Slashdot Mirror
Stuxnet Worm Claimed To Be Devastating In Iran
sciencewatcher writes "At debka.com, a website associated with intelligence communities focusing on the Middle East, the claim is made that Tehran this week secretly appealed to a number of computer security experts in West and East Europe with offers of handsome fees for consultations on ways to exorcise the Stuxnet worm spreading havoc through the computer networks and administrative software of its most important industrial complexes and military command centers."
Do you think the US did this in an official capacity, an "official" capacity, or had nothing to do with it?
Living With a Nerd
A communications disruption can mean only one thing - invasion.
well, what better time to fix that pesky reactor.
* Winners compare their achievements to their goals, losers compare theirs to that of others.
http://english.farsnews.com/newstext.php?nn=8907061756
why don't they just use firefox instead of ie??
the only problem with this contract is just how much of a target one can become if one decided to go for the money and the fun of 'exorcising' the demon from the nuclear power plant (and whatever else) systems.
You can't handle the truth.
...it really stux to be iranian.
Does it run on Linux? For once a relevant question... ;)
I'm not a fan of quoting anything from a website whose motto is "We start where the media stop".
I scream. You scream. I assume that means we're both acquainted with the problem. We proceed.
While Tehran has given out several conflicting figures on the systems and networks struck by the malworm - 30,000 to 45,000 industrial units - debkafile's sources cite security experts as putting the figure much higher, in the region of millions. If this is true, then this cyber weapon attack on Iran would be the greatest ever.
Millions? They have that much interconnected? I mean really, when Seimens or some other industrial supplier comes in, do they automatically say, "Oh, we need to have this connected to the internet for critical software updates." ? Do they use Microsoft's updating methods?
I really can't believe that they are that careless. I think the number cited by the Iranians are mostly networks connected to the internet - non-critical networks.
RIP America
July 4, 1776 - September 11, 2001
But I'm having a really hard time getting upset over the Iranian government being brought to a crawl by a computer virus. These ARE the same people that have made no bones about wanting to commit genocide against all Jews, and have tortured and murdered millions of their own people.
Personally, I hope it causes a total collapse. Perhaps then the Green Revolution people (those that are still alive, anyway) can have a chance at creating a true Democracy in Persia. The Persian people certainly deserve it.
What DOES worry me is that this is, in some ways, a "genie out of the bottle" moment. Formal "Weaponized" use of a computer virus to attack a state. While I'm sure it was inevitable, it is still a bit of a shock to know that the day has arrived.
All the more reason to be sure to be using a variety of redundant and disparate OS types to support your infrastructure I guess.
Official Heretic from the "Church of Global Warming". Proven right thanks to whistle blowers. AGW = Flat Earth Theory
This site has a lot of seemingly tantalizing information, but a lot of it is BS. It reported that one of Saddam's palaces had huge glass covered aquariums where sharks would swim under your feet. Now that all the palaces have been 'visited', there have been no reports of any such thing.
Or something like that. Could get a bit scary, push comes t5o shove and all that. I wonder who will get hit with the retaliatory strike?
Alternatively, I wonder if this is the retaliatory strike?
You are in a twisty maze of little passages, all alike...
Best Slashdot Co
Are these guys reliable at all? On the face of it, I don't see any reason to accept DEBKAfile's "intelligence and Iranian sources".
The first thing the Iranians will want to do is to re-release this thing into the west.
This could hurt.
(repost as the first one isn't showing up)
They would in any case have an incentive to give the impression that everything grinds to a halt. The more their nuclear programme slows down the longer it will be until Israel feels the urgent need to bomb it.
I like to play a little game called "Which world do we live in?". You describe two worlds that are generally similar but differ on some characteristics, and try to find out which of the two worlds we live in, or ways to go about finding out. I am not sure of an easy way to find out in this case.
