Slashdot Mirror
Stuxnet Still Out of Control At Iran Nuclear Sites
Velcroman1 writes "Iran's nuclear program is still in chaos despite its leaders' adamant claim that they have contained the computer worm that attacked their facilities, cybersecurity experts in the US and Europe say. Last week President Mahmoud Ahmadinejad, after months of denials, admitted that the worm had penetrated Iran's nuclear sites, but he said it was detected and controlled. The second part of that claim, experts say, doesn't ring true. Owners of several security sites have discovered huge bumps in traffic from Iran, as the country tries to deal with Stuxnet. 'Our traffic from Iran has really spiked,' said a corporate officer who asked that neither he nor his company be named. 'Iran now represents 14.9 percent of total traffic, surpassing the United States with a total of 12.1 percent.'"
...patch Tuesday is coming. ;)
According to half of the summary, experts say that half of it is not true, but we are going to go ahead and provide links and go into it anyway. "The second part of that claim, experts say, doesn't ring true.". Why even start explaining the second part if you just said that experts say it is not true?
The world is how you make it
Unlike those kids at Anonymous, the perpetrators of stuxnet are showing who are the real hacktivists.
Targeted precise strike on Iran's nuclear capabilities, this is a bigger win for freedom and security in the free world and anything wikileaks or their supporters could dream of doing.
I commend these hackers for slowing down the evil Iranian government's nuclear ambitions.
I think this attack just shows the difference that good engineering can make. Most worms out there are relatively unsophisticated, or are developed by people with limited means to pull off quick scams.
Stuxnet shows what a truly determined adversary can do. One who knows your internal processes. One who understands your industry-specific software - the stuff nobody outside the industry ever touches. One who has a large team of talented programmers, carefully designing and building the attack. One who has access to government resources - the ability to tap communications lines, inject traffic, etc. One who is funded strategically - they don't want to hold your business for ransom for $1M, they want your $100B company to collapse so that one they favor can take over, or whatever.
The software out there that runs on intranets around the world is some of the most insecure stuff you'll ever see. It rarely gets subjected to serious attack, and the vulnerabilities aren't evident to the average corporate IT guy who is just doing basic due-diligence. Your average PHB doesn't want to pay for testing that will actually uncover serious flaws - they want the system to look good to their customers and have the right bells and whistles - and pricetag.
We'll see more of these attacks in the future - count on it...
'Iran now represents 14.9 percent of total traffic, surpassing the United States with a total of 12.1 percent.'"
If a few iranian nuclear engineers can cause such reverberation, that probably only indicate that the security site generally does not get alot of traffic.
Ahmadinejad's speech needs to be heard from the perspective of knowing something of Persian culture. We tend to think we understand people by what they say and in this case and, frankly in most cases we do not when Iranians speak. For example: If someone dies, it is considered not polite to just say "Shogi is dead". You break it gradually. So on the first inquiry, "Shogi is feeling unwell" is the reply, then, "Shogi took a turn for the worse" , then "Shogi has passed". Also, it is considered dishonorable for a man to admit ignorance. This makes it very hard to teach new ideas in Iran. Speak to a Persian and you are met with "Yes Yes, this I know, next thing please" The Persian culture is actually a very beautiful thing full of warm people, but they are NOT American People. They are a seperate culture. when Ahmadinejad announces ____ fill blank. we believe him, Persians think "there goes Dinner Jacket again.."
- Minutus cantorum, minutus balorum, minutus carborata descendum pantorum.
Heh, maybe the pwned machines in Iran are being re-purposed to help in the flurry of DoS attacks both against and in defense of Wikileaks?
If you read about how this thing works, the real payload is a rootkit for a motor drive plc built by an Iranian manufacturer and spinning in the range needed to enrich uranium. It was also targetted at the desktop software designed to program said motor drive, which is windows. If they were running Linux, I'm sure there are a few zero day sploits out there suitible for hiding a rootkit dropper. The people that made this thing had time, information, legitimate driver signing certificates, and resources. I doubt there are many platforms that can deal with such a determined attacker.
a) Everybody in Iran with a Stuxnet-infected computer is going to be trying desperately to get rid of it and everybody in Iran with a computer that they even suspect may be infected with anything is going to be trying to read up on Stuxnet. They are not going to believe that it won't harm their systems. They are going to believe that every little glitch might be Stuxnet come to steal their secrets (whether they have any or not).
b) If most of the Iranian traffic to these sites was coming from people at the the Iranian nuclear facilities studying Stuxnet there would be very little of it because there would not be all that many people assigned to such research.
