Iran Claims New Cyber Attack On Its Nuclear Plants, Blames US and Allies

judgecorp writes "Iran has reported that its nuclear facilities are under a sustained cyber attack which it blames on the U.S., UK and Israel. America and Israel created Stuxnet, and have been accused of starting the Flame worm." And once a country admits that it's created such software, publicly deflecting such blame gets a lot harder.

Oh, stop acting surprised, Iran

[crazyjj]

I'm pretty sure you've figured out by now that the U.S. and Israel are trying to sabotage your nuclear program. If the numerous targeted computer viruses didn't clue you in, you must have at least noticed the dead bodies of your nuclear scientists starting to pile up.

Don't you know there's a war on, son?

Re:Oh, stop acting surprised, Iran

[trum4n]

Why don't they just unplug their modems?

Re:Oh, stop acting surprised, Iran

I'm pretty sure you've figured out by now that the U.S. and Israel are trying to sabotage your nuclear program. If the numerous targeted computer viruses didn't clue you in, you must have at least noticed the dead bodies of your nuclear scientists starting to pile up.

I wonder how many of those scientists came to untimely ends due to the actions of our spies, and how many of them disappeared due to the actions of their spies.

Now that the existence of these cyberweapons is out in the open, every time something actually goes wrong with Iran's programme, the first thing they'll do is assume sabotage and find someone to punish, even if it was just a routine fuckup. For bonus points, maybe in their paranoia, the Iranian secret police take out the very people who could have helped fix the bug.

In turn, this makes their remaining engineers even more paranoid -- about each other, as much as they're afraid of both our spies and their own secret police.

What makes these new targeted attacks intriguing is that while some of them are almost certainly aimed at Iran, some may not be. But that doesn't matter. It's like kids releasing four skunks into a high school as a senior prank -- after having spraypainted "1", "2", "3", and "5" on their backs.

The more paranoid the organization, the more likely it is to tear itself apart finding a nonexistent saboteur. Looks like we might be due for another big old storm of chaos. (As a Westerner, I certainly hope so :)

Re:Oh, stop acting surprised, Iran

You mean we should expect to be attacked by Iran?

okay.jpg

You really think civilian infrastructure is safe ? If the US can develop a software that targets vulnerabilities in industrial control systems, so can every other country. Mind you, what the US has done is an attack on a sovereign country. What do you think would happen if malwares started disrupting energy power plants, etc... in the US ?
The US has opened pandora's box, and there is no going back. You can't control malware the same way you can try to control nuclear weapons. Just wait and see.

Re:Oh, stop acting surprised, Iran

[140Mandak262Jamuna]

What? How else are they going to receive the nuclear weapons plans like W80 stolen from the USA by the Chinese translated into Persian by the Pakistanis?

Re:Oh, stop acting surprised, Iran

[LordLimecat]

I dont believe it. Our government has denied all involvement, and thats good enough for me.

Re:Oh, stop acting surprised, Iran

Let me google that for you.

http://www.guardian.co.uk/world/2012/jan/11/bomb-kills-iranian-nuclear-scientist

Re:Oh, stop acting surprised, Iran

[drinkypoo]

So you would be as dismissive if Iran bombed the Pentagon or the Whitehouse?

I don't know about dismissive, but since the USA has announced that cyberwarfare is just warfare and thus we may retaliate conventionally against cyber attackers, and the USA is responsible for a cyberattack (OK look, I'm just using the vernacular) against Iran, that's a tacit admittance that we are unofficially at war with Iran... so if they bombed the Pentagon or the Whitehouse, it would be striking back. (and suicidal...)

Re:Oh, stop acting surprised, Iran

[Zaphod+The+42nd]

When playing Team Fortress Classic, I always felt my job as spy was complete when I'd sneak into the enemy base and see them all shooting each other out of paranoia that they were all spies. :)

Re:Oh, stop acting surprised, Iran

[Stickerboy]

It's called proportionate response. Iran pretends that its "peaceful" nuclear program isn't producing weapons-grade materiel, and the US is doing what it can to make sure that it doesn't produce weapons-grade materiel.

