Slashdot Mirror
Stuxnet Worm May Have Targeted Iranian Reactor
yuna49 writes "Analysis of the Stuxnet worm suggests its target might have been Iran's nuclear program. "Last week Ralph Langner, a well-respected expert on industrial systems security, published an analysis of the Stuxnet worm, which targets Siemens software systems, and suggested that it may have been used to sabotage Iran's Bushehr nuclear reactor. A Siemens expert, Langner simulated a Siemens industrial network and then analyzed the worm's attack. Experts had first thought that Stuxnet was written to steal industrial secrets, but Langner found something quite different. The worm actually looks for very specific Siemens settings — a kind of fingerprint that tells it that it has been installed on a very specific Programmable Logic Controller (PLC) device — and then it injects its own code into that system."
There's one non-secular country in the world that is famous for it's disregard for anyone but itself and its fundamentalist religious belief in their own specialness in the eyes of their own god, which they believe justifies their evil actions.
The truth is some evil people will do anything for wealth and power.
Nope, Israel.
The Saudis, UAE or Qatar have strong interests in Iran not going nuclear, but military computer science stuff is going to be Israel, Russia, China or the US, my money is on Israel in this one.
CIA?
Researchers studying the worm all agree that Stuxnet was built by a very sophisticated and capable attacker
doubtful.
Ugh, what a terrible article. There's no firm conclusions at all, just mindless speculation. Here's some gems: "The only thing I can say is that it is something designed to go bang" and "'If I had to guess what it was, yes that's a logical target' he said, 'but that's just speculation'"
This could be an interesting topic, but unfortunately, it is turned into a pointless article spewing wild guesses. And the findings are to be submitted in a closed door security meeting? WTF? I guess we'll never know.
I have programmed many PLC's in my day, but unfortunately not Siemens. Does anyone have experience with siemens that can comment on the mysterious operational block 35?
Iran already blames Israel, for pretty much everything including why the crops fail. I mean, christ, they made the 100th anniversary of the original publishing of "the protocols of the elders of zion" (you know, the anti-semitic forged pamphlet) into a national holiday. It's not like things could get any worse.
The only reason that Iran doesn't attack Israel is because they know that Israel has nukes, and the will to use them with very little provocation. Even for those countries who would likely come down on Iran's side in any conflict, how many of them have any military to speak of? How many have nukes? Even one?
Really, it's in Israel's best interest that Iran starts hostilities and the sooner the better, before Iran gets nukes. In many ways it would actually stabilize the region to have Iran beat down somewhat--you know, at least from Israel's perspective.
Also, you should know by now that ulcers come from infection, not stress. Seriously, there was a Nobel Prize and everything.
You catch enchiladas by picking them up behind the head and holding them underwater until they don't kick anymore -VeGas
Siemens PLCs are everywhere. Same with GE and others. They run everything from nuke plants to little benchtop lathes and aerospace applications. How this person decided that it *had* to be the Iranian nuke plant baffles me.
How does he know that it wasn't targeted at various military targets? Iranian medium and short range missile installations also come to mind. Does he *have* the Siemens PLC configuration from the nuke plant in his hot little hands? Or does he even have the model numbers?
Reading TFA, no.
Peterson believes that Bushehr was possibly the target. "If I had to guess what it was, yes that's a logical target," he said. "But that's just speculation."
Well, there you go. Nothing to see here.
That's not to say that actual cyber-warfare is not happening, but to come out with wild-ass speculation and present it as newsworthy reminds me of Fox "News" and the rest of the Murdoch "empire."
--
BMO
Definitely. Using more conventional power generation technologies, they are a target for aerial bombing. If a nuclear power plant were to be bombed, any sort of disaster might occur making the bomber look extremely evil. (The only way they could hope to get away with it is to make the bombing look as if it came from Iran itself.) In any case, enemies would be less inclined to attack a nuclear power plant as opposed to conventional ones.