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
Thank god for Iran's successful nuclear program. We are soon to see the end of the Middle East living in fear of Israeli terrorism and wars.
If the IDF terrorists, who are use to gunning down women and children, got their asses kicked so hard by the tiny but bad-ass Hezbolla fighters in Lebanon. Just imagine how quickly the IDF is going to be put down by a real military like Iran's.
Iran obviously hasn't had experience fixing their in-laws computers and are actually wasting their time trying to save their familly photos. FORMAT!
You think the Arab nations will be so glee at the thought of a powerful Iran? In case you haven't been paying attention, "The enemy of my enemy is my friend." The wikileaks cables show quite clearly that Iran doesn't have much support from their Arab neighbors.
i wonder if those spikes they are detecting aren't payback for the origins of the worm....
I wouldn't cry if the entire region nuked itself into giant molerats, to be honest. People die all the damn time, why not a bunch of angry people? The land would be poisoned and worthless, but the same set of assholes have been fighting over it for the last 6000 or so years, so it can die, too.
Thanks, Israel!
Sincerely,
The Rest of the World (including, we now know, much of the Middle East)
The columnist who writes for Asia Times On-line (www.atimes.com) under the name Spengler foresaw this situation last year. He noted that 95+% off the software that was being used in Iran was 'pirate-ware' from the West. He noted that there was an Iranian government-run file download site that held hundreds of popular Western software packages along with their kraks, passwords, and keygens. He predicted that this would allow viruses to run amok throughout Iran at some point in the future.
He also quotes a BBC reporter who states that almost nobody except government officials and their goon squads (and old ladies, of course) still believes in fundamental Islam in Iran. She (the BBC reporter) says that only about 2% of the population regularly go to Friday services at the mosques in Iran. And over 5% of Iranians are addicted to cheap Afghanistan heroin, the highest addiction rate in the world. Unemployment among the young is in reality over 50%. She says that Iran currently resembles the Soviet Union in the late 1980's; it's a country that will just fall apart in the next ten years if the rest of the world just leaves them alone and lets it happen.
At the time of the revolution in 1978, Iran's population was about 27 million (I remember the number quoted as 50 million at the time) and now it is over 70 million: a direct result of Khomeini's exortation for young people to -'get a-fuckin'- (in a manner of speaking) and make lots of babies. When Khomeini died that policy died also, and Iran launched a massive birth-control program. Now, the children of the revolution are having almost no babies and the birth-rate in Iran is 1.6 children per couple; one of the lowest in the world. But their remains this huge bulge in the population demographic there; all the people born in the 1980's.
They call themselves 'the burnt generation'.
If any of this is true then we shouldn't worry too much about Iran. We should never actually believe anything that they say. And we should, on an individual-to-individual basis, offer whatever assistance that we can. Nevertheless, I would recommend NOT offering any detailed technical assistance to people in Iran on any specific technological project over the web until the Iranian government stops all this 'Death To America' nonsense as offical government policy.
Thank you.
The researchers who found this noticed it will only activate on certain controllers that are controlling centerfuges built in either Iran or Poland I believe. There are additional restrictions, I think something about a certain percentage must be or Iranian manufacture of something. Since there are virtually no Iranian centrifuges outside of Iran it is as targeted as it is possible to be to only Iranian nuclear processing facilities.
"wikileaks cables show quite clearly "
LOL
What a fucking idiot.
Way to make a complete fool of yourself. Iran has massive support from the populations of their Arab neighbors.
But, golly!, yes the anti-democratic US propped up governments in the region have different view of Iran...
Someone needs to smack the fucking shit out you.
To be more precise, the Saudis have been putting strong pressure on the US to attack Iran and "cut off the head of the snake".
So Stuxnet chatter is still observed around the planet, including in Iran and the US. Duh.
Now how exactly does this "expert" come to the conclusion that, somehow, activity from the US etc must be from infected home PCs, yet the same from Iran must be from some seekret uranium enrichment plant, which typically wound not be connected to the internet?
