Slashdot Mirror
F-Secure Report: Another SCADA Attack in Iran — This Time With AC/DC
An anonymous reader writes "F-Secure antivirus company of Finland has reported receiving e-mails from an Iranian nuclear scientist, who says Persian uranium-235 isotope refining efforts have just been hit with yet another cyber strike. (Stuxnet, Duqu and Flamer-Skywiper being the previous iterations of the same Operation Project Olympic attack plan.) Last month, President Obama's staff has admitted to the New York Times that there is a joint Israel-U.S. cybermilitary operation was behind the mishaps Iranians have recently been suffering with their UF6 gas refining centrifuge systems in the Natanz and Fordo plants. This time, the unverified e-mail claims, a new Metasploit-based malware owns Iranian VPNs, causes fault in the nuclear plants' Siemens-based industrial control systems, and randomly starts to play AC/DC's 'Thunderstruck' aloud via the infected computers' speakers."
Rock and revolt!
Sound of the drums
Beatin' in my heart
The thunder of guns
Tore me apart
You've been - thunderstruck
"This time, the unverified e-mail claims, a new Metasploit-based malware owns iranian VPNs..."
Might as well have put "pwns" instead.
It sounds like Tony Stark may have had a hand in this one.
That's quality craftsmanship, right there. In addition to delivering it's payload, the malware effs with with the target a little. Style over stealth FTW!
I would have gone for "Born in the USA"
Please do not read this sig. Thank you.
Noriega has company now. This wouldn't be the first time the US has used rock music against its enemies.
This somehow seems like a disinformation campaign by the iranians. With the refinement Flame/Stuxnet had, it seems a bit too amateurish that all of a sudden the attack methods would become so much more primitive and obvious to the victims (I mean, seriously, playing loud music in the middle of the night?)
What other songs could the virus rock out with?
"Stranglehold"
"Eve Of Destruction"
"Dogs Of War"
"Born In The USA"
Pretty much anything off Dark Side Of The Moon
I hope the malware writers (or the US gov't) have agreed their license fees with the respective record companies, otherwise they'll find themselves in a world of pain!
If Iran continues its weapons program the virus escalates to playing "Rock the Casbah."
When will the RIAA move in. This is surely unlicensed performance.
...because now the RIAA will be on them for distributing copyrighted material.
Will be amazing the variations of the "Cyberwar, wrong" message from the government in the next months/years, specially every time a hack widespreads or they want to catch even more private information from people of all countries. The key to be the victim in any conflict is dismiss/deny every time you were the attacker.
Yeah, so suddenly the guys who did a lot of work to be undetected will use Metasploit code and disclose their owning of the computers with an AC/DC song ....
Methinks someone is not reaching his objectives and found a good scapegoat as an excuse...
The alternative of course would be that script kiddies are owning Iran's nuclear researchs lab infrastructure ...
http://www.transparency.org
I wonder what the RIAA thinks of all these copies of 'Thunderstruck' on the Iranian computers. If it wasn't the US government making this malware they'd probably demand a license fee for each playing of 'Thunderstruck' on a computer in Iran.
---
I have a few bones to pick with the summary, of a factual nature. Corrections are in bold, I have not corrected the grammatical errors.
"F-Secure antivirus company of Finland has reported receiving e-mails from an Iranian nuclear scientist, who says Persian uranium-235 isotope refining efforts have just been hit with yet another cyber strike. (Stuxnet, Duqu and Flamer-Skywiper allegedly being the previous iterations of the same Operation Project Olympic attack plan.) Last month, an anonymous member of President Obama's staff has allegedly admitted to the New York Times that there is a joint Israel-U.S. cybermilitary operation was behind the mishaps Iranians have recently been suffering with their UF6 gas refining centrifuge systems in the Natanz and Fordo plants. This time, the unverified e-mail claims, a new Metasploit-based malware owns iranian VPNs, causes fault in the nuclear plants' Siemens-based industrial control systems, and randomly starts to play AC/DC's 'Thunderstruck' aloud via the infected computers' speakers."
