Slashdot Mirror

← Back to Stories (view on slashdot.org)

F-Secure Report: Another SCADA Attack in Iran — This Time With AC/DC

Posted by timothy on from the either-true-or-a-funny-movie-plot dept.

An anonymous reader writes "F-Secure antivirus company of Finland has reported receiving e-mails from an Iranian nuclear scientist, who says Persian uranium-235 isotope refining efforts have just been hit with yet another cyber strike. (Stuxnet, Duqu and Flamer-Skywiper being the previous iterations of the same Operation Project Olympic attack plan.) Last month, President Obama's staff has admitted to the New York Times that there is a joint Israel-U.S. cybermilitary operation was behind the mishaps Iranians have recently been suffering with their UF6 gas refining centrifuge systems in the Natanz and Fordo plants. This time, the unverified e-mail claims, a new Metasploit-based malware owns Iranian VPNs, causes fault in the nuclear plants' Siemens-based industrial control systems, and randomly starts to play AC/DC's 'Thunderstruck' aloud via the infected computers' speakers."

46 of 253 comments (clear)

  1. \m/ ( w ) \m/ by Quakeulf · · Score: 5, Funny

    Rock and revolt!

    1. Re:\m/ ( w ) \m/ by camperslo · · Score: 4, Funny

      Well there's really nothing to fear until people start getting Rick-rolled

    2. Re:\m/ ( w ) \m/ by Jeremiah+Cornelius · · Score: 3, Funny

      These "cyber attacks" are criminal activity by the AmeriCIA/Israel government confab - directed against the LEGAL and compliant activity by a signatory of the non-proliferation treaty.

      Israel is NOT signatory - and actually DOES produce weapons, in violation of international law.

      So does India an NPT violator.

      Who will stop these rogue regimes, that pursue their agenda, not through binding treaty obligations or courts of justice, but through rampant sabotage and a program of civilian assassinations?

      --
      "Flyin' in just a sweet place,
      Never been known to fail..."
    3. Re:\m/ ( w ) \m/ by sumdumass · · Score: 3, Interesting

      You forgot Pakistan and China in that ramble. You also forgot that the states who did sign the treaty and agreed to be bound by it, the same states who benefited from the signing of the treaties, only one is openly hostile towards another nation. Of course India and Pakistan are or was openly hostile to each other but they didn't sign.

      Also, international law is not some imposing legal system that strips the sovereignty of nations just because a few states get together and declare something. Imagine if they got together and outlawed the Muslim religions or sodomy by declaration or something.

      The states in question by your comment have to agree to be bound by the treaty creating the international law or defeated by force and subjected to the ramifications of it ex postfacto. Should one of these non bound countries become openly hostile against another country or threaten the use of Nuclear or Chemical and/or biological weapons, I'm sure the focus of the world will change a bit. Until then, crying that they aren't being troubled is a bit like saying, why am I being arrested for robbing the bank, banks get robbed all the time and those people don't get caught.

  2. Thunderstruck by sageres · · Score: 5, Funny

    Sound of the drums
    Beatin' in my heart
    The thunder of guns
    Tore me apart
    You've been - thunderstruck

    1. Re:Thunderstruck by Anonymous Coward · · Score: 4, Funny

      Tore me apart

      To the authors of this hack: I see what you did there, I LOL'd, and I will never listen to that song again without thinking of a cascade failure :)

      You came, you saw, kicked its ass!

  3. Springsteen, weaponized. by gestalt_n_pepper · · Score: 4, Funny

    I would have gone for "Born in the USA"

    --
    Please do not read this sig. Thank you.
    1. Re:Springsteen, weaponized. by Muad'Dave · · Score: 5, Funny

      I would've gone with Hava Nagila.

      --
      Tiller's Rule: Never use a word in written form that you've only heard and never read. You will end up looking foolish.
    2. Re:Springsteen, weaponized. by Bill,+Shooter+of+Bul · · Score: 5, Insightful

      Yeah, but that song is about how bad the USA is at taking care of people, not how awesome it is to live here.

      --
      Well.. maybe. Or Maybe not. But Definitely not sort of.
    3. Re:Springsteen, weaponized. by dpilot · · Score: 2

      One side thinks their country can be the greatest place on Earth, and wants to work on the needed changes to get it there.

