Slashdot Mirror
Iran Claims New Cyber Attack On Its Nuclear Plants, Blames US and Allies
judgecorp writes "Iran has reported that its nuclear facilities are under a sustained cyber attack which it blames on the U.S., UK and Israel. America and Israel created Stuxnet, and have been accused of starting the Flame worm." And once a country admits that it's created such software, publicly deflecting such blame gets a lot harder.
I'm pretty sure you've figured out by now that the U.S. and Israel are trying to sabotage your nuclear program. If the numerous targeted computer viruses didn't clue you in, you must have at least noticed the dead bodies of your nuclear scientists starting to pile up.
Don't you know there's a war on, son?
What political party do you join when you don't like Bible-thumpers *or* hippies?
No one "officially" has admitted to Flames, Stuxnet, or otherwise. It's always some anonymous source, or former (apparently the current ones are too busy to give interviews) official.
Nuclear reactors should be secure through not using Windows and not connecting to the Internet. Anything short of that is doing it wrong.
Case in point, the CANDU reactors in Canada run QNX4 (QNX2?) for their control systems are are not Internet-connected, so there's really nothing to hack.
Your nuclear weapons program for enriching uranium was fucked up because of a computer virus.
You know what DOESN'T need highly enriched uranium? CANDU and Throrium reactors. Gee, I wonder why Iran isn't interested in those, the only difference is that they can't be used to make nuclear weapons...
Where has once have the government admit they created it? Both links are just basically from David Sanger and his book where the first link is an article by him and the 2nd link an adaptation of the story-line from his book (which they state at the very bottom of the article).
I'd hardly call that the government admitting it when it's more like an accusation from someone with possible inside sources. Nowhere in any of these articles has there even been a comment made by the US government. If you are gonna report on something, at least put the correct viewpoint on it. All these "confirmation" articles are just articles respinning the story made by Sanger.
As for it's validity, could be true, could be false. But i definitely don't like the way it's being told. It's more akin to being told a fantasy novel then an actual news report. They don't even have quotes from their sources stated specifically. The entire story is told in a mix of imagination and (possible) facts which aren't clear.
It's asisine that everybody keeps touting this unsourced leak as proof of US and Israeli involvement in creating Stuxnet and Flame. The fact that it's US AND Israel really hurts the claim's credibility as well. Both governments are capable of creating the virus unilaterally, why would they do it together?
What makes more sense, is someone wants to associate US and Israel for political reasons.
Iran is such a great country, I love how they act like my country is still important.
Isn't kind of a bad idea to deliberately mess up controlling computers in a nuclear plant?
I get that Iran has a deserved reputation for abusing their neighbors, but if the US causes a meltdown, then we're in the wrong.
Always going forward, 'cause we can't find reverse.
Publicly deflecting such blame gets a lot harder...from who, Iran? Who would be in support of Iran developing nukes and get all up in a thing about this? Al Qaeda? Ohhh nooo, we used "dirty" tactics using sneaky viruses to shut them down. You know what else is dirty? Nukes! Especially crazy psychotic dumbasses building them like North Korea and Iran.
Of course, the easiest way to disrupt our network communications is still a well placed physical disruption.
It's called a Slashdotting. Pioneered it, back in the day.
Shai Schticks:"You don't make peace with friends, you make peace with enemies"
Most all of the major security products (DLP, web proxy, ec) I have dealt with are backline built and supported by teams out of Israel. Why would be a great questions.
(On the other hand, in Iran's eyes, they may think the US has declared war.)
Think about it. Iranian govt coddles you and makes a national hero out of you. Unlimited clandestine budget. Bask in glory if things go well. When things go bad you have a ready made credible scape goat available.
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
I don't even grasp why you'd do that.
That said, I believe the first wave of worms were spread around locally... That is, someone physically connected to machines inside their operations and intentionally spread the infection. There are more then a few Iranians that don't want the Ayatollah to have a bomb.
I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
Step 1: Reintroduce the draft & begin mandatory mil service for persons aged 18-50.
Step 2: Train...