I'm not saying the Times is wrong, but I don't trust their source completely. I also am not claiming he's wrong, but the press has a very bad habit of really fucking up critical details of technology-related stories. For example, I find it pretty hard to swallow that such an operation would only involve the US and Israel. It's all very convenient, and tidy, and in real life the real story is very rarely wrapped up in such a pretty little package. We certainly need at least an independent confirmation of the source's information.
They are seriously dancing around if this is an act of war. If Iran started hitting the US I suspect these actions would have a different spin. Of course the US is a super power so war with them is on a completely different level than the smaller countries.
It's been opened.
The US will not encounter foreign boots on the ground but cyber retaliation... and I promise it could get very ugly. As a former Network Admin, Accelerator Designer, and now Siemens Programmer I can tell you that these viruses can be turned back on us. Much of the world runs on Siemens programming. Oil rigs, chemical mixers, MRI scanners, food prep, power grids, water treatment, and manufacturing assembly of all kinds (right off the top of my head) all run on Siemens hardware/software and we don't have the ability to defend against it.
However, I am not worried about Iran. It's China who already has their digital boots on the ground.
Will the RIAA be sending the Iranian government a cease and desist notice for violating its copyright on the song?
Hey government, so it's illegal when I share Thunderstruck with my friends, but it's OK for you to spend my tax dollars giving it away to douchebag weapons scientists who don't even like AC/DC? Whatever!
at some point they need to learn how to secure their infrastructure. I mean, they know they are under attack, and still another virus get thru? It's gonna be suck working in IT dept over there right now. they're gonna be asked what went wrong and how to make sure it won't happen again. If I were them, I would start by put some glue in empty USB ports. Given that Stuxnex got into their system via USB memory stick so it doesn't sound too bad.
I weep at the lost opportunity for rickrolling.
(AC because I'm posting at work)
I wish I could use some of my mod points to mod parent up. "Using (or having insiders create) multiple 0-days for Stuxnet" vs. "Metasploit and proclaiming victory by playing a .mp3" show two completely different models of operating. There isn't anything like Defcon or Black Hat going on this week, is there? ;)
Thomas Dolby
Donte Alistair Anderson Roberts - hi son!
Karma: Chameleon
Federal agents must be going through iranian IP addresses of the Cryptography course on Coursera.
> President Obama's staff has admitted to the New York Times that there is a joint Israel-U.S. cybermilitary operation was behind the mishaps Iranians have recently been suffering with their UF6 gas refining centrifuge systems in the Natanz and Fordo plants.
Remind me, when and where exactly did Obama's staff admit this? Is there anything at all besides one article with unsourced allegations?
No doubt the U.S. is behind behind this. But I'm getting damned tired of the shoddy journalism. I've seen so many claims that "the President has confirmed that the U.S. is behind the cyber attacks on Iraq nuclear facilities" with absolutely nothing to back them up. C'mon folks, stick to the facts.
This malware rocks. :-)
In five years time, Iran will have the best SCADA cyber security engineers in the world. I bet they will give this full priority. And when they have these skills, they have the skills to attack as well. Then think of what will happen. The US should better be sure that they are able to *destroy* those machines, so Iran cannot use them to test, otherwise... And how about Germany and Italy - are they still delivering systems to Iran? I wouldn't be surprised!
When did we start greenlighting onion stories.
Up next: Hot redhead quits the nuclear program via slideshow!
Oh boy. Those virus writers in trouble now.
Distributing music without permission? The RIAA are going to nail them for this.
Isn't amazing how the "most transparent White House in history" can't release their visitor logs but they can release highly classified intelligence regarding ongoing operations?
If it is true, it's bad news:
Assuming that the Stuxnet/Flame attackers are trying to avoid being detected and are not announcing their presence with cheap pranks, the report, if true, would mean someone else has broken into Iranian nuclear weapons research systems, and that it's someone so unprofessional and unskilled that they are doing it as a prank.
Those systems may contain data that nuclear proliferators would love. If they are that insecure, then everything the Iranians have learned could spread rapidly.
