Slashdot Mirror
Stuxnet Still Out of Control At Iran Nuclear Sites
Velcroman1 writes "Iran's nuclear program is still in chaos despite its leaders' adamant claim that they have contained the computer worm that attacked their facilities, cybersecurity experts in the US and Europe say. Last week President Mahmoud Ahmadinejad, after months of denials, admitted that the worm had penetrated Iran's nuclear sites, but he said it was detected and controlled. The second part of that claim, experts say, doesn't ring true. Owners of several security sites have discovered huge bumps in traffic from Iran, as the country tries to deal with Stuxnet. 'Our traffic from Iran has really spiked,' said a corporate officer who asked that neither he nor his company be named. 'Iran now represents 14.9 percent of total traffic, surpassing the United States with a total of 12.1 percent.'"
...patch Tuesday is coming. ;)
These weren't 'hacktivists'. These were government employed/contracted hackers.
Ahmadinejad's speech needs to be heard from the perspective of knowing something of Persian culture. We tend to think we understand people by what they say and in this case and, frankly in most cases we do not when Iranians speak. For example: If someone dies, it is considered not polite to just say "Shogi is dead". You break it gradually. So on the first inquiry, "Shogi is feeling unwell" is the reply, then, "Shogi took a turn for the worse" , then "Shogi has passed". Also, it is considered dishonorable for a man to admit ignorance. This makes it very hard to teach new ideas in Iran. Speak to a Persian and you are met with "Yes Yes, this I know, next thing please" The Persian culture is actually a very beautiful thing full of warm people, but they are NOT American People. They are a seperate culture. when Ahmadinejad announces ____ fill blank. we believe him, Persians think "there goes Dinner Jacket again.."
- Minutus cantorum, minutus balorum, minutus carborata descendum pantorum.
If you read about how this thing works, the real payload is a rootkit for a motor drive plc built by an Iranian manufacturer and spinning in the range needed to enrich uranium. It was also targetted at the desktop software designed to program said motor drive, which is windows. If they were running Linux, I'm sure there are a few zero day sploits out there suitible for hiding a rootkit dropper. The people that made this thing had time, information, legitimate driver signing certificates, and resources. I doubt there are many platforms that can deal with such a determined attacker.
The columnist who writes for Asia Times On-line (www.atimes.com) under the name Spengler foresaw this situation last year. He noted that 95+% off the software that was being used in Iran was 'pirate-ware' from the West. He noted that there was an Iranian government-run file download site that held hundreds of popular Western software packages along with their kraks, passwords, and keygens. He predicted that this would allow viruses to run amok throughout Iran at some point in the future.
He also quotes a BBC reporter who states that almost nobody except government officials and their goon squads (and old ladies, of course) still believes in fundamental Islam in Iran. She (the BBC reporter) says that only about 2% of the population regularly go to Friday services at the mosques in Iran. And over 5% of Iranians are addicted to cheap Afghanistan heroin, the highest addiction rate in the world. Unemployment among the young is in reality over 50%. She says that Iran currently resembles the Soviet Union in the late 1980's; it's a country that will just fall apart in the next ten years if the rest of the world just leaves them alone and lets it happen.
At the time of the revolution in 1978, Iran's population was about 27 million (I remember the number quoted as 50 million at the time) and now it is over 70 million: a direct result of Khomeini's exortation for young people to -'get a-fuckin'- (in a manner of speaking) and make lots of babies. When Khomeini died that policy died also, and Iran launched a massive birth-control program. Now, the children of the revolution are having almost no babies and the birth-rate in Iran is 1.6 children per couple; one of the lowest in the world. But their remains this huge bulge in the population demographic there; all the people born in the 1980's.
They call themselves 'the burnt generation'.
If any of this is true then we shouldn't worry too much about Iran. We should never actually believe anything that they say. And we should, on an individual-to-individual basis, offer whatever assistance that we can. Nevertheless, I would recommend NOT offering any detailed technical assistance to people in Iran on any specific technological project over the web until the Iranian government stops all this 'Death To America' nonsense as offical government policy.
Thank you.
No, I don't think this is the kid sitting at home ala "War Games," and here is why (from the article):
Wow, you know they're serious when the cyberattack is coordinated with targeted assassinations.
Hey, this is a serious "nerds at war" story. Slashdot would be remiss to not cover what might be greatest exploit of weapons grade professional hacking in world history. How long before Slashdot "friends" find themselves on opposite sides of an actual war where key infrastructure is literally exploding? Because that's exactly what those worm coders did: Blow up uranium centrifuges in militarized underground bunkers. This really is the start of a new era in the history of nerddom, and if anything, it should be getting more attention from nerds. Maybe some of the authors of that worm even have user accounts here.
Symantec speculates a team size around 5-10 not including QA (whatever the heck that means).
Uh, good thing that programmers don't need QA or managers, and so on.
And yes, QA matters for an operation like this. You're probably having spies plant the bug, and they could get killed in the process. You don't risk spies on code that isn't tested.
Likewise, a fizzled attempt will likely trigger countermeasures making a future attack more difficult.
QA means getting it right the first time. That probably means creating a simulated environment and testing the software out in this environment. Sure, you don't need actual centrifuges and turbines, but you probably need software that emulates the feedback such machines would return to their controllers. I'm sure they didn't factor that into their "5-10" count.
I've worked on some IT projects where quality was serious business, and you can easily spend as much on testing as you spend on development. For a typical military-style coding effort factor in a WHOLE lot more.
No, enrichment machines to not require precise speed.
You made that up. Post a link or retract it.
All it requires is high speed for a sustained periods. Precision is not a criteria. It doesn't matter whether it is 2000 rpm for 5 days or 2100 rpm for 5 days and 18 hours. There are no precision requirements for centrifuges. Its a trade off between the number of Gs you can induce over a period of time. There is no special precision requirement.
Its not like a paper machine where if one of the drying drums goes .002 rpms faster than the rest the web of wet paper breaks and the machine is useless.
Centrifuges are big machines, and you have to spin them up carefully using a stepped speed profile while getting up to speed or coming to a stop.
The worm simply radically alters the speed in unpredictable ways, spinning them up, then dropping to very low speeds, very quickly the jacking them up again. Doing this very fast breaks the machines. The worm's job is to break the machines.
The worm is not trying to alter the product. Its trying to break the machines. Do some reading on this subject, PLEASE.
Sig Battery depleted. Reverting to safe mode.
Clearly? How do you know it wasn't Saudi warfare? They've got the money, plenty of smart people (especially in reverse engineering, which is useful in spec'ing from a snatched or bought sample centrifuge), and are Iran's primary foe in the world. They've been trying to get the US to bomb Iran for years, and are the primary target of an Iranian nuke programme.
How do you know it wasn't Russian marketing? The more Iran wastes uranium, the more Iran needs Russia. The longer it takes to get a fuel stockpile, the longer Iran needs Russia. Plus Russia isn't entirely evil, and is itself an old and longstanding enemy of Iran in more ways than it is an ally, and could just be defending itself from Iran's nuke programme. Likewise China.
Those are three very plausible sources of Stuxnet. And they're all increasingly Eastern, including the ultimate Eastern of all - not Western.
Iran is a very dangerous and isolated state. It's got lots of enemies with the means and motive to unleash Stuxnet. The question is which had the opportunity, which I expect we will never know, as Iran's windows of vulnerability in this respect are some of the most closely guarded secrets ever.
--
make install -not war