Slashdot Mirror

← Back to Stories (view on slashdot.org)

How Investigators Deciphered Stuxnet

Posted by Soulskill on from the introductory-cyberwarfare dept.

suraj.sun tips a story at Wired that takes an in-depth look into how security researchers tracked down and worked to understand the infamous Stuxnet worm. The article begins: "It was January 2010, and investigators with the International Atomic Energy Agency had just completed an inspection at the uranium enrichment plant outside Natanz in central Iran, when they realized that something was off within the cascade rooms where thousands of centrifuges were enriching uranium. But when the IAEA later reviewed footage from surveillance cameras installed outside the cascade rooms to monitor Iran's enrichment program, they were stunned as they counted the numbers. The workers had been replacing the units at an incredible rate — later estimates would indicate between 1,000 and 2,000 centrifuges were swapped out over a few months. The question was, why?"

7 of 131 comments (clear)

  1. Another really good article by bigredradio · · Score: 4, Informative

    There was another good article in Vanity Fair

    --
    Flexible bare-metal recovery for Linux/UNIX
  2. Re:Possibly the coolest cyberwar article I've read by neochubbz · · Score: 4, Insightful

    The part about the differences in loyalties of the Symantec researchers was telling, though.

    "We don't care if this harms something important our country is doing to stop madmen from getting the Fist of God. We have customers to do business with!"

    You're looking at this the wrong way; fighting computer viruses is akin to fighting biological viruses, it benefits everyone. Even if stuxnet was being used in some sort of covert fashion, you don't go around using viruses as weapons without having an effective vaccination/cure in place.

    --
    Charming man. I wish I had a daughter so I could forbid her to marry one. -Arthur Dent
  3. Re:Possibly the coolest cyberwar article I've read by EvanED · · Score: 5, Informative

    If you had RTFA (or perhaps with a more critical eye) you'd know that they had no clue about that at that time. When they first went public with it, all they knew was that it was a quite sophisticated attack that went after Step7 controllers. And given that, I definitely agree with them that it was in everyone's best interest to release that information.

  4. Re:Possibly the coolest cyberwar article I've read by steelfood · · Score: 5, Insightful

    You're a troll.

    You will note that according to TFA, the researchers didn't know it was targeted to sabotage an Iranian nuclear facility until the very end. And by the time anyone realized it was, the cat was out of the bag. Towards the end, it was only a matter of figuring out what specific facility was being targeted.

    It is true these guys were suspicious the entire time that it was a government black ops operation. But that suspicion in and of itself says nothing. It could have been attacking anything, like Russian natural gas pipelines again, for all they knew. What they did know was that it was a virus designed to sabotage a controller used in industrial manufacturing. And as the Russian pipeline incident illustrates, that can have very serious consequences.

    Imagine if someone sabotaged a manufacturing plant used to build commercial planes that would shorten its maintenance cycle or lifespan from the engineered specifications. Or one that sabotaged a vehicle tire manufacturing facility. Or high speed railway brakes. That would have been disastrous.

    What their attitudes told me was that at the very real risk of personal health and safety, they did the entire civilized world a huge service by making their findings public. They revealed to the world the method by which a very real act of industrial sabotage happened, all the while knowing that it could land them dead. They put the duty of warning the entire world of such an attack vector before their own selves.

    Sure, TFA says they were doing it for their customers. But that's a disingenuous way of looking at it. Because the customers who benefit the most from their disclosure are the same ones who manufacture physical equipment that must be within established guidelines, many of which are safety guidelines. And that means we, the people who operate the equipment or rely on such equipment to not fail unexpectedly are the ultimate beneficiaries.

    To me, it puts them among the very few noble and honorable individuals left in the world. You may not care for such attributes in people, but I think there are still a few in the world who do. At the very least, I think most people wouldn't want to live in a world where everyone was petty and underhanded, as you seem to advocate by your comment. And I think they by their actions are greater believers of freedom than you by your weasel words.

