Stuxnet Infects 30,000 Industrial Computers In Iran

eldavojohn writes "The BBC and AFP are releasing more juicy details about the now infamous Stuxnet worm that Iranian officials have confirmed infected 30,000 industrial computers inside Iran following those exact fears. The targeted systems that the worm is designed to infect are Siemens SCADA systems. Talking heads are speculating that the worm is too complex for an individual or group, causing blame to be placed on Israel or even the United States — although the US official claims they do not know the origin of the virus. Iran claims it did not infect or place any risk to the new nuclear reactor in Bushehr, which experts are suspecting was the ultimate target of the worm."

Re:strange conclusion.

[O('_')O_Bush]

Really? Because, as someone who has worked in gov't related cybersecurity, I can tell you that they try all the time.

There's no shortage of reasons for hackers to want access to data (classified or otherwise) really really badly.

You just need to get the hollywood fabricated ideas about teams of small teams of omnipotent superhacker "gods" out of your mind, because they don't exist.

Re:strange conclusion.

[retchdog]

no, of course they aren't omnipotent gods, but on the other hand you don't need to be a god to cause serious damage to human beings. you just need to be intelligent; properly specialized; and oddly motivated. fortunately, the old "pick two of three" rule seems to apply here. :)

I do personally know some security professionals whom I suspect would have a pretty good shot at something like this, if they were both unethical and had a little bit of inside knowledge.

admittedly, most of what i know about US gov't cybersecurity is what i read on slashdot which tends to be negative. so i am biased there. still, it's a bit hasty to assign credit to a state. small groups of the right people could get a lot done. i mean, all you need is the information; this isn't the manhattan project.

Leaps of logic

I have a hard time taking it seriously that a "Nation State" is the most likely source of the infection and I have an even harder time that it is the Untited States behind it. Siemens is a huge (German) manufaturer of control systems, their equipment is installed throughout the industrialized world. The Bushehr reactor is being built with help from Russia but I am sure there are engineers from many different countries involved (notably absent would be Israel and the U.S.). These engineers should include people responsible for the security of both the Windows and the Siemens systems.

I would argue that these engineers are the likely source of the information used to create the 'worm'. They have to be. Nobody else should have the information available to them to program the specific scenero to meet all of the inputs required to cause the mayhem the worm is intended to cause.

Perhaps over a couple of beers they decided they didn't like some of the things they were seeing? Maybe they wrote the worm or maybe they just provided the information to the people that did. But either way, it reeks of being an inside job.

Re:Leaps of logic

[IamTheRealMike]

The skills "reprogram industrial PLCs" and "find four new zero days in Windows" don't overlap a whole lot. Given what this virus does, it's very hard to believe it's the work of one or two guys. The whole thing smells strongly of a highly skilled and well financed team assembled for a specific reason. After all, it apparently is searching for a specific device or type of device and then tries to sabotage it - presumably this code was thoroughly tested, which means whoever wrote it is likely to have a small recreation of parts of the target factory somewhere. Not cheap or easy to set up.

Re:Leaps of logic

[EdIII]

You've completely ignored idealism here. The U.S and Israel are not the only governments with an interest to destabilize the Iranian government. I can see Russia, China, and Jordan having an interest as governments to destabilize Iran, especially, when the U.S and Israel are such convenient scapegoats. Perhaps, even just causing the U.S and Israel some problems would be the end goal of the whole project.

Keep in mind that opportunity costs only matter to criminal organizations... and governments. Criminal organizations would be concerned with lost profit, while governments are concerned with losing an attack vector.

What about the idealism? Out of all of the engineers that have worked on that equipment in Iran, NONE of them had any idealism or conflicts with the Iranian government?

Burning a huge opportunity cost to sabotage a nuclear reactor in Iran certainly sounds like something an idealistic group of "terrorists" would do to stop the Iranian government from becoming a nuclear power.

Note I keep saying Iranian government. There are millions of young people in Iran right now, some of them fairly well educated, sophisticated, and access to funding, that don't consider themselves on board with the current Iranian leaders.

We can speculate all day who really might have done this, but we can't rule out home grown terrorism here either.

Re:Leaps of logic

[moortak]

We also can't rule out regional players other than Israel. The UAE has deep pockets a no desire for a nuclear Iran, same deal for Saudi Arabia.

Re:Not so bad of a result

[Dan667]

intersting it is totally ok for israel to have nukes. When is israel going to have weapon inspectors and give them up? If there really was interest in getting this stopped that would be the first step.

