Slashdot Mirror
Stuxnet Worms On
Numerous Stuxnet related stories continue to flow through my bin today, so brace yourself:
Unsurprisingly, Iran blames Stuxnet on a plot set up by the West, designed to infect its nuclear facilities. A Symantec researcher analyzed the code and put forth attack scenarios. A Threatpost researcher writes about the sophistication of the worm. Finally, Dutch multinationals have revealed that the worm is also attacking them. We may never know what this thing was really all about.
Maybe it has a ghost that developed from the data inputs of over a billion individuals...
I'm god, but it's a bit of a drag really...
Everyone knows Macs don't get viruses
</sarcastic joke>
I don't think this is just one of those "Look at Iran, making some outlandish crazy new allegation!" thing (like it was when Ahmadinejad tried to claim there were no homosexuals in Iran or blamed the U.S. Government for 9-11). Considering the very disproportionate hit they took of these infections, the obvious suspects (those who would benefit most from their nuclear program taking a hit), the precision of the targeting of the virus (two very specific models of Seimens PLC's), the impressive sophistication of the worm, etc. I hardly think it's some tin-foil hat conspiracy theory for them to assert that it was a "western power" (most likely Israel or the U.S.) behind this worm.
SJW: Someone who has run out of real oppression, and has to fake it.
I for one feel it's safe to assume Iran is right, that this is a nefarious plot by unnamed western nations to stop Iran's glorious peaceful nuclear power program, but that absolutely no computers controlling the nuclear program were infected. After all, Iran is completely trustworthy and it's nuclear scientists are smart enough not to use control computers to check their e-mail and click on random links from random people.
I'm also going to assume that fake first post was part of a nefarious plot by unnamed western nations to tarnish Iran's glorious image as first posters.
I win!!!
I'm god, but it's a bit of a drag really...
Is there a big market for pirated Seimens PLCs?
You know, the Chinese business plan where they run off extra copies after the assembly line closes, and sell them for pure profit? Also the move where they change virtually nothing but the name and start selling it as a generic model at Walmart / Harbor Freight / etc?
Maybe it was an attempt to "get" the infringing Chinese devices that got a little out of control and got the real ones too?
"Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
Makes sense, it hides the real purpose.
"Die endgueltige Teilung Deutschlands - das ist unser Auftrag." - Chlodwig Poth
I'm pretty sure Stuxnet is in fact a sophisticated attack worm created by a government to slow or halt Iran in producing nuclear weapons.
There are plenty of candidates beyond the U.S. and Israel - Saudi Arabia for one, would be another country really not happy with a nuclear Iran, though certainly the U.S. or Israel seems most likely.
But lets consider the most intriguing possibility - a country with tons of expertise in developing advanced malware already, and one with incredibly detailed knowledge of Iranian systems.
Of course, I'm speaking of Russia.
At first it sounds crazy because Russian scientists are helping Iran build a reactor in the first place. But perhaps that help was lined up long before, and Russia has decided Iran is too crazy now to be allowed to have The Bomb, so they activated Stuxnet, prepared in advance for such an eventuality. Or perhaps they simply wanted to get money from the help and then the cleanup...
Russian scientists have been fleeing Iran because Iran is now going after guys in cubicles and saying they are spies. So perhaps even there, they know something most of us do not...
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Who hates the Iran's state-sponsored cultural intolerance and the Dutch?
Austin Powers' father.
Despite the numerous slashdot articles and buzz about it, I'm seeing scant actual details.
How was it delivered? Via Internet? Botnet? Unknown at this time? According to the article it "can spread using several vectors."
It also says 2 of the 4 zero-day vulnerabilities have been patched by MS.
The article about a possible attack scenario leads more credibility to the claim that there had to be inside help. You need people on the inside for Reconnaissance and deployment. Even if it was spread from the internet, someone had to get ahold of the security certificates to crack them and know the specific types of PLCs in use. The arrests that recently took place in Iran are making a lot more sense, despite all the knee-jerk condemnation from the /. posters.
My only question is who the hell named it "stuxnet"?
