Slashdot Mirror
Stuxnet Infects 30,000 Industrial Computers In Iran
eldavojohn writes "The BBC and AFP are releasing more juicy details about the now infamous Stuxnet worm that Iranian officials have confirmed infected 30,000 industrial computers inside Iran following those exact fears. The targeted systems that the worm is designed to infect are Siemens SCADA systems. Talking heads are speculating that the worm is too complex for an individual or group, causing blame to be placed on Israel or even the United States — although the US official claims they do not know the origin of the virus. Iran claims it did not infect or place any risk to the new nuclear reactor in Bushehr, which experts are suspecting was the ultimate target of the worm."
"Siemens has advised its customers not to change the default passwords"
http://news.cnet.com/8301-1009_3-20011095-83.html
great....good security there
The future of diplomacy.
I think that the serious hacking groups could totally pwn the United States on "cybersecurity" if they bothered.
It pains me to say, that maybe we've forgotten the power of individuals and small groups being dedicated to causes which are directly connected to neither State initiatives, nor immediate profit.
"They were pure niggers." – Noam Chomsky
I read somewhere that there are no Siemens systems in Bushehr, making that particular plant immune to this worm. Is that true?
How do those trojans spread? Isn't virtually every Windows client box behind a firewall these days? Or are mostly Windows Server OS affected?
Old news, all info listed here has been known for weeks.
If Iran really is trying to develop a nuclear weapons ability, then they're heading for a nasty conflict one way or another.
If conflict is inevitable, then it's probably far better for their computers to catch a nasty flu, than for people do due in a U.S./Israeli airstrike.
Yeah, that'll teach'm to open up emails and PDFs titled "Death To America!" while running an OS and applications software written and controlled by a U.S. company.
I have a hard time taking it seriously that a "Nation State" is the most likely source of the infection and I have an even harder time that it is the Untited States behind it. Siemens is a huge (German) manufaturer of control systems, their equipment is installed throughout the industrialized world. The Bushehr reactor is being built with help from Russia but I am sure there are engineers from many different countries involved (notably absent would be Israel and the U.S.). These engineers should include people responsible for the security of both the Windows and the Siemens systems.
I would argue that these engineers are the likely source of the information used to create the 'worm'. They have to be. Nobody else should have the information available to them to program the specific scenero to meet all of the inputs required to cause the mayhem the worm is intended to cause.
Perhaps over a couple of beers they decided they didn't like some of the things they were seeing? Maybe they wrote the worm or maybe they just provided the information to the people that did. But either way, it reeks of being an inside job.
"Hey, we just want them fucked up. We don't give a shit about the details."
"Talking heads are speculating that the worm is too complex for an individual or group, causing blame to be placed on Israel or even the United States "
How does "too complex for an individual or group" equate to "must be Israel or the United States"? I hope I'm reading this wrong.
Otherwise I might have to troll about "German companies blaming the US and the Jews for everything" or something.
do() || do_not();
are government sponsored "cyber armies," and constitute some sort of nefarious plot to bring down the United States (or Israel), then what is this?
But hey, these guys are on your team, so it's cool and it's all good, when the guys on the other team are evil demons who threaten your existence.
"new nuclear reactor in Bushehr" named in reference to the Bush era?
While Bush Sr had it, Bush Jr was the worst president for a century.
"Siemens"
"Bushehr"
Hehehehehahahehehehe
Flip the target.
What would we be seeing in the headlines? "Cyber Terrorists attempt to take down US power grid with VIRUS."
Of course that would never happen here. We don't connect our power grid to the same networks that regular Internet traffic travels. We never have security breaches or virus infections at classified facilities. I'm so glad the US is 100% safe from this type of scenario now, and will be forever.
/gingerly rolls eyes....
From Slashdot: The attackers behind the recent Stuxnet worm attack used four different zero-day security vulnerabilities to burrow into — and spread around — Microsoft's Windows operating system, according to a startling disclosure from Microsoft. Two of the four vulnerabilities are still unpatched.
Servers you right using Windows for anything critical. Are they waiting one month for a fix as the rest of the Windows users?
http://www.mueller-public.de - My site http://www.anr-institute.com/ - Advanced Natural Research Institute
So assume the US or Israel were at direct fault for this, ignoring the fallacy of "no single group" for a moment.
