Slashdot Mirror
Iran Says Siemens Helped US, Israel Build Stuxnet
CWmike writes "Iran's Brigadier General, Gholam Reza Jalali, accused Siemens on Saturday with helping US and Israeli teams craft the Stuxnet worm that attacked his country's nuclear facilities. 'Siemens should explain why and how it provided the enemies with the information about the codes of the SCADA software and prepared the ground for a cyber attack against us,' Jalali told the Islamic Republic News Service. Siemens did not reply to a request for comment on Jalali's accusations. Stuxnet, which first came to light in June 2010 but hit Iranian targets in several waves starting the year before, has been extensively analyzed by security researchers. Symantec and Langner Communications say Stuxnet was designed to infiltrate Iran's nuclear enrichment program, hide in the Iranian SCADA (supervisory control and data acquisition) control systems that operate its plants, then force gas centrifuge motors to spin at unsafe speeds. Jalali suggested that Iranian officials would pursue Siemens in the courts, and claimed that Iranian researchers traced the attack to Israel and the US. He said information from infected systems was sent to computers in Texas."
FTA: "Siemens should explain why and how it provided the enemies with the information about the codes of the SCADA software and prepared the ground for a cyber attack against us,"
Define 'enemies', please. From the rest of the world's POV, Siemens should explain why and how it provided the enemy with equipment that could be used to make nuclear weapons.
If the US government and Isreal did callude with Seimens to make the stuxnet virus, taking great pains to hide its source, introduction, and its operation in the Iranian systems... Then why would they have it sending data directly back to a site in Texas? The would have also been careful enough to redirect the data through relays in other parts of the world to conceal their identity...
I view everything which comes through government channels from Iran as Potential FUD. The rigged election, suppression of protests, detentions, disapperances, etc. of political opponents smells worse than when the Shah was running the country. For all we can tell they didn't really have a worm at all, but failed to read the owners manual properly.
A feeling of having made the same mistake before: Deja Foobar
People send all sorts of crazy data to Texas all the time. I believe they publish it in their schoolbooks.
I don't know how many years on this Earth I got left. I'm going to get real weird with it. - Frank Reynolds
I am from Texas, we say the same thing about you guys.
Another successful black flag operation by the dreaded CSIS - Canadian Security ftw!
Iran just got p0wnd!
-- Tigger warning: This post may contain tiggers! --
I guess Mossad needs to add about 7 more proxies.
Let's see...
Grab some highly intelligent and creative engineers and programmers, give them full access to the implemented engineering spec's of a nuclear processing facility, and you'd be amazed the things can be accomplished. Give them time, money, and purpose, and knowing how fallable the average human is, and the Stuxnet scenario was inevitable from an Intelligence standpoint. Keys to the patent office probably also helped.
I heard that on the radio many months ago.
He said information from infected systems was sent to computers in Texas.
Anyone else get an image of an SNL-esque GWB cackling in front of his computer as his screen lights up with ill-gotten Iranian data?
Wrong in so many ways.
So let me get this right, they spent all this time and money to design, develope, and deploy this software. To conceal it and hide its presence, but you now want us to believe that they simply configured it to send data to an IP in Texas? If the stuxnet really did phone home with information, the developers would have programmed it to send to relays in other parts of the world to further hide its origin. If it DID send data to a Texas IP, I'd think any logical thinking person would realize its someone else trying to cast blame on the US... More FUD from Iran...
Something tells me if Iran wants to put on a show trial for Seimens in the IRanian courts, it'll just result in Seimens exiting from IRan and they will no longer be able to purchase any new or replacement hardware, should they need it.
What the hell does Siemens have to do with the code running in their SCADA systems? Siemens sells PLCs and SCADA software. YOU hire someone to program it for you. At no point in the transaction does Siemens have a copy of your code or architecture unless you GIVE it to them... dumbass.
A little misunderstanding? Galileo and the Pope had a little misunderstanding...
