Stuxnet Infected (But Didn't Affect) Chevron Network In 2010

← Back to Stories (view on slashdot.org)

Stuxnet Infected (But Didn't Affect) Chevron Network In 2010

Posted by Soulskill on Saturday November 10, 2012 @08:39AM from the collateral-damage dept.

Penurious Penguin writes "The Wall Street Journal, in correspondence with Chevron representatives, reveals that back in 2010, Stuxnet reached Chevron, where it managed to infect — but not significantly affect — the oil giant's network. According to a Chevron representative speaking to CNET, the issue was 'immediately addressed ... without incident.' The Stuxnet worm is believed to be the work of the U.S. and Israel, and this report is confirmation that it struck well wide of its intended targets. Chevron's general manager of the earth sciences department, Mark Koelmel, said to CIO Journal, 'I don't think the U.S. government even realized how far it had spread ... I think the downside of what they did is going to be far worse than what they actually accomplished.'"

46 of 82 comments (clear)

Min score:

Reason:

Sort:

Payload was specific - Transport, not so much by icebike · 2012-11-10 08:39 · Score: 4, Informative

The transport used was fairly generic in nature, but since the payload was aimed at a specific controller used on centrifuges its not surprising that it had little effect elsewhere.
Even if that Siemens motor controller was common, its use case in Iran was rather specific, and chances are the payload was pretty specific to exact firmware levels. From Wiki:

While the worm is promiscuous, it makes itself inert if Siemens software is not found on infected computers, and contains safeguards to prevent each infected computer from spreading the worm to more than three others, and to erase itself on 24 June 2012.
Had it been given a shorter life span than two years, chances are it would never have been discovered.
The real risk here is that others have climbed on board this train and are using essentially the same engine for other purposes.

--
Sig Battery depleted. Reverting to safe mode.
I wonder... by Frosty+Piss · 2012-11-10 08:39 · Score: 4, Insightful

Unless Chevron is running centrifuges in Iran, Stuxnet probably wouldnâ(TM)t have been much of an issue as the Stuxnet code was pretty specific. But of course the real issue for Chevron it *how* they allowed Stuxnet to infect at all? What was the vector, and why was it either Interwebs connected or techs were using infected thumb drives?

--
If you want news from today, you have to come back tomorrow.
1. Re:I wonder... by CodeheadUK · 2012-11-10 09:25 · Score: 3, Insightful
  
  I'm also slightly confused as to how it didn't get reported to the AV vendors at that point. Signatures could have been in circulation for some time, preventing the embarrassing situation that occurred when the thing turned up two years later and everyone had their trousers down.
2. Re:I wonder... by Anonymous Coward · 2012-11-10 10:33 · Score: 1
  
  If it was anything like the spread at our work thumb drives is only one of the possible methods of attack. The others mimicked the conficker worm can is able to spread over peer to peer networks. In a company with many 10s of thousands of employees I'm not surprised they got infected. We here at an only slightly smaller than Chevron oil company got infected too, but the virus never made it as far as our control system networks. It spread globally through the business network though until they took all the file servers offline for a day to clean things up.
3. Re:I wonder... by fluffy99 · 2012-11-10 12:15 · Score: 1
  
  Our govt has a very tight relationship with Microsoft, Symantec and McAfee. It's not surprising that certain things are not flagged as malicious. It's also curious that there are signatures in their database for things that have never been officially found in the wild. It's been noted a few times that Kasperasky has added signatures for virus's and trojans long before they show up in the wild.
4. Re:I wonder... by icebike · 2012-11-10 12:39 · Score: 1
  
  Our govt has a very tight relationship with Microsoft, Symantec and McAfee.
  Given the impossibility of keeping ANYTHING secret in this country, how can you make such statements without a shred of proof? If such existed, someone would have spilled the beans long before now.
  There are other anti-virus products produced in Russia and Germany. These too totally missed Stuxnet.
  Are these companies compromised by the US government as well?
  Hanlon's Razor:
  Never attribute to malice that which is adequately explained by stupidity.
  It seems far more likely to me that McAfee and Symantec are just not very good at their job, or that they spend far more time figuring how many hooks they can embed in windows than they do perfecting their database of signatures.
  It also seems quite likely that Stuxnet deactivated itself so completely when Seimens software was not found on the machine that it presented no more risk than a simple text file. Something that does nothing never gets reported to any of these anti-virus vendors.
  
