Slashdot Mirror

← Back to Stories (view on slashdot.org)

Stuxnet Worms On

Posted by CmdrTaco on from the squirmy-squirmy dept.

Numerous Stuxnet related stories continue to flow through my bin today, so brace yourself: Unsurprisingly, Iran blames Stuxnet on a plot set up by the West, designed to infect its nuclear facilities. A Symantec researcher analyzed the code and put forth attack scenarios. A Threatpost researcher writes about the sophistication of the worm. Finally, Dutch multinationals have revealed that the worm is also attacking them. We may never know what this thing was really all about.

10 of 141 comments (clear)

  1. Never thought I would defend Iran, but... by elrous0 · · Score: 3, Insightful

    I don't think this is just one of those "Look at Iran, making some outlandish crazy new allegation!" thing (like it was when Ahmadinejad tried to claim there were no homosexuals in Iran or blamed the U.S. Government for 9-11). Considering the very disproportionate hit they took of these infections, the obvious suspects (those who would benefit most from their nuclear program taking a hit), the precision of the targeting of the virus (two very specific models of Seimens PLC's), the impressive sophistication of the worm, etc. I hardly think it's some tin-foil hat conspiracy theory for them to assert that it was a "western power" (most likely Israel or the U.S.) behind this worm.

    --
    SJW: Someone who has run out of real oppression, and has to fake it.
    1. Re:Never thought I would defend Iran, but... by Ender_Wiggin · · Score: 3, Interesting

      I don't think he said there are no homosexuals in Iran, he said "We don't have gay people the way you do in America." I think he means they don't really have openly gay people in society like you find in New York. It's interesting because Iran actually allows and pays for sex-change surgeries.

    2. Re:Never thought I would defend Iran, but... by TheCarp · · Score: 4, Interesting

      Thats pretty much what he said. Actually, homosexuality in their culture is a whole topic unto itself. What was interesting to me was the way he seemed to imply that there is a difference between "public morality" and "private". Have you ever seen how many "witnesses" are required to accuse someone of certain things (like being a homosexual) under sharia law, for example?

      What he seemed, to me, to be espousing was the idea that "what you do in private is between you and god, but, what other people see you do, is another matter". In some ways it reminds me of a japanese woman who was interviewed for the book "Lust in Translation" (never read it, but heard several stories about it) who was not mad at her husband for having an affair, as she had her own, but was mad that he was careless and allowed her to find out about it.

      Having known a few Iranian ex-pats, I must say, they have a fascinating culture, and one thats very different from our own in many ways.

      -Steve

      --
      "I opened my eyes, and everything went dark again"
    3. Re:Never thought I would defend Iran, but... by LWATCDR · · Score: 3, Informative

      I wouldn't even say most likely the US or Israel. I don't think there are many nations that want a Nuclear Iran.
      The list should include.
      China
      Russia
      India
      All of the EU
      Egypt
      Most of the Middle East.
      I mean really this list is long and while this worm is probably outside the limits for some guy with a grudge it isn't outside the limits for any nation with a large university with a good CS department.

      --
      See my blog http://ilovecookes.blogspot.com/ for light hearted technical information.
  2. Re:Iran should all buy Macs by MrEricSir · · Score: 5, Funny

    And yet, Macs *are* capable of uploading viruses to alien ships.

    --
    There's no -1 for "I don't get it."
  3. We may never know? We DO know! by interkin3tic · · Score: 4, Funny

    I for one feel it's safe to assume Iran is right, that this is a nefarious plot by unnamed western nations to stop Iran's glorious peaceful nuclear power program, but that absolutely no computers controlling the nuclear program were infected. After all, Iran is completely trustworthy and it's nuclear scientists are smart enough not to use control computers to check their e-mail and click on random links from random people.

    I'm also going to assume that fake first post was part of a nefarious plot by unnamed western nations to tarnish Iran's glorious image as first posters.

  4. Might not be the West... by SuperKendall · · Score: 4, Interesting

    I'm pretty sure Stuxnet is in fact a sophisticated attack worm created by a government to slow or halt Iran in producing nuclear weapons.

    There are plenty of candidates beyond the U.S. and Israel - Saudi Arabia for one, would be another country really not happy with a nuclear Iran, though certainly the U.S. or Israel seems most likely.

    But lets consider the most intriguing possibility - a country with tons of expertise in developing advanced malware already, and one with incredibly detailed knowledge of Iranian systems.

    Of course, I'm speaking of Russia.

    At first it sounds crazy because Russian scientists are helping Iran build a reactor in the first place. But perhaps that help was lined up long before, and Russia has decided Iran is too crazy now to be allowed to have The Bomb, so they activated Stuxnet, prepared in advance for such an eventuality. Or perhaps they simply wanted to get money from the help and then the cleanup...

    Russian scientists have been fleeing Iran because Iran is now going after guys in cubicles and saying they are spies. So perhaps even there, they know something most of us do not...

    --
    "There is more worth loving than we have strength to love." - Brian Jay Stanley
  5. More details needed in story summary by Ender_Wiggin · · Score: 4, Interesting

    Despite the numerous slashdot articles and buzz about it, I'm seeing scant actual details.

    How was it delivered? Via Internet? Botnet? Unknown at this time? According to the article it "can spread using several vectors."
    It also says 2 of the 4 zero-day vulnerabilities have been patched by MS.

    The article about a possible attack scenario leads more credibility to the claim that there had to be inside help. You need people on the inside for Reconnaissance and deployment. Even if it was spread from the internet, someone had to get ahold of the security certificates to crack them and know the specific types of PLCs in use. The arrests that recently took place in Iran are making a lot more sense, despite all the knee-jerk condemnation from the /. posters.

    1. Re:More details needed in story summary by MozeeToby · · Score: 3, Informative

      Speculation/rumor is that the attack vector was USB drives used by Russian contractors. That is also it's primary method of spread, but it may be able to spread over networks as well (reports that I've seen seem contradictory on that one). Further speculation/rumor has it that a possible "nuclear accident" at Iran's centrifuge facility last year may have been caused by this worm, if that is the case it is the only report of actual hardware being damaged that I've heard of and would 100% support the idea that the worm was targeted at Iran's nuclear facilities. Given the number of infections in Iran and the artificial three hop limit that the worm's writers gave it, it would seem the attack originated there.

      I think it's likely that the writers never planned on having the worm escape the target's network, I'm guessing someone at the nuke facility broke security protocol and took home a thumb drive that they weren't supposed to and it spread from there. The worm doesn't do much except take up cycles on systems that don't match the fingerprint that it is looking for, a fingerprint only makes sense if you're looking to take down a lot of identical systems, which lines up nicely with the centrifuge theory. Basically, it's highly likely that this was a government job, targeting Iran's centrifuges, done with inside knowledge of what systems they were using, and delivered using some pretty basic social engineering (leaving infected USB drives on the ground in the parking lot for instance).

  6. Re: The US by John+Hasler · · Score: 3, Informative

    Bullshit. The intelligence agencies never do anything without implicit authorization from the White House. They just sometimes find plausible deniability convenient. Occasionally they find it necessary to drive out a scapegoat.

    --
    Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.