Not sure what google adverts the rest of you are seeing on this story but mine are hilarious. http://i.imgur.com/U6jCz.png This is why I don't turn it off (as well as supporting /. ad revenues).
I don't know how many years on this Earth I got left. I'm going to get real weird with it. - Frank Reynolds
It was actually aliens that did it, hoping to stall Iran in the development of their flying saucer technology.
I wish it weren't so believable. Unfortunately the United States government (at the least) has become more adept at spinning its bad behavior to sound good rather than becoming adept at actual good behavior. So much for principles....
Fear-mongering is a tried-and-true motivator. Worked for Hitler. Worked for Stalin. Worked for Bush.
Too many leaders, world and smaller-group, who can't motivate and bring their people up through their own efforts try to defer their failures by bringing the other guys down.
Sadly, millions of people listen to their rantings, buy into their fear, and support their mongering.
End the FUD
The public education system still hasn't improved, I see.
Perhaps I'm wrong on this, but I was under the impression that the controller's were part of a closed network, hence the reason for sneaking the stuxnet virus in via USB. Why on earth would it be trying to report back to anywhere?
Either, I have my facts wrong, or somebody is just making crap up to point a finger.
German control system security consultant confirms Israel connection
the guy who analyzed stuxnet:
http://www.ted.com/talks/ralph_langner_cracking_stuxnet_a_21st_century_cyberweapon.html
While I can not speak on the behalf of anybody else, as a member of the civilized world allow me to just say thank you Siemens, Mossad, the Pentagon, and anybody else who may have been involved in keeping the world safe by keeping nuclear arms out of the hands of genocidal dictators and oppressive theocracies.
This sig has been stolen. Return it to its original user for a reward.
Nobody cares about your cyber misfortunes d00d. Your constant complaining and whining about it makes you and your country look stupid.
Siemens needs to have its day in court for having sold anything to you in the first place.
Remember, Stuxnet was ineffective, right? Move on to your next jihad?
Please flood this page with your kind of lies. Thank you.
It's unlikely that someone had Siemens help them do this. It used KNOWN SCADA exploits that were out in the wild- and done in such a sloppy manner that it couldn't BE Mossad, CIA, or NSA that did it.
Well, the free world was just lucky because Iran was a country idiot enough to buy SCADA systems based on Microsoft Windows... :)
The fact is, the US government is a corrupt organization that many many people hate, Iran is also a corrupt organization that many people hate. China, Al-Qaeda, there are dozens of governments and organizations that would want to see the US relations with other countries sink further then it already has. Could the US have done it, absolutely, could they have been framed, just as possible. Honestly as a terrorism attack on the US I think this would be brilliant, why actually waste manpower getting your side killed, when you can dupe 2 parties into fighting eachother.
Nobody messes with Texas!
Rockwell Automation's CEO just saw dollar signs flash before his eyes. Iran should have paid the extra money and went with RA PLCs not that Siemens crap.
The only issue not stopping the US from dismantling all at once is the fact that other countries like Russia still has a shitton of nukes.
And non-treaty members, and noncompliant members, and Iran (soon)... Total nuclear disarmament is theoretically possible, but the world is far to broken for that to happen in the foreseeable future. As long as we have warmongering megalomaniacs in politics anywhere, nuclear war is never more than a few years away.
I won't join Slashcott. OTOH, If Beta goes live, I just won't be back until it's fixed. Sorry Dice.
I went to the gun store and told them I wanted to buy some ammo so I could kill all their employees. They sold me blanks, I'm totally going to sue.
-Iran
Quickly.
I'm sure Siemens and the United States and Israel will be devastated by this outcome and will rush to settle. Never fight an angry warthog in court.
Truly this is horrible. This will definitely sour the relations between the parties. What with the whole hostage thingie, the desire to wipe Israel off the face of the map, nuclear weaponry ambition. Lawyers everywhere, SUIT UP! Iran is going to court.
I hope this gets settled in record time just like SCO v IBM.