      The other side thinks it already is, and doesn't want to change a single thing - only roll back some of the changes the first group has already managed.

      I'd prefer to think that "Born in the USA" was cast in the first mold, because recognition is the first step toward fixing. Also, any citizen of any nation can take the first view, and probably should. But then I just might be a little biased.

      --
      The living have better things to do than to continue hating the dead.
    4. Re:Springsteen, weaponized. by Anonymous Coward · · Score: 4, Funny

      I would have gone with some Justin Bieber or Nickelback.

      The constitution forbids cruel and unusual punishment.

    5. Re:Springsteen, weaponized. by H0p313ss · · Score: 5, Insightful

      You only think that because you're thinking in english rather than the newspeak.

      Interstate running through his front yard and he think's he's got it so good. But ain't that America?

      As a Canadian I found it pretty funny at the time that the song not only charted but became an anthem for (clueless?) patriots.

      --
      XML is a known as a key material required to create SMD: Software of Mass Destruction
    6. Re:Springsteen, weaponized. by Mister+Whirly · · Score: 2

      Someone probably should have explained this to Reagan as he wanted to use it for his campaign song in 1984. Maybe someone should have looked at the lyrics, and not just the title? Needless to say Springsteen did not allow his song to be used by Reagan.

      --
      "But this one goes to 11!"
    7. Re:Springsteen, weaponized. by slashmydots · · Score: 2

      In case you didn't know, it was based 100% on the latest Iron Man appearance in The Avengers. He hacks speakers to play that song in the movie.
      By the way, Persia? Did they do the research for the article in the Bible? Most other sources call it Iran now.

    8. Re:Springsteen, weaponized. by drinkypoo · · Score: 3, Insightful

      That's why you get anti-war songs used as title music for Vietnam War games, etc.

      Uh no, you get anti-war songs used as title music for the Viet Nam War because that war is almost universally hated, despised, and regretted. When you play a game about that war you know what the outcome is and you know it won't be happy. Irony, it's not just for breakfast any more, but it is for your comment.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  4. disinformation? by Anonymous Coward · · Score: 5, Insightful

    This somehow seems like a disinformation campaign by the iranians. With the refinement Flame/Stuxnet had, it seems a bit too amateurish that all of a sudden the attack methods would become so much more primitive and obvious to the victims (I mean, seriously, playing loud music in the middle of the night?)

    1. Re:disinformation? by fuzzyfuzzyfungus · · Score: 2

      Given that it is already de-facto-proven-even-for-official-purposes that the US has no qualms about fucking with Iran's computer systems, what would Iran have to gain by some sort of false-flag style thing?

      If there were actually some lingering doubt about the US's willingness, I could see trying to score some points; but there really isn't. The explanations that it was either an attack pulled off by a much less sophisticated actor(hacking isn't totally newb stuff; but the list of people who can make trouble with metasploit is a whole hell of a lot longer than that of people who could pull off stuxnet or flame....) or by a sophisticated actor who found a relatively easy attack and thus has no reason to risk exposing any really cool exploits until the low-hanging fruit has been picked...

    2. Re:disinformation? by vlm · · Score: 3, Interesting

      More likely some poor bastard on the night shift was intentionally and willfully listening to evil mp3s he downloaded from the great satan over livewire, and when he got caught doing air guitar instead of whatever the hell a centrifuge operator does in his spare time, rather than taking the fall for it, commited yet another sin by blaming the CIA.

      The disinfo part is I've worked in industrial plants on networks, and later for decades in companies with airgapped production and IT networks, and the first thing you do after the first infection is airgap IT and everything else you can away from production, then you disassemble production.

      So the scales of upper management weigh:
      1) On one side the ops when they're bored want to check facebook, email, and play angry birds online
      2) On the other side the plant might be destroyed in an explosion that kills us all and the dictator will kill my family as punishment even though I'm already dead.

      Yeah I can see how the local equivalent of mahogany row decided to leave plant equipment accessible. Yeah, totally realistic. Not PR BS at all. Uh huh.