Step 3: Invade Iran & North Korea simultaneously
Step 4: Once both nations have been acquired, fly our flag over each and begin the process of transforming both nations into a larger America, like we should've done with Iraq instead of any pull out.
What is this, the third time now? Usually you institute rules like "No browsing porn on the centrifuge control computers" after the first time. Maybe your scientists realize that if they start producing anything bomb-worthy, Israel will come in and flatten their facility, likely killing them all in the process. So maybe they just tell you "Oh! Those filthy Americans infected our computers again!" and go back to playing Tetris for another couple of years.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
The beauty of these software attacks is that the Iranians cannot trust most of the numbers the computers are showing. Not just on the control side of things but also the specialized equipment that assays, say, the purity of the uranium isotopes. So they would have to go back and redo the assay with equipment that they really can't be sure is accurate.
that it was the butler (with the maid) using the candlestick in the drawing room.
CAPTCHA = mollusk
+1 It's sad how effective social engineering is. I wouldn't put it past psyops to do something similar.
And once a country admits that it's created such software, publicly deflecting such blame gets a lot harder.
The link leads to another /. article, which leads to another, etc, until it eventually lands at this NY Times article.
This article is not an admission by anyone regarding Stuxnet, Flame, or anything else. It just allegedly quotes a bunch of anonymous sources about supposed top secret information.
I promise I don't work for the federal government.
East Coast blames nearby star for diurnal lighting phenomenon and recent heat wave.
A recently drafted cyber strategy formulated by the U.S. Department of Defense (DoD) classifies digital sabotage as an act of war.
Here's a fact: The U.S. and Israel have started war against Iran. I don't remember congress ever approving this war, I don't remember the public ever being notified that our country is now at war with yet another country, despite being unable to pay for the half dozen other wars we're currently engaged in. This is completely unacceptable.
Imagine the number of "click here to remove your virus" programs Iran has downloaded trying to remove Stuxnet/Flame before they knew what it was. They've probably got so many backdoors on their network now they'll never get it totally clean.
Join the Slashcott! Feb 10 thru Feb 17!
Iran is openly admits to enriching uranium for the development of their nuclear power industry. Iran realizes its oil resources are limited and too precious to use for domestic energy production. This is a difficult concept for the US to understand.
The US and Israeli governments believe that Iran is developing weapons, but have no evidence there is any nuclear weapons program in Iran.
This is eerily similar to the flagrant misinformation, innuendo and propaganda disseminated before the Iraq war. Even then, official government agencies would confirm no evidence of WMD programs in Iraq, but the politicians and media were more interested in what they believed must be true rather than any facts.
Globally, we should pressure on all countries including US, Israel and Iran to end all nuclear weapon development, and find better ways to ensure these devices are never used again by any group. There must be global consensus that any use of nuclear weapons (offensive or defensive) is a not an attack on a state, but war on humanity justifying global retaliation against any group that uses WMD's.
Quickest way to tuff guy status? take Credit for someone else work. Guy drops dead all of a suddent take credit for his death, even if you had nothing to do with it. The US and Isreal are riding this wave that now everytime something in the cyber world drops dead its because they did it, no matter what happens, even if they are just as suprised as everyone else. This plays well into the Iranians need to blame their inability to produce anything in their nuclear program on someone else. We would have had a Bomb if it was not for those medling kids!
I can say without a doubt that their is no Goverment Service worker that could have produced Stuxnet or Flame. I doubt it was a US contractor. They would have worked on it for sure, but they would have never delivered a final product and had that gravy train dry up.
I have a strong feeling that all this "accidental" leaking is just a way to take credit without actually claiming you took credit.
So when the iranians claim another attack I take it with a grain of salt. To many people have to much at stake claiming that something happend. Having something actually happen is besides the point.
Papa Legba come and open the gate
With every news flash about yet another cyber attack on their nuclear facilities I wonder why they are plugged to the Internet in the first place. They are few, they are located nearby, and their research is of the highest priority for Iran. Is it so costy for them to create a single-purpose government-maintained isolated local network that would solve all their problems?
"It sound like some people I know who "Keep getting all thses virus things no matter what I do!""
Remember the Sony BMG root kit?