Oh, my bad, forgot, this comes from ScareTV... Never mind.
Because today's megacorp does in fact have 100 BILLION dollars!
Of course they don't - but that is what they are valued at, which of course takes into account likely future earning and not just cash on hand.
So, somebody looking to do industrial sabotage isn't trying to get a payment from the company that they're taking down. Instead they probably work for a government that wants to see the company go down so that some other company can take its place (think nationalism). They wouldn't ask for a ransom - they're not doing it for a payout - they win if the company goes bankrupt. The programmers themselves of course don't win big - they're just collecting salaries like anybody writing software for a living.
I think I could get a $100 BILLION dollars if a couple of these guys chip in.
Some from these people
And of course these people could cough it ALL up as well as
these guys
Just say'in.
I'm sure there would be, e.g. specialist niche software like Step 7 is often a pile of bugs duck taped together.
Even so several of the attack vectors smack of Windows security, in particular the fucking autorun exploit. Actually, looking it up, even the Step 7 vulnerability was rather Windows flavoured.
OK, so security sites have experienced a lot of traffic coming from Iran. How does that prove that the virus is still affecting them? Do you mean to tell me that the only reason people have for visiting security sites is because they are being affected by stuxnet? What if they have another virus? What if they have no virus and are pursuing preventative measures? What if there is an increased general interest in computer security?
The "adamant claims" jab cuts both ways. We can make the baseless assumption that the Iranian government is plagued by this virus despite adamant claims otherwise, or we could point the finger at American media and say that the Iranian government is no longer affected by stuxnet despite adamant claims by the American press. The press has the same reasons to misrepresent the situation that the Iranian government does, so we can truly learn nothing from these back and forth claims.
Angry people... like you?
...Is that you?
If you want news from today, you have to come back tomorrow.
Hey, this is a serious "nerds at war" story. Slashdot would be remiss to not cover what might be greatest exploit of weapons grade professional hacking in world history. How long before Slashdot "friends" find themselves on opposite sides of an actual war where key infrastructure is literally exploding? Because that's exactly what those worm coders did: Blow up uranium centrifuges in militarized underground bunkers. This really is the start of a new era in the history of nerddom, and if anything, it should be getting more attention from nerds. Maybe some of the authors of that worm even have user accounts here.
I thought the hosts that Stuxnet was targeted at weren't connected to the internet at all, meaning the surge in traffic can only be coming from collateral damage infected hosts. Meaning it is spreading but not really damaging anything.
I've abandoned my search for truth; now I'm just looking for some useful delusions.
...not likely but that would be hilarious,
I am very small, utmostly microscopic.
Obligatory Stuxnet affiliate banner
When the foot seeks the place of the head, the line is crossed. Know your place. Keep your place. Be a shoe.
When I'm a leader of a rogue state, I will not connect the control systems of my super-secret nuclear facility to any external network.
-fb Everything not expressly forbidden is now mandatory.
your an angry people..
should make you think..
A link to Foxnews that cites an anonymous source? Stop wasting our time.
Coincidently the CAPTCHA word is "brazen"
For those who can't be arsed to RTFA:
"And Iran’s anti-worm effort may have had another setback. In Tehran, men on motorcycles attacked two leading nuclear scientists on their way to work. Using magnetic bombs, the motorcyclists pulled alongside their cars and attached the devices.
One scientist was wounded and the other killed. Confirmed reports say that the murdered scientist was in charge of dealing with the Stuxnet virus at the nuclear plants."
Nothing else about this article really seems that new or surprising. That fact that the people in charge of getting rid of Stuxnet are being murdered is surprising. More fingers pointed toward a government organization looking to take out a few people to preserve its investment. Or perhaps more fun would be that it reminds me of the book Daemon. Stuxnet is on the loose and now that its showed up in the news reports its out for BLOOD!
Just because there is a spike in traffic from Iran doesn't mean they haven't got Stuxnet under control at their nuclear facilities, does it? Maybe the worm is just still in the wild on other machines and the country is infected?
You think the Arab nations will be so glee at the thought of a powerful Iran? In case you haven't been paying attention, "The enemy of my enemy is my friend." The wikileaks cables show quite clearly that Iran doesn't have much support from their Arab neighbors.
"wikileaks cables show quite clearly "
LOL....
