There's an article here about a new worm that has been designed to attack windows based systems running a specific type of software used by power plants, pipelines and factories. I guess Iran has had the most reported infections of any other country at the moment.
Originally Posted by article
Yeah. Pretty awesome, really.
Until the lights go out...
-CJ
Got this email from my aunt:
Subject: URGENT - PLEASE CIRCULATE
In the coming days, DO NOT open any message with an attachment called: BLACK MUSLIM IN THE WHITE HOUSE , regardless of who sent it to you. It is a virus that opens an Olympics torch that burns the whole hard disk C of your computer. This virus comes from a known person who you have in your list.
Directions: You should send this message to all of your contacts. It is better to receive this e-mail 25 times than to receive the virus and open it. If you receive a message called BLACK MUSLIM IN THE WHITE HOUSE even if sent by a friend, do not open, and shut down your machine immediately. It is the worst virus announced by CNN. This new virus has been discovered recently it has been classified by Microsoft as the virus most destructive ever.
This virus was discovered yesterday afternoon by McAfee.. There is no repair yet for this kind of virus. This virus simply destroys the Zero Sector of the hard disk, where vital information function is stored.
This seems to be an updated and more informative version of the article linked above. It's more interesting too. Here are a few snippets:
Symantec has estimated that 60 percent of the computers there (in Iran) are infected.The big question remains as to who made this malware, O'Murchu suggested that it would have to be "a well-funded private group or a government. It would need to be someone who has an interest in what they're targeting." O'Murchu went on to say, "We've not seen something on this scale before" and offered a conservative estimate that it would take five to 10 people about six months to put together this piece of malware.the figures came straight from the logged traffic on one of the Stuxnet control servers that Symantec took control of. Symantec said it managed to find that the two control servers are located in Malaysia and Denmark
The consequences will never be the same for Iran.
Forbes column on Stuxnet
So is there any chance that this isn't an Israeli attack?
From your article:
That's a pretty good question. With all the rumors about China hacking U.S. servers etc I sometimes wonder how far we're willing to let it all slide before things get tense. It almost seems as if we're looking the other way because we're trying to avoid being called out for our own activities on their networks.The United States is heavily invested in cyberwar, as are Israel, Russia, India and others. But we have no doctrine for offensive use. In fact, our military and intelligence leaders haven’t yet agreed on a definition of cyberwar: when is a cyber attack an act of war?
Someday soon somebody has got to get a little pissed about this stuff.
Our nuclear arsenal and reactors need to go all Battlestar Galactica retro and shit.
Chances:
94% = Israel
4% = India
1% = China
1% = Consortium of extremely right-wing Fundamentalists in the U.S. (because I can't believe Obama would green-light something like this)
Israel used up all its "Bomb-nuclear-reactor-get-out-of-jail-free-cards" with the way they've handled most of their conflicts in the past few years. They needed a different tact that doesn't involve flying a physical bomb into a wall killing civilians. People forget Isreal has probably the best spy-network on earth. Iran isn't going to publically whine about a trojan unless someone is killed... it makes them look incompetant.
However, if the "Iran nuke facility" is a red herring, then I'd say China is responsible and the real targets are Western European and American facilities. Iran was just a doorstop along the way. A demonstration not unlike their blowing up a satellite putting hundreds of existing satellites in peril from space bits. I'm not sure the US has the same offensive cyberware capabilities that the Chinese have. The numbers of people they employ for hacking Western Governments is unreal.
The proof will be in what Iran does: continue their program as before or announce a change of plans.
If they continue on, then this is all likely a proof of concept for someone's benefit, not a real attack.
If they change plans, no matter what reason they give, it's likely this was an actual attack on their facility. The change of plans would be necessary if they now know their facilities can be destroyed without bombs.
I don't think Israel did this by themselves. They may be involved, but it mostly reminds me of the US government getting the phone companies to allow the government to monitor all the communications they want. From what I read, they way this was done required tons of what is normally protected inside information, information that no corporation would hand over...except the ones that hand it over to the US government.