Remember how no Antivirus detected it? Not even Anti root kit scanners?
Remember how only one tool initially detected it?
Now consider for a moment how many other government software/firmware moles/rootkits may be lingering within millions of people's proprietary systems (hardware/software-OS).
Wikileaks published a lot of information on companies willingly selling rootkits to governments and organizations. And do I really need to bring up HBGary?
So many fools using multiple proprietary scanners on their systems, the makers of which could all be in bed with big bro, the programs and/or updates could contain rootkits, and seriously, what the fsck is up with Microsoft and Flash both having so many remote exploits being patched all of the time?
The very products you trust, imo, could be the very e-poison from which you e-drink from.
To this day I laugh inside when twits tell me their system is "clean" because they scanned it with several proprietary tools.
Face it, even on Linux the quality of the root kit scanners are piss poor. You have to boot into a separate environment (like Remnux) to evaluate the malware, but most people won't do it, they'll wipe and reinstall and rely only on signatures which can be compromised. And when they find out they have an APT which continues to reinfect their computer(s)? Would they be intelligent enough to consider a firmware (PCI/BIOS) infection which survives hard drive wipes? Do they also have infected thumb drives laying around they plug into other computers around home and/or friends/family/work?
Chkrootkit has a function to list the strings of binaries, but it's up to you to determine whether or not the content of the strings are malicious. I've tried several root kit scanners on Linux and all of them are, imo, crippled pieces of trash. The crowd will yell back at you, "But most of these require root to exploit!" No, not at all, there are hundreds of ways to exploit a Linux box, many not requiring root, but a particular program/version. I won't even bite down on the subject of ways to subvert package managers. Heck, how many Linux repositories use SSL? SSH? Torrents with established "good" check sums for thousands of packages?
And I've not mentioned Flash and Adobe Reader for Linux and the past problems with those... and the NVidia driver for Linux, had in the past, one or two severe security issues whereby a remote exploit could take over the system! (Google it. The news of one exploit was in 2006.)
Our proprietary hardware and software are both at risk, and likely subverted world wide on millions of computers by governments and select organizations. The fact it takes years until a researcher trips over a particular piece of malware which none of the antivirus companies are detecting is inexcusable.
Were I head of a commercially developed antimalware company, I'd develop a website similar to Virus Total, but instead of the users uploading single files one by one, I'd give them a FOSS program which checked every part of their hardware, embedded and manually inserted, checksum the firmware (of all media drives, graphics cards, anything with firmware) and BIOS and tear apart the results, funneling them into separate result pages, each result for each component going to its own page for comparative results, rather than building a profile on one user's system. I would offer the users the option of publishing a one page result for their unique computer, but it would be opt-in only. Yes, checksum the firmware, including the router, and demand companies publish checksums and use GPG to sign their firmware, all of this information would go to the site as described. A massive database of important, but anonymously pulled and published information.
It's just going to get worse.
On the side, I've been saying to myself for years, IMO, "When Microsoft finally starts to show signs of
one thing that makes me wonder is the supposedly forged MS certificate being created using an unknown technique. as MS haven't released it's certificate yet, how can people be sure the one used by flame isn't the legitimate one?
If you are stupid enough to use windows in your nuclear facilities than you are too stupid to have nuclear facilities. Simple as that. Stuxnet is just a way of thinning out the herd
Monstar L
This and the past two articles have wrongfully claimed that the US and Israel have admitted to authoring Stuxnet. This is factually incorrect. To date this is pure hearsay.
Furthermore, I would argue that a war waged over computers results in far less dead humans than a conventional war would.
IFAIK they have an isolated network. Where they screwed up was letting people connect laptops to it that had been used (and infected) outside the facility. Defeated their own security big time.
It just allegedly quotes a bunch of anonymous sources about supposed top secret information.
So did Woodward and Bernstein when they wrote about Watergate. You think Nixon issued a press release saying "Yeah, we did break-in."?
What political party do you join when you don't like Bible-thumpers *or* hippies?
Read between the lines people...