Yes, you are right. The vast majority of Arabs actually are in favor of a strong Iran. Their propped up autocracies aren't in favor of that of course.
/.
A poll recently done in the middle east showed that 80% of folks there thought that Israel was a threat. 77% thought that the US was a threat. Far down the line 10% thought that Iran was a threat. This was the "Common People off the street" type folks.
Be nice though, just because you are right and he has been watching too much Fox News doesn't mean that should be falling off your rocking chair there. Settle down, put the coffee away and maybe listen to some soothing music for a few hours - or wait till you are at least fourteen before you keep posting to
Moved to http://soylentnews.org/. You are invited to join us too!
Wow, did somebody teach you how to use a computer so you can push your propoganda online?
Don't you have some of your citizens to subjugate and terrorize?
So, what happens when (if) WikiLeaks reveals that the source was an American Military CyberWarfare Lab?
Will it then be considered an act of war?
Will the Iranians be justified in seeking compensation and damages via the UN?
Is America prepared to pay such a price? Or will the international community bend at the knees once again? All hail the American Greenback! Without which, we shall not prosper.
I sort of find it entertaining that the US government appears to be happy for Microsoft to export Windows to Iran so that it can be used in their nuclear industry.
But at the same time companies like Amazon, Mastercard, Visa and PayPal are so scared of Wikileaks (and/or the US government's reaction to their commercial relation to Wikileaks) that they're pulling their commercial ties as soon as possible.
Of course, as soon as they switch to Linux, I assume it (and open source) will painted as the evil, terrorist supporting operating system that it truly must be!
you're posting under the correct name... A.C.
Ask Me About... The 80's!
No, I'd be more inclined to run MS-DOS than Windows 7. At least it isn't a multi-tasking OS and if I have a program running, I'm unlikely to have programs running in the background.
Well, but brown though.
You are more inclined to run an operating system that has *NO* protection of resources of any kind than windows 7? Even if you believe the "windows is full of holes" propaganda at least windows 7 is making some attempt at resource protection. MS DOS does not make any attempt whatsoever.
Simply stating that you are safe because MS-DOS does not support multi tasking is misguided. Viruses were spreading in MS-DOS systems before most people reading this site were even born. Even if your concern is a background task doing something nefarious you still are not going to have much luck: A sophisticated virus could easily run a multithreaded operating system and have MS-DOS running inside a vm. The user would never know the difference.
Could the Commodore 64 possibly be immune? ;)
Willie...
American polls are always wrong, and they've got a lot of practice figuring out how to ask questions and decipher the answers of their countrymen. I don't think polls of "common people off the street" in Arab countries, where the questioner could be the secret police and there's little culture answering polls "for the common good" (whatever that is - all we have is polls, and they're always wrong), are going to be much more than a rorschach of what their propaganda (state and/or religious) trains them to say to strangers.
Non-Shiite Muslims have seen ample reason to fear Iran. Shiites, too, whose local theocracy is mostly laissez-faire, would see Iran as a threat. Iraqis who can still remember the 1980s war fear Iran. Saudis especially fear Iran, because Iran is indeed the biggest actual threat to Saudis now that Iraq is a threat almost entirely only to itself. Generally Arabs don't think even other Arabs should have a nuke, Persians even less - and who could blame them?
The simple way to see your results is on a logarithmic scale. Arabs will say that Israel and the US are such extreme threats that other countries like Iran barely register, but normalize the hyperbole and Iran is also considered a threat along with those other nuke powers whose actions are consistent with the propaganda Arabs hear all the time.
--
make install -not war
I think the point was that if you are running a nuclear reactor which is the quintessential example of real-time needs, hopefully you are then running a real-time operating system instead of a general purpose operating system. MS-DOS isn't a real-time operating system, but its closer in the sense that your indexing service isn't going to randomly kick on and lock an important file causing a big boom.
*cough* Israel *cough*
Could the Commodore 64 possibly be immune? ;)
The C64 does not have an internal hard drive.
The C64 does not utilize boot sectors.
The C64's operating system is stored on ROM chips (which by definition can not be written to.)
While I do not think it is immune to viruses, The above points should mean that a hard-reboot (i.e. power reset) would wipe the virus out of memory severely hampering the ability of a virus to linger.
Looking for a job?