      --
      "Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
    3. Re:disinformation? by deKernel · · Score: 2

      There is nothing tangible to gain in the sense that it helps prove one particular country was the source of the attack. What they are doing is causing doubts as to the progress, if any, in their program. Translation: we are talking mind games with analysis as to just where they stand in the development cycle. Plus, the people within the Iranian program can use this to cover their butts if they are running behind or have something worse happen like explosions at plants and such.
      Make no doubt about it, though the leader of Iran is a nut job, not all behind him have his same sense of craziness.

  5. Awesome! by Quiet_Desperation · · Score: 2

    What other songs could the virus rock out with?

    "Stranglehold"
    "Eve Of Destruction"
    "Dogs Of War"
    "Born In The USA"
    Pretty much anything off Dark Side Of The Moon

    1. Re:Awesome! by Anonymous Coward · · Score: 2, Funny

      Something by Celine Dion.

    2. Re:Awesome! by only_human · · Score: 4, Funny

      What other songs could the virus rock out with?

      How about rickrolling?

    3. Re:Awesome! by Teresita · · Score: 3, Funny

      I study nuclear science
      I love my classes
      I got a crazy teacher,
      He wears dark glasses.
      Things are going great,
      And they're only getting better.
      I'm doing all right, getting good grades.
      The future's so bright
      I gotta wear shades.

    4. Re:Awesome! by Zocalo · · Score: 5, Funny

      The Police's "Every Breath You Take (I'll be watching you)" should raise paranoia levels nicely.

      --
      UNIX? They're not even circumcised! Savages!
    5. Re:Awesome! by doubleplusungodly · · Score: 2

      How about something obnoxious like "America, Fuck Yeah" or "Trololol"?

      --
      ---
    6. Re:Awesome! by Quiet_Desperation · · Score: 5, Funny

      That might violate the Geneva Conventions.

    7. Re:Awesome! by RaceProUK · · Score: 3, Funny

      'Blame Canada'

      --
      No colour or religion ever stopped the bullet from a gun
    8. Re:Awesome! by fuzzyfuzzyfungus · · Score: 4, Funny

      Inertia might prevent this; but (if the virus has access to PLCs) rocking some unlistenable ambient industrial exclusively using PLC-controlled hardware being operated in a manner egregiously beyond its design specs would be fairly entertaining.

      A computer attempting the DJ-style turntable 'scratching' effect on a bank of ultracentrifuges would be fun while it lasted...

    9. Re:Awesome! by HexaByte · · Score: 2

      Even better, it should just open a browser to a porn site.

      Imagine how well their research will go when all their top scientists are beheaded for being perverts under Islamic Law!

      --
      HexaByte - he's a square and a half!
  6. RIAA vs US gov't by MoogMan · · Score: 5, Funny

    I hope the malware writers (or the US gov't) have agreed their license fees with the respective record companies, otherwise they'll find themselves in a world of pain!

  7. Re:ROCK! by Anonymous Coward · · Score: 2, Funny

    I'd still go for Wagner

  8. Bullshit by slb · · Score: 5, Insightful

    Yeah, so suddenly the guys who did a lot of work to be undetected will use Metasploit code and disclose their owning of the computers with an AC/DC song .... Methinks someone is not reaching his objectives and found a good scapegoat as an excuse... The alternative of course would be that script kiddies are owning Iran's nuclear researchs lab infrastructure ...

    --
    http://www.transparency.org
    1. Re:Bullshit by dbIII · · Score: 2

      It's a dirty deed done dirt cheap.
      If they are caught they'll only make it out with a bullet in the back.

    2. Re:Bullshit by RaceProUK · · Score: 3, Insightful

      Only with 5000% more talent :P

      --
      No colour or religion ever stopped the bullet from a gun
  9. Factual Corrections by Anonymous Coward · · Score: 5, Interesting

    I have a few bones to pick with the summary, of a factual nature. Corrections are in bold, I have not corrected the grammatical errors.

