Slashdot Mirror

← Back to Stories (view on slashdot.org)

Stuxnet Infects 30,000 Industrial Computers In Iran

Posted by timothy on from the we-all-run-from-i-ran dept.

eldavojohn writes "The BBC and AFP are releasing more juicy details about the now infamous Stuxnet worm that Iranian officials have confirmed infected 30,000 industrial computers inside Iran following those exact fears. The targeted systems that the worm is designed to infect are Siemens SCADA systems. Talking heads are speculating that the worm is too complex for an individual or group, causing blame to be placed on Israel or even the United States — although the US official claims they do not know the origin of the virus. Iran claims it did not infect or place any risk to the new nuclear reactor in Bushehr, which experts are suspecting was the ultimate target of the worm."

11 of 263 comments (clear)

  1. I think Seimen's comment is funny by Anonymous Coward · · Score: 5, Interesting

    "Siemens has advised its customers not to change the default passwords"
    http://news.cnet.com/8301-1009_3-20011095-83.html
    great....good security there

  2. this is it by bhcompy · · Score: 5, Interesting

    The future of diplomacy.

  3. Leaps of logic by Anonymous Coward · · Score: 5, Insightful

    I have a hard time taking it seriously that a "Nation State" is the most likely source of the infection and I have an even harder time that it is the Untited States behind it. Siemens is a huge (German) manufaturer of control systems, their equipment is installed throughout the industrialized world. The Bushehr reactor is being built with help from Russia but I am sure there are engineers from many different countries involved (notably absent would be Israel and the U.S.). These engineers should include people responsible for the security of both the Windows and the Siemens systems.

    I would argue that these engineers are the likely source of the information used to create the 'worm'. They have to be. Nobody else should have the information available to them to program the specific scenero to meet all of the inputs required to cause the mayhem the worm is intended to cause.

    Perhaps over a couple of beers they decided they didn't like some of the things they were seeing? Maybe they wrote the worm or maybe they just provided the information to the people that did. But either way, it reeks of being an inside job.

  4. Re:Not so bad of a result by Dan667 · · Score: 5, Insightful

    intersting it is totally ok for israel to have nukes. When is israel going to have weapon inspectors and give them up? If there really was interest in getting this stopped that would be the first step.

  5. Re:Not so bad of a result by Ironsides · · Score: 5, Insightful

    When is israel going to have weapon inspectors and give them up?

    When Israel signs the Nuclear Non-Proliferation Treaty.

    --
    Fly me to the moon Let me sing among those stars Let me see what spring is like On jupiter and mars
  6. Re:Not so bad of a result by Ironsides · · Score: 5, Informative

    I love the double standard! So, if that's the case, then people should STFU about Iran building anything, considering they haven't signed that treaty either...

    Iran signed 1 July 1968. What was that about a double standard and STFU?

    --
    Fly me to the moon Let me sing among those stars Let me see what spring is like On jupiter and mars
  7. Re:Not so bad of a result by Anonymous Coward · · Score: 5, Informative

    Actually, Ahmadinejad never said that. The quote is a mistranslation and has mendaciously used as propaganda by Zionists and useful idiots as proof of Iran's alleged destructive intentions.

    If you bothered to read the entire page you linked to, the Guardian published a retraction: http://www.guardian.co.uk/theguardian/2009/apr/23/corrections-clarifications

  8. Re:strange conclusion. by IamTheRealMike · · Score: 5, Interesting

    So we're arguing about the definition whether the team was "small" or "large" then :-) Given that Stuxnet is around half a megabyte in size, I'd guess the code itself was written by a team of around 5 people, probably with each person owning an area of functionality. Say another 5 for project infrastructure, eg, building testing environments, finding the zero days and doing whatever was required to steal the digital certs.

    I'm sure there is a fairly large supporting cast for this "Myrtus/Guava" project, but I'd wager a crisp benjamin the bulk of the work was done by less than 10 people. Now whether this sort of effort is "small" or "large" is a matter of perspective - for a state sponsored military project it'd be very small, for a computer virus project it'd be pretty large.

