Stuxnet Virus Set Back Iran’s Nuclear Program by 2 Years

masterwit writes "The Jpost article states: 'The Stuxnet virus, which has attacked Iran's nuclear facilities and which Israel is suspected of creating, has set back the Islamic Republic's nuclear program by two years, a top German computer consultant who was one of the first experts to analyze the program's code told The Jerusalem Post on Tuesday. Widespread speculation has named Israel's Military Intelligence Unit 8200, known for its advanced Signal Intelligence (SIGINT) capabilities, as the possible creator of the software, as well as the United States.'"

And the winner is...

[jav1231]

Stuxnet Virus Set Back Iran’s Nuclear Program by 2 Years...LOIC set Mastercard back 2 hours. Advantage, Stuxnet!

Re:And the winner is...

[jav1231]

So did you write Stuxnet or are you running LOIC? If the later might I suggest going outside. I mean just to see it.

Re:And the winner is...

[ShakaUVM]

>>Stuxnet Virus Set Back Iran's Nuclear Program by 2 Years...LOIC set Mastercard back 2 hours. Advantage, Stuxnet!

Nah, Jimmy Carter set back the US nuclear program by 30 years by banning breeder reactors. Advantage: Carter, by a long mile. Well, Clinton can take some of the blame too, for killing the IFR over the protests of Dirty Dick Durbin, amazingly enough.

I mean, good thing we never built breeder reactors, right? If we had, Iran might have a nuclear program by now, using stolen American plutonium!

(You know all the political mess we are in over waste products, and how California has banned new nuclear until the waste issue is resolved? Breeder reactors use nuclear 'waste' as fuel, burning over 99% of the fuel, instead of the 1% or so efficiency we get from traditional PWR/BWR reactors. IFRs can also burn depleted uranium, and weapons-grade plutonium.)

Re:And the winner is...

[ShakaUVM]

>>Early breeder reactor designs were inherently unstable, allowing situations where there could be a runaway reaction.

You mean back in the 1950s when the first breeder reactors were built? :p Sure, I'll grant you that.

The modern Type IV reactors safe(r), and since they get rid of most of the waste that causes most of the political problems with nuclear power, I'd say that it was a pretty bad decision by Clinton to kill the IFR research project.

>>Building one and having it blow its top would have been a far worse setback than the path we did take.

Sure. And if every reactor in the planet exploded right now, that would be bad, too. But if you're looking at risk levels from nuclear vs. other plants, the numbers just aren't there to support the anti-nuclear crowd. If nuclear killed even a hundredth of the people that have died from coal power (while it has been producing about half the power for our nation vs. coal), we'd have panicked and shut down all of the nuclear sites ages ago. We're fundamentally stupid about it.

>>I'd agree completely that what we need need now is solid, proven breeder reactor tech, and the opportunity to get it was wasted. I just wanted to provide an alternative to the "grass is always greener" thinking - it could have been a disaster too.

Sure, and I get what you're saying. But the main reason Carter and Clinton banned breeder reactors was not for safety reasons, but really about concerns over nuclear proliferation. The thinking is that if we had breeder reactors we'd not be able to morally take the high ground when we tried to stop Iran from going nuclear... oh wait. And also certain fears that people could steal the Plutonium coming out of the reactors and turn them into terrorist bombs. (Because, you know, if there's any place in America that is easy to steal from, it's a nuclear plant with all of its barbed wire and armed guards with machine guns.)

Re:And the winner is...

[MrKaos]

(You know all the political mess we are in over waste products, and how California has banned new nuclear until the waste issue is resolved? Breeder reactors use nuclear 'waste' as fuel, burning over 99% of the fuel, instead of the 1% or so efficiency we get from traditional PWR/BWR reactors. IFRs can also burn depleted uranium, and weapons-grade plutonium.)

