've worked for a couple of companies which have had security audits performed on them that included hiring outside firms to do "social engineering" penetration tests to see how good the employees are about that sort of thing. It's strange... someone who won't be fooled by "we're from IT and need your password" sweet-talk and who would never open an attachment to an email will happily stuff a flash drive into their computer. The penetration testing firms tell me they almost always get a hit with the USB drive trick. (And, for the record, one of my companies passed the test, 100%. Woot! Let's not talk about the other, though...)
So yeah, physical devices > air-gap.
Everybody gets what the majority deserves.
Iran wants to provoke a conflict with Israel. It doesn't want to start one. There is apparently an Islamic sect that believes in their version of Rapture and they believe it will be triggered by Israel's attack on Iran. Iran cannot be the aggressor here - that's the belief at least. Iran will then be saved by the 12th Imam. And that's the Islamic version of Rapture.
"Our revolution's main mission is to pave the way for the reappearance of the 12th Imam, the Mahdi," Ahmadinejad said in the speech to Friday Prayers leaders from across the country.
http://analysis.threatswatch.org/2005/11/understanding-ahmadinejad/
There are a number of crazzy sites that "predict" stuff about him,
http://www.satansrapture.com/hitler2.htm
"Bush said: 'God said to me, attack Afghanistan and attack Iraq.' The mentality of Mr. Bush and Mr. Ahmadinejad is the same here - both think God tells them what to do," says Mr. Mohebian, noting that end-of-time beliefs have similar roots in Christian and Muslim theology."
http://www.csmonitor.com/2005/1221/p01s04-wome.html
Iran will not start hostilities :)
That's a very idealistic view. There are several people who would argue that destroying Iran's nuclear capabilities is actually protecting lives, not destroying them. Of course, that all depends on Iranian government intentions. But considering the many discussions held in Iran about destroying Israel, a world without Israel, etc, it's not exactly a stretch to imagine that Iran would use its nuclear capability to attack Israel. It's also not difficult to imagine that Israel would attack Iran's nuclear program, as they have in the past with Iraq and Syria. Iran's program would be the first operational Arabic nuclear program that hasn't been destroyed by Israel before becoming operational.
Israel does not live in an idealistic world, from their point of view they can't afford to not attack an enemy nuclear installation just because there's a guy there sweeping the floor who may get killed.
"Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black
Brilliant - let's get one up on the Iranians by messing with their nuclear reactor controls! What could possibly go wrong?
Maybe less than would go wrong if Iran got the bomb?
I don't know how likely that is, but I'm guessing whoever did this probably has a different calculus than I do for weighing the two, like (Iranian civilian deaths)= 0.1(own civilian deaths). So from their perspective, probably not much could go wrong.
Apparently you have never called an Iranian "Arab". Iranians take it personally.
Iranian's don't like being called Arabs; A) They are Persians, B) They feel proud being associated with the Persian empire and the culture they inherited.
In fact, during my miss-fortunate discussion calling an Iranian an Arab, I felt the individual almost felt insulted.
What does this say about reactor safety system design?
Nothing, because the entire scenario (adjust parameters...meltdown) is a fiction that exists exclusively inside your head.
The reactor is a Russian PWR that follows contemporary design principles and has parity with western reactors. The ECCS is not subject to the exclusive control of vulnerable PLCs. Safety systems aren't networked together in Ethernet broadcast domains waiting for stuxnet infections. Worst case; control rods can be inserted manually and feedwater/HPCI/LPCI pumps activated manually regardless of the state of any given PLC. The manual controls on these safety systems are deliberately simple for a reason.
Maybe a really clever attack designed to confuse operators into making the wrong decisions (see TMI-2 1979) could produce core damage. This still isn't some containment free RMBK graphite bomb reactor like Chernobyl. Contained PWR designs are more forgiving; they don't contaminate things even when they do melt down.
Maw! Fire up the karma burner!
So some innocent people should die for the sake of crimes that might be commited in the future?
