Slashdot Mirror
Stuxnet Infected (But Didn't Affect) Chevron Network In 2010
Penurious Penguin writes "The Wall Street Journal, in correspondence with Chevron representatives, reveals that back in 2010, Stuxnet reached Chevron, where it managed to infect — but not significantly affect — the oil giant's network. According to a Chevron representative speaking to CNET, the issue was 'immediately addressed ... without incident.' The Stuxnet worm is believed to be the work of the U.S. and Israel, and this report is confirmation that it struck well wide of its intended targets. Chevron's general manager of the earth sciences department, Mark Koelmel, said to CIO Journal, 'I don't think the U.S. government even realized how far it had spread ... I think the downside of what they did is going to be far worse than what they actually accomplished.'"
The transport used was fairly generic in nature, but since the payload was aimed at a specific controller used on centrifuges its not surprising that it had little effect elsewhere.
Even if that Siemens motor controller was common, its use case in Iran was rather specific, and chances are the payload was pretty specific to exact firmware levels. From Wiki:
While the worm is promiscuous, it makes itself inert if Siemens software is not found on infected computers, and contains safeguards to prevent each infected computer from spreading the worm to more than three others, and to erase itself on 24 June 2012.
Had it been given a shorter life span than two years, chances are it would never have been discovered.
The real risk here is that others have climbed on board this train and are using essentially the same engine for other purposes.
Sig Battery depleted. Reverting to safe mode.
Unless Chevron is running centrifuges in Iran, Stuxnet probably wouldnâ(TM)t have been much of an issue as the Stuxnet code was pretty specific. But of course the real issue for Chevron it *how* they allowed Stuxnet to infect at all? What was the vector, and why was it either Interwebs connected or techs were using infected thumb drives?
If you want news from today, you have to come back tomorrow.
But Iran won't infect Chevron (to no affect) with a nuclear bomb. C'mon, man, this is a Corporation we're talking about here! Have you no sense of proportion!?
You have a choice between real people dying or computers catching a virus... The more effective we are in slowing down Iran's nuclear program, the more time we have before we need to resort to military action...
Lemme start by saying that I agree.
But isn't sabotage an act of war?
The US seems to think so: http://www.geek.com/articles/news/pentagon-rules-cyber-attacks-and-sabotage-constitute-an-act-of-war-20110531/
And that it justifies military response.
I think the downside of what they did is going to be far worse than what they actually accomplished.
So you think nuclear proliferation is acceptable and that Iran will manage being a Nuke Bomb owner in a sensible way? Really?
A "bomb" in the hands or the Iranians is truly a terrifying thing.
And hundreds of bombs in the hands of crazy terrorist harboring and financing muslim government no eh ? See Pakistan.
And although India is not a muslim country, they are about as trigger happy as the Pakistanis insofar as nuclear weapons are concerned.
Israel, has hundreds of nuclear warheads, the majority of which are being carried on modern AIP submarines bought from Germany.
And what about NK, a crazy country that fires real artillry shells on South Korea and even sinks SK ships ?
The least of our worries is Iran.
But I guess, same as Iraq, when you can't kind a rational casus belli just invent one. Now where are those WMD in Iraq ?
You have a choice between real people dying or computers catching a virus. Personally, I prefer the latter. The more effective we are in slowing down Israel's nuclear program, the more time we have before we need to resort to military action. I think everyone can agree harsh sanctions and computer viruses are preferable to all-out war. That is, so long as they work. Those who criticizes legitimate sanctions and the passive actions like computer viruses doesn't understand that their actions are just leading to all-out war.
FTFY.
Also, you could change that to "The more effective we are in slowing down the USA's nuclear program, the more time we have before we need to resort to military action", but I think you get the point. Or I hope you do.
imagine mitt romney with nukes.
Can I light a sig ?
There is 0 evidence that Iran is developing nuclear weapons. The CIA said as much.
There is the uranium enrichment process which is most of the work. Reading through intelligence reports, it appears that Iran is deliberately putting off the most provocative steps for now (well as of perhaps 2010, who knows about now). But that's not the same as "zero evidence".
If one looks at the US Manhattan project, most of the work done outside of New Mexico was uranium and plutonium refinement. That required vast amounts of energy and huge complexes in numerous states. It was only in New Mexico at the twin locations of Los Alamos and Sandia, that the actual first atomic bombs were assembled.
As I see it, once they're machining highly enriched uranium (called "HEU" in the above linked report), they're most of the way towards a primitive nuclear bomb such as "Little Boy" used on Hiroshima in 1945. I think they could have a test weapon ready in months at that point.
Another key bit of evidence is the extreme hardening of much of their uranium enrichment facilities against conventional attack. If these facilities were just for civilian use, then they wouldn't have enough value to justify the degree of hardening used.