Any one has more details on the PLC payload ? I want to know what kind of changes it makes to the plc software.
Jehovah be praised, Oracle was not selected
This attack is aimed at a very specific PLC configuration, and does nothing unless it finds that configuration. Until someone who has the matching PLC configuration admits it, speculation as to the target remains speculation.
The worm was found on pc's in The Netherlands like they were found elsewhere throughout the world. The worm did NOT attack the Siemens machines, and the worm was easily removed using standard AV programs. So far only militairy hardware in Iran has been attacked. The press release was written by non techies.
Dutch multinationals have revealed that the worm is also attacking them.
The Wikipedia article has a table of purported number of infections in various countries. Indonesia and India have the worst problem after Iran. Over six thousand in the Anglophone countries. If this is in fact only spreading via USB sticks, we've got some really promiscuous behavior going on.
(You may well be skeptical of the six million reported for China. It's not a defacement; there's a link to an article that quotes someone actually making the claim. But the quote makes it sound like the speaker doesn't know what he's talking about.)
Sheesh, evil *and* a jerk. -- Jade
One day they'll have secrets... one day they'll have dreams.
PlusFive Slashdot reader for Android. Can post comments.
Up to now I have not seem a single report from really trusted sources in Iran. All media stories are western-based stories about iran. It's just me or this equals to propaganda. I don't trust the anti-virus companies reports (I don't use Windows either). This story smells funny too because of all the media hype anti-iran about it's nuclear energy production by the neocons (still alive). It seems more of the same. Bash Iran, create false news, whatever. I have worked in Software/Systems for Advanced and normal industrial automation and it's standard procedure this networks are disconnected from the Internet.
I doubt the US had anything to do with it, we have a administration with "no bag" in office. Isreal on the other hand would be my first suspect. I can only hope that part of the stimulus money made it to a worthy cause such as this.
Got Code?
I hope this is The Daemon spreading. :)
"Sockets are the standard networking API, also useful for stopping your eyes from falling onto your cheeks" zeromq.org
I hardly think it's some tin-foil hat conspiracy theory for them to assert that it was a "western power" (most likely Israel or the U.S.) behind this worm.
Possibly. What if they were having problems getting their plant working, and didn't want to look bad. Something like this might be a great way to blame the west, and get sympathy from other countries that might be willing to help out a victim of western aggression.
Or, this might be the work of a western NGO. There are any number of groups that aren't part of the governments of the US or Israel that don't want to see a nuclear Iran. Perhaps this is a uninvolved state that just wants the US and Israel actively engaged and distracted by dealing with Iran.
HA! I just wasted some of your bandwidth with a frivolous sig!
Siemens has a support and advisory page on Stuxnet, which is infecting their Simatic WinCC / PCS7 systems.
cpghost at Cordula's Web.
Seriously, though, it is Windows PC's that are present in government organizations, can gain sentience, and launch nuclear attacks to destroy all humans..
Before Stuxnet, I'm sure the general public had no idea that Siemens was selling technology to Iran to fulfill its nuclear ambitions. Given that the west has a lot of misgivings about letting Iran do so, shouldn't western companies be a little more careful who they sell nuclear reactor parts to? I don't necessarily want to compare them to IBM's role in selling computers to the Nazis, but is there some point where you take some corporate responsibility before profits?
Oh geez. Iran is the same nation where beheadings are common (as is cousin and even double-cousin marriage), women have to be kept in beekeeper outfits for fear some Iranian neanderthal male will see an ankle and go on a rampage of rape and destruction...
Yes, we know, you hate Iran and Iranians, but don't you get sick of posting the same troll again and again on every article that has to do with Iran? You knew parent's post was tongue-in-cheek, but you still took the time to make it known how much you hate Iran before going "oh, it was tongue-in-cheek" ha ha ha. So clever.
This is what Iran looked like in the 1970s before the revolution -- none of these people were "neanderthals". It's not the people who want their women to dress up in "beekeper outfits", it's the tyrannous government. I take it you were born after 1979? Please, get some perspective.
