Slashdot Mirror

← Back to Stories (view on slashdot.org)

Iran Forced To Replace Centrifuges To Stop Stuxnet

Posted by Soulskill on from the going-to-have-to-amputate dept.

Trailrunner7 writes "Reports that Iran had recovered from the infection of the Stuxnet worm may have been overblown, as a new report suggests the country is being forced to replace thousands of expensive centrifuges damaged by the worm. The report from the website DEBKAfile cites 'intelligence sources' in claiming that Stuxnet was not purged from Iran's nuclear sites and that the country was never able to return its uranium enrichment efforts to 'normal operation.' Instead, the country has said in recent days that it is installing newer and faster centrifuges at its nuclear plants and intends to speed up the uranium enrichment process, according to the country's foreign ministry."

4 of 204 comments (clear)

  1. WTF? by Anonymous Coward · · Score: 1, Interesting

    How can replacing thousands of expensive centrifuges be cheaper than replacing the infected computers??!! Dude, WTF?!

  2. Re:Consider the source by Anonymous Coward · · Score: 2, Interesting

    I cannot begin to describe how un-reliable Debka file is. It's not even disinformation, it's just a mid aged guy with a lap top sitting in his provincial home in Israel, making up stories. For some reason, foreign press often quotes it, but everyone in Israel knows it's BS.

  3. Totally Fixable by 1s44c · · Score: 3, Interesting

    Stuxnet is a really complex and well thought out windows worm but it's not magic and it can be beaten. Abusing holes in windows isn't some new thing that stuxnet invented.

    Dealing with windows worms isn't nearly as complex as creating them.

    Easy clean up process:
    1) Disconnect affected windows machines from your network.
    2) Overwrite the disks on these machines with zeros at least once.
    3) Physically break the USB, firewire, sound, floppy connectors, extra disk connectors, serial ports, parallel ports on the motherboard of these computers. Break them in such a way they can't be fixed without significant effort.
    4) Reinstall windows from clean CDs. Do not connect the machine to any network.
    5) Reinstall SCADA software from clean CDs. Do not connect the machine to any network.
    6) Setup one OpenBSD filtering bridge per SCADA control system to filter traffic to and from your new control machine and only allow traffic you have to. That means SCADA control traffic only. No windows update, no anti-virus updates, no domain authentications, no STP, and if possible not even ARP. Test with tcpdump and if 1 single network packet you don't fully understand gets though start again from step 1.

    Done.

    BTW I'm not a US citizen, a US visa holder, or in US controlled territory. I suspect that any US citizen or anyone in US controlled territory who assists Iran in any way is committing a criminal act. US export laws.. land of the free.. my arse.

    1. Re:Totally Fixable by Anonymous Coward · · Score: 2, Interesting

      You're assuming that none of the SCADA devices in the network are infected with a copy of the worm.