You are confusing two different types of *FAST* reactors technology, breeder and burner. Roughly, the process Breeder reactors perform combine similar quantities of two other elements with plutonium within the reactor and transmute them into plutonium. In other words Breeder reactors produce about three times as much plutonium that goes in creating a plutonium economy.

The IFR is a Burner reactor prototyped at Argonne National Laboratory's EBR-II. It achieved a burnup rate of 20% of the fuel before the remainder of the fuel has to be removed and reprocessed. The ambition was to have reprocessing facilities and all other facilities on-site, hence the name Integral Fast Reactor. Given this knowledge your claim that Californian policy on Nuclear reactors is a mess is, at best, not well informed.

Nah, Jimmy Carter set back the US nuclear program by 30 years by banning breeder reactors.

No he didn't. While people like to piss on Carter for this decision it is highly ignorant to do so. We have over 70,000 tons of waste plutonium *now* as a result of the once through cycle reactors we have now and still no plan to properly contain it. Had Carter not stepped in and ended the plutonium economy 30 years ago we would have an epidemic of plutonium production. Additionally Breeder reactors are much less forgiving than the once through reactor cycles that are currently in operation. Carter's decision to ban breeder reactors was a wise decision considering the lack of appropriate facilities to contain plutonium available today.

Well, Clinton can take some of the blame too, for killing the IFR

Indeed. Killing the research into IFR and it's complementary processes was probably a mistake. However material technology is still not available to make IFR a working proposition, especially as the reactor ages. IFR is only appropriate technology when the lifespan of the reactor matches the decay time of it's waste product. Yes, I am saying we should learn how to build a reactor that lasts 600-1000 years as the decommission of an IFR reactor every 40-60 years severely reduces it's viability and practicality. Still developing the surrounding Integral technologies would be a good step forward until the material technology is available for the reactor as the fuel reprocessing technology is as important as the reactor itself.

You mean back in the 1950s when the first breeder reactors were built? :p Sure, I'll grant you that...The modern Type IV reactors safe(r), and since they get rid of most of the waste that causes most of the political problems with nuclear power,

Again you are confusing Breeder and Burner reactor technology. Breeder reactors allow less time to control run away reactions. Since they are cooled with sodium as the age any air that leaks into the system makes them explosive and they contain far more radioactive materials than a reactor like Chernobyl. The only new breeder reactor under construction that I know of is in India, in a flood prone area and sodium and water aren't friends in a nuclear reactor.

I'd say that it was a pretty bad decision by Clinton to kill the IFR research project.

Yes it was, because it has great promise for burning up not only pu-239 but also U-238, or depleted uranium, DU.

if you're looking at risk levels from nuclear vs. other plants, the numbers just aren't there to support the anti-nuclear crowd. If nuclear killed even a hundr

Success

[Dan+East]

Guess what? We're going to be seeing this sort of thing a whole lot more. Compare the expense and risk involved in writing this virus versus firing off cruise missiles or sending planes on bombing missions or an actual ground invasion.

And to beat it all, no-one even knows who was actually responsible for this. Oh yes, the future of modern warfare and sabotage is most certainly here.

Re:Success

And to beat it all, no-one even knows who was actually responsible for this.

True, but we do know that it was a country which can keep secrets.

Re:Success

[Fluffeh]

Oh yes, the future of modern warfare and sabotage is most certainly here.

Absolutely. If anyone ever needed a proof of concept to do something like this, you can't go idly past this one. I totally agree that this will open a LOT of eyes who will all now be in the "Lets do one of those worm things to solve [insert problem], it worked with the Iranian nuclear program..."

Might be a good time for the CV to start brushing up on writing some malware. Maybe form a small botnet or two just to cut your teeth on... Certainly beats spamming out messages about all sorts of pharmaceuticals as far as a paycheck goes.

Re:Success

[cbeaudry]

I dont think so.

We will see this sort of thing only if its politically inconvenient to use standard warfare.

Because quick and easy, means cheap. Which means, the military industrial complex isn't making profit.