As to who is responsible for the targeted malware? I can't imagine.
One of the most effective ways to penetrate a company is to drop a couple of USB sticks in their parking lot with some "special" autoinstalled software. Someone sees it, picks it up, takes it in side and plugs it in to see what's on it. A few boring things, maybe a naked picture of someone, and a rootkit.
I've worked for a couple of companies which have had security audits performed on them that included hiring outside firms to do "social engineering" penetration tests to see how good the employees are about that sort of thing. It's strange... someone who won't be fooled by "we're from IT and need your password" sweet-talk and who would never open an attachment to an email will happily stuff a flash drive into their computer. The penetration testing firms tell me they almost always get a hit with the USB drive trick. (And, for the record, one of my companies passed the test, 100%. Woot! Let's not talk about the other, though...)
So yeah, physical devices > air-gap.
Everybody gets what the majority deserves.
Iran wants to provoke a conflict with Israel. It doesn't want to start one. There is apparently an Islamic sect that believes in their version of Rapture and they believe it will be triggered by Israel's attack on Iran. Iran cannot be the aggressor here - that's the belief at least. Iran will then be saved by the 12th Imam. And that's the Islamic version of Rapture.
"Our revolution's main mission is to pave the way for the reappearance of the 12th Imam, the Mahdi," Ahmadinejad said in the speech to Friday Prayers leaders from across the country.
http://analysis.threatswatch.org/2005/11/understanding-ahmadinejad/
There are a number of crazzy sites that "predict" stuff about him,
http://www.satansrapture.com/hitler2.htm
"Bush said: 'God said to me, attack Afghanistan and attack Iraq.' The mentality of Mr. Bush and Mr. Ahmadinejad is the same here - both think God tells them what to do," says Mr. Mohebian, noting that end-of-time beliefs have similar roots in Christian and Muslim theology."
http://www.csmonitor.com/2005/1221/p01s04-wome.html
Iran will not start hostilities :)
Brilliant - let's get one up on the Iranians by messing with their nuclear reactor controls! What could possibly go wrong?
Maybe less than would go wrong if Iran got the bomb?
I don't know how likely that is, but I'm guessing whoever did this probably has a different calculus than I do for weighing the two, like (Iranian civilian deaths)= 0.1(own civilian deaths). So from their perspective, probably not much could go wrong.
Apparently you have never called an Iranian "Arab". Iranians take it personally.
Iranian's don't like being called Arabs; A) They are Persians, B) They feel proud being associated with the Persian empire and the culture they inherited.
In fact, during my miss-fortunate discussion calling an Iranian an Arab, I felt the individual almost felt insulted.
What does this say about reactor safety system design?
Nothing, because the entire scenario (adjust parameters...meltdown) is a fiction that exists exclusively inside your head.
The reactor is a Russian PWR that follows contemporary design principles and has parity with western reactors. The ECCS is not subject to the exclusive control of vulnerable PLCs. Safety systems aren't networked together in Ethernet broadcast domains waiting for stuxnet infections. Worst case; control rods can be inserted manually and feedwater/HPCI/LPCI pumps activated manually regardless of the state of any given PLC. The manual controls on these safety systems are deliberately simple for a reason.
Maybe a really clever attack designed to confuse operators into making the wrong decisions (see TMI-2 1979) could produce core damage. This still isn't some containment free RMBK graphite bomb reactor like Chernobyl. Contained PWR designs are more forgiving; they don't contaminate things even when they do melt down.
Maw! Fire up the karma burner!
That's because it does. You just need to be a *little* slyer. (Not much.)
This is one point where it really does matter what the target OS is. If your USB is vfat, then you can't have allow execute set to true. But if you use a properly targeted file system (say ext3), then you can set execution permissions. Or even just make it a tar.gz file, and when it's expanded, it ends up with execute permissions set. So you open a jpeg, and actually execute a script that opens the jpeg while executing something else in the background.