Must be reading that line wrong

[devphaeton]

"Talking heads are speculating that the worm is too complex for an individual or group, causing blame to be placed on Israel or even the United States "

How does "too complex for an individual or group" equate to "must be Israel or the United States"? I hope I'm reading this wrong.

Otherwise I might have to troll about "German companies blaming the US and the Jews for everything" or something.

Re:Not so bad of a result

[Ironsides]

When is israel going to have weapon inspectors and give them up?

When Israel signs the Nuclear Non-Proliferation Treaty.

Re:Email titled "Death To America!"

[Grishnakh]

Yep, this is the part that's so funny to me. Iran is so anti-America, Ahmadinejad is spouting conspiracy theories at the UN saying the US orchestrated 9/11, but then they're trusting Microsoft Windows (an American product known for security problems) to run their industrial computers? How stupid can you get?

The Chinese are the complete opposite of these buffoons. They know that relying on another country's secret, proprietary software is foolhardy, so they've adopted Linux for governmental uses and have even developed their own Linux distro, Red Flag. Maybe it can't run all the latest applications or whatever, but trusting a product made by your enemy to run your country's infrastructure is just dumb.

Re:strange conclusion.

[gad_zuki!]

The stuxnet team is most likely the product of a large intelligence department. That is to say a group effort from a nation state, not some independent hacking gods with nothing better to do.

The point is that expertise in scada, coming up with 4 zero days, getting 2 signed driver keys from JMicron and Realtek, and distributing the exploit without the internet to Iranian factories is not something a non-state can do.

Re:Not so bad of a result

[DoofusOfDeath]

True, but it is generally prudent to stop crazed assholes* with the stated goals of wiping other states from the map from having any such weapons.

You mean the Israeli settlers in East Jerusalem and the West Bank?

Re:strange conclusion.

[SashaMan]

Uhh, you're missing the GP's point. It's HIGHLY doubtful a small group of scruffy super smart hackers a la Angeline Jolie and friends in "Hackers" created this virus. Given the complexity you point out (and by the way, you missed a very important point - stuxnet utilizes stolen encryption keys from TWO Tiawanese chip manufacturers), it's much more likely that a large, coordinated government or corporate organization that was able to assemble experts from many different fields was behind the attacks.

Re:Not so bad of a result

[phantomfive]

It's not a double standard, it's a self-centered standard. I am opposed to countries like Iran, who have special holidays for hating my country, getting nuclear weapons. I don't want people who have declared themselves enemies of my country to have nuclear weapons. Unfair? Yes. Do I care, not really. Sometimes there are more important things than fairness (and real fairness in life is impossible anyway).

Re:Not so bad of a result

[Xaositecte]

How often have surrounding Arab states invaded Israel?

How often has Israel invaded surrounding Arab states?

Historical records do not agree with your statements.

Re:Not so bad of a result

[SuricouRaven]

That's shooting rockets *back* as residential buildings. Hamas started on that one - they thought that if they launched their own rockets from residential or public buildings, Israel would be too afraid of the bad PR to risk counterattacking the launch sites. It partially worked.

Israel is not a good neighbour - but their actions are not unprovoked. They have to live with a seemingly endless stream of rockets being fired into their own residential areas over the border, frequent attempts at suicide or car-bomb attacks, and neighbours who routinely say that all jews should be exterminated. Given the circumstances, you can't really blame them for reacting so strongly.

Re:strange conclusion.

MB for complexity? What the fuck? That's like GHz for speed -- there is relation only when you restrict the scenario (e.g. 100% ASM). Apparently you haven't seen any 64KB demos, or 10MB STL+Boost* HelloWorld programs.

* This remark is a detraction of programmer inefficiency, not C++/STL/Boost. It doesn't occur when they are used correctly.

Re:strange conclusion.

[Will.Woodhull]

I agree. Stuxnet, and who knows what will follow it, are similar to the USA Skunkworks that managed to develop and deploy the SR-71 Blackbird in complete secrecy, or before that the Manhattan Project in the USA, and the Enigma work done in Great Britain.

We have a new player on the world stage, and data security is never going to be the same again. Actually we probably have more than one new player, since there are a probably a dozen countries that are capable of doing this kind of thing. And quite possibly they've been around for a long time, hiding behind spammer botnet facades, etc. I find it suspicious that while spammer botnets are supposed to be making their fortunes by selling advertising, there has never been a serious effort to go after the companies that are apparently buying these services. I wonder how many distributors of v14gRuh there really are, and how many are virtual fronts for information gathering and disinformation distribution activities?

Hmm. I prolly read too much Philip K Dick in a younger day.