The Fifth Amendment provides an exception to sovereign immunity, allowing copyright owners to recover "just compensation" for the U.S. Government's use of their works.
Fuck you....not gonna work for you....
All these attacks are making me sympathetic for Iran
I would go with AC/DC - T.n.t. instead lol
This reminds me of April 1st. I highly doubt anyone using malware to slow down or halt the Iranians nuclear efforts, would do it in a way that makes them clearly realize they're infected with something. That's more of a newbie prank or a troll ("unverified email" should keep this story from being news), than a real attempt to stop anything. The whole reason Stuxnext & Duqu were so successful is because of their ninja-like quietness in the systems.
from the RIAA over the money due each time this virus strikes, I mean sheesh, that could amount to a lot of cash right? And the recording industry is hurting what with the trillions of dollars they say they are losing every year to piracy. :P
Or maybe thats the idea, they will sic the RIAA on the Iranians and save the US military the effort
"The first time I got drunk, I got married. The second time I bought a chimpanzee, after that I stayed sober" Arian Seid
raise paranoia AND be realistic!
As for the music, rumor says the original Stuxnet worm carried an encrypted, simplified copy of "Hatikvah.mid" (jewish national anthem) in its body and used to play it on the variable drive frequency motors of the uranium-235 enriching centirifuges being wrecked, similar to how HP flatbed scanners can sing "Ode to Joy" on their stepper motors for self-test (see many YouTube videos for that). Must have been funny to witness that play in real life, although not for the iranians...
(AC because I'm posting at work)
.mp3" show two completely different models of operating. There isn't anything like Defcon or Black Hat going on this week, is there? ;)
I wish I could use some of my mod points to mod parent up. "Using (or having insiders create) multiple 0-days for Stuxnet" vs. "Metasploit and proclaiming victory by playing a
(DC because I'm posting from my C64 on battery power from Afghanistan)
no
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
I have always maintained that the best way to remove Iran's lunatic rulers is to ridicule them publicly, show their PM copulating with a monkey, he looks like one so I guess it is not really bestiality, just the natural copulation of animals. Their system of government as the bad joke that it really is, just another regime claiming 99.99% of the voters support them, shock and awe the people, show them truth, bombard them with how they could live and how they do live. Hell even show them the truth, even our homeless live better lives than their average citizens do. And get Israel out of their minds, Israel has no connection with their economic or political situation, the so called Palestinians are a fictitious people, leftover Israeli Arabs that instead of accepting a democratically elected government chose to flee into countries much less tolerant of their beliefs and customs. If they had staid in Israel then they would had their homes and properties granted to them under Israeli law, as do Israels Arabs, Druse, Christians etc.My 2c..
is now wanted for questioning in Iran.
Doesn't that violate the Geneva Convention's policy against torture?
You can imagine the joy I felt after we had a lightning strike yesterday in Ontario, Canada that killed a bunch of electronics, only to open up the daily slashdot to see a story about "thunderstruck".
Slashdot, why do you mock me so?! :)
Can someone please explain why their centrifuge equipment would be connected to the internet, or even an intranet instead of a simple device and controller PC network?
Idiots.
The dude's trying to convince the morality police that he wasn't blasting AC/DC. Remember to plug in the earphones next time!
Evergreen!
Yes, sure, she has a pure, wonderful, beautiful voice, blah blah blah. But that's the point. In my experience, the notes she sings travel hundreds of yards down the corridor and infect everyone's office.
Play it over and over and over and over and over and ... people will be tearing their hair out. We could call it ... I don't know ... the Streisand Effect?
My other car is a 1984 Nark Avenger.
is the R.I.A.A. going to be pissed. Good luck with that lawsuit.
Why is it that most of the people that I encounter seem to have been shat from the Sphincter of Mediocrity?
The words to a single song comprise a single lyric.
What? What?
I can't believe that we tricked their accountant into installing the virus.
Children, please don't attack foreign assets run by scary dictators without prior approval and direction of your friendly neighboorhood TLA.
You may think you are doing good or being clever or 1337 ..by taking these actions you may be jeopardizing channels and capabilities of those who do not officially exist.