Want your resume written professionally?
DON'T USE TUNAREZ!!!
No body would bat an eyelid, if US and Israel were nuked either.
Stuxnet is a Israeli Jewish program.
Exactly my point. :) If they were smart, they'd rewrite their equipment control software to run on good Ol' Commie 64's, with the code stored in ROMs. Someone, somewhere, may have already figured this out, and runs all kinds of super-secret, mission-critical stuff that way!
Of course, I could be wrong. ;)
Willie...
People soon forget that it was Albinos of all India and Pakistan and Iraq-areas that founded the mostly European nations and interbred. Ever since the Whites were kicked-out, you see the entire civil infrastructure that greened the region to crumble and turn to sand as the topsoil blows away into the air as dust.
Then when Europe is doing well, people start buying foreign-made goods and wares by using Instruments of Debt; once these currencies leave the host country and into one of those sand-people territories, it only returns to buy land and rent-space. The exodus prior to the muslims was when Islam kicked the Zoroasters out of the middle-east, yet they re-settled in Los Angeles; Now their enemies the muslims have been immigrating at a rate of 9-million in 8 years since Bush, and the Zoroasters are just looking at the problem of these savages no-different than property owners durring the LA Riots.
the same set of assholes have been fighting over it for the last 6000 or so years.
I think you can say the same thing about every region in the world.
I'm getting mixed signals. Is your comment a bad joke or just a confused rant? Maybe you should use emoticons to clarify in the future.
Simple same as the American's have LONG denied the holocaust against the natives and the concentration camps for Americans whose ancestors came from Japan. Or that those who wrote "All men are equal" really meant "White MEN, with sufficient standing, that we approve off, are equal, somewhat".
Being a cunt is not restricted to beard faces.
And really, does the US have any right to talk about the treatment of homosexuals? The republican cunts are now blocking reform of the "Do not ask, do not tell" policy until they get a tax cut for the super rich. I think we got a new arm race. Who can produce the biggest cunt in a suit.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
Don't worry about it, the US is catching up quickly:
http://en.wikipedia.org/wiki/Timeline_of_United_States_military_operations
What ever happened with the assertion that the Windows product family got super safe and stable in recent years and the old stigmas aren't true any more? Seriously, I should not have to read these kind of news if that'd be true. What gives?
I don't know why every time someone mentions Mossadegh he is moderated insightful. You don't need a time machine, just try to inform yourself better instead of repeating old political propaganda from the Soviet Union.
First of all, Mossadegh wasn't really that democratic at all. For instance, Wikipedia says "Realizing that the opposition would take the vast majority of the provincial seats, Mosaddegh stopped the voting as soon as 79 deputies just enough to form a parliamentary quorum had been elected."
Second, Iran was in deep economic trouble from the oil industry nationalization under Mossadegh. With or without CIA intervention, he was doomed to fall sooner or later.
Finally, if the CIA were able to manipulate foreign governments that well, they should get better results. If they succeeded in overthrowing Mossadegh then why are they unable to overthrow the Islamic government of Iran?
The Coder Who Came in from the Cold.
We know that the virus constantly changes the speed of the centrifugues. We have no means to know if it was targeted at destroying equipment (by the mechanism the GP stated), reducing effectivity (by the mecanism of the parent) or both. We can only know that reducing efectivity is more likely, since the mix is way more sensitive to acceleration than the machine, and it is very unlikely that there is any hardware protection against small accelerations, while it is quite probable that there is hardware protection against damage to the machines.
Now, the North Korean bomb failed in a way that is expected that implosion bombs could fail. It doesn't need external intervention to explain it, just some tiny error anywhere.
Rethinking email
Well, since I'm living in the Middle East, I wouldn't cry if somebody flew another plane in the building you are in. People die all the time, why not you?
Yep, I'd probably choose an OS that has no protection of resources by any means.
What do you want to protect your resources from anyway? It is not like there should be any task competing for those resources with your nuclear centrifugue controler. I don't even know why they use an OS at all.
Rethinking email
Well, Iran fits the exact description of a country that I expected to do the right thing, and run something like that from a simpler, more reliable system (no big interests on software companies, somewhat poorer researches). Based on current evidence, I guess we may be wrong.