The only court I'm aware of where venue and jurisdiction for Iran to "air their innocent grievance" are just and proper is currently the one I'm sitting on.
Iran is welcome to kiss it.
E
You could have known about this three months ago.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
"No nation whose leader has sworn to destroy another nation has the right to have any sort of weapons at all."
You mean like Obama, Bush, and the entire USA the last 100 years? Holy flying spaghetti monster you sound retarded.
Overt and Covert, there is no difference. Just because the USA doesn't openly boast about destroying nations doesn't mean it deserves nuclear weapons either.
And FYI Iran has tried diplomacy several times, but the elitist, pompous, warmongering USA refuses to sit down at the table unless the USA's greedy ass demands are met.
Oh and the Iran hostage crisis was a CIA plot, just like the Iranian revolution and the overthrow in 1953 of Iran's democratically elected government
You really are a fucking tool.
Bingo. Yes, the knowledge to do Stuxnet isn't exactly stuff you find on the street, it wouldn't be hard for a blackhat organization to obtain this information. This could be a group of people who didn't like Iran, the US, or Israel to do something like this, just for kicks, or like the Joker, "to watch the world burn."
What one has to do is figure out likelihoods. Unlike most things, it is possible to fake an attack and have it look like it came from a completely different source.
Who fucking cares what they say/think anymore? They make one wrong move and Iran will cease to exist. When that happens, wake me up so I can make popcorn.
For as much as "American hate" is touted these days, NOBODY, and i mean NOOOOOBODY likes Iran. Not even the Muslim majority(arabs) like Iran(persians).
Meanwhile, you seriously think that devout fundamentalist Muslims would really drop a nuclear weapon on their own holy land?
Yes, I do, I'm sure they would!
Hey, Iran, get a grip! You're throwing accusations all over the place without anything to back them up. Yeah you lied totally about your nuclear intentions and yeah someone pretty darn good gave you a good screwing over these last couple of years for it. Consider that this alternative was probably why bombs haven't been falling out of the skies on you yet. But your habit of blaming everything on The Great Satan and The Little Satan was old decades ago. Everything bad that happens to you is never your fault. Now you think you've found someone new to blame simply because the truth is: You really don't know how it happened, or who really did it, so you bluster about throwing mud and hoping that something will stick. As the saying goes, when you speak a thousand words then maybe one of them is true. Consider that you earned this insult and, like I said, be glad that it was a computer worm rather than cruise missiles and JDAMs.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
it would hasten the return of the the mahdi, the hidden imam. if you are promised salvation at armageddeon, and you are a true believer, maybe you can hasten salvation by hastening armageddeon. you have to kill some people to save them right?
if that sounds like religious fundamentalist self-fulfilling prophecy kookery, well yes, yes it is
you do realize that iran is a theocracy, right? power is invested in a bunch of grumpy old men who somehow have a monopoly on interpreting the willpower of god. that's their government. that bothers me. not because its muslim, but because its FUNDAMENTALIST. a fundamentalist christian theocracy with nukes would bother me too (and this is where some of you call the usa that, and reveal yourselves to be complete morons unworthy of commenting on world affairs)
http://www.iranonline.com/iran/iran-info/government/constitution-1.html
you can say all you want about the usa and israel. they both do plenty wrong in the world and the middle east. but regardless about how you feel about the usa and israel, do you really want a THEOCRACY armed with nuclear weapons in this world?! does that somehow neutralize or make up for the sins of israel and the usa? how's that work?
there's a lot of strange people out there, who, in their hatred of the usa and israel, will embrace and excuse the behavior of far worse entities. i don't understand that thinking. and when i say "far worse entities," don't take my word for it: a few years ago some people in iran voted, and their votes were ignored, and they protested, and they were brutally crushed. ask an IRANIAN what they think of their government, that freely ignores them, they whom the government is supposed to represent
so in your hatred of the usa and israel, don't move to embrace entities far worse
do you know its actually possible to dislike the usa, israel AND iran at the same time? try it. then you will find yourself adhering to actual principles, rather than moronic chest thumping tribalism. its not a football game. you don't have to pick sides. you can actually reject all sides. just don't be a complete moron and embrace and defend the murderer because you dislike the rapist
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
Don't the trade embargoes prevent Iran from legitimately obtaining Siemens SCADA systems in the first place? How are they going to sue Siemens for this even if Siemens was involved?