Why is that a problem, exactly?
We've got many, many quotes from the Iranian leaders (many of them) which are along the lines of:
* death to Israel
* we will hit Israel with a nuke
* we wish to see Israel as bright as the sun
* we can hit Europe with our ballistic missiles!
* America is our Enemy
This, all in light of their nuclear program having no explicable goal at this point aside from nuclear weaponry. A year or two ago, you could excuse it as being for 'peaceful means' but not any longer.
If someone says "I'm going to come over and beat the shit out of you sometime this week while you sleep" you act proactively, one way or another.
I would much rather the approach of calling the police and getting them put on house arrest than the approach of boarding up the guy's house and burning it down.
If people do conclude this was a US/Israel attack, they should take it as an indication to everyone watching that the US and Israel are not bloodthirsty. This is about as non-aggressive as you can get in terms of a physical attack, and the thought and planning involved is significantly more than simply launching an airstrike or missiles.
~/ssh slashdot.org ssh: connect to host slashdot.org port 22: too many beers
it has caused irreparable damage to the pumps that used to pump oil onto tankers for export to the US.
just read
http://frank.geekheim.de/?p=1189
Comment removed based on user account deletion
I didn't know they had that many computers over there.
The Soviets also never said "we will hit the US with nukes". Instead, they were all about "world peace" and "progress". Read Churchill's Fulton speech to understand how these things work in reality.
> Iranians do see Israel and the US as enemies, since the US overthrew the democractic government of Iran in the 1950s, and tried to do it again after 1979.
You make it sound like a simple matter of political history, like Eastern Europeans not liking Russia because it successfully occupied them, and Finns not liking Russia because it tried to. Neither, however, involves calling Russia "the Great Satan" and the like. Maybe Iran being a militant Islamic theocracy has *something* to do with its enmity towards the US? This placement of the US at the cusp of religious hate far predates Bush and Rumsfield.
As to potential peacefulness of Iran's nuclear program, you simply misunderstand technology. For any advanced military application, there have to be many overtly civilian technological dependencies. Tanks are made in "tractor" factories, which can also build some tractors on the side; peaceful space flight and ICBMs are basically the same rockets; a "peaceful" reactor generating plutonium can generate some energy for the national grid, too. The last step to the actual weapon is quite short and takes a couple of years, once the "peaceful" tech infrastructure is built.
after all iran's efforts to whitewash the internet and control what folks can access, for them to catch a virus and spread it all around is just PRICELESS. couldn't happen to a more worthy bunch of DICKS.
Remember kids, if you're not paying for the service, YOU ARE THE PRODUCT THAT IS BEING SOLD.
Someone with a high degree of motivation and insider knowledge had to be responsible for such a pointed attack. Someone just wanting to create some havoc could have just built a worm that probes the network for modbus tcp devices and started firing values into the registers.
Got Code?
It w3as signed by a puppet of the US, then the puppet thrown out in the 79 iran revolution, and the NNPT went down the drain at the same moment. So really, STFU. Current Iran DID NOT sign the NNPT.
that is, if you believe in terrible things happening, you actually wind up creating the conditions for terrible things to happen, both directly and unconsciously. it does not surprise me at all that the middle east is on the brink of armageddeon style war, because of all the assholes in the middle east who so fervently believe in dusty old books full of armageddeon style war
in other words: fuck judaism, fuck christianity, and fuck islam. the world would be a much better place without the abrahamic religions. it is no coincidence at all that the middle east is a hot bed of suffering due fervent beliefs, it is a direct consequence of what the bullshit the assholes there believe in
i actually do believe it is important to have faith in something and believe in something in this world. but neither judaism, christianity, nor islam are valid things to believe in. i spit on those religions, for the suffering they have brought the world
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
It's the USraelis trying to hit the Iranian centrifuges... http://www.langner.com/en/index.htm Obvious....
So when they call tech support and inevitably speak to some one in India, Is the technician allowed to use a name that is appropriate to the region or will they still be forced to use a fake American name, such George?