Slashdot Mirror

← Back to Stories (view on slashdot.org)

Researcher Offers New Perspective On Stuxnet-Wielding Sabotage Program

Posted by timothy on from the back-then-we-tied-an-onion-to-our-belts dept.

An anonymous reader writes with this excerpt from Help Net Security: "Stuxnet, the malware that rocket the security world and the first recorded cyber weapon, has an older and more complex 'sibling' that was also aimed at disrupting the functioning of Iran's uranium enrichment facility at Natanz, but whose modus operandi was different. The claim was made by well-known German control system security expert and consultant Ralph Langner, who has been analyzing Stuxnet since the moment its existence was first discovered. He pointed out that in order to known how to secure industrial control systems, we need to know what actually happened, and in order to do that, we need to understand all the layers of the attack (IT, ICS, and physical), and be acquainted with the actual situation of all these layers as they were at the time of the attack."

13 of 46 comments (clear)

  1. Rocket the security world? by digitalPhant0m · · Score: 3, Insightful

    Stuxnet, the malware that rocket

    I didn't know it was airborne.

    1. Re:Rocket the security world? by NatasRevol · · Score: 2

      Only way to get across the air gap.

      --
      There are two types of people in the world: Those who crave closure
  2. Grammar nazis overload by Anonymous Coward · · Score: 2, Funny

    A grammar nazi dies everytime someone reads TFS

    1. Re:Grammar nazis overload by NoNonAlphaCharsHere · · Score: 2

      Don't kid yourself, "Stuxnet, the malware that rocket the security world" would kill a grammar Boy Scout.

  3. Proof read? by Anonymous Coward · · Score: 5, Informative

    They should proof read these posts. It's been bad lately. Good subjects, just makes it hard to read. the malware that "rocket" -> "rocked"

    1. Re:Proof read? by Zontar_Thing_From_Ve · · Score: 3, Interesting

      They should proof read these posts. It's been bad lately. Good subjects, just makes it hard to read. the malware that "rocket" -> "rocked"

      You have a good point, but at least it's better than all those people who can't read properly and post articles in a panic saying "This article says X!" when in fact the article says "not X". We can figure out that "rocket" is a bad word choice and get around that but it really sucks when people claim and article says the exact opposite of what it really says because then we get tons of comments about how bad X is and how they can't believe that someone would actually do that and then a few posts follow up (and mostly get ignored) telling people to actually read the article where it is actually against X, so the submitter blew it. It seems to me that quite often about 90% of the posters never read the article in the links, so when the idiot submitter misrepresents what he submitted, that becomes what the article is about in the minds of most people here.

  4. Interesting quote by cold+fjord · · Score: 2

    “Stuxnet is a low-yield weapon with the overall intention to reduce the lifetime of Iran’s centrifuges and make their fancy control systems appear beyond their understanding,” he says, and estimates that the Stuxnet set back the Iranian nuclear program by over two years.

    Interesting description - "low-yield"

    That is a rather different take on it given the uproar over it.

    --
    much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell
    1. Re: Interesting quote by semi-extrinsic · · Score: 3, Insightful

      Well, what would you say high yield is? I can't bring myself to call a US cyber weapon "high yield" unless it destroys or disables infrastructure on a large cale. Bonus points for egg on faces in Riyadh.

      The reason it has gotten so much attention is the same reason the F117 got a huge amount of press even though it's practically useless.

      --
      for i in `facebook friends "=bday" 2>/dev/null | cut -d " " -f 3-`; do facebook wallpost $i "Happy birthday!"; done
    2. Re: Interesting quote by Anonymous Coward · · Score: 2, Informative

      I do think the F117 was highly effective in taking out lots of strategic targets in Iraq. Pilots tend to be more precise when they know the SA-5 missiles cannot hit them. Actually, it was the most effective air weapons system until the Iraqi integrated air defence system had been destroyed. And that was done in no small part by the F117s.

  5. Stuxnet, the Chernobyl of the 21st Century waiting by __aasehi2499 · · Score: 2

    to happen.

  6. We dont' need to know everything by jbmartin6 · · Score: 3, Insightful

    in order to known how to secure industrial control systems, we need to know what actually happened

    False, we don't need to know everything bad that ever happened in order to secure a system.

    --
    This posting is provided 'AS IS' without warranty of any kind, implied or otherwise.
  7. Re:"the first recorded cyber weapon" by kbg · · Score: 4, Informative

    But it is actually a cyber weapon. Instead of bombing the facility with conventional weapons it used software to sabotage the facility. Stuxnet was specially designed to be an actual cyber weapon.

  8. Change of tactics by jiadran · · Score: 4, Interesting

    I know I shouldn't have, but I read the whole document and it's really interesting. Langner thinks that the tactics (and probably the team as well) changed over time. Based on his observations I propose the following (conspiracy) theory:

    The attacks on the enrichment plants have been going on much longer than anyone so far claims, maybe since the beginning. That's why Iran's progress was so much slower than what the Pakistany managed to do (the first generation centrifigues are supposedly extremely tricky). Instead of discovering the initial attack (described in the document), the Iranian's compensated for the seemingly random problems by including additional control measures not present in the design from Pakistan: shut-off valves to quickly isolate a malfunctioning centrifuge and over-pressure valves. It took them ten years instead of the two years of the Pakistany, but they still managed to get enrichement started. Maybe with their added failure-tolerant design the original attacks didn't work anymore, or there was a leadership change (as Langner speculates). Maybe the Iranian's suspected something and changed procedures also for contractors and workers (Langner thinks that the initial attack was with direct access to the system while the later attack had to somehow find a way in). Maybe then the initial team was the Israelis who wanted to remain hidden, and when their approach didn't work anymore they asked the Americans for help who used the NSA's attack library for a way accros the air gap. The Americans would probably also be less worried about remaining hidden and maybe actively wanted to send a message.

    Altought admittely pure speculation, I think this scenario fits the known facts and observations. I'm curious to see what you think of this ;-)