  --
  Sig Battery depleted. Reverting to safe mode.
5. Re:I wonder... by capedgirardeau · 2012-11-10 13:08 · Score: 1
  
  I take exception to your statement the government can not keep secrets.
  The CIA has a budget estimated at 10's of billions dollars per year. The Military intelligence agencies probably at least that much as well. They obviously do something with that money.
  How many intel related operations and actions can you directly cite that are confirmed or well known to be intel. operations?
  They manage to keep their day to day operations around the world pretty well secret I feel. And have for many years.
  
  --
  Wax on, wax off baby!
6. Re:I wonder... by icebike · 2012-11-10 13:15 · Score: 2
  
  LOL
  Posting this the day after the head of the CIA is forced to resign. Priceless
  http://m.voanews.com/1543302.html
  
  --
  Sig Battery depleted. Reverting to safe mode.
7. Re:I wonder... by Frosty+Piss · 2012-11-10 15:30 · Score: 1
  
  Posting this the day after the head of the CIA is forced to resign. Priceless
  Which has exactly ZERO to do with keeping or not keeping secrets.
  In other words, so what?
  
  --
  If you want news from today, you have to come back tomorrow.
8. Re:I wonder... by Frosty+Piss · 2012-11-10 15:36 · Score: 1
  
  Where I work, p-2-p is blocked, and are most streaming / download services. As well, plugging a thumb drive into your desk-top logs you out and blocks your account - which is kind of stupid since portable hard drives work fine - but only if the guid for the device is registered on the network (but of course that could be spoofed).
  The REAL deterrent is that if they catch you using unauthorized hardware / software, you get escorted out permanently.
  At least that's the way we do it were I work...
  - Frosty
  
  --
  If you want news from today, you have to come back tomorrow.
9. Re:I wonder... by manu0601 · 2012-11-10 15:53 · Score: 1
  
  The CIA has a budget estimated at 10's of billions dollars per year. The Military intelligence agencies probably at least that much as well.
  What other military agencies? I though the CIA was a military agency itself
10. Re:I wonder... by AHuxley · 2012-11-10 16:17 · Score: 1
  
  Re Given the impossibility of keeping ANYTHING secret in this country
  We got a tiny feel for it via news about http://en.wikipedia.org/wiki/Magic_Lantern_(software)#Antivirus_vendor_cooperation
  "FBI taps cell phone mic as eavesdropping tool"
  http://news.cnet.com/2100-1029-6140191.html
  http://arstechnica.com/information-technology/2008/01/bavarian-government-caught-looking-for-skype-backdoor/
  So yes its "spilled" but usually years later and seems more of a telco/crypto/hardware/software curiosity by many.
  As for "no more risk than a simple text file" - you now have the open free for all that any nation can mess with the telco, hardware or software of another nation - no questions asked.
  Before that it was all 'hackers' 'probing' 'scams' 'kids' maybe the CIA faulty chips in the Soviet Unions pipelines... but to buy the unique hardware, test it and then try to pass it off as a non state actor is new.
  Now its a state free for all.
  
  --
  Domestic spying is now "Benign Information Gathering"
11. Re:I wonder... by Type44Q · 2012-11-11 01:33 · Score: 1
  
  Our govt has a very tight relationship with Microsoft, Symantec and McAfee.
  And oil companies like Chevron?
12. Re:I wonder... by Digit+Machine · 2012-11-12 04:44 · Score: 1
  
  The head of the secrets agency couldn't keep his affair a secret.
13. Re:I wonder... by tlhIngan · 2012-11-13 04:40 · Score: 1
  