We wont be seeing this replacing standard warfare anytime soon.

Re:Success

[nitehawk214]

I absolutely guarantee the US government payed as much for this code as it would have for any comparable attack with hardware. Hell, the company I work for just payed $19,000 for a SQL statement shorter than this very sentence.

Invoice:
Writing short sql statement: $10
Knowing which short sql statement to write: $18990
(assuming it did something useful and necessary)

Re:Success

[timeOday]

Compare the expense and risk involved in writing this virus versus firing off cruise missiles or sending planes on bombing missions or an actual ground invasion.

In other words, the relative advantage conferred by our overwhelming advantage in wealth and firepower is being tossed out for a level playing field in which we are very vulnerable and, even developing nations can pose a serious threat.

Re:Success

[rtb61]

It will just change security. More isolation in systems. Simpler programs only designed to do the job they need to do and absolutely nothing else. More appliances with completely stripped down or even no operating system.

Basically if you use M$ windows in what is meant to be a completely secure system, than you are a bloody idiot.

I think the two year setback is also likely wildly optimistic, even including the time already lost, unless of course Iran chooses to stick with M$ Windows.

The best hacks are still in hardware, chips built into capacitors, resistors etc. just waiting for that encoded signal to come in via their power feed to initiate intermittent power fluctuations (better than burn out, far harder to fix) and, really destructive when all spares will suffer from the same fault.

Re:Success

[geegel]

The latest evidence seems to point out that China might be behind the Stuxnet worm, as an expedient way of sabotaging a nuclear power without the diplomatic drama.

Of course, this is all highly circumstantial. We'll probably never know with absolute certainty.

Here's a rather insightful analysis on this hypothesis.

Re:Success

[JerkBoB]

And just think, it could have all been prevented by *not connecting your scada production network to the fucking Internet*.

It wasn't connected to the internet. That's a major part of the brilliance that is Stuxnet. The worm infected machines all over Europe and Iran, and spread via USB sticks. At some point (or more likely several points), the infected drive or drives found their way into the machines used to program the Iranian SCADA systems, and then the worm moved into its next phase of infection. It's pretty incredible, the way the authors targeted the iranian systems used for uranium enrichment and only the iranian systems.

SIGINT?

[PatPending]

"SIGINT" is an appropriate name for this:

SIGINT is the signal sent to a process by its controlling terminal when a user wishes to interrupt the process.

Although I would have preferred one of these instead:

SIGKILL

SIGSTOP

SIGSTFU

Okay, I made the last one up.

Re:SIGINT?

SIGHUP -> SIGOHNO
SIGINT -> SIGPWND
SIGQUIT -> SIGWUT
SIGILL -> SIGWTF
SIGABRT -> SIGORLY
SIGTRAP -> SIGRAEP
SIGKILL -> SIGSTFU
SIGSEGV -> SIGOMFG
SIGTERM -> SIGRTFM
SIGSTOP -> SIGKTHX
SIGCONT -> SIGGOGO

Hey, what about the Russians???

[SuperKendall]

I don't know why people think the only strong suspects are Israel and the U.S.

If you think about it, Russia not only has a number of potential motives (was paid off by one of the other arab nations like Saudi Arabia, annoyed at Iran for some reason, wants to make money selling the "fix" to the problem...), they have countries with many hackers that are well known for ability and also not as prone to speak out about what they are doing as a team (and this was a team effort) of U.S. hackers would be. On top of THAT, Russia also has (had?) engineers on site, which they could have used as an attack vector even unknowingly.

Re:Hey, what about the Russians???

[antifoidulus]

Russia has actually repeatedly try to mediate the standoff by promising to do all the uranium enrichment necessary for nuclear power in Russia and then send the enriched uranium to Iran, all at a cost of course. The argument was that Iran could use the uranium to generate nuclear power ,which is their projects ostensible goal, without Iran getting any of the technology necessary to make a bomb. It never really made any progress.

