Stuxnet Worm Claimed To Be Devastating In Iran

sciencewatcher writes "At debka.com, a website associated with intelligence communities focusing on the Middle East, the claim is made that Tehran this week secretly appealed to a number of computer security experts in West and East Europe with offers of handsome fees for consultations on ways to exorcise the Stuxnet worm spreading havoc through the computer networks and administrative software of its most important industrial complexes and military command centers."

Re:So what's the word, people.

[Bert64]

Doesn't really matter either way...

Iran was grossly negligent in allowing their critical infrastructure to run on software controlled by a hostile government (and which they most likely had to pirate because there are export restrictions against iran).

Spreading havoc?

[brian0918]

It's my understanding that Stuxnet was designed to only *do only* to one certain computer/system that was specifically targeted. On all other computers that do not match the signature of that computer, it leaves them alone. So what is the "havoc" that it is causing?

Re:Spreading havoc?

[__aaqvdr516]

IAAICT (I am an Instrumentation and Controls Tech)

Stuxnet specifically targets Siemens Simatic Wincc software and associated PLC's. Essentially, the Wincc software is the programming base to interact with the PLC's, which are discreet CPU/memory clusters running optimized code for whatever it is you'd like to do. There are many PLC manufacturers and they use their own programming software to upload/download to their cpu's. The fact that this worm only interacts with Siemens software is not surprising as Siemens is one of the major manufacturers of industrial equipment. I have a large number of Siemens devices all around where I work. I do not use Siemens PLC's though, so I am unaffected by this worm.

This whole thing smells to me like a disgruntled software guy that used to work for Siemens.

Re:So what's the word, people.

[Darkness404]

...Except for the fact that encryption software is often times classified as "military" technology, making the distribution of most software impossible.

Re:Millions?

Sadly, most industrial control stuff runs on Winderz. It's all DCOM-based and takes so much banging your head against the monitor to get configured and working properly that oftentimes, you end up having disabled most any security features available out of sheer "maybe THIS will work" frustration. When you finally DO get it working, the last thing you want to do is go back and start turning on the security features as it will just break this fragile house of cards.

At least that's been my experience with it.

Posting anonymously cuz I just kind of admitted I'm DOING IT WRONG. But I swear it's true.

Re:So what's the word, people.

[NatasRevol]

Well given that they're running Windows for critical infrastructure & military command centers - apparently without AV, I'd say that yes, they did do it to themselves.

Re:So what's the word, people.

[bsDaemon]

Clinton issued an executive order placing cryptographic software under the dominion of the Commerce Department with regards to export, and the Commerce Department simplified export rules to make things easier. However, they can always take it back, its not law, just policy.

Re:So what's the word, people.

[rtb61]

The catch with the whole theory of a software hack, the stuxnet worm is far too tightly tied to Iran, hardware is far more likely to be the culprit rather than software. So hardware infrastructure in Iran, well if it was sourced from China or Russia likely safe, except of course in companies head quartered elsewhere were involved.

So access to windows source and Siemens PLC seems a must, so the really only leaves two suspects. Now if the worm in industrials plants result of industrial accidents that kill people, then clearly it would be an act of war, which would be pretty stupid because there are far more effective means of crippling infrastructure with far more primitive methods.