Organized crime types have used computer viruses to blackmail business before. Instead of simply threatening to wipe out computer data, Stuxnet could actually stop production at a factory. Not sure why this would be any different.
I mean Stux is a variety of linux from Italy:
http://gpstudio.com/
"The first time I got drunk, I got married. The second time I bought a chimpanzee, after that I stayed sober" Arian Seid
The Earth was under attack by alien ships controlled by Siemens PLCs. Stuxnet was released to repel them and they all blew up and vanished into hyperspace. The whole thing was hushed up, of course, and what we are seeing is just the collateral damage.
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
I wouldn't even say most likely the US or Israel. I don't think there are many nations that want a Nuclear Iran. The list should include. China Russia India All of the EU Egypt Most of the Middle East. I mean really this list is long and while this worm is probably outside the limits for some guy with a grudge it isn't outside the limits for any nation with a large university with a good CS department.
Russia does a lot of business with Iran. Ditto for Germany and the E.U. Where do you think they got all the Siemen's hardware and how do you think they flew it in?
So some of these "friendly" countries had the best access to the iranian nuclear infrastructure, that's enough to warrant their inclusion on the list. Given that stuxnet was "dormant" and not attempting to damage anything it may have been more of an insurance policy and not so much of an active weapon. Any of these countries would love to monitor and have a remote off switch should Iran begin to act against their interests at some future date. Now is this the most likely scenario, no. However it is still highly plausible.
....didn't they say that the worm did nothing to them? I don't know what you guys are talking about.
"Almost all SCADA systems are -- for safety reasons -- standalone: not connected to a network, let alone the Internet."
should actually read:
"In theory, almost all SCADA systems are -- for safety reasons -- standalone: not connected to a network, let alone the Internet."
boycott slashdot February 10th - 17th check out: altSlashdot.org
I think all this deal with people wondering what "nation" is attacking what "nation" is missing the elephant in the living room. This isn't about that, it has been an attack against *Siemens*.
That's the one common denominator that everyone seems to keep missing, even though it is mentioned in every article about it. Hiding in plain sight.
Now, motive, means, opportunity. The latter two can be purchased on the open black market for this sort of attack, it could be contracted obviously, now who has a *motive* to hurt Siemens (revenge/disgruntled employee action, or "it's just business" from a rival or potential rival, whatever), and what is it?
Those marking me "troll" for having said earlier that other, definitely and unquestionably innocent, victims could happen, and then marked me "troll" for noting that the protections against such accidents didn't mean they wouldn't happen anyway, will doubtless ignore the fact that the Dutch are (a) not Iranian nuclear weapons scientists, and (b) that the only Iranian victims so far have been moderates who might have kept the program somewhat sane have now been arrested as spies. Iran is not known for treating those they suspect of spying very nicely.
It is indeed unclear who the worm was aimed at, but I'm confident that it wasn't the Dutch and I'm now more certain than ever that other innocent victims will turn up. We have proof now that the safeguards (however well-intentioned) did not work. Which is no great surprise - it's hard to have a failsafe weapon as there are so few scenarios in which you need a weapon that badly and have it be safe if it fails.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Someone had reprogrammed the DNA synthesizer, he said. The thing was there for the overnight construction of just the right macromolecule. With its in-built computer and its custom software. Expensive, Sandii. But not as expensive as you turned out to be for Hosaka.
I hope you got a good price from Maas.
The diskette in my hand. Rain on the river. I knew, but I couldn't face it. I put the code for that meningial virus back into your purse and lay down beside you.
So Moenner died, along with other Hosaka researchers. Including Hiroshi. Chedanne suffered permanent brain damage.
Hiroshi hadn't worried about contamination. The proteins he punched for were harmless. So the synthesizer hummed to itself all night long building a virus to the specifications of Maas Biolabs GmbH. Maas. Small, fast, ruthless -- All Edge.
New Rose Hotel, 1981.
Wonder if we'll ever find out what Stuxnet did in 2010, and if it did what its designers hoped.
You are not a brain: http://books.google.com/books?id=2oV61CeDx-YC
They needed a lot of expensive industrial control equipment to develop and test on.
That is the part that totally screams to me "government".