Problematic Approach

The problem with this approach and other similar forced social and technological engineering attempts by the west against Iran, is that it forces Iran to become more independent and self-reliant. It is true that there is a temporary short-term win, however in the long run it creates a scenario of technological escalation.

Lets review Technological Escalation ala'Iraq:

Attack Vector: IED v1.0 - Road side bomb with detonator fuse wire, bomber hides in near buy building, waits for US tanks to go past, presses red button
US Countermeasure: Train soldiers to look for suspicious packages or mounds of garbage were wire or some such are leading away from mound, once detected fire at location where wire ends up.

Attack Vector: IED v2.0 - Same as v1 but now uses a wireless trigger mechanism based on childrens walkie-talkies to set-off explosive. As before waits for US tanks to go past, presses red button
US Countermeasure: Provide signal jamming equipment on-board all patrols and tanks.

Attack Vector: IED v3.0 - Same as v2 but now uses continuous signal trigger mechanism to set-off explosive. As before waits for US tanks to go past, presses red button, but now signal stops and explosive goes kaboom!
US Countermeasure: Same as before but instead of jamming the signal, all terrestrial signals are replicated, allowing the tank/patrol to pass by without being blown up.

Attack Vector: IED v4.0 - Same as v3 uses continuous signal trigger mechanism to set-off explosive. Signal begin sent is encrypted and uses a random sequence number, As before waits for US tanks to go past, presses red button, signal stops and explosive goes kaboom!
US Countermeasure: Pray...., play crappy rock/death metal music while driving around bagdad.

Attack Vector: IED v5.0 - Same as v4, but now they have time to refine the design of the ordinates, remember the movie coneheads with Dan Akroid? Well it turns out for a really good focused explosion, all you need is a piece of steal in that shape packed with C4, with the pointy end aim at the direction you wish the explosive to fire - Armoured penetration as per and 09' pentagon report is roughly successful 85% of the time.
US Countermeasure: Pray....

Attack Vector: IED v6.0 - Same as v5, but made to be more weather resistant, with added proximity sensors, modern cars aren't made with as much steel and Iron as patrol cars or tanks - so it makes for a good differentaitor which can be use with a proximity fuse.
US Countermeasure: N/A

Do you really want to force your enemies hand like this?

Re:Problematic Approach

[cowwoc2001]

More sophisticated = more costly. If the end-result of this game is raising the cost for Iran to seek nuclear weapons then it's a win in its own right.

its important to keep in mind

[nimbius]

regardless of how awed the media is in the wake of the stuxnet worm, things like this only work once, and only under certain conditions. In any functional nuclear program there exists a very strict information systems security policy to prevent exactly this type of malicious activity from occuring. I also wouldnt be surprised if the "two years" assertion is an overstatement to placate the middle east.

Iran will likely switch from windows controllers for their Siemens PLC's to hardened linux or BSD, taking a page from chinese internet security experts and refusing to trust western code that cannot be independently evaluated. and if we remember the cold war, irans woes feel like washingtons foreign policy from the cold war being flexed all over again

Re:How wasteful we humans are.

If I were the president of the country in the middle of this map, it would be almost criminally irresponsible of me not to develop nuclear weapons as quickly as possible. The US tends to attack countries that have oil, don't have nukes, and refuse to play ball.

Re:Two years...?

[surfdaddy]

A VERY interesting article with a lot of detail from (I know) Fox News: http://www.foxnews.com/scitech/2010/11/26/secret-agent-crippled-irans-nuclear-ambitions/ A bit more detail that I'd read elsewhere. I strongly encourage everybody to read this. Quite an admirable job. But then you think that of course this could happen to control systems in the US as well. We all know countries and organizations that might be happy to attack. I'm sure this sort of thing will only grow in the years ahead.

Re:How wasteful we humans are.