    --
    "If a nation expects to be ignorant and free in a state of civilization, it expects what never was and never will be."
  5. My first-hand experience with this by Thagg · · Score: 5, Interesting

    In 1993, I was working one Saturday at Pacific Data Images in Sunnyvale. (who later went on to make such classics as "Shrek", but that's another story.) At the time we were one of the leading CG advertising companies in the world.

    Anyway, I wandered into the front lobby, and there was a guy there, the husband of the receptionist, that had this very long roll of paper, maybe 20 feet, with a undulating line drawn along it it. He was searching up and down along the line, for quite some time....well, I couldn't help but ask what it was.

    He said that it was the fourier transform of the power line going into a plant. He and his company were examining the spectrum to see if they could deduce what was going on inside the plant -- if the machines inside the plant would leak substantial information back onto the power line. Anybody with any electrical engineering experience would know that of course this would be true. I said, OK, that's interesting. What do you see in this spectrum?

    And he pointed to a little sinc() shaped (kind of sombrero shaped) area at a particular frequency. And then showed the aliases of that at higher frequencies. He said that these were clearly signatures of many six-pole electrical motors running all at almost exactly the same speed. I looked inquistitive, and he said, "you know, like if you had a bunch of uranium gas centrifuges running." I thought about this for a few minutes....and said, "uhm, OK, but we don't use centrifuges to separate uranium", and he said "no, we don't" and left it at that.

    Soon, he was back to Iraq, using a ground-penetrating radar he developed to look for buried weapons. I never saw him again.

    --
    I love Mondays. On a Monday, anything is possible.
  6. Re:Possibly the coolest cyberwar article I've read by Darinbob · · Score: 4, Insightful

    But the stuxnet virus was out there on malware sites and could have been adapted to other uses. Figuring out what it did and how it worked was crucial in being able to stop it effectively.

  7. Anti-Zionism != Anti-Semitism by Artemis3 · · Score: 4, Insightful

    No one declares anti-semitism, but anti-zionism.
    Zionism is the political movement to re-establish the Jewish State, contradicting the scriptures about staying away... (Why keep Sabbath then?).

    In any case, the Zionists waged war and won the land by force, then proceed to get rid of locals, who naturally resisted the invasion in any way they could. Lots of slaughtering and struggle in the process; oh yes, the Zionists did started with terrorism when the land was controlled by the UK... Were you not told about King David Hotel bombing?

    The methods the Israeli forces use are simply mass murdering people trapped and sieged in ghettos. Sounds familiar doesn't it? Yes, ethnic cleansing it is; and all sorts of air bombardment and land and even sea warfare against civilians, mostly armed with just rocks and pitiful glorified firecrackers. No NATO bombing, or no fly zones there... Thousands of innocent people die in Gaza, the UN doesn't care, even after Israel destroys UN facilities there.

    Say what you like about Iran, they haven't dropped white phosphor cluster bombs against civilians, Israel has; everyone watched "Cast Lead". Israel once bombed a Nuclear power plant in Irak, but nothing of the sort has occurred to Israel from Irak. And before there were incidents like the Sabra and Shatilla massacre, guess who was involved? The current Prime Minister... Reality surpasses intentions.

    Things like executions occur when you let religious extremists in power. It would be the same if you followed your traditions to the letter. Do not forget both religions have the same root, and Christianity as well. And all of them have committed atrocities in the past, and in that very same patch of land even.

    The Islam scripture actually treat Jews (and Christians) with respect, and before the Zionists invaded, local Jews and Christians did live there just like they live in other countries.

    You say Israel is "surrounded", No s*** Sherlock, Zionists invaded the land and waged war against all its neighbors (defeating them). Thats when a violent future for Israel was sealed; and you have fanatics killing their own leaders, when daring to reach peace after decades of bloodshed.

    Zionists don't care about anything and anyone, they want their conquered land clean of Palestinians and anti-zionists and they don't care about the UN or even if the whole world declared war against them, they have the nukes ready should they ever lose.

    "Anti-semitism" is Zionist propaganda against anyone who dares think different.

    --
    Artix
    Your Linux, your init.