Slashdot Mirror
Stuxnet Worm Claimed To Be Devastating In Iran
sciencewatcher writes "At debka.com, a website associated with intelligence communities focusing on the Middle East, the claim is made that Tehran this week secretly appealed to a number of computer security experts in West and East Europe with offers of handsome fees for consultations on ways to exorcise the Stuxnet worm spreading havoc through the computer networks and administrative software of its most important industrial complexes and military command centers."
No, they didn't. Proof: it worked.
Doesn't really matter either way...
Iran was grossly negligent in allowing their critical infrastructure to run on software controlled by a hostile government (and which they most likely had to pirate because there are export restrictions against iran).
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
This site has a lot of seemingly tantalizing information, but a lot of it is BS. It reported that one of Saddam's palaces had huge glass covered aquariums where sharks would swim under your feet. Now that all the palaces have been 'visited', there have been no reports of any such thing.
This is DEBKA. Completely ridiculous website, riddled with disinfo.
Example:
Not only have their own attempts to defeat the invading worm failed, but they made matters worse: The malworm became more aggressive and returned to the attack on parts of the systems damaged in the initial attack.
'nuff said.
Of course, that does not mean Iran is not hit hard by Stuxnet - just that everything you read at this site should be taken with a big grain of salt.
The right to offend is far more important than the right not to be offended. (Rowan Atkinson)
(and which they most likely had to pirate because there are export restrictions against iran).
For the US -- there's nothing stopping me selling computer software to Iran, unless that software is of military/nuclear/etc use (you can see the full details of what's not allowed here (the PDF)).
It's more likely to have been Israel.
For example this story, note that its from 2009 but still make a pretty good description of how stuxnet works. Google or following the links on stuxnet news stories will bring up other possible links to Israel.
Sadly, most industrial control stuff runs on Winderz. It's all DCOM-based and takes so much banging your head against the monitor to get configured and working properly that oftentimes, you end up having disabled most any security features available out of sheer "maybe THIS will work" frustration. When you finally DO get it working, the last thing you want to do is go back and start turning on the security features as it will just break this fragile house of cards.
At least that's been my experience with it.
Posting anonymously cuz I just kind of admitted I'm DOING IT WRONG. But I swear it's true.
IAAICT (I am an Instrumentation and Controls Tech)
Stuxnet specifically targets Siemens Simatic Wincc software and associated PLC's. Essentially, the Wincc software is the programming base to interact with the PLC's, which are discreet CPU/memory clusters running optimized code for whatever it is you'd like to do. There are many PLC manufacturers and they use their own programming software to upload/download to their cpu's. The fact that this worm only interacts with Siemens software is not surprising as Siemens is one of the major manufacturers of industrial equipment. I have a large number of Siemens devices all around where I work. I do not use Siemens PLC's though, so I am unaffected by this worm.
This whole thing smells to me like a disgruntled software guy that used to work for Siemens.
Having looked carefully at this worm (I'm preparing for a presentation on it at a local security conference), I can tell you it almost certainly wasn't written by one guy. It's the most complex piece of malware I've ever seen. It's written in three languages (C and C++ on the Windows side, MC 7 assembly language on the PLC side), it uses four different Windows exploits and two stolen code-signing certificates from companies in Taiwan (both of which read as legit until just recently), and it has one of the most aggressive and clever rootkits I've ever seen. And that's not even getting into how it can update itself. Unless said disgruntled employee was the goddamn jedi master of hackers in addition to his day-job, I would say this is definitely a major team effort (a very specialized team).
SJW: Someone who has run out of real oppression, and has to fake it.
Any modern-day reactor should have an out-of-band method of SCRAMing that doesn't rely on computer control of any sort. A common approach is to have control rods held physically over the nuclear fuel by electromagnets. If power is cut to the electromagnets for any reason then gravity drops them into place and the reaction ceases. If monitoring systems don't automatically cut power to the SCRAM system then it would just take a worker pushing a button. Heck, they may even have fuses located around the reactor that would melt in the presences of excessive heat or the presence of radiation, causing power to the magnets to be cut. So the likelihood of a computer worm causing a meltdown is highly unlikely unless the Iranians are stupid enough to disable the SCRAM system.
The Air Force was recruiting hackers at DEFCON this year. The recruiter actually said they will take anyone, regardless of criminal record.
It seems reasonable that you wouldn't let criminal hackers work on your own defensive systems. So what *would* you do with them? You would develop offensive technology--that doesn't require the developers have any access to your own infrastructure.
A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
All this quotes are pure lies:
search for "must expel Arabs and take" in
http://en.wikiquote.org/wiki/David_Ben-Gurion
search for "We must use terror, assassination, intimidation"
http://www.camera.org/index.asp?x_context=22&x_article=775
etc...
some arab supported seem to just LOVE using lies as the best weapon.