Isreal is already in full war mongering mode no need to stir the kettle any more than it needs to be.
It isn't nearly as bad if it was the band... now if it was the other AC/DC, then it would probably be worse.
That song is way more insidious
Estimated Prophet
http://www.lyricsfreak.com/g/grateful+dead/estimated+prophet_20062471.html
You will follow me and we will ride to glory, way up, the middle of
The air!
And I'll call down thunder and speak the same and my work fills the
Sky with flame
And might and glory gonna be my name and men gonna light my way.
The U.S. Government and Isreal Government for illegal performance of copyrighted materal.
Be seeing you...
I would have to say that this attack is not the same people. They were never so obvious in telling you that you've just been pwned.
Instead of going after Australia for their data retention law (which is pretty small potatoes compared to a nuclear device in the hands of a rogue state run by religious fanatics) why hasn't Anonymous gone after Iran? Iran can't build their weapon without computers and Anonymous has been basically overall useless, if not annoying, since they gave up on attacking Scientology.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
I hope the US and Israel paid all interested parties for the right to use that copyright-protected work. Otherwise Iran could retaliate by reporting the US and Israel to the RIAA and then they'll be in REAL trouble.
<rant>
Stuxnet, Duqu and Flamer-Skywiper being the previous iterations of the same Operation Project Olympic attack plan.
This is not a complete sentence; there's no verb.
Last month, President Obama's staff has admitted to the New York Times...
We use present perfect tense for referring to events that happened at an unspecified time in the past. You can't use it when you specify that the event happened last month.
...there is a joint Israel-U.S. cybermilitary operation was behind the mishaps Iranians have recently been suffering with their UF6 gas refining centrifuge systems in the Natanz and Fordo plants.
The rest of this sentence is too long and complicated. In addition, it has two verbs. Compounding the problem, the two verbs have opposing tenses.
I really do dislike grammar nazis, and I try to avoid ever saying anything about errors since I make plenty myself, but these kinds of errors are hard to read and understand. Timothy, do you even read things before they get posted?!
</rant, hopefully forever.>
Seriously, I do appreciate what all the /. editors do. It's hard to parse through all the article submissions that you get and make sure everything makes sense. It's also hard for us to parse the posted article summaries when the grammar mistakes make one's head spin.
May I respectfully suggest "Hell's Bells" for version 2.0?
"I don't think software should necessarily be free
Shit...owning your enemy's machines and blasting American music rather than quietly stealing their data...that's some serious psyops. They've got to be feeling vulnerable now.
My God can beat up your God. Just kidding...don't take offense. I know there's no God.
Team America...Fuck Yea!
My God can beat up your God. Just kidding...don't take offense. I know there's no God.
The Men In Black
They've cloned Johnny Cash?
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
Dirty Deeds Done Dirt Cheap!
I wonder if whoever did this arranged to pay AC/DC somehow or if the perpetrator stole copyrighted material. Hacking nuclear weapons facilities across international borders AND pirating a songs is a bad combination.
On the same side of thing. Who woulda thunk it? Iran wants to get the virus writers because of the damage to their nuclear program, the RIAA for unauthroized use of songs.
Make their computers play Shel nonstop. Ugh I can't even think of that. It's too horrible!
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
Now the Iranians really have something to worry about... when the collections agencies come looking for the money they owe for the public performance of "Thunderstruck". They will be obliterated.
Terrorists from Israel-U.S. attack free country. US-Israel servers should be bombarded by NATO.
Recipes for USA bankrupt - http://tinypaste.com/0d66f dd = dollar deluge (printed in the infinity)
You are a fucking tool, like most of Europe.
Symantec: Buy our shitty AV! It will protect you against Microsoft destroying our industry with MSE -- err, we mean, evil american viruses.
F-secure: We can find viruses too! We have it on a VERY GOOD source that there are may be EVEN MORE evil american viruses out there! Buy our shitty AV!
Jokes aside, if I had any stocks in F-Secure, I'd be selling them. They just figuratively shat on their own face.