That's the same bullshit excuse used to justify nuking Japan. Most Americans are completely stupid. They claim that nuclear weapons are terrible and should never be used and anyone who uses it is evil, but the minute someone brings up the fact that America is the only country to use it, they suddenly backtrack and claim that it was used to "save lives" based on military estimates.
Assuming that the Wikipedia article is correct, Israel has had nuclear capabilities (~20 bombs) during the '73 war and did not use it, even though the Arab military success at the beginning of the war was definitely more than "very little provocation".
Yeah, you've got a idealogical lunatic running the country (I think we've heard that joke before) but he'd be gone by now if the mass media didn't think that MJ's funeral was more important than protestors being gunned down by the Iranian goverment.
Right. Because the US being all concerned about politics in Iran will bring about political change in Iran? Doesn't everyone get all antsy when the US takes interest in foreign politics? And isn't Iran among the least likely to take political cues from the US (or the rest of the MJ-living world, for that matter)?
Seriously, wanting to persue peaceful nuclear power isn't an issue. Hell, if they wanted warheads they could just BUY them.
Really now. And who's going to sell them to Iran? Always better to have your own means rather than be dependent on others. The idea that this is all about peaceful application is still very suspect.
That's because it does. You just need to be a *little* slyer. (Not much.)
This is one point where it really does matter what the target OS is. If your USB is vfat, then you can't have allow execute set to true. But if you use a properly targeted file system (say ext3), then you can set execution permissions. Or even just make it a tar.gz file, and when it's expanded, it ends up with execute permissions set. So you open a jpeg, and actually execute a script that opens the jpeg while executing something else in the background.
(Allowing tar files so set the execute permission is a big weakness...and a vast convenience. But that should require running a separate script or chmod with root permissions.)
I think we've pushed this "anyone can grow up to be president" thing too far.
It is the developer's tools available.
The 'mission critical control system' in this case is a PLC, which directly controls the equipment. It doesn't even require that any consumer computer be involved for that to happen, although they often are to provide for data collection or operator interfaces or the like.
But to get the PLC to control the hardware a person has to write logic for it, which was probably done in this case with Simatic S7, which is Windows only. The bulk of the above mentioned interface and data collection packages are Windows only as well.
With a good design an industrial control system, because it is the PLC that does the work, will run along just fine even if PC based nodes crash. The new development with Stuxnet is that the virus is running on the PLC itself.
"Sacrifice for the good of The State" - The State
It seems like you've been drinking too much media Kool Aid without bothering to do your own research or critical thinking. All well thought out analysis points to Iran wanting nuclear weapons as a defensive measure. Despite what you see portrayed on television, the Iranians are a bit smarter than you seem to give them credit for. Nuking Israel would result in the total annihilation of Iran. Even if they manage to get a nuke to Hamas, nuclear forensics are very advanced these days and it would be traced back to Iran.
Seriously, wanting to persue peaceful nuclear power isn't an issue.
That's not the real issue here.
Hell, if they wanted warheads they could just BUY them.
Even if they could do so without the transaction somehow gummed up by the CIA, the Mossad, et al, buying nukes on the black market doesn't solve the problem from Iran's point of view. Iran wants to be able to homebrew these things and grow an arsenal. Buying the goods premade is more suited to a terrorist organization; a) bent on destruction of a specific target, and/or blackmail, b) without the resources (land, modern, standing armed forces, especially air & air defense) to build and protect fixed facilities.
I prefer rogues to imbeciles because they sometimes take a rest.
As an American, I am frightened and angered by suspicious level of knowledge combined with your lack of jingoism. I can only assume that you are on the side of the terrorists. I'm watching you.
I swear to God...I swear to God! That is NOT how you treat your human!
It seems like you've been drinking too much media Kool Aid without bothering to do your own research or critical thinking. All well thought out analysis points to Iran wanting nuclear weapons as a defensive measure. Despite what you see portrayed on television, the Iranians are a bit smarter than you seem to give them credit for. Nuking Israel would result in the total annihilation of Iran. Even if they manage to get a nuke to Hamas, nuclear forensics are very advanced these days and it would be traced back to Iran.