But if Iran were to do something as colossally stupid as bombing the Pentagon or White House, no one would be dismissive. In fact, it would likely unite the people of the United States in conducting a protracted hot war that would send Iran back into the Stone Ages. Think Pearl Harbor and the response. Or 9/11 and what's happened to the leadership of al Qaeda.

Re:Oh, stop acting surprised, Iran

[crazyjj]

Now hold on... what nuclear scientists died here?

Wow, just get back from an isolated island or something?

One of many, many reports.

Re:Oh, stop acting surprised, Iran

[garbut]

Given the truth about Pearl Harbor, Vietnam, others including 9/11, it's more likely that the US would do something to its own Pentagon or White House to unite the people against Iran.

Re:Oh, stop acting surprised, Iran

[mr.mctibbs]

Fun speculation, but the news seems to have that covered already:

http://www.salon.com/2012/02/10/israel_mek_and_state_sponsor_of_terror_groups/

It appears that Israel is in fact using the MEK to assassinate these scientists. This is the same organization, by the way, that several US politicians are supporting openly, despite the organization being on our list of terrorist organizations. Looks like Israel's a state sponsor of terror. Who would have guessed?

Re:Oh, stop acting surprised, Iran

[BlueStrat]

You say that like you think that's not exactly what the US wants?

All the cyber contractors have been itching for it for ages. The lobbyists are simply going to going to start to get a return on their investment.

Cha ching!

Yeah, it's all about job security for a bunch of government contractors.

It couldn't possibly be to prevent Iran from detonating the first working nuke they can patch together in Jerusalem and setting off a horrible, and *nuclear*, conflict with millions dead, and plunge the world into chaos & war.

Nah.

Couldn't possibly be that. Even though Ahma-Nutjob has repeatedly and sincerely publicly promised to do just that.

When do we start taking our enemy's repeatedly stated and plainly spoken basic intentions at face value? The world tends, for some strange reason, to want to ignore plain statements and intentions from such people and regimes. Germany was ignored in the 1930s as well.

It feels almost like the 1930s again. Anti-Semitism is on the rise worldwide again, just as then. Jews are being portrayed as the evil behind all the world's woes again, just as then.

History repeats itself. Unfortunately, it doesn't seem like too many people are intelligent enough, or have been taught enough history, to see that the evil & hatred we had once defeated is rising again. Or they naively hope to benefit politically from the hatred, and so go all-in supporting it.

Strat

Re:Oh, stop acting surprised, Iran

[Tarsir]

The US has opened pandora's box, and there is no going back. You can't control malware the same way you can try to control nuclear weapons. Just wait and see.

I don't think the US opened that box. Organized crime has been deploying malware against individuals and organizations for years. I've been seeing stories on Slashdot about "Chinese Hackers" breeching US governmental and corporate networks for years. With Stuxnet and Flame the US has merely taken what everyone was already doing and done it better.

Re:Oh, stop acting surprised, Iran

[DarkOx]

The US has with little apparent forethought though moved it in the tool box of statecraft. The stakes are a bit higher there or at least can be. Iran might have a reason conduct a major disruptive campaign against our vital infrastructure. There are other influential players (Russia, China) that if timed right would place limits on at least the nature of our reprisal. I can imagine situations where at least the Iranian government might see such an attack as to their personal benefits, if not those of the nation.

The Mob on the other hand would NEVER hit a target like a power plant. Anti police state voices would be pretty well shouted down after a power grid failure lasting more than a few days. After that we would start to see a significant human toll, Enoujgh people would suddenly get ok with letting the FBI kick down however many doors, and military do however many drone strikes are needed to stop these 'terrorists'. There is no profit in organized crime in that.

ACs admit to cyber-espionage.

No one "officially" has admitted to Flames, Stuxnet, or otherwise. It's always some anonymous source, or former (apparently the current ones are too busy to give interviews) official.

Re:ACs admit to cyber-espionage.