If anything he said was untrue, I feel certain you would improve your argument against his statements, by providing information from factual unbiased sources. Just saying. *waits for offtopic mods*
Reply to That ||
It's my understanding that Stuxnet was designed to only *do only* to one certain computer/system that was specifically targeted. On all other computers that do not match the signature of that computer, it leaves them alone. So what is the "havoc" that it is causing?
This is DEBKA. Completely ridiculous website, riddled with disinfo.
Example:
Not only have their own attempts to defeat the invading worm failed, but they made matters worse: The malworm became more aggressive and returned to the attack on parts of the systems damaged in the initial attack.
'nuff said.
Of course, that does not mean Iran is not hit hard by Stuxnet - just that everything you read at this site should be taken with a big grain of salt.
The right to offend is far more important than the right not to be offended. (Rowan Atkinson)
jokes aside Stuxnet worm is pretty scary. researchers definitely believe it was developed by something with significant backing. it's very sophisticated and extremely targeted. It contained multiple 0 day exploits and was designed specifically to disrupt industrial systems.
though this article contradicts others i have read that say due to its specificity that it wasn't too damaging.
also a note: these systems aren't necessarily internet connected the worm is designed to infect usb drives so it can reach systems which are unconnected for security reasons.
this type of crap scares me because i'm not confident that the US infrastructure is hardened enough o protect against malicious cyber attacks.
Got stux with windowz ? unstux that with Linux or even better freebsd !
"The uniform shout of the Iranian nation is forever 'Death to Israel.'" --Iranian president Mahmoud Ahmadinejad
Coder's Stone: The programming language quick ref for iPad
"Israel" != "all Jews"
I am trolling
I know that Mossad, the CIA, or whoever did this probably intended this to be a one-shot deal and didn't expect it to go as viral as it did. But I hope they truly appreciate what a nasty thing they've started. Now everyone will be doing it. And these sorts of viruses have the potential to cause real-world loss of life.
All this for a petty strike against a country that probably didn't even work (and would only have pushed them closer to war even if it had).
SJW: Someone who has run out of real oppression, and has to fake it.
What I don't understand is why the *heck* the SCADA systems running Iran's { illegal | sooper-sekrit | stealth } nuclear weapons program aren't air-gapped! Isn't that something like standard procedure?
Debka is BS at times and Israeli misinformation at other times.
Take a look at the wikipedia page on Ahmadinejad and Israel. He's pretty nuts and definitely wants to get rid of Israel. I don't see a quote about genocide though, just wants to get rid of the state; weird comments about the holocaust and 9/11.
The more people I meet, the better I like my dog.
Go ahead and mod me down, but it's only a matter of time before this happens again. You either accept the liability and put your trust in microsoft for patches, or do something else. It's not a stretch to expect more of the same.
"At the same time, the company said it would not patch Windows because doing so would cripple existing applications."
http://www.computerworlduk.com/news/applications/3236953/microsoft-confirms-unpatched-vulnerabilities-in-key-enterprise-programs/
"The security firms also notified Microsoft of two other unpatched bugs that the Stuxnet worm exploited"..."Microsoft said last week. It has not set a timetable for the fixes, however."
http://www.techworld.com.au/article/361843/microsoft_confirms_it_missed_stuxnet_print_spooler_zero-day
"was first identified by information security researchers in June"
http://www.gartner.com/DisplayDocument?doc_cd=207166&ref=g_homelink
boycott slashdot February 10th - 17th check out: altSlashdot.org
Or just install AV on all the Windows machines...that you have running critical infrastructure and military command.
There are two types of people in the world: Those who crave closure
remedy is simple...
install some form of linux instead of windows, and run the scada software through wine
"The malworm became more aggressive and returned to the attack on parts of the systems damaged in the initial attack.
One expert said: "The Iranians have been forced to realize that they would be better off not 'irritating' the invader because it hits back with a bigger punch."
Ripley: How do we kill it Ash? There's gotta be a way of killing it. How? How do we do it?
Ash: You can't.
Parker: That's bullshit.
Ash: You still don't understand what you're dealing with, do you? Perfect organism. Its structural perfection is matched only by its hostility.