  Unless Chevron is running centrifuges in Iran, Stuxnet probably wouldnÃ(TM)t have been much of an issue as the Stuxnet code was pretty specific. But of course the real issue for Chevron it *how* they allowed Stuxnet to infect at all? What was the vector, and why was it either Interwebs connected or techs were using infected thumb drives?
  Probably infected thumb drives. Or hooking the infected PC to the airgapped network to update the software.
  These networks are airgapped for security as well as keeping miscreants off (they often have to run very specific OS revisions including patches and sometimes they need updating, or the controllers are being updated or changed or additional controllers being added).
  Problem is, how do you get the updated configuration data, software patch, etc. to the other side? Regardless of how you do it, it's a possible infection vector.
Virus gives "Germ Warfare" by retroworks · 2012-11-10 08:44 · Score: 1

new meaning

--
Gently reply
Good Grief. by Frosty+Piss · 2012-11-10 08:55 · Score: 1

I think the downside of what they did is going to be far worse than what they actually accomplished.
So you think nuclear proliferation is acceptable and that Iran will manage being a Nuke Bomb owner in a sensible way? Really?
A "bomb" in the hands or the Iranians is truly a terrifying thing.

--
If you want news from today, you have to come back tomorrow.
1. Re:Good Grief. by Culture20 · 2012-11-10 09:04 · Score: 2
  
  But Iran won't infect Chevron (to no affect) with a nuclear bomb. C'mon, man, this is a Corporation we're talking about here! Have you no sense of proportion!?
2. Re:Good Grief. by Anonymous Coward · 2012-11-10 09:14 · Score: 2, Insightful
  
  I think the downside of what they did is going to be far worse than what they actually accomplished.
  So you think nuclear proliferation is acceptable and that Iran will manage being a Nuke Bomb owner in a sensible way? Really?
  A "bomb" in the hands or the Iranians is truly a terrifying thing.
  And hundreds of bombs in the hands of crazy terrorist harboring and financing muslim government no eh ? See Pakistan.
  And although India is not a muslim country, they are about as trigger happy as the Pakistanis insofar as nuclear weapons are concerned.
  Israel, has hundreds of nuclear warheads, the majority of which are being carried on modern AIP submarines bought from Germany.
  And what about NK, a crazy country that fires real artillry shells on South Korea and even sinks SK ships ?
  The least of our worries is Iran.
  But I guess, same as Iraq, when you can't kind a rational casus belli just invent one. Now where are those WMD in Iraq ?
3. Re:Good Grief. by Frosty+Piss · 2012-11-10 09:29 · Score: 1
  
  See Pakistan.
  Of course Pakistan is a HUGE concern. But that doesn't mean we should ignore Iran.
  
  --
  If you want news from today, you have to come back tomorrow.
4. Re:Good Grief. by Anonymous Coward · 2012-11-10 09:36 · Score: 1
  
  And although India is not a muslim country, they are about as trigger happy as the Pakistanis insofar as nuclear weapons are concerned.
  Fuck you! India has always held a non-first use policy (in other words, it will be used only as a retaliation to a nuclear strike). They have pretty open about this policy. I have never heard any one complain about Indian nuclear policy (unlike Pakistan which refuses to promise non-first use)
5. Re:Good Grief. by Anonymous Coward · 2012-11-10 09:39 · Score: 1
  
  I think the downside of what they did is going to be far worse than what they actually accomplished.
  So you think nuclear proliferation is acceptable and that Iran will manage being a Nuke Bomb owner in a sensible way? Really?
  A "bomb" in the hands or the Iranians is truly a terrifying thing.
  And hundreds of bombs in the hands of crazy terrorist harboring and financing muslim government no eh ? See Pakistan.
  And although India is not a muslim country, they are about as trigger happy as the Pakistanis insofar as nuclear weapons are concerned.
  Israel, has hundreds of nuclear warheads, the majority of which are being carried on modern AIP submarines bought from Germany.
  And what about NK, a crazy country that fires real artillry shells on South Korea and even sinks SK ships ?
  The least of our worries is Iran.
  But I guess, same as Iraq, when you can't kind a rational casus belli just invent one. Now where are those WMD in Iraq ?
  I agree, it's quite disturbing that Israel has these weapons.
6. Re:Good Grief. by equex · 2012-11-10 09:53 · Score: 2
  
  imagine mitt romney with nukes.
  