Defiantly not the work of one guy in a basement.
Now it could be some large and well funded organization, sure. But I just don't buy that it's an amateur effort instead of a well funded affair, and if it's someone like organized crime where is the payoff? Organized crime funds botnets because they make money from them, it's why for some time now no worm or botnet has really destroyed systems like in the early hacking days when destroying a system was just as fun as manipulating it for an individual.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Win32/Stuxnet might be described as a worm of a slightly different color, though it’s attracted interest from the media that’s comparable in intensity to Conficker, or Code Red, or Blaster. David Harley did an interesting piece on this... http://www.securityweek.com/stuxnet-sux-or-stuxnet-success-story
I had a friend who would respond to the knee-jerk attacks about Iran by showing his vacation pictures. My favorites were from the ski resort outside Tehran. It's really amusing, because nobody expects to see *really good alpine skiing* in Iran, let alone pictures of Iranian ski bunnies. This stuff isn't supposed to exist, in their world where all of the Middle East is a barren wasteland...
-fb Everything not expressly forbidden is now mandatory.
And the claim short skirts cause earth quakes, that a western agent shot Neda, that the elections were fair etc etc.
And then you swallow WHOLE the claim that Iran was hit hard by stuxnet... a claim made by WHO? Verified by who? And couldn't a big outbreak just be an indication of really bad security in Iran IF the claim is even true? The worm has also attacked in Indonesia and Holland. Might other places where better security kept it limited just kept quiet? After all, if MY security was bad I wouldn't tell YOU about it.
As for the sophistication of the worm... right. If it was so sophisticated, why was it dissected so easily? That it was effective means nothing. Worms we KNOW to be written by amateurs have had massive world wide outbreaks. So a worm that only has an outbreak in one country with suspect IT skills is better? Odd definition of better.
What amazes me is that you are paranoid to believe western governments can lie, but Muslim nations are to backward to spread false propaganda. Personally, I don't trust either one and follow the money. And there is no money for the west in this. Iran however has now got a scapegoat for anything that goes wrong. Yet another one. It is how dictators work to keep the population on their side, it is all the fault of group X. So support me or X will kill you.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
It also spreads through network shares, so once inside it can quickly get around. Still, F-Secure has a nice Q&A bit up on StuxNet + demo vid.
http://www.f-secure.com/weblog/archives/00002040.html
Interesting read:
Don't understand what this really means:
“The problem is to impose a 3-D pattern on a curved surface using a negative without having creases,” one European expert says. Pakistan eventually learned how to finish the bottom bearing during the late 1970s and early 1980s. Now it's Iran's turn.
But it funnily enough also has a lot of Dutch in it... Sounds like someone shouldnt have made it out with certain papers and blueprints back in the seventies...
Link is here:
http://bos.sagepub.com/content/62/6/35.full
Has anyone actually seen physical evidence that Stuxnet was present on one of the Iranian nuclear power computers?
Or is it possible that their nuclear program has serious problems and they decided to create some propaganda to shift the blame to their arch-enemies?
I personally wouldn't take the chance that it was the latter case. As a matter of history, the Soviet Union was far less advanced than originally thought but it took a surge in Cold War activities to find out.
If there is a third world war, IMHO it will begin with a country like Iran. Yes, just as there were Germans who didn't follow the Nazi regime or the Kaiser's regime, there are Iranians who don't subscribe to the regime's ideals and there are Muslims who don't blindly follow sharia law or subscribe to radical Islam. But for the foreseeable future, radical Islam is entrenched in the halls of power.
It takes considerable resources to put something like this together, and the two probable entities would be the USA (DoD/NSA)or the gov't. of Denmark, as these are the only two countries (other than Germany, but I would discount them) who have the requisite relationships with Siemens and other groups to pull this off.
This is designed to create Havoc and hostility in the few sort months leading up to the Myan End date of Dec12 2012. The US government will want to justify a nuclear assault by creating fear in the minds of the common american imbecile. This could be just like 9/11/WMD but on a much bigger scale. Just my theory:, but, I was pretty accurate about Bush before he took office.