[blackraven14250]

The entire area was owned by the British, and largely backing the Axis due to their support of the genocide. The British gave the land to Israel, who were the ones forcibly taking said land. Not like that's never happened before in history, but people make a big deal out of it because it's Israel. I hope you're not in the US, otherwise you should get out of there, since if you are, you took the lands of native people forcibly as well.

Probably a bad idea to put a bunch of Jews in the center of a bunch of people who hate Jews, but it's not like the only reason they want to kill Jews is because their "homeland is being invaded". They were of that mindset long before Israel existed.

Also, Iran didn't exist for the last 300 years, but if you count the Persians as "Iranians" for this example, most definitely started the second Russo-Persian War.

Israel hasn't started a war, either, just to point that out - they just get embroiled in the whole "Arab Muslims tend to hate Jews" thing constantly, since they're surrounded by a bunch of countries that really, really don't like Jews (just look at the laws regarding Judaism in some of these countries). The only one that you can even possibly consider them starting a war (the Lebanon war) was a retaliation to a Lebanese assassination attempt on one of their ambassadors.

Re:How wasteful we humans are.

[flyingkillerrobots]

Yes. Hundreds of thousands. Try 7,500, 1,500 of whom were killed in intra-Palestinian fighting. If you are going to claim "well, the Israelis are tergeting primarily civilians," note that the Israeli civilian casualty rate is some higher than that of the Palestinians, despite that most of the intense fighting has been in Palestinian cities.

Re:How wasteful we humans are.

[blackraven14250]

I hope you don't live in the US, England, Germany, or nearly any other country. Because let's face it: there isn't a fucking place on Earth that hasn't been forcibly taken from the people who (formerly) own(ed) it at some point in history. Anglos took over the Saxons, Norway took over England, Germany at one point owned Europe, the USSR owned everything east of Germany, China isn't a historical state either, Japan wasn't unified a while ago, India wasn't a state, the USA wouldn't exist, Mexico was owned for quite a long time (didn't even get to keep their language)...the list goes on, of how blind you are to history if you think one group of people has never moved in on another group's turf. It's new to history for such a global issue to be created over 8000 square miles, though.

I also said remove them from the map - outright genocide hasn't happened by their hands, despite the sequestering of land. As it turns out, they are, by a longshot, better than the Spaniards, the then-future-Americans, the Normans, the English, the Japanese, the Germans, the French, the Dutch, the Chinese...

Maybe, but it will set back iranian democracy

[Kyusaku+Natsume]

Now the incumbents could claim with proof -a tenuous proof, if you like- that the opposition is in bed with the US and Israel and against their own country. Nobody likes collaborationists. They managed to set back the enrichment program, but strengthened the hand of conservatives far more. Time will tell if this isn't another pirric victory like in 1953.

Re:Maybe, but it will set back iranian democracy

[rogerz]

You show little understanding of the Middle Eastern psyche. Read Bernard Lewis. Incompetence is not rewarded, it is is looked on with disparagement. Being strong and saving face are critical. Indeed, the regime has been extremely reluctant to admit *any* impact from the attack. If they were going to pursue your strategy, they would bemoan the actions of the "imperialists". I bet they never will, because of the culture of "face".

Re:How wasteful we humans are.

[jovius]

There were Jews and Arabs living in the area long before it became the modern Israel. The problems today are the result of mass exodus and the (violent) expansion of Jewish settlements. The resistance and politics on either side has grown into a ultranationalistic psychotic fantasy. Nobody actually cared about the opinion of the people already living there when the borders were first drawn, so the first war was inevitable. Jewish nationalism was condemned by many a notable jew at the time.

It's sad how boths sides play politics exploiting their own people. Every death is used to promote selfish agenda, every military action is because of safety. Of course they don't own the people, but that's the convenient illusion to work with. We most probably end up to a single state and a similar struggle as in South Africa.

Re:Ah, the Lobby again

[ShakaUVM]

>>...is that you, General Electric? Or Siemens?

Is that you, shill for the coal mining industry?