  --
  Can I light a sig ?
7. Re:Good Grief. by lister+king+of+smeg · 2012-11-10 10:21 · Score: 1
  
  I am and no fear was created.
  maybe you could update your troll bait since he lost the election.
  
  --
  ---Saying gnome 3 is better than windows 8 not so much a compliment as it is damning with light praise.
8. Re:Good Grief. by rtb61 · 2012-11-10 12:44 · Score: 1
  
  A nuclear weapon in the hands of people who have already used them and call for 'FIRST STRIKE' is truly a terrifying thing. There fixed it for you, at least it's accurate now. Especially when those same people are all to happy to murder innocent people by remote control and guilt it measured by, seems like they might be up to something, kill them anyhow and success is measured by effective of public relations lies about success and it's treason to tell the truth.
  
  --
  Chaos - everything, everywhere, everywhen
9. Re:Good Grief. by cold+fjord · 2012-11-10 18:23 · Score: 1
  
  Especially when those same people are all to happy to murder innocent people by remote control and guilt it measured by, seems like they might be up to something,
  Not quite.
  Most of those killed in drone attacks were terrorists: military
  
  --
  much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell
10. Re:Good Grief. by Anonymous Coward · 2012-11-10 19:20 · Score: 1
  
  A "bomb" in the hands of the Iranians is truly a terrifying thing.
  
  The USA is the only country to deploy nuclear weapons (Japan), anthrax (Korea), napalm or agent Orange (Vietnam) during a war. A "bomb" in the hands of the Americans is a truly terrifying thing.
11. Re:Good Grief. by evanism · 2012-11-10 20:32 · Score: 1
  
  I am not an American, but I will tell you it is no accident that Russia had 2 nuke subs parked off the coast this week.
  The perception of everyone I speak to is that Romney is a crazy. His being elected would lead to a major war using false flag in a matter of months.
  What amazes me is the perception of Romney voters, they simply cannot see it.
  
  --
  Just bought a new quantum computer, but I'm uncertain how it works.
12. Re:Good Grief. by ThatsMyNick · 2012-11-11 11:39 · Score: 1
  
  Your neighbor who you just had war with, just started testing nuclear explosions. You would be silly and stupid to not do the same. If it comes to war, why is far fetched to imagine China nuking India? The only deterrent is India having nuclear weapons, and keeping the ability to retaliate in kind. Now that India has it, we would never know if China would have nuked non-nuclear India when it comes to war between them (which would eventually have to happen at some point of time in the future, may be decades/centuries away, but it still has to happen).
  
  And what use would population and military be, when you have weapon that is many many more times powerful that the only your enemy has. You can simply shock you enemy into submission. You seriously cannot see the power imbalance in would have created?
13. Re:Good Grief. by ThatsMyNick · 2012-11-11 11:48 · Score: 1
  
  Pakistan as a state has had decent relations with Israel forever. Just because there are some lonnies in Pakistan that would like to see Israel disappear doesnt mean Pakistan does not work well with Israel. Hell Pakistan even acquired radars from Israel. There have been times when their relations were very very cordial.
  Europe was also unstable for a long time too, in the past. Rest of Asia too. It doesnt mean the present conflicts and overthrowing of governments are not being orchestrated by the west.
14. Re:Good Grief. by ThatsMyNick · 2012-11-11 12:02 · Score: 1
  
  Actually, make that, you had just lost a war with your neighbor, and you had to concede a strategically significant piece of land you had under your control. Now your neighbor starts testing nuclear weapons.
15. Re:Good Grief. by equex · 2012-11-12 01:37 · Score: 1
  
  Yeah, i was gonna brace for WW3 if that maniac won.Glad to hear russia are prepared too ;) I'm still not writing off that false flag operation, its not like Obama is an angel from heaven either.
  