It could be stolen or even bought, but that requires overt activities that could give away your plan. In addition, this seems like a time sensitive mission(vs Iran) so you wouldn't want to be stuck counting on stealing it or finding a seller before it's too late.
If you could just demand the info any time you want and know you'll get it, then this kind of plan is a lot more viable.
Iran could halt higher enrichment: Ahmadinejad
I think this is just coincidence, although if a country wanted to send a message, Stuxnet might be a rather obvious and public way to do it.
More than likely they're going broke and want a shortcut.
That's my intuitive guess. I can't speak of the physics/feasibility of their gambit. Bueller? Bueller?
It's either the Israelis or the Cyber Warfare guys in the USAF.
The news and places like NPR are making a big deal about this worm, but QT3 isn't. Why is that? This seems like it would be right up QT3's alley.
Cause we made the worm.
The first rule of Stuxnet club is that no one talks about Stuxnet club.
I got a nuclear worm right here!
After cleaning so many virus's/worms off relative's computers I think we're just glad for once it's not infecting our own systems. I also think the destructive potential is being a bit overblown.
Well, theoretically though if they have control of the PLC they have control of everything it does, safety included. I know if you had control of a wind turbines PLC you could make a short so bad it would literally pull the rebar out of the cement in it's base. Before you ask, yes it has happened - though not because of a PLC.
Looks like Iran has arrested 'nuclear spies'.
I feel sorry for whatever poor guy/girl they're trumping up charges on. I can't imagine the hell they will be going through.
Update on Stuxnet:
New and important evidence found in the sophisticated “Stuxnet” malware targeting industrial control systems provides strong hints that the code was designed to sabotage nuclear plants, and that it employs a subtle sabotage strategy that involves briefly speeding up and slowing down physical machinery at a plant over a span of weeks
...
According to Symantec, Stuxnet targets specific frequency converter drives—power supplies that are used to control the speed of a device, such as a motor. The malware intercepts commands sent to the drives from the Siemens SCADA software, and replaces them with malicious commands to control the speed of a device, varying it wildly, but intermittently.
The malware, however, doesn’t just sabotage any frequency converter. It inventories a plant’s network and only springs to life if the plant has at least 33 frequency converter drives made by Fararo Paya in Teheran, Iran, or by the Finland-based Vacon.
Even more specifically, Stuxnet targets only frequency drives from these two companies that are running at high speeds—between 807HZ and 1210Hz. Such high speeds are used only for select applications. Symantec is careful not to say definitively that Stuxnet was targeting a nuclear facility, but notes that “frequency converter drives that output over 600Hz are regulated for export in the United States by the Nuclear Regulatory Commission as they can be used for uranium enrichment.”
Is hooking up our nuclear power plants to the internet just a good idea, or a fucking brilliant idea?
I guess the lesson from Stuxnet is that all of our computer-controlled infrastructure is vulnerable to "attack", regardless of whether that attack means subtle manipulation of a process outcome or a dramatic, catastrophic failure. That said, Stuxnet wasn't aimed at a power plant, and it was definitely the former: it targeted uranium enrichment centrifuges, with the goal of lowering the quality of enriched uranium without causing obvious, noticeable damage.
One article suggested thumb drives were used to infect the target.
The story of how they got that thumb-drive into an Iranian weapons facility would be fascinating.
They wrote "porn" on the side and left it in a coffee shop frequented by Iranian weapons facility employees.
That's what my husband says happens with the viruses in his workplace. He's the IT director of a completely dysfunctional manufacturing company that makes money despite a management team that zaps off to races in exotic parts of the world on the company dime. The management says it wants its users trained, but when there's training, the supervisors won't let their people come to training. Viruses are a huge issue, and the users are convinced that there must be some sort of magic wand solution that will render all devices in the building safe.
No kidding, the majority of viruses have been traced to thumb drives that were infected on the home pc.
Very interesting ars/Wired article on how people discovered and analysed Stuxnet.
Posting Permissions
Reply With Quote