Iran's setup was a joke, and someone designed a truck to drive through it.
ON examination, there was so much wrong in Iran, its not even funny. And then later they spend their time blaming everyone else. And spewing how their 'enemies' are meddling in their Nuclear programs.
On the other hand, You have to take a moment to savour a true 'Impossible mission' that seems to have been carried out to a high degree. Great fun. And its still rumbling on. Popcorn anyone?
Doesn't he have to phone the support line at Siemens first, get a support ticket, and give them a few days to resolve the technical issue first?
Why has no one tagged this story "haha"???
HA-ha!
sigfault (core dumped)
What one has to do is figure out likelihoods. Unlike most things, it is possible to fake an attack and have it look like it came from a completely different source.
Exactly. Just like 9/11.
I feel fantastic, and I'm still alive.
While I can not speak on the behalf of anybody else, as a member of the civilized world allow me to just say thank you Siemens, Mossad, the Pentagon, and anybody else who may have been involved in keeping the world safe by keeping nuclear arms out of the hands of genocidal dictators and oppressive theocracies.
While I'm reassured that Stuxnet only works on those evil Iranian centrifuges, aren't you at least a little apprehensive about what modified versions of this virus might do? Like maybe withdraw the control rods from nuclear reactors in your country, and making them spew radioactives all over the neighborhood. Being able to control industrial machinery with malware is a pretty scary concept, at least to me. While I'm sure that governments have known about this possibility for some time, letting an example of this loose where script kiddies can analyze it strikes me as more than a bit unwise.
Great men are almost always bad men--Lord Acton's Corollary
What use will they get out of a nuclear weapon?
They won't use it; any actual hostile detonation, either public or via subterfuge is almost guaranteed to result in a potentially culture-ending retaliatory nuclear strike.
Any strategic use as a threat or bluff or other lever to achieve a military or diplomatic goal is likely to result in pre-emptive conventional strikes with the point above communicated in no uncertain terms.
Iran will never develop enough strategic delivery systems to participate in a MAD style long term confrontation, either.
It strikes me that Iran would have been much better off investing those resources in conventional weapons systems and military forces. Homegrown, cheap and plentiful cruise missiles and man-portable missle systems would have been far more effective.
I hope it's true that the US and Israel got Siemens to attack Iran's nukes programme. I certainly prefer that to either Iran having nukes, or any shooting war to interfere with that. I'd love to finally hear for once that the US spook programme is actually doing something smart to disarm an actual threat to us, especially coming out of Iran - instead of collaborating with Iran on arms deals, drug deals and any other deal the Iranians benefit from. I'd be really happy to hear that Israel was finally earning some of the many $billions the US has shoved at Israel for decades, despite Israel's using that money to go far beyond self defense into serious abuse that costs even more $billions from the US to cope with. And I'd be please that a giant German corp was using its ongoing business with Iran to help disarm the threats that the embargoes don't keep from growing.
If I were an Iranian I might feel differently. If I were a powerful Iranian, benefiting from that tyranny and desperate for nukes to protect me from foreign enemies and even my own people, I sure would feel differently. But I'm not. I'm an American, and I hope that my country, Israel and a German corporation have done serious damage to Iran's nukes programme without firing a shot.
--
make install -not war
IF it were the US...
WHY would they have communication come back to one of it's states when it's so easy to get a server elsewhere in the world...
I love the Iranian BS. Can't wait for Israel to get pissed at em and nuke the crap out of em.
Stuxnet was specifically engineered for those centrifuges.