  --
  Can I light a sig ?
16. Re:Good Grief. by rtb61 · 2012-11-12 02:51 · Score: 1
  
  Innocent until publicly proven guilty in a court of law dickwad.
  
  --
  Chaos - everything, everywhere, everywhen
17. Re:Good Grief. by cold+fjord · 2012-11-18 18:50 · Score: 1
  
  Innocent until publicly proven guilty in a court of law
  You are quite mistaken, and a big hint is your phase, "court of law." A court of law is used in criminal matters to judge guilt or innocence before imposing punishment of the guilty. Dealing with Al Qaida, the Taliban, and company, is primarily a question of war and military action, not law enforcement, arrests, and courts of law. (Besides, what legal jurisdiction do you propose over the tribal territories in Pakistan? The Pakistani government itself cannot reliably control events there.) Bin Laden made his declaration of war on behalf of Al Qaida, and several years and many attacks later, the US returned the favor after 9/11. So it is war, not police raids, at their choice. If you don't like that, it doesn't change the facts one bit.
  Do these look like car thieves? How many police from what agency would you bring to overcome their numbers, machineguns and rocket propelled grenades? How could you arrest and try men before shooting in a situation like this?
  
  dickwad.
  Civility to match your understanding?
  
  --
  much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell
Sabotage by kwerle · 2012-11-10 09:05 · Score: 2

You have a choice between real people dying or computers catching a virus... The more effective we are in slowing down Iran's nuclear program, the more time we have before we need to resort to military action...
Lemme start by saying that I agree.
But isn't sabotage an act of war?
The US seems to think so: http://www.geek.com/articles/news/pentagon-rules-cyber-attacks-and-sabotage-constitute-an-act-of-war-20110531/
And that it justifies military response.
1. Re:Sabotage by feedayeen · 2012-11-10 09:34 · Score: 1
  
  You have a choice between real people dying or computers catching a virus... The more effective we are in slowing down Iran's nuclear program, the more time we have before we need to resort to military action...
  Lemme start by saying that I agree.
  But isn't sabotage an act of war?
  The US seems to think so: http://www.geek.com/articles/news/pentagon-rules-cyber-attacks-and-sabotage-constitute-an-act-of-war-20110531/
  And that it justifies military response.
  Countries weigh the cost vs benefits when engaging in a war, not all 'acts of war' are created equal.
  If hundreds or thousands of citizens die in an attack like the USS Maine (Spain), RMS Lusitania (Germany), Peril Harbor (Japan), 9/11 (Afghanistan), the US responds with an all out war where both sides suffer causalities. Other cases like the theft of American's property (Cuba), an embargo is sufficient for us to tell them that we don't like 'em.
  During none of the wars listed above did the US ever have a significant threat to it's existence even in the event of a loss, except maybe Cuba. But if you're Iran war would mean certain defeat, that cost calculation is even more skewed.
Re:Give me a break by Anonymous Coward · 2012-11-10 09:20 · Score: 1

There is 0 evidence that Iran is developing nuclear weapons. The CIA said as much.
I trust them more than I trust a bunch of war mongering politicians and lobbyists for a certain country.
Re:Give me a break by Anonymous Coward · 2012-11-10 09:23 · Score: 3, Insightful

You have a choice between real people dying or computers catching a virus. Personally, I prefer the latter. The more effective we are in slowing down Israel's nuclear program, the more time we have before we need to resort to military action. I think everyone can agree harsh sanctions and computer viruses are preferable to all-out war. That is, so long as they work. Those who criticizes legitimate sanctions and the passive actions like computer viruses doesn't understand that their actions are just leading to all-out war.
FTFY.
Also, you could change that to "The more effective we are in slowing down the USA's nuclear program, the more time we have before we need to resort to military action", but I think you get the point. Or I hope you do.
Re:US is truly more terrifying by Anonymous Coward · 2012-11-10 12:24 · Score: 1

Americans are crazy and have no problem invading one foreign country after another. Even a foreign country that has done nothing wrong to them but has been bombed and its own citizens put into oppression the American government and their allies.
At least Iran does not invade other countries nor threatens them unless of course the other countries interfere with them first.
A reminder it was the US government who installed the Shah in the first place that started that countries hatred to the US. If any country that should give up its nuclear weapons it should be the US.
Re:Give me a break by khallow · 2012-11-10 12:54 · Score: 2

There is 0 evidence that Iran is developing nuclear weapons. The CIA said as much.
There is the uranium enrichment process which is most of the work. Reading through intelligence reports, it appears that Iran is deliberately putting off the most provocative steps for now (well as of perhaps 2010, who knows about now). But that's not the same as "zero evidence".