Lambert: You admire it.
Ash: I admire its purity. A survivor... unclouded by conscience, remorse, or delusions of morality.
Parker: Look, I am... I've heard enough of this, and I'm asking you to pull the plug.
Ash: [Ripley goes to disconnect Ash, who interrupts] Last word.
Ripley: What?
Ash: I can't lie to you about your chances, but... you have my sympathies.
Just the ones that live in Israel. Great argument there.
There is a war going on for your mind.
Dear Coward, take note:
1) Your tone is horrendous. There are certainly a large number of people who will assume that the link you're offering is the same kind of angry, insulting tripe with which it is surrounded.
2) Your link could well be one of the most enlightening things on youtube. I'm going try to verify that it is true independently before deciding, but this could be bigger than Pat Tillman.
My advice to you is to tone down the bullshit, and stick to the salient, intelligent points being made. This could be difficult, due to the obvious emotion you're displaying, and so I wish you luck either way.
I never knew he spoke English. Or maybe, just maybe, that is a favourable translation...
Take a look at the wikipedia page on Ahmadinejad and Israel. He's pretty nuts and definitely wants to get rid of Israel. I don't see a quote about genocide though, just wants to get rid of the state; weird comments about the holocaust and 9/11.
Denying the holocaust is a crime in many countries. Since history is written by the victors, is it really any surprise that people not of that group may question the facts as presented by the victors. After all, consider the "facts" that Colin Powell presented to justify the invasion of Iraq, Also bear in mind that Mr A is playing to an audience. Here in Australia a certain Mr Katter may be "nuts" to many but he is loved in his electorate. For those in the US that don't understand the reference just insert the name of your local evangelical leader and that will probably do the job.
AC's are always so eloquent, aren't they?
How does it make you feel, wanting so deeply to disrespect me, and yet lacking the ability to come up with anything better than the above? Surely you know that I've seen far worse, and your comments would do nearly nothing in the way of harm to anyone who has spent more than five minutes on the internet.
Kinda sad, really.
thumb drives
Siemens has released a detection and removal tool for Stuxnet. Siemens recommends contacting customer support if an infection is detected and advises installing the Microsoft patch for vulnerabilities and disallowing the use of third-party USB sticks.[19]
Most modern reactor designs have a difficult time going critical. They are made such that if coolant goes away, they stop working. Depending on the kind of fuel you use you can set it up so that when the coolant goes away the excess heat causes things to spread out and thus the reaction slows. It gets hot, but not hot enough to melt down. Not fool proof, nothing is of course, but makes it pretty hard for things to go critical even in a worst case scenario.
It also should be noted that often the SCRAM systems go beyond that. The rods will have springs behind them to force them in quicker, and there are usually secondary systems to drive them in as well, should the primaries fail.
Over all, the world did a pretty good job learning from the problems of early reactors and it is pretty hard to cause a meltdown these days, with a modern reactor design at least.
Do remember that the people who build these have a large vested interest in making sure they DON'T go critical, even in adverse situations. Safeties are taken seriously.
have a look at the whois for debka
Registrant:
DEBKAfile Ltd.
4, Hamaapilim St.
Jerusalem, 92545
Israel
why should anyone trust news about Arabic interests that is published by people living in Israel ?
it would certainly suit Israeli interests to discredit the security of Iran and its the kind of racism that
seems to be all too common in Israel .
Toodle-pip
Amias
[site]
...Tuxnet.
or... ...Suxnet.
My Karma speaks for itself, and I fully understand the weight and value of your opinion.
There are others mentioning the Linux plus VM (or WINE); but, from what I heard how it infects is more insidious than previous rootkits. It fakes out the OS to hide itself (though it hides in plain site). In short, this virus may be the most difficult one to forcefully remove we've seen.
Who knows how far backups for the SCADA system are infected. Is the firmware infected? It sounds as if the PLCs are infected as well.
What worries me with weaponized virus attacks from nation-states, is what if another entity mutates your virus to hijack it for their purposes? It seems like that is the next inevitable step.