[houstonbofh]

You mean that guy who has been to Roswell? I know him! ;)

Re:ACs admit to cyber-espionage.

you sure?

http://arstechnica.com/tech-policy/2012/06/confirmed-us-israel-created-stuxnet-lost-control-of-it/?utm_source=Ars+Technica+Newsletter&utm_campaign=8d7f11ba51-September_02_2011_Newsletter&utm_medium=email

http://www.nytimes.com/2012/06/01/world/middleeast/obama-ordered-wave-of-cyberattacks-against-iran.html?_r=2

Re:ACs admit to cyber-espionage.

God, will people even read the articles they try to use as proof? In BOTH articles, it's stated that the articles is based on Sanger's Book. They are using the book as "proof of confirmation" in which case I can easily argue that it is NOT. Confirmation = Confirmation of the accused or hard proof. In both respects, the book is not either of these.

Referencing a book by the person who first made the accusation, Confirmation from the person who first made the accusation? I think not...

Oh noes

Your nuclear weapons program for enriching uranium was fucked up because of a computer virus.

You know what DOESN'T need highly enriched uranium? CANDU and Throrium reactors. Gee, I wonder why Iran isn't interested in those, the only difference is that they can't be used to make nuclear weapons...

Re:Oh noes

[_merlin]

Well, it's been shown that, at the least, CANDU reactors can be modified to produce weapons-grade plutonium. India got the plutonium for the bomb used in Operation Smiling Buddha from a modified CANDU reactor.

Re:Oh noes

Thorium reactors absolutely do require uranium. Thorium is not a fissile material. Thorium is a stock material that is bread in to uranium during the course of reactor operation. The actual reactions are uranium, and said reactions create more uranium, which is in turn fissioned, etc etc. The idea is you feed more thorium in to the reactor "soup" and the reaction continues.

The problems with thorium reactors that have not been solved:

1. The reactor has to be primed with fissile uranium. They can not self start with thorium alone.

2. The reactor soup mentioned above is a very complex reaction with dozens of intermediate elements. Imagine having a soup of liquid metal with dozens of elements that are all constantly transmuting in to other elements. Nobody has come up with a suitable "soup" that will have desirable properties in any sort of long term use scenario. Either too much gas, or the mix solidifies, or turns in to something that eats through the walls of the reactor vessel, or the reaction gets poisened and stalls.

3. Even if a good "soup" is developed, the reactor material does need to be processed and refined from time to time as undesirable bulk products build up. I dont' see how processing tons of hot molten radioactive material can be anything but nasty and environmentally hazardous.

Re:Oh noes

The details are always a bit tricky. To get usable weapons-grade plutonium you have to run it through the reactor for relatively brief periods of time, otherwise you get isotopes of plutonium that make it difficult to make into bomb material (high spontaneous decay rates, which makes it harder to assemble a critical mass -- you get a "fizzle"), and that are even messier to isotopically separate out than uranium isotopes. So, you swap the fuel through the reactor really quickly (I think it's in a few days or weeks, instead of many months). In that respect CANDU reactors could be suitable because they don't have to shut down while swapping fuel, although dedicated plutonium-production reactors are probably better. Anyway, you still have to run a very unusual and obviously inefficient fueling schedule on a power reactor that would be detectable with any kind of reasonable monitoring. So, build all the CANDU reactors you like, use natural uranium so that isotopic enrichment systems aren't necessary, but subject them to the international monitoring that you would have to do anyway, and make sure people aren't running a rapid fuel-swap schedule that would be a signature of trying to make weapon's grade plutonium in any type of reactor.

The reactor in India was a heavy-water reactor, but not technically a CANDU power reactor. It was a "research" reactor and was not subjected to the monitoring that was required for the power reactors. It is believed that India derived a similar design from the research reactor and used that for the main plutonium production. So, the proliferation concerns are real, but not that different from any other type of reactor if not properly monitored.

Tons of detail at this page.

Admits?

Where has once have the government admit they created it? Both links are just basically from David Sanger and his book where the first link is an article by him and the 2nd link an adaptation of the story-line from his book (which they state at the very bottom of the article).

I'd hardly call that the government admitting it when it's more like an accusation from someone with possible inside sources. Nowhere in any of these articles has there even been a comment made by the US government. If you are gonna report on something, at least put the correct viewpoint on it. All these "confirmation" articles are just articles respinning the story made by Sanger.