If one looks at the US Manhattan project, most of the work done outside of New Mexico was uranium and plutonium refinement. That required vast amounts of energy and huge complexes in numerous states. It was only in New Mexico at the twin locations of Los Alamos and Sandia, that the actual first atomic bombs were assembled.

As I see it, once they're machining highly enriched uranium (called "HEU" in the above linked report), they're most of the way towards a primitive nuclear bomb such as "Little Boy" used on Hiroshima in 1945. I think they could have a test weapon ready in months at that point.

Another key bit of evidence is the extreme hardening of much of their uranium enrichment facilities against conventional attack. If these facilities were just for civilian use, then they wouldn't have enough value to justify the degree of hardening used.
Re:Give me a break by Anonymous Coward · 2012-11-10 16:48 · Score: 1

I'm afraid of the country that thinks absolutely nothing of blackmailing its "allies" at every turn.
Re:Give me a break by Anonymous Coward · 2012-11-10 19:38 · Score: 1

Another key bit of evidence is the extreme hardening of much of their uranium enrichment facilities against conventional attack. If these facilities were just for civilian use, then they wouldn't have enough value to justify the degree of hardening used.
Maybe if they weren't being targetted by Mossad thugs they could afford to have unsafe nuclear facilities. As it is, their (civilian!) scientists are being killed left and right, and there was (at least) one (digital) attack in one of their facilities. You can't blame them for trying to defend themselves from attackers If it were your country instead you'd be all for defending from the agressors, but since they're dirty sand-niggers they obviously deserve it.
Re:List of United States Intelligence agencies by jafiwam · 2012-11-10 22:51 · Score: 1

You forgot: Bloomberg Secret Soda Police (BSSP)
Re:Give me a break by khallow · 2012-11-11 00:03 · Score: 1

they have been actively targeted by multiple military organizations, so it is perfectly reasonable for them to harden such facilities even if they aren't trying to develop a weapon.

No. I don't buy that at all. I mostly agree with the second paragraph, but there are two addition concerns, both which coincide with your observation. Iran can also chose to use any nukes it makes. Nobody trusts them with this stuff. Also, we have to consider the other countries in the area. Saudi Arabia and Egypt may decide to develop nuclear weapons of their own in response.

And Iran may pass on its knowledge or nuclear weapons themselves to its non-terrorist allies/associates such as Venezuela or North Korea.
Re:Give me a break by khallow · 2012-11-11 00:09 · Score: 1

Maybe if they weren't being targetted by Mossad thugs they could afford to have unsafe nuclear facilities.
And there's that third piece of evidence. One doesn't just get targeted by "Mossad thugs". It's not like the weather.

You can't blame them for trying to defend themselves from attackers If it were your country instead you'd be all for defending from the agressors, but since they're dirty sand-niggers they obviously deserve it.
No blaming is going on here. But I don't mind making "trying to defend themselves" as hard as possible.
Not a surprise by 40ohms · 2012-11-11 02:00 · Score: 1

If your using the same controllers as the target for that virus, but your not running applications requiring precise speed control you would not even notice anything has changed. As I understand it, centrifuges rely on a well controlled rotation speed to hit a certain amount of G force. Most industrial applications don't require speed control to be that exact and generally are not going to be running fast enough to cause destruction from the stress. It sure is sad that the trolls have nothing better to do than take this subject so far off course this leads to 95% of the thread being useless garbage. I guess many of them are now unemployed and looking for something to do, since they seem to have at least another 4 years to find a job.