Nuclear weapons, by their very nature are NOT defensive. Land mines are defensive. Bunkers are defensive. Nuclear weapons are a means of attack, thus offensive.
Nuking Israel would result in the total annihilation of Iran.
All part of the big plan. The fifth imam, or whichever number he is, can not return until the "world" is destroyed, much as Jesus will not return until Israel is destroyed. The difference is that Christians are not trying to destroy Israel to hasten the Second Coming.
There is no "I disagree" mod for a reason. Flamebait, Troll, and Overrated are not substitutes.
Actually, I have seen some claims that it wasn't even based on military estimates as actual military estimates put the estimated loss of life for a mainland invasion at FAR LESS than the fanciful public numbers. Howard Zinn have a great talk on this called "Three Holy Wars".
Not to mention that the invasion of the mainland wasn't necessary, Japan was pretty much defeated before the first bomb dropped.
I liked Zinns way of asking what if we reverse the question and ask "What if we could end WWII right this moment, today, but to do it, we would have to kill 100,000 American children." Why are japanese ok to kill but, Americans are somehow deserving of life?
I don't buy the whole us vs them meme. For me "them" is anyone who believes that fighting a war ever helped anyone.
-Steve
"I opened my eyes, and everything went dark again"
Yeah, that sounds familiar. Several years ago there was an article in National Geographic about Persia and the current Persians. It was a very interesting read, much of it talked about the ability to lie or deceive, which is a very important trait to have. Since Persians as a people have been conquered or invaded so many times, they have learned that they cannot speak openly about what they believe. They make a big show of being hospitable (and actually are), they smile and talk, but the people interviewed mentioned how this isn't actually what they're like. In private they're different, but in a culture that is constantly being invaded and attacked, they've learned that it is in their interests not to openly talk about what they really believe. No doubt many Persians harbor ill feelings towards Arabs and the religion they brought with them, they still see them as invaders.
"Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black
Iranians don't like to be called Arab because:
1. They aren't arab:
a. they aren't descended from the arabs; they aren't semitic, they are aryans (Iran = Ayran = land of aryans)
b. they don't speak arabic, they speak persian (called farsi in their language) which is an IndoEuropean language closer to English than arabic
c. Most arab muslims are sunnis, Iranians are Shiite
2. Iranians have sought to make themselves distinct from the Islamic Empire since about 500 years ago when they mostly became Shiite and revived the persian language and have since tried to revive their "Persian Empire" root. For example, at the beginning of the 20th Century a general took over, called himself King and claimed to be related to the ancient "Pahlavi" dinasty.
3. Because of this, Arabs are often portrayed in Iranian accounts of history as uncivilized crowds of destroyers that came to destroy the noble ancient Persian culture. So 20th Century Shah's saught to foment alliegience to the ancient culture rather than Mecca in an effort to secularize the country.
4. Secularization backfired in 1979 when the clergy took over power. However, the new clergy fancies itself the "true Islam" and still distinct from Arab Islam.
3. As a result of this, anti-arab prejudice runs deep among Iranians :)
You sound like a fundamentalist Christian wack job who is just as dangerous as the Muslims that you seem to have a problem with. Given that we're close to or past Peak Oil at this point, does it really seem so far fetched that the Iranians want a different energy source? Even if they are building a bomb, they are a long way from having a delivery system. Even if they get a delivery system, they are unlikely to use it for the reasons stated.
Last I checked there are a bunch of Fundamendalist Christians in the United States armed forces. Does that mean that we're about to start the rapture to bring about the second coming of Christ? What makes you think that the the Arabs are any more likely to do so in the Middle East?
You have to realize that what leaders say in public to appease their people, and the actions that they take in private are often times very different.
Get a subscription to Stratfor. Do some research.
I'm sorry, but your view of Iran seems very skewed and you're being modded as Informative when really you just seem to be voicing your own opinions.