As for it's validity, could be true, could be false. But i definitely don't like the way it's being told. It's more akin to being told a fantasy novel then an actual news report. They don't even have quotes from their sources stated specifically. The entire story is told in a mix of imagination and (possible) facts which aren't clear.

Re:Admits?

[FurtiveGlancer]

The verity and verifiability of the accusations is immaterial; the "I want to believe" factor is just too good to pass up!

Re:Admits?

[MarkGriz]

A story in the Washington Post is hardly an admission by the country. Not saying they didn't do it, in all likelihood they did.
But calling it an admission is just incorrect.

Re:Admits?

[crazyjj]

the "I want to believe" factor is just too good to pass up

The "I want NOT to believe" factor is even stronger for people like you. You've got some of the most reputable newspapers in the country reporting it from real sources (though, of course, anonymous for obvious reasons). You've got Congress investigating how it leaked, the President saying "I didn't leak it," drunk Israeli generals bragging about it, etc. Short of a "Yep, we did it" official press release from the NSA, that's about as good as it gets.

But some people want to keep their head buried deep in the sand, I guess. That's fine. But not all of us are from Missouri.

And the UK!

Iran is such a great country, I love how they act like my country is still important.

Re:And the UK!

[rahvin112]

The UK sponsored and the US assisted with the Shah overthrowing the elected government. The UK was the prime player in this because they were the former colonial power. As a result, all the brainwashing done on every Iranian citizen about how evil the west is focuses on the UK and US. When something bad happens the natural response is to tap into all that brainwashing and blame the US and UK along with Israel (whom every leader in the mideast blamed for every problem for decades). So it doesn't matter what's happened, if someone is being blamed for something it's ALWAYS the US, UK and Israel. Doesn't matter what it is or even if it's related or not.

Re:Bad Idea?

Depends on your view...

Most of the US would consider a meltdown over there, much better then a bomb over here...

(note: I'm not saying that opinion is morally correct, just prevalent and in some way justifiable)

Re:Blame someone else for incompetance

[houstonbofh]

I do wonder how the heck they keep getting attacked. It sound like some people I know who "Keep getting all thses virus things no matter what I do!" (Like click accept all the time)

Oh, stop acting overloaded.

[Ostracus]

Of course, the easiest way to disrupt our network communications is still a well placed physical disruption.

It's called a Slashdotting. Pioneered it, back in the day.

Re:Disgraceful

[SirGarlon]

Israel spies on the US a hell of a lot. So on one hand it seems like a Faustian bargain for the NSA or CIA to get in bed with Mossad.

Re:Blame someone else for incompetance

"Your computer could be at risk from infidels! Click here for Jihad!"

Gets em every time.

Re:Bad Idea?

[Ostracus]

How does one "meltdown" a centrifuge?

Re:Bad Idea?

Isn't kind of a bad idea to deliberately mess up controlling computers in a nuclear plant?

The only thing deliberately messed up were the speed controllers on the centrifuges which were enriching Uranium, and the 'messed up' meant that the speed would very subtly oscillate in speed to mess up the enrichment process.

There is no part of that which could cause a meltdown.

Re:Blame someone else for incompetance

[Hatta]

You think the US government couldn't buy the source to QNX, find an exploit, and embed that in a trojan that they convince someone to sneakernet across the air gap?

Re:Bad Idea?

we're in the wrong

LOL. What are you, 15? The USA and Israel have done a lot worse than melt down a nuke plant or two. We've overthrown democratic governments, assassinated thousands of people without trial and violently murdered countless bystanders. All in the name of protecting a bunch of selfish brats who think "god" wants them to live in a specific piece of the desert.

Intellectually speaking, I think you will find that the world's events are a lot easier to understand if you stop thinking of the US as the "good guys". We're not. We're simply out to push our political and religious values on the rest of the world by whatever means are necessary.

Least Secure Computers Ever!

[Greyfox]

What is this, the third time now? Usually you institute rules like "No browsing porn on the centrifuge control computers" after the first time. Maybe your scientists realize that if they start producing anything bomb-worthy, Israel will come in and flatten their facility, likely killing them all in the process. So maybe they just tell you "Oh! Those filthy Americans infected our computers again!" and go back to playing Tetris for another couple of years.