Rethinking email
>Last week President Mahmoud Ahmadinejad, after months of denials, admitted that
Ok, so finally he admits, yes we do have a problem, and we can not contain it, so instead of asking other countries for help, seeing as if one of those things blow up, many will die.....no let's keep the party going by saying we think we have finally got it under control....
even one of their one (anonymous....) seems to think it is not contained yet.
Come on....these people wonder why they are discriminated against, not because of their beliefs....
no, not at all, better to perish your people and not look like you need a hand then
actually just get the job done and then end up needing to thank xxx country for stepping in....sheesh.
Divide a cake by zero. Is it still a cake?
A cake divided by zero is an infinite cake. If you can find a way to divide a cake by zero, well, CAKE FOR EVERYBODY!
Free Martian Whores!
American polls are always wrong, .
4/5 Americans agree in a recent poll.
While the point is good, the approach is too limited.
I'd recommend that a good copy of the OS be written to CDROM, and that the system be booted from CDROM. No hard disk. No writable media. Or you could have a hard disk (or even thumbdrive) and only use it for log-files.
If this wouldn't work, because there needed to be state-specific memory, then use a hard disk, but boot the system only from CDROM. And when you mount the hard disk, mark it as non-executable. And NO network connections.
This would mean that only the data files could be corrupted, and that no executable program could be "added" without physical replacement of the boot CD. That could even be locked shut, if you want. But even if you don't, then alteration of the system is going to require physical access. And you can run a modern OS. (Linux is my choice. I don't know how to do what I was proposing with anything else.)
The basic rule for a secure system is "use an air gap to require physical access". I applied that, and a bit of additional hardening. (Boot the system from a ReadOnly media, mount writeable media as non-executable.) But the air gap is the basic security measure. With than even a standard system would be relatively safe.
I think we've pushed this "anyone can grow up to be president" thing too far.
Here is some more complete information on this subject if anyone is curious. Interestingly
it looks like Republicans are largely responsible for this.
http://www.theatlanticwire.com/opinions/view/opinion/47-Percent-Dont-Pay-Taxes-No-Big-Deal-3230
http://www.nytimes.com/2010/04/14/business/economy/14leonhardt.html
http://www.usatoday.com/news/opinion/editorials/2010-04-16-editorial16_ST_N.htm
http://finance.yahoo.com/news/Nearly-half-of-US-households-apf-1105567323.html?x=0&.v=1
Ever heard of radioactive fallout?
Free Martian Whores!
Blow the fucking nukes.
what has traffic to do with the no. of infections or the damage that it did in nuclear sites? ...
i heard these systems often don't even have have an online connection! and the initial attack and primary spreading is through USB sticks, right?
so what kind of traffic from Iran are we talking about?
They are googling for disinfection-tools from inside the nuclear sites?
The worm is calling "home"?
Again, what kind of traffic? I'm getting crazy,i don't understand the measuring. Please help me understand this
thank you in advice!
R3
Remember, there aren't as many true geeks are here as there are nerds who are just "teched out." That's why we have fewer good submissions like this and more stories about how to blow up stuff with a microwave or the biggest lego masterpiece ever created. :)
The C64's operating system is stored on ROM chips (which by definition can not be written to.)
How do you explain EEPROM or flash ROM? ROM is a narrow context.
When someone mentions the US I now think of people suffering like Bradley Manning http://www.salon.com/news/opinion/glenn_greenwald/2010/12/14/manning
You can thank the US government for that. As long as this continues the US is IN PRINCIPLE AND ACTION little better than North Korea or Iran or anyone else. The main difference is scale and overt brutality.
Of course I now also think of internet censorship when anyone mentions the US, it was and is after all quite massive. Flawed and failing for sure but still a massive effort at censorship far larger than anything for example China has pulled off. Go USA... you always have to be "the best" don't you?
You can thank the US government for that impression as well. No radical lefties needed as I and other rightists in Europe get all the necessary information straight from the US government actions. More and more of us are taking notice of the US as a totalitarian society, as a new enemy of humankind.
The US is no longer "allies" to freedom: totalitarians can't ever be.
Sure US "soldiers" aren't crushing skulls and torturing people in the streets of the cities of the USA just yet but that's bound to start sooner or later the way things are going, right now American's rights are worth shit if they speak up. The US is already acting like a new Soviet Union.