    "F-Secure antivirus company of Finland has reported receiving e-mails from an Iranian nuclear scientist, who says Persian uranium-235 isotope refining efforts have just been hit with yet another cyber strike. (Stuxnet, Duqu and Flamer-Skywiper allegedly being the previous iterations of the same Operation Project Olympic attack plan.) Last month, an anonymous member of President Obama's staff has allegedly admitted to the New York Times that there is a joint Israel-U.S. cybermilitary operation was behind the mishaps Iranians have recently been suffering with their UF6 gas refining centrifuge systems in the Natanz and Fordo plants. This time, the unverified e-mail claims, a new Metasploit-based malware owns iranian VPNs, causes fault in the nuclear plants' Siemens-based industrial control systems, and randomly starts to play AC/DC's 'Thunderstruck' aloud via the infected computers' speakers."

    I'm not saying the Times is wrong, but I don't trust their source completely. I also am not claiming he's wrong, but the press has a very bad habit of really fucking up critical details of technology-related stories. For example, I find it pretty hard to swallow that such an operation would only involve the US and Israel. It's all very convenient, and tidy, and in real life the real story is very rarely wrapped up in such a pretty little package. We certainly need at least an independent confirmation of the source's information.

  10. Act of War by Anonymous Coward · · Score: 2, Insightful

    They are seriously dancing around if this is an act of war. If Iran started hitting the US I suspect these actions would have a different spin. Of course the US is a super power so war with them is on a completely different level than the smaller countries.

  11. Pandora's Box by Anonymous Coward · · Score: 5, Interesting

    It's been opened.

    The US will not encounter foreign boots on the ground but cyber retaliation... and I promise it could get very ugly. As a former Network Admin, Accelerator Designer, and now Siemens Programmer I can tell you that these viruses can be turned back on us. Much of the world runs on Siemens programming. Oil rigs, chemical mixers, MRI scanners, food prep, power grids, water treatment, and manufacturing assembly of all kinds (right off the top of my head) all run on Siemens hardware/software and we don't have the ability to defend against it.

    However, I am not worried about Iran. It's China who already has their digital boots on the ground.

    1. Re:Pandora's Box by organgtool · · Score: 4, Funny

      Much of the world runs on Siemens

      My God! The world is covered in Siemen!

  12. The obvious question... by jonwil · · Score: 3, Funny

    Will the RIAA be sending the Iranian government a cease and desist notice for violating its copyright on the song?

  13. Re:Iron Man by ackthpt · · Score: 2

    It sounds like Tony Stark may have had a hand in this one.

    What happens when Tony Stark/Iron man becomes infected by a virus?

    --

    A feeling of having made the same mistake before: Deja Foobar
  14. Coursera by robi5 · · Score: 2

    Federal agents must be going through iranian IP addresses of the Cryptography course on Coursera.

  15. Come again? by Indigo · · Score: 2

    > President Obama's staff has admitted to the New York Times that there is a joint Israel-U.S. cybermilitary operation was behind the mishaps Iranians have recently been suffering with their UF6 gas refining centrifuge systems in the Natanz and Fordo plants.

    Remind me, when and where exactly did Obama's staff admit this? Is there anything at all besides one article with unsourced allegations?

    No doubt the U.S. is behind behind this. But I'm getting damned tired of the shoddy journalism. I've seen so many claims that "the President has confirmed that the U.S. is behind the cyber attacks on Iraq nuclear facilities" with absolutely nothing to back them up. C'mon folks, stick to the facts.

  16. Re:Iron Man by Hsien-Ko · · Score: 5, Funny

    Too many women with too many pills?

  17. Re:Iron Man by TWX · · Score: 4, Funny

    I think the parent comment meant the result, not the cause...

    --
    Do not look into laser with remaining eye.
  18. Re:Sarcasm! by Anonymous Coward · · Score: 5, Funny

    Indeed. I wonder how long until the RIAA and Co. will take until they send their regards for each computer playing to a group of people without licensing rights.

  19. Re:Sarcasm! by icebike · · Score: 3, Insightful

    Actually, playing the music, and calling attention to the exploit is a sign of kiddies at play, and nothing to do
    with any professional or state backed efforts. Why would you reveal your exploit?

    Its possible this is a diversionary tactic to hide something serious going on at different workstations. But I doubt it.
    It could also be an inside prank, because unless you are there to see the panic ensue, why play music. But I doubt that as well.

    The story is just as likely to be totally bogus: Unverified email form a nuclear scientist, Really!?, Like these guys get to send mail unguarded, un-scanned, un-censored?

    --
    Sig Battery depleted. Reverting to safe mode.