Re:Least Secure Computers Ever!

[coyote_oww]

Stuxnet was initially spread via USB memory sticks - the rom on the stick was effectively corrrupted and utilized a zero-day exploit in Windows auto-read to get itself silently launched. That's how it got onto non-internet networks. Apparently any number of corrupted sticks were distributed in the area, hoping one would get used in a sensitive location. That's the theory anyhow (as i recall it).

Aesop: take your IT guys seriously when they ban unsecured/non-approved USB sticks.

Re:Oh NO not US

[gstoddart]

On the other hand, in Iran's eyes, they may think the US has declared war.

It's a hostile act. They've admitted to both Flame and Stuxnet I believe. Like it or not, the US has fired the first shots here, and have opened the door for retaliation. You don't get to do it, admit to it, and then just say "just kidding".

Begun, the clone war has.

Re:Must be great working as Iran nuclear scientist

[SirGarlon]

I'm sure it's great, until an unidentified and presumably foreign person assassinates you on the way to work.

Re:from who?

[operagost]

The USA hasn't built a new warhead since the Cold War ended, and its current arsenal is about 25% of its peak size.

USA/Isreal admitted to creating "such software"?

[wile_e_wonka]

And once a country admits that it's created such software, publicly deflecting such blame gets a lot harder.

The link leads to another /. article, which leads to another, etc, until it eventually lands at this NY Times article.

This article is not an admission by anyone regarding Stuxnet, Flame, or anything else. It just allegedly quotes a bunch of anonymous sources about supposed top secret information.

I promise I don't work for the federal government.

act of war

[amoeba1911]

A recently drafted cyber strategy formulated by the U.S. Department of Defense (DoD) classifies digital sabotage as an act of war.

Here's a fact: The U.S. and Israel have started war against Iran. I don't remember congress ever approving this war, I don't remember the public ever being notified that our country is now at war with yet another country, despite being unable to pay for the half dozen other wars we're currently engaged in. This is completely unacceptable.

Re:Blame someone else for incompetance

Where is that clean PC guy when we need him?

Re:Bad Idea?

[garbut]

I get that Iran has a deserved reputation for abusing their neighbors

Please explain.

...then we're in the wrong.

Thousands of dead Americans and counting, a million dead Iraqis and counting, how are we not already in the wrong?

Re:Blame someone else for incompetance

1) You are the dumbest person alive.
2) No it doesn't.
3) That doesn't matter at all.

Here is how it works, try to pay attention. A device called a PLC is connected to a device called a drive via copper wires. The drive is connected to a motor, which is connected to a gearbox, which spins the centrifuge. The drive varies the frequency of the electricity going to the motor and thereby varies the speed at which the motor turns (and thus the centrifuge). The PLC contains ladder logic which governs the speed reference it sends to the drive. So, the PLC controls the speed at which the centrifuge turns.

As it comes out of the box, the PLC contains no ladder logic at all. In order to control anything, one must load ladder logic into it. Now, here is where your stupidity prevents you from being qualified to jabber on about this: you can't load ladder logic into the PLC using QNX. You can''t develop the ladders on QNX. QNX cannot communicate with the PLC in any way at all except to read and write to its data tables using interfaces defined by the PLC vendor. In Stuxnet's case that was Siemens.

The payload of Stuxnet was delivered during the above ladder logic development phase. They'd have sent a destructive speed reference to the centrifuge drives whether then supervisory software was QNX, or Wonderware on Windows, or Citect, or whatever else.

Quick way to Tuff Guy Status

[Papa+Legba]

Quickest way to tuff guy status? take Credit for someone else work. Guy drops dead all of a suddent take credit for his death, even if you had nothing to do with it. The US and Isreal are riding this wave that now everytime something in the cyber world drops dead its because they did it, no matter what happens, even if they are just as suprised as everyone else. This plays well into the Iranians need to blame their inability to produce anything in their nuclear program on someone else. We would have had a Bomb if it was not for those medling kids!

