Slashdot Mirror

← Back to Stories (view on slashdot.org)

Stuxnet Worm Claimed To Be Devastating In Iran

Posted by CmdrTaco on from the new-same-world dept.

sciencewatcher writes "At debka.com, a website associated with intelligence communities focusing on the Middle East, the claim is made that Tehran this week secretly appealed to a number of computer security experts in West and East Europe with offers of handsome fees for consultations on ways to exorcise the Stuxnet worm spreading havoc through the computer networks and administrative software of its most important industrial complexes and military command centers."

29 of 390 comments (clear)

  1. So what's the word, people. by Pojut · · Score: 4, Interesting

    Do you think the US did this in an official capacity, an "official" capacity, or had nothing to do with it?

    --
    Living With a Nerd
    1. Re:So what's the word, people. by Anonymous Coward · · Score: 5, Funny

      No, they didn't. Proof: it worked.

    2. Re:So what's the word, people. by Bert64 · · Score: 5, Insightful

      Doesn't really matter either way...

      Iran was grossly negligent in allowing their critical infrastructure to run on software controlled by a hostile government (and which they most likely had to pirate because there are export restrictions against iran).

      --
      http://spamdecoy.net - free throwaway anonymous email - avoid spam!
    3. Re:So what's the word, people. by xaxa · · Score: 5, Informative

      (and which they most likely had to pirate because there are export restrictions against iran).

      For the US -- there's nothing stopping me selling computer software to Iran, unless that software is of military/nuclear/etc use (you can see the full details of what's not allowed here (the PDF)).

    4. Re:So what's the word, people. by Trevelyan · · Score: 5, Informative

      It's more likely to have been Israel.

      For example this story, note that its from 2009 but still make a pretty good description of how stuxnet works. Google or following the links on stuxnet news stories will bring up other possible links to Israel.

    5. Re:So what's the word, people. by Darkness404 · · Score: 4, Insightful

      ...Except for the fact that encryption software is often times classified as "military" technology, making the distribution of most software impossible.

      --
      Taxation is legalized theft, no more, no less.
    6. Re:So what's the word, people. by chill · · Score: 4, Informative

      Crypto in U.S. law was removed from the munitions classification back in 1996 by then President Clinton.

      Shortly thereafter one of the exemptions granted was for open source. If the source code was freely available, you don't need an export license.

      --
      Learning HOW to think is more important than learning WHAT to think.
    7. Re:So what's the word, people. by gyranthir · · Score: 4, Informative

      For the US, Cuba, Iran, Syria, Libia and a bunch of other countries are under an embargo, where american companies cannot export to them...

    8. Re:So what's the word, people. by NatasRevol · · Score: 4, Insightful

      Well given that they're running Windows for critical infrastructure & military command centers - apparently without AV, I'd say that yes, they did do it to themselves.

      --
      There are two types of people in the world: Those who crave closure
    9. Re:So what's the word, people. by bsDaemon · · Score: 4, Insightful

      Clinton issued an executive order placing cryptographic software under the dominion of the Commerce Department with regards to export, and the Commerce Department simplified export rules to make things easier. However, they can always take it back, its not law, just policy.

    10. Re:So what's the word, people. by rtb61 · · Score: 4, Insightful

      The catch with the whole theory of a software hack, the stuxnet worm is far too tightly tied to Iran, hardware is far more likely to be the culprit rather than software. So hardware infrastructure in Iran, well if it was sourced from China or Russia likely safe, except of course in companies head quartered elsewhere were involved.

      So access to windows source and Siemens PLC seems a must, so the really only leaves two suspects. Now if the worm in industrials plants result of industrial accidents that kill people, then clearly it would be an act of war, which would be pretty stupid because there are far more effective means of crippling infrastructure with far more primitive methods.

      --
      Chaos - everything, everywhere, everywhen
    11. Re:So what's the word, people. by GooberToo · · Score: 4, Interesting

      So access to windows source and Siemens PLC seems a must, so the really only leaves two suspects.

      Actually, access to Window's source absolutely does not seem a must. But regardless, obtaining it is likely trivial. I know I've seen references to it on the net before. Any student and/or spy attending any number of various universities have access to it. Accordingly, it has been periodically freed on the Internet.

      You're also missing the fact that Iranians themselves have reason to do this type of thing. Iranians, on average, are far more educated than the average American. Lots work in industry. They likely have no shortage of people who are fully capable and qualified to pull off such worms. Not to mention, politically speaking, they have almost endless justification.

      If you want to be honest about it, the Iranian people themselves are the number one group which have reasons to pull this off. Next are the Israelis, followed by other surrounding Arab nations, Europe, and then lastly the US, followed by lots of smaller, less interested parties.