(Allowing tar files so set the execute permission is a big weakness...and a vast convenience. But that should require running a separate script or chmod with root permissions.)
I think we've pushed this "anyone can grow up to be president" thing too far.
As an American, I am frightened and angered by suspicious level of knowledge combined with your lack of jingoism. I can only assume that you are on the side of the terrorists. I'm watching you.
I swear to God...I swear to God! That is NOT how you treat your human!
Yeah, that sounds familiar. Several years ago there was an article in National Geographic about Persia and the current Persians. It was a very interesting read, much of it talked about the ability to lie or deceive, which is a very important trait to have. Since Persians as a people have been conquered or invaded so many times, they have learned that they cannot speak openly about what they believe. They make a big show of being hospitable (and actually are), they smile and talk, but the people interviewed mentioned how this isn't actually what they're like. In private they're different, but in a culture that is constantly being invaded and attacked, they've learned that it is in their interests not to openly talk about what they really believe. No doubt many Persians harbor ill feelings towards Arabs and the religion they brought with them, they still see them as invaders.
"Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black
I'm sorry, but your view of Iran seems very skewed and you're being modded as Informative when really you just seem to be voicing your own opinions.
Persia was first conquered by Muslim Arabs in 644.
One thousand, three hundred and sixty-six years ago, yes. I hardly think this comes into play in modern Iranian politics. The idea that there's some sort of insidious infestation of Arabism that has festered in Iran for over a thousand years seems pretty silly. Also, the idea that Iranians were converted to Islam by force has been mostly discredited.
Many Persians refer to the 1979 revolution as the second Arab invasion of Persia.
"Many" is a weasel word. The ones you've been listening to apparently believe that. But this interpretation ignores the fact that the 1979 revolution in Iran was largely a populist political revolt against a brutally oppressive regime backed by the foreign interests (the U.S.). Some people protested the societal changes that came with the new Islamic state, yes. But the vast majority welcomed it.
If Iran was "invaded by Arabs" in 1979 and everything since has been part of some big Arab conspiracy, how do you explain that the majority Muslims in Syria, Iraq, Jordan, Yemen, and Kuwait are Sunni, while Iran is a Shi'a republic?
And if Iran has been "invaded by Arabs" since 1979, how do you explain the events of 1980 when Iran was, oddly enough, invaded by Arabs? Iran fought a bloody war against Iraq for the next eight years.
And when Mahmoud Ahmadinejad talks about improving his countries ties with "Arab nations" and "the Arab world," what's he doing -- putting up a front for appearances' sake? Your comment elsewhere that his mother "is believed to be descended from Muhammad's bloodline" doesn't hold much water.
Likewise your comment that Larijani must secretly be an Arab because he's the son of an Ayatollah doesn't make sense either. You don't have to be an Arab to be a Muslim, and your insistence on conflating the two smacks completely of jingoism, despite what the other responder says.
Breakfast served all day!
What everyone including parent post has so far overlooked is that the announcement of this story is ALL BY ITSELF damaging to the Iran nuclear development effort.
Whatever the goal of Stuxnet might be, Iran must now spend time and effort checking whether all kinds of computer control systems include hidden time bombs... things that might do anything from overspinning centrifuges until they break to overheating core enough to warp the fuel rods and force their replacement. And the only sure way that Iran can proceed from this point is to replace all the PLCs with homegrown technology... but it would take them a decade or more to develop that technology on their own. I don't think they have any microchip manufacturing capability at all.
All this has been accomplished at the very low cost of publicizing a few factoids within a very suggestive framing in such a way that third parties are going to fall all over themselves to do further investigation in ways that can only magnify the perceived risks. This is a perfect con game. The more so because even if someone comes out and says its a con, Iran cannot afford to rely on that. Stuxnet might not even have a payload, but it will still cause the Iran nuclear effort months of delay. Long enough, probably, to lay the groundwork for Son Of Stuxnet, whatever that might be.
Will