Iran says that it has detected a "plan"
Based on obtained information, America and the Zionist regime (Israel) along with the MI6 planned an operation to launch a massive cyber attack against Iran's facilities... They still seek to carry out the plan, but we have taken necessary measures.
Doesn't that sound just like a story justifying a TSA? We have detected a terrorist threat, but we have taken the necessary measures... Meanwhile, iran has been jacking up the filtering of the internet, coincidence? I'm thinking they are taking full advantage of this situation as much as they are the vicitm.
On the other hand, even if they haven't detected a threat, they have a strong incentive to say that they have. It isn't a secret that someone is trying to do something to them and if they can't figure out how to stop it, they might as well bluff and hope the enemy changes tactics...
The only alternative to "Computer War" is real War.
http://en.wikipedia.org/wiki/Operation_Orchard
*writes down "wile_e_wonka" and notes "federal agent" beside it*
I TOTALLY believe you.
* "PS: six digit Slashdot ID. Federal agent and possible competent nerd."*
Imagine America's reaction had the reverse happened. We'd be bombing Iran back to the stone-age for cyberterrorism.
Considering this insult, Iran has class.
>80 column hard wrapped e-mail is not a sign of intelligent
>life
I think we can all agree that the US and Israel are behind the nasty bugs going around in Iran's nuclear program. What I'm not seeing people putting together is that there are more than Iranian consequences here. Russia is into building these things for billions of dollars. They have a heavily vested interest here. If you fear the hackers in Iran and our infrastructure, then I suggest you consider for a moment the scope and scale of the Russian cyber hacking skills, which may be for hire, and realize we are yanking a tigers tail here.
Unplug everything critical. If you owe your life to it, it's worth needing to be physically present to make it work rather than risking vulnerability over a network. Then just make sure only people you want have physical access. Electronic warfare is simple to defend against, so far, it just takes a little foresight to realize that being fat, lazy, happy, and dead is worse than being a little busier, happy, and alive.
"...And who wants to make buttprints in the sands of time?" ~Bob Moawad
Talk of causing a "meltdown" is idiotic. Enrichment plants produce fuel, failure means no fuel. Power plants consume fuel (by creating a nuclear reaction), and failure could mean an uncontrolled reaction. What happens at that point depends on reactor design - there are an number of failsafes in modern designs. Presumably the Iranians could build a power plant and ignore the basics of safety, but that seems unlikely too.
Its hard for some computer geeks to imagine, but you can build failsafes in devices that do not have or require an electronics at all. Mechanic components that fail at designed temperatures, changes in mass, etc, and mechanically trip a reactor by moving components, dumping in inhibitors, etc. Computers don't control everything.
What is really stupid, most likely Stuxnet was created by some idiot from Israel, who overstepped the boundaries of a simple sabotage operation by making his software capable of spreading itself. Now both US and Israel are trying to take credit for something they did not consider to be acceptable, and incorporate this idiocy into their plans.
Contrary to the popular belief, there indeed is no God.
What comments do you read here? The US is routinely bashed in the comments section. There is an anti-American post worked in to just about every story here. It's almost to the point of being a meme.
ARRGH I feel so incomplete with your last sentence!!!
The more paranoid the organization, the more likely it is to tear itself apart finding a nonexistent saboteur. Looks like we might be due for another big old storm of chaos. (As a Westerner, I certainly hope so :)
Is that a smiley or a bracket??!!?1!!!
http://xkcd.com/541/
That is because violence flowing from the apex of western civilization (currently the US) towards non--western countries (think any country with brown people or a Christian minority, EXCEPTING Israel) is "righteous", whereas violence flowing the other direction (think 9/11 or any other attack) is "terrorism." This is the nature of nation-states, and civilization in general. Everyone wants to color the debate around conflicts of ideology, or religion, or race.
"Civilization originates in conquest abroad and and repression at home" - Stanley Diamond.
I would not say that we are a nation of psychopaths - rather I would say that civilization of any kind (and classic grecian/roman western civ being the dominant one and practised by the US) sets up these untenable situations. Civilization makes us all psychopaths, complicit in the murder of others in the name of abstract concepts which are ultimately just resource grabs.
