Slashdot Mirror

← Back to Stories (view on slashdot.org)

Stuxnet Worm Claimed To Be Devastating In Iran

Posted by CmdrTaco on from the new-same-world dept.

sciencewatcher writes "At debka.com, a website associated with intelligence communities focusing on the Middle East, the claim is made that Tehran this week secretly appealed to a number of computer security experts in West and East Europe with offers of handsome fees for consultations on ways to exorcise the Stuxnet worm spreading havoc through the computer networks and administrative software of its most important industrial complexes and military command centers."

4 of 390 comments (clear)

  1. DEBKA is totally unreliable. by Noryungi · · Score: 5, Interesting

    This is DEBKA. Completely ridiculous website, riddled with disinfo.

    Example:

    Not only have their own attempts to defeat the invading worm failed, but they made matters worse: The malworm became more aggressive and returned to the attack on parts of the systems damaged in the initial attack.

    'nuff said.

    Of course, that does not mean Iran is not hit hard by Stuxnet - just that everything you read at this site should be taken with a big grain of salt.

    --
    The right to offend is far more important than the right not to be offended. (Rowan Atkinson)
  2. Re:Spreading havoc? by elrous0 · · Score: 5, Interesting

    Having looked carefully at this worm (I'm preparing for a presentation on it at a local security conference), I can tell you it almost certainly wasn't written by one guy. It's the most complex piece of malware I've ever seen. It's written in three languages (C and C++ on the Windows side, MC 7 assembly language on the PLC side), it uses four different Windows exploits and two stolen code-signing certificates from companies in Taiwan (both of which read as legit until just recently), and it has one of the most aggressive and clever rootkits I've ever seen. And that's not even getting into how it can update itself. Unless said disgruntled employee was the goddamn jedi master of hackers in addition to his day-job, I would say this is definitely a major team effort (a very specialized team).

    --
    SJW: Someone who has run out of real oppression, and has to fake it.
  3. Re:Perhaps it's just me... by Iphtashu+Fitz · · Score: 5, Interesting

    Any modern-day reactor should have an out-of-band method of SCRAMing that doesn't rely on computer control of any sort. A common approach is to have control rods held physically over the nuclear fuel by electromagnets. If power is cut to the electromagnets for any reason then gravity drops them into place and the reaction ceases. If monitoring systems don't automatically cut power to the SCRAM system then it would just take a worker pushing a button. Heck, they may even have fuses located around the reactor that would melt in the presences of excessive heat or the presence of radiation, causing power to the magnets to be cut. So the likelihood of a computer worm causing a meltdown is highly unlikely unless the Iranians are stupid enough to disable the SCRAM system.

  4. Re:Spreading havoc? by Lord+Ender · · Score: 5, Interesting

    The Air Force was recruiting hackers at DEFCON this year. The recruiter actually said they will take anyone, regardless of criminal record.

    It seems reasonable that you wouldn't let criminal hackers work on your own defensive systems. So what *would* you do with them? You would develop offensive technology--that doesn't require the developers have any access to your own infrastructure.

    --
    A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.