Slashdot Mirror

← Back to Stories (view on slashdot.org)

Stuxnet Analysis Backs Iran-Israel Connection

Posted by Soulskill on from the my-god-has-a-bigger-firewall-than-your-god dept.

Trailrunner7 writes "Liam O'Murchu of Symantec, speaking at the Virus Bulletin Conference, provided the first detailed public analysis of the worm's inner workings to an audience of some of the world's top computer virus experts. O'Murchu described a sophisticated and highly targeted virus and demonstrated a proof of concept exploit that showed how the virus could cause machines using infected PLCs to run out of control. Though most of the conversation about Stuxnet is still based on conjecture, O'Murchu said that Symantec's analysis of Stuxnet's code for manipulating PLCs on industrial control systems by Siemens backs up both the speculation that Iran was the intended target and that Israel was the possible source of the virus. O'Murchu noted that researchers had uncovered the reference to an obscure date in the worm's code, May 9, 1979, which, he noted, was the date on which a prominent Iranian Jew, Habib Elghanian, was executed by the new Islamic government shortly after the revolution. Anti-virus experts said O'Murchu's hypothesis about the origins of Stuxnet were plausible, though some continue to wonder how the authors of such a sophisticated piece of malware allowed it to break into the wild and attract attention." Symantec has also issued a lengthy and detailed dossier on Stuxnet (PDF).

14 of 307 comments (clear)

  1. It's public intentionally, duh. by gclef · · Score: 3, Interesting

    Why are they surprised that it broke out? That's probably part of the whole idea: seed the target area (presumably Iran) with flash drives with the worm on it, then sit back and wait. When world + dog gets infected, you know *someone* in your targeted area picked up the flash drives, so there's a very high likelihood that someone at your target site infected their PC.

    Doing it this way allows the attacker to know that they've succeeded (and presumably to take whatever follow-up measure they had planned) without giving away who they are. Since *everyone* knows that the worm exists, there's no secret signal path to trace back to the author.

  2. This is China's doing. by Anonymous Coward · · Score: 1, Interesting

    They want to start a war with Israel/Middle East because they know the US would get sucked in and weakened.

    I don't buy this for a second.

  3. Really fails the smell test. by Apuleius · · Score: 3, Interesting

    Iran still has several thousand Jews living in Tehran and Isfahan. To refer to the execution of Elghanian is to invite the execution of some other scapegoat out of the Jewish community. The Mullahs of Iran are very, very easy to offend, tease, tweak, et cetera. There are plenty of ways to put insults aimed at them into this virus without pointing at the Jewish community, and rest assured any Israeli hacker knows plenty.

  4. Whoever did release this by jd · · Score: 1, Interesting

    ...was utterly unconcerned for any potential cost. Many countries use German-made equipment. A prior story covered an air crash in Spain caused by viruses on mission-critical computers, demonstrating that critical computers are poorly-secured. There are likely to be French and British nuclear reactors that use the specific machine targeted. The "collateral damage" could have been extensive. Whether the virus was written by a member of the security forces or a member of the general public, one single inadvertent contamination of the wrong machine could have cause a gigantic nuclear accident in some of the most densely-populated parts of Europe.

    Is a temporary setback for Iran worth putting millions of European's live at risk over? (Yes, these countries ARE densely-populated. Britain isn't that much larger than Rhode Island but has over a quarter of the population of the entire United States. You don't need a hell of a lot to put a great many people in serious danger.)

    As far as I am concerned, whoever wrote that virus is guilty of endangerment on a scale unimaginable by most people.

    --
    It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
  5. I've seen this episode before by joeflies · · Score: 2, Interesting

    It was Star Trek Next Generation - The Vengence Factor. Only one in a million Acamarians have the DNA which this virus was designed to kill.

  6. Re:Proof??? by hex0D · · Score: 3, Interesting

    The whole idea could be is that it doesn't prove anything, but still tells everyone who's responsible. Perhaps a threat veiled enough to not be actionable legally, but still heard loud and clear. I see pulling that off as evidence of smarts, not stupidity.

  7. Re:Wait a minute. by dgatwood · · Score: 2, Interesting

    I'd guess the odds are at least as good that it's the author's birthday.

    --

    Check out my sci-fi/humor trilogy at PatriotsBooks.

  8. Ya by Sycraft-fu · · Score: 4, Interesting

    This is compounded by the problem that people are presupposing the answer. From the start, it seems people have assumed this MUST be an attack against Iran and thus done by the US or Israel. As such their thought process is "Find evidence of US or Israeli involvement," and not "Try to find out the source of the attack."

    If you look hard enough for evidence of something, you'll often find it, even when there isn't any, particularly when the standard for evidence is low. Same kind of shit with all the 9/11 conspiracy. People doing 9s 11s and so on all over the place. Snopes did a great bit choosing another number and showing how that was all over the place too.

    Sorry, but I'd require a significant amount for than this to be convinced. This isn't evidence, it is speculation at best and conspiracy mongering at worst.