Stuxnet was distibuted by USB sticks, or so the theory goes - that's how you get over the sneakernet link. It is unlikely that the control net is directly (with wires) connected to the internet. But, in a facility that employees idiots (and any large facility inevitably will) there will be some guy that brings pr0n, or games, or whatever in to work to entertain themselves, show off, etc. You want your virus to hitch a ride.
It couldn't possibly be to prevent Iran from detonating the first working nuke they can patch together in Jerusalem
I laugh every single time I hear this line of reasoning.
Iran is run by religious nutjobs. I agree with that.
One thing you seem to forget, though...Jerusalem is their holy land too. While they may be nutjobs, they're still religious nutjobs, and blowing up their own holy land is a great way to piss off every member of the three major religions worldwide. Iran would be crushed in the blink of an eye if they actually launched a nuclear attack. They are simply not that stupid and irrational. It would be like Republicans bombing the White House because Obama won the election.
It couldn't possibly be that Iran would want a nuclear weapon so that they can participate in the joy of Mutually Assured Destruction. It couldn't possibly be that multiple world superpowers who have nuclear weapons rattle the saber at them on a monthly basis and that having a nuke of their own might give them some leverage. (or even giving off the appearance of trying to acquire a nuke - that's why Saddam never debunked rumors that he had WMD, because having your enemies think you have WMD generally makes them less likely to attack you)
It couldn't possibly be that the "wipe off the map" comment (which I assume is what you're alluding to) was a mistranslation, considering that idiom doesn't even exist in the Persian language...it couldn't possibly be that the true meaning was "the Israeli regime will be removed from the pages of history", kinda like how the USSR collapsed after the cold war...
Nah. Couldn't possibly be that...
:(){
It just allegedly quotes a bunch of anonymous sources about supposed top secret information.
So did Woodward and Bernstein when they wrote about Watergate. You think Nixon issued a press release saying "Yeah, we did break-in."?
The point is that, contrary to what the summary says, neither the US nor Israel has ever admitted to having created targeted malware. Yes, everybody knows it's true, and certain government officials will smile and nod as they say "No comment," but there has been no official admission. That part of the summary is inaccurate.
There's little point at taking the claims in press release like this at face value, even those of the better-quality reuters article http://uk.reuters.com/article/2012/06/21/uk-iran-cyber-nuclear-idUKBRE85K1EG20120621
About the last thing any government will do is to publicly release accurate details --or even accurate general-but-vague statements-- about an attack on a sensitive/classified program, or their response to such an attack. Going into detail about an attack risks providing useful information to one's opponent about how successful the attack was, and how they might need to modify it to improve the next one. Accurately describing your response to an attack --even if just to say that the attack was unable to defeat the "necessary security measures" you took-- will similarly divulge information about your defensive capabilities.
These kinds of releases are simply designed to shape public opinion. Any correlation to the reality of a given situation will simply be incidental. You'd be better off basing your purchases solely upon the information you glean from advertisements.
This willful ignorance is breathtaking.
http://en.wikipedia.org/wiki/Dome_of_the_Rock
Sincerely, General Beringer
And the sky is blue. Yawn. Next....
Let's assume that they are indeed still under attack. Let's further assume that The U.S. is the culprit and that they are willing to admit it...
I hai, we're in your nukular plants fukkin shit up. What chew gonna do?
Seriously, what is Iran going to do about it? Lodge a complaint with the U.N.? Good luck with that.
The U.S. needs to quit trying to dodge stuff like this and just roll with it - like what the UK cyber team did when they replaced the Al-Qaeda bomb recipe with a recipe for cupcakes. You can turn bad PR into something funny. Any government hack should just all out pwn the target. I suggest they leave a message in all hacked computer: "All your base are belong to U.S."
Civilizations follow patterns. China and India have most often been the "invadee". The Greco-Roman-Euro-US and the Persian and the Turkic (and sometimes the Egyptian) cultures have frequently been invaders.
So no, I think the old Persian culture still lurks in Iran, and given the right conditions, this once great nation could again be an aggressor.