      People seem to be in a hurry to forget that with the fall of Iraq, Iran now has center stage for regional power and authority. This is absolutely not acceptable to other Arab countries in the region.

  2. Treat anything from Debka cautiously by Motard · · Score: 5, Informative

    This site has a lot of seemingly tantalizing information, but a lot of it is BS. It reported that one of Saddam's palaces had huge glass covered aquariums where sharks would swim under your feet. Now that all the palaces have been 'visited', there have been no reports of any such thing.

  3. Spreading havoc? by brian0918 · · Score: 4, Insightful

    It's my understanding that Stuxnet was designed to only *do only* to one certain computer/system that was specifically targeted. On all other computers that do not match the signature of that computer, it leaves them alone. So what is the "havoc" that it is causing?

    1. Re:Spreading havoc? by __aaqvdr516 · · Score: 5, Insightful

      IAAICT (I am an Instrumentation and Controls Tech)

      Stuxnet specifically targets Siemens Simatic Wincc software and associated PLC's. Essentially, the Wincc software is the programming base to interact with the PLC's, which are discreet CPU/memory clusters running optimized code for whatever it is you'd like to do. There are many PLC manufacturers and they use their own programming software to upload/download to their cpu's. The fact that this worm only interacts with Siemens software is not surprising as Siemens is one of the major manufacturers of industrial equipment. I have a large number of Siemens devices all around where I work. I do not use Siemens PLC's though, so I am unaffected by this worm.

      This whole thing smells to me like a disgruntled software guy that used to work for Siemens.

    2. Re:Spreading havoc? by elrous0 · · Score: 4, Interesting

      It targets two specific models of Seimens programable logic controllers (by targeting the Windows software used to program those PLC's). PLC's are used to control very time-intensive industrial processes. Pretty much every power plant, nuke plant, modern manufacturing plant, etc. uses these, and they control very dangerous physical equipment. Reeking havoc with these processes can cause explosions, radiation leaks, major industrial accidents, etc. (it could even cause nuclear reactors to go critical). That's very bad stuff. Best case scenario, it could cause serious damage to equipment. Worse case scenario, it could cause significant lose of life.

      In other words, tampering with a PLC can make things go BOOM. In 1982, the CIA purported did this with the Siberian pipeline, and the resulting explosion was so powerful it set off missile launch alarms in the U.S.

      --
      SJW: Someone who has run out of real oppression, and has to fake it.
    3. Re:Spreading havoc? by elrous0 · · Score: 5, Interesting

      Having looked carefully at this worm (I'm preparing for a presentation on it at a local security conference), I can tell you it almost certainly wasn't written by one guy. It's the most complex piece of malware I've ever seen. It's written in three languages (C and C++ on the Windows side, MC 7 assembly language on the PLC side), it uses four different Windows exploits and two stolen code-signing certificates from companies in Taiwan (both of which read as legit until just recently), and it has one of the most aggressive and clever rootkits I've ever seen. And that's not even getting into how it can update itself. Unless said disgruntled employee was the goddamn jedi master of hackers in addition to his day-job, I would say this is definitely a major team effort (a very specialized team).

      --
      SJW: Someone who has run out of real oppression, and has to fake it.
    4. Re:Spreading havoc? by Lord+Ender · · Score: 5, Interesting

      The Air Force was recruiting hackers at DEFCON this year. The recruiter actually said they will take anyone, regardless of criminal record.

      It seems reasonable that you wouldn't let criminal hackers work on your own defensive systems. So what *would* you do with them? You would develop offensive technology--that doesn't require the developers have any access to your own infrastructure.

      --
      A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
    5. Re:Spreading havoc? by elrous0 · · Score: 4, Informative

      These models of PLC have a function block at OB 35 that automatically executes every 100 milliseconds. Stuxnet hides its own code at the beginning of this block (while also allowing the original code to run afterward). This allows it to mimic the original functions of the PLC, while it quietly runs in the background.

      --
      SJW: Someone who has run out of real oppression, and has to fake it.
  4. DEBKA is totally unreliable. by Noryungi · · Score: 5, Interesting

    This is DEBKA. Completely ridiculous website, riddled with disinfo.

    Example:

    Not only have their own attempts to defeat the invading worm failed, but they made matters worse: The malworm became more aggressive and returned to the attack on parts of the systems damaged in the initial attack.

    'nuff said.

    Of course, that does not mean Iran is not hit hard by Stuxnet - just that everything you read at this site should be taken with a big grain of salt.

    --
    The right to offend is far more important than the right not to be offended. (Rowan Atkinson)
  5. Re:DEBKAfile by Attila+Dimedici · · Score: 4, Interesting

    My impression of Debkafile is that they have sources for just about everything they report, but that they are often used by various individuals and groups to get stories out there that are not true. On the other hand, every now and again, they break some story that every other news organization has ignored/missed because there are no solid sources, but once the story breaks, solid sources turn up. What that means is that if you see something on Debkafile, look around for other sources before you take it as true (although this may take some time).