Specifically, I think the Saudis found out much of the specific information about how the Siemens devices were used and how the system was configured. This was key information that an Arab government would be more likely to get then the US or even Israel. The worm was exclusively targeted at a very specific configuration, which is why it has not caused a lot of trouble in other organizations.
The Saudi monarchy is scared spitless of Iranian expansion in the region. They don't want an Iranian nuclear weapon because it will give the current Iranian regime more political credibility in the Islamic world. If they can help derail Iran's weapons program without any political cost to themselves they would jump at the chance. I think they oppose Iran right now as much as Israel does and for similar reasons.
Why is Snark Required?
Comment removed based on user account deletion
First of all, its code, not codes. There are some nouns which are (or can be) singular, even though they refer to collections of people or things, which is what plural nouns usually do. Examples of such 'collective' nouns are crowd, flock, group, committee, government and team. We don't call a person who climbs mountains a mountains climber, neither do we go on a roads trip, get a hairs cut or look at a wheats field. Likewise, computer software when described in singular fashion is a line of source code, while the plural is also just 'code'. "Codes" is as correct as roads trip, wheats field and hairs cut. I understand that some people have english as a second language, and may not be completely familiar with all its nuances. Sadly, there are many to whom English is their first language, and it is to them that I would like to use this admonishment as a stick. Whack, Whack! Take that you illiterate! Go work for Fox News, George 'Dubya' Bush or Sarah Palin! You will impress them, but not me! As for the rest of the content: Mitutoyo got their pee-pee slapped for selling high precision angular measuring equipment to Iran (the US imposed a 5 year ban), so you know the US has been beating on manufacturers selling technology to Iran. Did Siemens contribute? Likely! Were they eager? Thats an open question.
I worked for Siemens for a while. I know the quality of their code. If Siemens made the worm, it would not have worked until at the very least the 5th generation.
Who'd have thought that a record of shabby bananaware quality would be an excuse?
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
What one has to do is figure out likelihoods. Unlike most things, it is possible to fake an attack and have it look like it came from a completely different source.
Exactly. Just like 9/11.
You just capped yourself with that one. The whole "9/11 was a Zionist/Crusader plot" BS puts you in the same category as Flat Earthers and Holocaust Deniers.
"I'll take Idiot Cheerleaders for 500 Alex"
"What fool posted the phrase 'Just like 9/11' as an example of a false flag operation?"
contestant hits the buzzer
"Who is Thing 1?"
"Correct."
http://www.okcheapshoes.com
Iran is right, as there was a fake "SCADA security conference" in Idaho, where the US DOE people quizzed Siemens experts about Simatic S7 WinCC vulnerabilities and apparently the info was used to refine Stuxnet attack code. Whether Siemens was duped or actually knew about the conspiracy is debatable, but it must be said that Germany as a whole is very subservient to the zionist entity. They "sell" advanced submarines and battle tank diesel engines to Tel-Aviv for essentially free (10-25% price) and always support bulldozing of palestinian homes. They also paid 60 billion euros to Tel-Aviv as shoah reparations already and will pay a further 40 billion until 2020. Germans feel too guilty of shoah to be able to consider the massive uprooting of palestinians from their birthland and turn a blind eye to the zionist nuclear bomb-making factory at Dimona.
I would predict Iran will not be too busy trying to find out if Siemens experts were knowing or unknowing accomplices in the Stuxnet conspiracy, because that question is now redundant. Siemens has already left the iranian business sector entirely, so there is no barrier to punish Germany on home soil with a new Munich-clone massacre. Maybe iranian naval commandoes will storm a giant cruise ship Achille Lauro style and dump germans, jews overboard. Maybe Iran will task some palestinian militant group to blow up a Lufthansa Airbus A-380, just like the US downing of the iranian pilgrim Airbus-300 was avenged with a Lockerbie in 1988, so conveniently blamed on underdog Libya.