Persia was first conquered by Muslim Arabs in 644.
One thousand, three hundred and sixty-six years ago, yes. I hardly think this comes into play in modern Iranian politics. The idea that there's some sort of insidious infestation of Arabism that has festered in Iran for over a thousand years seems pretty silly. Also, the idea that Iranians were converted to Islam by force has been mostly discredited.
Many Persians refer to the 1979 revolution as the second Arab invasion of Persia.
"Many" is a weasel word. The ones you've been listening to apparently believe that. But this interpretation ignores the fact that the 1979 revolution in Iran was largely a populist political revolt against a brutally oppressive regime backed by the foreign interests (the U.S.). Some people protested the societal changes that came with the new Islamic state, yes. But the vast majority welcomed it.
If Iran was "invaded by Arabs" in 1979 and everything since has been part of some big Arab conspiracy, how do you explain that the majority Muslims in Syria, Iraq, Jordan, Yemen, and Kuwait are Sunni, while Iran is a Shi'a republic?
And if Iran has been "invaded by Arabs" since 1979, how do you explain the events of 1980 when Iran was, oddly enough, invaded by Arabs? Iran fought a bloody war against Iraq for the next eight years.
And when Mahmoud Ahmadinejad talks about improving his countries ties with "Arab nations" and "the Arab world," what's he doing -- putting up a front for appearances' sake? Your comment elsewhere that his mother "is believed to be descended from Muhammad's bloodline" doesn't hold much water.
Likewise your comment that Larijani must secretly be an Arab because he's the son of an Ayatollah doesn't make sense either. You don't have to be an Arab to be a Muslim, and your insistence on conflating the two smacks completely of jingoism, despite what the other responder says.
Breakfast served all day!
What everyone including parent post has so far overlooked is that the announcement of this story is ALL BY ITSELF damaging to the Iran nuclear development effort.
Whatever the goal of Stuxnet might be, Iran must now spend time and effort checking whether all kinds of computer control systems include hidden time bombs... things that might do anything from overspinning centrifuges until they break to overheating core enough to warp the fuel rods and force their replacement. And the only sure way that Iran can proceed from this point is to replace all the PLCs with homegrown technology... but it would take them a decade or more to develop that technology on their own. I don't think they have any microchip manufacturing capability at all.
All this has been accomplished at the very low cost of publicizing a few factoids within a very suggestive framing in such a way that third parties are going to fall all over themselves to do further investigation in ways that can only magnify the perceived risks. This is a perfect con game. The more so because even if someone comes out and says its a con, Iran cannot afford to rely on that. Stuxnet might not even have a payload, but it will still cause the Iran nuclear effort months of delay. Long enough, probably, to lay the groundwork for Son Of Stuxnet, whatever that might be.
Will
That last passages describes exactly what jihadi martyrs hope to achieve by dying. On earth they live in a world full of suffering, violence, fear, and humiliation, which all goes away once they die and gets replaced with grace and paradise. Modern Christians do not live in the same hostile environment as Muslims do.
Except, I guess, for the modern Christians who live in the Middle East? What does "the same hostile environment" mean, anyway? Are you implying that every Muslim interprets the Koran the same way you -- a non-Muslim -- have chosen to? There are Muslims living right down the street from me who have absolutely nothing in common with your "jihadi martyrs". I could go over to their place right now and borrow a cup of sugar. Likewise, a good friend's cousins live in Iran right now. They are nice, pretty girls who like skiing.
Or are you implying that whackjob Christian fundamentalists never harmed anyone? Timothy McVeigh said he was at peace with his God, and I'm pretty sure he didn't mean Allah.
But I think we're getting closer to the real foundation of your posts today, which is that A.) that you hate Islam, probably because you're a fundamentalist Christian yourself or close to it; B.) you therefore hate Arabs because you believe all Muslims are Arabs or Arab-controlled; and C.) that these beliefs do, I'm afraid, make you a bigot.
Breakfast served all day!