So, thanks NSA/Mossad/HamsterNinjas to giving the Eastern Bloc keys to my bank account.
(Who am I kidding, I meant to my porn collection.)
m
Atlas Shrugged : Thematic Story
Step one, never ever, link a computer that is critical and or military in nature. We all hear never should any computer used to control the power grid be placed connected to the internet, follow this rule, as your #1 priority, then the rest follows, no matter how many times you fix it, it will return broken because you are connected to the biggest network of hackers of all, the internet...!
Given the apparent complexity of this worm, what are the chances that it was actually developed by the US Military, Israeli intelligence, or a US ally? Just because the US military has a poor history of securing many of its servers doesn't mean it couldn't pull together a sophisticated attack. None of the major US media outlets have (to my knowledge) even seriously raised the idea that Uncle Sam could be behind it. It's one "conspiracy theory" that seems just plausible enough to believe.
I use irony whenever I can, but my shirts are still wrinkled...
BobMcD,
Heh, haven't you learned yet? Don't feed the trolls.
This is why I browse with AC's auto-set to -1. If someone hasn't the courage to mate their statement to their nick, then I have no interest in what they have to say. Especially trolls that post nothing but foul language.
Otherwise, thank you for your attempt to bring civility to /. It is appreciated.
Official Heretic from the "Church of Global Warming". Proven right thanks to whistle blowers. AGW = Flat Earth Theory
Who died and made you the Supreme Court? Or is there something in the constitution that allows any ill-informed muppet the right to make that judgement?
Bad analogies are like waxing a monkey with a rainbow.
Iran's Jewish population is the second largest in the Middle East, after Israel. Reports vary as to the condition and treatment of the small, tight-knit community.
And did you exchange a walk on part in the war for a lead role in a cage? - Pink Floyd.
All this quotes are pure lies:
search for "must expel Arabs and take" in
http://en.wikiquote.org/wiki/David_Ben-Gurion
search for "We must use terror, assassination, intimidation"
http://www.camera.org/index.asp?x_context=22&x_article=775
etc...
some arab supported seem to just LOVE using lies as the best weapon.
Stux for you!!! Sorry, couldn't resist and resistance is futile. HA!! Thank you. I'll be here all week. Try the veal.
It shouldn't be surprising to anyone that Iran is building up their defenses in preperation of possible Israeli terror attacks.
"Iran should be wiped off the map"
Benjamin Netanyahu
And Iran has threatened to wipe Israel from history... Iran has called the US the "Great Satan"... The US called Iran part of the "Axis of Evil"... your point is?
There is no "I disagree" mod for a reason. Flamebait, Troll, and Overrated are not substitutes.
It seems interesting that the Israelis committed themselves to peace talks right when Stuxnet hit Iran. Maybe Israel is now reassured the US takes the the threat of Iran seriously because they are doing something about it? Let the conspiracy theories begin!
You know what'd be really funny? If they used the same ultra-stealth techniques as the TDSS rootkit and others and then made the virus sleep and at a random date between now and like 2 years from now, it would fry system files or do a half BIOS flash or generally destroy the computer. Then machines would slowly break nonstop, taking down the industrial sites for a long period of time instead of just destroying a bunch outright. Maybe it's already doing that, who knows?
Google's Super Secret Search Algorithm: SELECT @search_results FROM internet WHERE @search_results = 'good'
Not all the time it doesn't.
I'm feeding them poison, though, so it's fine.
Given that Iran doesn't have a "Modern" designed reactor like the US, EU, or even Russia how can you assume they have one with the most rational safeguards? If memory serves didn't Russia go over and beyond with Chernobyl removing things like basic safeguards just to "Test" a worst case scenario. What if Iran just hasn't built them in because they think they are choose by god?
Another idea is to have a hypervisor OS that is locked down and can do auto snapshotting. This way, if the Windows VM gets compromised, it can be rolled back, the infected snapshot cloned for forensics, and life can go on. VMWare can pop snapshots automatically and maintain them by day/week/month.