That's MINUS 50DKP! learn to play noobs
This couldn't be happening to a nicer, or more deserving, rouge state than Iran.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
The US says any cyber attack on american systems is considered an act of war, but they believe they can do it to other countries.. What F-ing hypocrites are they, for me the US has done an act of war against Iran.. Yes, I'm not happy with a country like Iran having nuclear capabilities, but if a country like the US has it, then ANY country has just as much right to it, no matter the regime.. Why aren't they going after Israel with their illegal nuclear weapons? Why aren't they clearing their own nuclear weapons and why are they even developing new nuclear weapons.. How can any other country take anything the US says serious if the US keeps bullying other countries.. These cyber attacks are a real serious threat to innocent iraniers, hell maybe even to surrounding nations. So why even tempt with nuclear installations, that just too dangerous...
Interestingly enough, the United States and Russia, along with Britain and France -- maybe China, maybe not -- refined their fissionable material and built their original atomic bombs w/o the assistance of computers at all, let alone anything like the PCs and control systems of today. Iran seems incapable of this level of engineering.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
Well, Go Figure
No country "admits" they made the software. The linked article is to another slashdot article quoting a washington post article with "anonymous" sources. That's pretty far from "a country" admitting they made the software.
What you said seems to me to deflect attention away from the main issues:
Another war? You will be poor. Want to be unemployed? Support more deficit spending. War is destructive to economies everywhere. The right things, that make life better, don't get made.
War investors want war. People like the Bush and Cheney families that have investments in war companies want more war.
Most violent nation: By some measures, the U.S. government is the most violent that has ever existed (for example, most countries invaded, highest percentage of citizens in prison).
The U.S. government is not the U.S. people. The U.S. government often engages in secret violence, apparently partly to encourage other violence. Secrecy cannot be democratic, because the people have no power if they don't know what the government is doing.
Nuclear fuel suppliers want to stop competition. Those who supply uranium fuel for reactors don't want Iran competing with them.
Jewish destructiveness is not new. Jews haven't gotten along with the surrounding people for the last 3,700 years, according to their own history books.
Jews want U.S. taxpayers to pay for defending them against the enemies they have made everywhere. If U.S. taxpayers learned how much taxpayer money is given to Israel every year, they would protest.
Encouraging Jewish violent behavior is anti-Jewish. Those who want war are not being religious. They just want war.
Get a few facts: Iran's nuclear program: 4 things you probably didn't know
You and I know this but since so many others seem a bit dense I'll post.
It's a likely alternative that whoever made stuxnet and whoever (else) made flame and whoever (else) makes the next one and the one after that all have government agencies all across the world running scared and some agency might then decide to claim credit in order to purposefully 1. let the cat out of the bag and 2. make the next new instance seem less like big news and 3. create general confusion, obfuscation, and a plethora of flawed assumptions.
It has worked pretty well so far, it's the kind of thing "anonymous sources" are made for: short term gain and long term deniability & discredited "journalists"/"authors" :)
2012 could become much more interesting :D
Dear Princess Ahmadinejad,
Non-proliferation, "bonus" software, or Tomahawks. Choose no less than one.
Your faithful adversary,
The Non-Jihadist World
Everybody gets what the majority deserves.
Who cares who you are :) this is a case of how shit newspapers are (and have always been) and how they still lead tons of people by the nose telling them what they think people want to believe and doing so without a shred of real evidence.
It's all a fucking joke where "politicians", "journalists", "sources", and people in general fall over themselves to be "in the know" without EVER knowing shit.
All the while exactly the same kind of thing is done to the systems right under their own fat asses.
So what will 2012 bring? I guess at least some are working on a spectacle since they went public about it two years ago *shrug*
What comments are needed?
And go look at the currently weekly "The UN is going to steal our internets" screed for more examples.
The one that top Israeli and American officials say doesn't exist? Other problems with the Iran-as-boogyman storyline:
The U.S. encouraged Iran to develop nuclear energy when the Shah was in power. For the obvious reason that it would leave Iran free to sell more of it's oil. Modern, puppet-government free Iran has the same motivation.
Israel has 200+ nuclear weapons. And unlike Iran, has started wars and launched dozens of first strikes on it's neighbors.