    --
    The truth is that all men having power ought to be mistrusted. James Madison
  6. Re:Millions? by Anonymous Coward · · Score: 5, Insightful

    Sadly, most industrial control stuff runs on Winderz. It's all DCOM-based and takes so much banging your head against the monitor to get configured and working properly that oftentimes, you end up having disabled most any security features available out of sheer "maybe THIS will work" frustration. When you finally DO get it working, the last thing you want to do is go back and start turning on the security features as it will just break this fragile house of cards.

    At least that's been my experience with it.

    Posting anonymously cuz I just kind of admitted I'm DOING IT WRONG. But I swear it's true.

  7. Re:Anyone else find that site a litte skeevy? by couchslug · · Score: 4, Funny

    Getting technical information from Debka is like getting your foreign affairs info from the New York Daily News.

    --
    "This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
  8. Re:Perhaps it's just me... by Iphtashu+Fitz · · Score: 5, Interesting

    Any modern-day reactor should have an out-of-band method of SCRAMing that doesn't rely on computer control of any sort. A common approach is to have control rods held physically over the nuclear fuel by electromagnets. If power is cut to the electromagnets for any reason then gravity drops them into place and the reaction ceases. If monitoring systems don't automatically cut power to the SCRAM system then it would just take a worker pushing a button. Heck, they may even have fuses located around the reactor that would melt in the presences of excessive heat or the presence of radiation, causing power to the magnets to be cut. So the likelihood of a computer worm causing a meltdown is highly unlikely unless the Iranians are stupid enough to disable the SCRAM system.

  9. Re:why don't they by Hijacked+Public · · Score: 4, Informative

    You don't understand industrial control systems. It isn't Windows that does any safety-critical controlling, it is a PLC, which is the target of Stuxnet's payload. Stuxnet just happens to use Windows to propagate, which is a good choice because nearly all PLC programming and interface software is Windows only. Anyone this telented could have written a Linux worm that did the same thing, but it would have been ineffective because Linux is hardly ever connected to a Siemens PLC. Windows being a bottomless pit of zero days doesn't help, of course.

    --
    "Sacrifice for the good of The State" - The State
  10. Also by Sycraft-fu · · Score: 4, Informative

    Most modern reactor designs have a difficult time going critical. They are made such that if coolant goes away, they stop working. Depending on the kind of fuel you use you can set it up so that when the coolant goes away the excess heat causes things to spread out and thus the reaction slows. It gets hot, but not hot enough to melt down. Not fool proof, nothing is of course, but makes it pretty hard for things to go critical even in a worst case scenario.

    It also should be noted that often the SCRAM systems go beyond that. The rods will have springs behind them to force them in quicker, and there are usually secondary systems to drive them in as well, should the primaries fail.

    Over all, the world did a pretty good job learning from the problems of early reactors and it is pretty hard to cause a meltdown these days, with a modern reactor design at least.

    Do remember that the people who build these have a large vested interest in making sure they DON'T go critical, even in adverse situations. Safeties are taken seriously.

    1. Re:Also by BlueParrot · · Score: 4, Informative

      makes it pretty hard for things to go critical even in a worst case scenario.

      All power reactors in the world today go critical as part of their normal operation. That's why they can sustain a chain reaction. However, they are all designed in such a way that their criticality is not sufficient to allow the reactor to remain critical without the contribution from so called delayed-neutrons. These are neutrons emitted by the fission products some time after the fission event. It's because the release of these neutrons is much slower than the release of fission neutrons that it is possible to build a stable nuclear reactor. Without them the reactor would either be sub-critical and hence not produce any power without an external neutron source, or it would be prompt-critical, which pretty much means you would not be able to control the rate of the chain reaction rapidly enough to prevent dangerous power fluctuations.

      Modern pressurized water reactors typically can't go prompt critical, since the quantity of relatively low enriched uranium is too small.

  11. This is just pure lie, see proves below... by XARG · · Score: 5, Informative

    All this quotes are pure lies:
    search for "must expel Arabs and take" in
    http://en.wikiquote.org/wiki/David_Ben-Gurion

    search for "We must use terror, assassination, intimidation"
    http://www.camera.org/index.asp?x_context=22&x_article=775

    etc...

    some arab supported seem to just LOVE using lies as the best weapon.

  12. Re:Perhaps it's just me... by KevinIsOwn · · Score: 4, Informative
    Actual quote:

    We do not wish, we do not need to expel the Arabs and take their place. All our aspirations are built upon the assumption -- proven throughout all our activity in the Land -- that there is enough room in the country for ourselves and the Arabs.

    Go fuck yourself.