Caveat: This is if you know the point in time the machine got infected. A lot of malware will install and then go dormant to make it harder to find when a box got compromised.
If Stuxnet is CLAIMED to be attacking Iran by Iran, you bet on Israel... wow, swallowed the pill whole didn't you?
Stuxnet spies on Iran. So who has motives to spy on Iranian CITIZENS? Oooh, Iran? And then when it is found out, they blaim it on outsiders. Just as they blamed the shooting of the girl during the violent supression of peaceful protests on outside agents as well. Very handy outside agents, you can blame anything on them.
And people like you swallow it whole.
And why would Israel spy on Indonesia?
No, I get the feeling the truth will be far simpler. Someone created a worm, released it, techies think "well I couldn't do it, therefor nobody could, therefor is must be CIA or Mossad". People claim that it was impossible for an individual to write because it involved keys from very very cheap hardware makers. Right at the same time that the master key from Intel was leaked...
Connect the dots.
I am willing to bet good money there is no conspiracy. Just a virus outbreak in a country were IT is backward (oh and call me a racist if you want but if you want to see truly horrific computer security go to countries like Iran and Brazil) and run by people raised to obey without thinking, not question everything, the hallmark of a good system admin.
The conspiracy allows you think someone is in charge and nuclear reactors are safe... not that an entire countries network could be at risk, including nuclear reactors because they don't know squat about security.
Odd that Iran was so quick at being able to determine the origins and just how sophisticated it was, yet NOW, days later has to ask for western help... with what? Didn't they already know how it worked? What more is there to know?
Isn't the very fact that they now got to ask for outside help a very good explenation of why the worm was so succesfull?
Similar bet, a new worm that is 100% effective at attacking windows 7 will totally disable MS campus. Gosh... the conspiracy!!! All Iran's affected systems were of a similar origin. Monoculture. Any single succesful attack on a common system will have a massive impact.
Lets not forget that this is the country whose leaders claimed earthquakes are caused by skirts. Very handy, to be able to blaim everything on someone else. Personally, I don't take their word for anything. Nor from anyone who takes an Iranian's official words for anything.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
Fortunately, there is Iran, who hosted a recent Holocaust denier's conference attended by former Ku Klux Klan Grand Wizard, David Duke, among other revisionist-history luminaries. And in Iran, denying the Holocaust is not only legal, but popular.
Seth
$5 / month hosted VPS on linux = awesome!
Yeah, but Germany isn't hostile to Iran, and German and other European companies do billions worth of business with Iran.
My understanding is that the worm has never gone active and done any damage. It has merely been discovered and removal is the problem. Perhaps the worm was installed by a country friendly to Iran, someone involved in the nuclear infrastructure project, as some kind of insurance. If at some time in the future Iran starts moving against the interests of this current "friend" then the worm would get activated. I think the suspect list that is commonly offered is too short.
... if it was sourced from China or Russia likely safe ...
Why? Given that the worm was idle it may have been an insurance policy, something to activate in the future should Iran start moving against the interests of current "friends". A digital sleeper agent. The current Iranian government is hostile to the west but the population is largely friendly towards the west in general. A future Iranian government that is in line with its citizens may realign itself politically. Or the current Iranian government could just start down a path that is a danger to everyone including current friends.
I don't claim the above is the more likely scenario but it is certainly highly plausible. I think the current suspect list that everyone is tossing around is a bit too short.
I concur with several comments here. I'm not saying this BECAUSE it is in Israel. It's unreliable--period. Last year they claimed a huge fleet of destroyers was in the Indian Ocean that did not exist. More reliable sites such as strafor http://www.stratfor.com/ do not use debka and consider it a source of disinformation at best.
How about a moderation of -1 pedantic.
It might be so but coming from DEBKA I would look for some confirmation.
After all they have somewhat of a little bias against all of the middle east.
It was DEBKA who was reporting an imminent war this past summer involving the US, Iran, Israel, etc.