    1. Re:Ya by LWATCDR · · Score: 4, Interesting

      Well let's make a list of the countries that have the resources to do this and the motivation.
      1 The US.
      2. Israel.
      We know both of their motivations but I can think of a lot more.
      3. India. A nuclear Pakistan is bad enough without a Nuclear Iran.
      4. Russia. Blow up some stuff sell them new stuff. Repeat until rich. Plus Russia has no real desire to have a nuclear Iran on it's door step.
      5. Saudi Arabia. They have the money and no Love for Iran.
      6. France. They where allies with Iraq durring the Iraq Iran war. They don't want Iran to be a member of the Nuclear Club.
      7, Germany. The PLC where made by a German company. They have no desire to see Iran have nukes.
      In fact you can put all of Europe down as have both the motivation and the ability "Okay maybe not Luxembourg" to pull off this attack.
      And most of the Middle East as well has motivation and a team of CS majors with a hacking talent can not be that hard to find.
      8. China. They are now a world power. They do not need Iran trying to stir up trouble.
      9. The UK. I mean really that should be a given.
      So about the only nations with a large industrial base and high levels of education that I would rule out are.
      Canada, Australia, New Zealand, Japan, South Africa and Brazil. And frankly any one of them could have done it just to defuse the issue and try to stop a nuclear war in the middle east.
      Frankly I don't think that Israel or the US would have put a date in pointing to Israel.
      Now Russia on the other had I could see doing it. But it is all guess work with no proof at this point.

      --
      See my blog http://ilovecookes.blogspot.com/ for light hearted technical information.
  9. Re:Wait a minute. by PopeRatzo · · Score: 2, Interesting

    Dozens of regimes have the motivation, capability and demonstrated willingness to do things like this.

    What would you say are the top five "regimes" that you believe have the "motivation, capability and demonstrated willingness" to perform a cyber-attack like this on Iran?

    --
    You are welcome on my lawn.
  10. How? by Angst+Badger · · Score: 2, Interesting

    Anti-virus experts said O'Murchu's hypothesis about the origins of Stuxnet were plausible, though some continue to wonder how the authors of such a sophisticated piece of malware allowed it to break into the wild and attract attention.

    Seriously? We refer to this kind of programs by names like "worm" and "virus" because they resemble their biological namesakes in that they get into all kinds of places and reproduce. Who wonders about shit like this?

    If Stuxnet was designed by a hostile state to damage Iranian industry, it's quite possible that, lacking any good way to deploy it inside Iran, it was released into the wild in hopes that it would find its way in on its own. Even states like the US and Israel, who probably have at least some operatives inside Iran, would probably prefer to take this approach than to risk compromising their inside operatives.

    While Israel and the US are the most likely nation-state actors, it's worth considering that there are any number of NGOd that are hostile to Iran and would have the resources to hire programmers to build a worm -- if they didn't already have some in-house. It's also possible that this is the work of a lone individual: the idea that it would take a state actor to create a worm is even more laughable than SCO's contention that Linus Torvalds couldn't have possibly written a kernel by himself. And finally, Iran has plenty of competitors and outright enemies in the Islamic world. Pakistan in particular has the technical personnel, a nuclear monopoly within the Islamic world to defend, and an ongoing struggle with Iran over influence in Afghanistan. If I was forced to bet on the question, I'd put my money on Israel, but at the same time, I wouldn't be at all surprised if I lost the bet. Iran has lots of enemies, internal and external. It's almost like one of those cliched murder mysteries where a broadly disliked person is murdered and everyone he knew is a suspect.

    --
    Proud member of the Weirdo-American community.
  11. Re:Wait a minute. by lgw · · Score: 2, Interesting

    I do consider it very likely that Israel is behind this. Israel has both the motivation and the capability to launch such an electronic attack at Iran.

    Israel has the motivation and capability to launch a real attack at Iran! You know, with bombs dropped from planes and nuclear weapons launched from submarines. Not just some dorkiness that is only news for nerds. Could this be some competent Black Hat who lives in Israel and dislikes Iran? Sure, I can believe that - it's as likely as any other country. But why would a government screw around with something this lame, especially leaving clues behind? That makes as much sense as the WTC conspiracies.

    Please tell me /.ers don't fall for this crap idea that the fact that the code is well-written is evidence of government involvement in writing the code. Really? That makes sense to someone who writes code?

    --
    Socialism: a lie told by totalitarians and believed by fools.
  12. unabomber by kaoshin · · Score: 2, Interesting

    One of Ted Kaczynksi's tactics was leaving false clues in every bomb to purposely mislead investigators into thinking they had a clue. Interesting that the targets here were industrial, and May 9, 1979 is also the anniversary of the second unabomber attack.

  13. Re:Wait a minute. by wmac · · Score: 2, Interesting

    No, it does not.
    1- The distance is too long. They can carry very few bombs and small bombs are not effective. They need to have hundreds of sorties to be effective which is impossible.
    2- Iran has at least hundreds of missiles which can reach Tel-Aviv and it can effectively retaliate any attack.

    Do not read too much Science Fiction.