Btw, Libya! Did you know the uranium refining ultra-centifuge cascade set running at Dimona, which was used to test attack code in Stuxnet prototypes, came from Colonel Gadhafi, who gave up on his WMD-making programme years ago when making friends with USA and France. The "Khan P-1" cascade is an industrial standard type among third-world dictatorships, Pakistan makes it and sell it to anybody with enough money. Iran also uses it, so the libyan copy came very handy for tests, that's why the USA forwarded it to Dimona. There pensioners were recalled to help assemble and run it, since the zionist have been on more modern laser-exciton refining for decades and new gen experts had little clue about those clunky centrifuges.
Now that Stuxnet the Moor has done its duty, Colonel Gadhafi can go, because his zionist centifuge set dealing secret is no longer a risk if disclosed. That's why the recently rekindled US and french friends of Libya suddenly turned against Gadhafi's regime a few weeks ago. Spreading democracy, my ass!
Easy enough for NSA or Mossad to get a couple of bright developers hired at Siemens. Or simply take their training courses.
Why would they go through Siemens management for this? That would be silly.
I am very small, utmostly microscopic.
I said nothing of the sort, o wise AC. I agreed that figuring out likelihoods will put you much closer to the heart of the matter than solely relying on images and sounds.
I feel fantastic, and I'm still alive.
Hope this will teach'em to not use M$ products in the future. They should have used the linux open source sentrifuge controlling software. That's what I'm doing in my basement, and my atomic bomb is almost ready to blow now! {evil}HAHA{/evil}
...Siemens helped? The next question is, did MS help too? I know this is in the realm of conspiracy theories, but one has to wonder If the US government has special influence (or backdoors) into the dominant software platform. It is at least circumstantial evidence that when the government needed access, they found the door wide open. Maybe the door was jarred open by the four separate zero day bugs. Did MS give the NSA/CIA bugs that were already in the bugfix pipeline? Other governments would be crazy to continue to assume that the Windows platform is "secure."
If there is one constant thing regarding Stuxnet, it is the lack of any actor(s) standing up and stating "We are the ones that initiated, scoped and developed Stuxnet and here is the source code to prove it." Intelligence agencies or governments are not going to step up and admit to it for obvious reasons.
However, there is a common consensus in the SCADA security circles that it was a joint operation between the U.S. and Israel (With a certain amount of nudge-nudge-wink-wink with those that have access to key players). Based on the fact that intelligence agencies regularly practice disinformation and psyops as part of their bag of tricks, you can never be certain of the truth unless you are cleared and were part of the operation to begin with (And if this is the case, you are not talking, for rather obvious reasons).
I do work and consult in the SCADA security field. Siemens would be committing market suicide if it was determined that they had provided known vulnerabilities to their SCADA systems to any intelligence agency. I have considerable doubts that there was any collusion or cooperation between them and government agencies or sponsored contractors. The fact is, they were in a mad panic when Stuxnet was found to be exploiting Siemens equipment. It is more likely that independent security researchers (The H.B. Gary's of the security world) have found actual vulnerabilities in SCADA equipment and have provided them to the U.S. government for a small fee. The decompiled code shows that it was modularized, and likely developed by discrete groups responsible for specific pieces (and without knowing what the final product will be) and then combined into the final form by a select group that had fully-cleared security and operational need-to-know.
Posted anonymously for obvious reasons.
Who cares what about Iran's rights? This is geopolitics and thermonuclear war we are talking about, not kindergarten share time. The current nuclear weapons situation is stable. A constellation of countries possess them and their interests and ideologies mean that they will, for the foreseeable future, keep each other from ever using them.
Iran getting the bomb would make this situation less stable, and therefore we should prevent it from happening. Period.
Is this satire? No slashmod states otherwise.....
Iran feels the need to have nuclear weapons because 'x' countries have them.
Even if Iran was to make *one* effective nuclear weapon - what on earth whould they do with it? Drop in it land that they and their forefathers believe is sacred and are willing to die for?
Fly *it* to America?