If you can confirm their reports with, I don't know, AlJazeera maybe then we can say the news is quite legit.
They do make for great reading though.
How do you have true Democracy when a fundamentalist religion insists on controlling every facet of human life? Even Turkey and Indonesia can't pull off this trick very well. As much as the Teabaggers wish to rewrite history, one of the truly great accomplishments of the American revolution was establishing the concept of the separation of Church and State. In Islam, the Church is the State.
You can't normally infect a PLC. It runs some specialized OS and does not even have all that much memory. Probably separate program/data address ranges. HMIs however can be... Most of the fancy ones seem to run some windows derivative......
I have determined that my sig is indeterminate.
Stuxnet is clearly a precisely targeted weapon, and from all that I have heard about it to date, the targeting has been done by exploiting features that are unique to Iran's infrastructure. Which suggests that Stuxnet is a one-shot: that it cannot be repurposed to use against any other target.
As the Stuxnet story unfolds, it is beginning to look like it is the exact opposite of the mythical neutron bomb: that device that was supposed to eradicate all life while leaving the buildings standing. In contrast, Stuxnet appears to be designed to destroy the infrastructure of the current Iranian regime while not harming any civilians or their day to day activities.
Because of these qualities, only players with the kind of intelligence gathering capabilities that the USA has could have constructed the thing. To be so devastating and tenacious within such a tightly constrained region of cyberspace requires an intimate knowledge of Iranian Top Secret material as well as a development team with skills and resources far beyond what went into producing Avatar or any other publicly available computer product.
It makes sense that the USA is deeply involved in constructing Stuxnet. It makes even more sense that the USA would not do this alone. It is also doubtful that the USA, or any other single nation, would put so much effort into assuring that Stuxnet could not be used against any other potential enemies. Only the conflicting interests of several nations would provide the kinds of checks and balances that would guide the code development to this end.
There are a large number of countries in Europe, the Mid East, and middle Asia who are threatened by Iran's increasingly irrational behavior, and who would willingly contribute to a multinational covert effort to cripple Iran's nuclear and missile programs. It would not serve the USA's long term best interests to go this route alone; that would risk the trade agreements and treaties the USA desperately needs to regain its economic footing. The USA would have no trouble gathering allies for this kind of effort, and it would be incredibly stupid of them not to do so, That would also be in opposition to current USA policy, which is to avoid any appearance that the USA is going back to the Bush-era "go it alone" approach to world politics.
So I think there are a consortium of governments involved, supporting a software development team no larger than the teams active on Linux core development, or LibreOffice, or Apache, but obviously with some different kinds of skills. This would be a low budget operation: only personnel costs-- nothing like the costs of developing a uranium processing industry (Manhattan Project) or manufacture of precision titanium parts (SR-71 Blacbird)-- and costs could be borne easily by any nation, and easily hidden within their bookkeeping systems. The costs of the delivery system, perhaps a few hundred USB sticks, could be buried within the funding of some small city's budget for K-12 schools.
Who are likely members of the Stuxnet consortium? You could list all the countries within range of Iran's latest missiles as a start. Or going at it another way, you could list all the countries that the USA Secretary of State has visited since taking office, where she has had top-level private conversations. Hiliary Clinton is very adept stateswoman, and you could not find a better person to put an effort like this together. Also, this kind of thing is dead center in her job description.
Will
New meme inbound: Geek Terror
I wonder how long it will be until the FBI wants to monitor all the engineers, developers and assorted other technical types out there to keep the children safe from terrorists?
Check your premises.
It's a bit late in the thread to reply but anyway...
Stuxnet is special in the fact that it indeed does propagate to the Siemens PLC itself. It has specialized code that will run inside the PLC even if the Windows configuration host is cleaned. And even scarier: the code in the PLC seems to be well hidden so that even a experienced engineer will not see it.
Merely explore the drive, and it runs. It has to do with how Windows draws icons for *.lnk files.
It makes me feel warm and fuzzy that an aggressor can be taken out so easily.