I can say without a doubt that their is no Goverment Service worker that could have produced Stuxnet or Flame. I doubt it was a US contractor. They would have worked on it for sure, but they would have never delivered a final product and had that gravy train dry up.

I have a strong feeling that all this "accidental" leaking is just a way to take credit without actually claiming you took credit.

So when the iranians claim another attack I take it with a grain of salt. To many people have to much at stake claiming that something happend. Having something actually happen is besides the point.

Re:Blame someone else for incompetance

[crazyjj]

Don't know about Flame, but Stuxnet didn't use net-connected computers as its vector for infection. Somehow U.S./Israel got it on the flash drives of the Russian contractors who were working on the centrifuges. The contractors brought it in physically on those drives.

Re:Blame someone else for incompetance

[Hatta]

It's not designed or intended to ever need to run new code!

Then attack the system that programs these systems.

Re:Blame someone else for incompetance

[MilwaukeeMadAss]

Infidel Inside

LOL!

[DeadCatX2]

It couldn't possibly be to prevent Iran from detonating the first working nuke they can patch together in Jerusalem

I laugh every single time I hear this line of reasoning.

Iran is run by religious nutjobs. I agree with that.

One thing you seem to forget, though...Jerusalem is their holy land too. While they may be nutjobs, they're still religious nutjobs, and blowing up their own holy land is a great way to piss off every member of the three major religions worldwide. Iran would be crushed in the blink of an eye if they actually launched a nuclear attack. They are simply not that stupid and irrational. It would be like Republicans bombing the White House because Obama won the election.

It couldn't possibly be that Iran would want a nuclear weapon so that they can participate in the joy of Mutually Assured Destruction. It couldn't possibly be that multiple world superpowers who have nuclear weapons rattle the saber at them on a monthly basis and that having a nuke of their own might give them some leverage. (or even giving off the appearance of trying to acquire a nuke - that's why Saddam never debunked rumors that he had WMD, because having your enemies think you have WMD generally makes them less likely to attack you)

It couldn't possibly be that the "wipe off the map" comment (which I assume is what you're alluding to) was a mistranslation, considering that idiom doesn't even exist in the Persian language...it couldn't possibly be that the true meaning was "the Israeli regime will be removed from the pages of history", kinda like how the USSR collapsed after the cold war...

Nah. Couldn't possibly be that...

Re:LOL!

[mrsquid0]

No, Jerusalem is considered to the third holiest site in Islam because this is where Muhammad is supposed to have ascended to Heaven from. There is no question that Jerusalem has always been an important city to Islam. And in the early years Muslims did face towards Jerusalem when they prayed. It was changed to Mecca after about 10 or 20 years for reasons that are not (as far as I know) well known.

Re:LOL!

[DeadCatX2]

If you wanted to stop nuclear proliferation in the Middle East, you should start with Israel. Subject them to IAEA investigations just like we demand of every other country that wants to have nuclear technology, instead of using our vote on the Security Council to shield them from such investigations. Make them sign the NPT.

Once one country in the M.E. has nukes, the others are now on a race to get them in order to ensure M.A.D. Israel can get away with nuking Iran right now (you can bet your ass that the US would protect them from sanctions at the UN no matter the international outrage). Do you think Israel would nuke Iran if they knew Iran had the bomb, too?

As far as "benign", I never said Iran was benign. But that's a good question. How many nations has Iran invaded in the past century? How many nations has Iran bombed in the past century? How many other nations does Iran have military bases in today? Compare those numbers to the equivalent US numbers and I start to wonder who really is benign here...

Pull over your Slashdot car

[ThatsNotPudding]

and keep your hands where we can see them.

It couldn't possibly be to prevent Iran from detonating the first working nuke they can patch together in Jerusalem...

This willful ignorance is breathtaking.

http://en.wikipedia.org/wiki/Dome_of_the_Rock

Re:Oh NO not US

[gstoddart]

I don't believe the US or Israel has admitted to any attack, so the US can continue to deny

Oh? Really?

They may be saying that they released it "by accident", but I'm pretty sure they've acknowledge they built it.

Re:Acquire both Iran & North Korea

[Michael+O-P]

This is Amercia, so there are additional steps.

Step 8: ???
Step 9: Profit!