    By the way, if the authors of Stuxnet are reading this - nice work, but I seriously hope you know what the hell you are doing. Remotely sabotaging industrial facilities in a part of the world that's on a political knife edge can go wrong in so many ways I don't even want to think about it.

  9. Re:Bushehr as target by IamTheRealMike · · Score: 5, Interesting
    Actually I prefer the theory that it went after the centrifuges at Natanz.

    On July 17, 2009 WikiLeaks posted a cryptic notice:

    Two weeks ago, a source associated with Iran’s nuclear program confidentially told WikiLeaks of a serious, recent, nuclear accident at Natanz. Natanz is the primary location of Iran’s nuclear enrichment program. WikiLeaks had reason to believe the source was credible however contact with this source was lost. WikiLeaks would not normally mention such an incident without additional confirmation, however according to Iranian media and the BBC, today the head of Iran’s Atomic Energy Organization, Gholam Reza Aghazadeh, has resigned under mysterious circumstances. According to these reports, the resignation was tendered around 20 days ago.

    ... and from the same article ...

    A cross-check with the official Iran Students News Agency archives confirmed the resignation of the head of Iran’s Atomic Energy Organization.

    According to official IAEA data, the number of actually operating centrifuges in Natanz shrank around the time of the accident Wikileaks wrote about was reduced substantially .

  10. Re:strange conclusion. by Anonymous Coward · · Score: 5, Funny

    By the way, if the authors of Stuxnet are reading this - nice work, but I seriously hope you know what the hell you are doing. Remotely sabotaging industrial facilities in a part of the world that's on a political knife edge can go wrong in so many ways I don't even want to think about it.

    Thanks for the tip. We'll definitely keep that in mind.

  11. Re:strange conclusion. by IamTheRealMike · · Score: 5, Interesting

    Also while Iran is a major hotspot of infections they aren't the only ones. Indonesia is a close second.

    These things are easy to explain from perspective that assumes a criminal syndicate but hard to explain from the perspective of a theory of state sponsorship.

    Well. Let's ignore the problem of motive for now (there are far easier ways for criminals to turn a profit than this) - one has to wonder why Stuxnet is written as a traditional self-propagating virus.

    Apparently it has some kind of self-kill logic which tries to ensure it doesn't spread after three "hops", which suggests whoever wrote it didn't want it to become a totally uncontrolled worldwide infection.

    Presumably whoever wrote this knew they wouldn't be able to obtain actual physical access to the facility they wanted to damage, nor would they be able to insert an undercover agent, nor would they be able to compromise an existing employee. If you wanted to attack a high security facility and your intelligence agency wasn't able to penetrate it using more traditional techniques, creating a virus that spreads indiscriminately and hoping you get lucky seems like a pretty reasonable strategy.

    The truth may be somewhere in the middle. The top candidates are the US and Israel based on "who dislikes Iran the most". Israeli intelligence has proven several times before they apparently don't care about being detected or involving other nations as collateral damage, see the recent UK passport forging that was a part of an assassination. A guy who used to be a director of anti-proliferation strategy for the US government has remarked that the style doesn't seem like a US operation given how much noise the approach would inevitably create, and the tremendous impact outside of the intended target.

    Now obviously he is biased, but I'd tend to agree with him. It seems kind of unlikely the US would do something so dramatically non-covert. The way Stuxnet works practically guaranteed it would be eventually detected and subjected to intense scrutiny. The fact that there's so many clues and possible evidence trails lying around also suggests that whoever did it wasn't too concerned with being caught, eg, it's possible the stolen digital certs or the C&C servers will provide a trail that can be investigated.

    So out of "countries that hate Iran" which of those is most likely to perform an operation that is very likely to be detected and very likely to piss off a large number of random other nations or organizations? If I had to pick an intelligence agency in the world that most resembled a criminal syndicate, the Mossad would be pretty high up the list. Speculation is fun isn't it.