Stuxnet Still Out of Control At Iran Nuclear Sites 361
Velcroman1 writes "Iran's nuclear program is still in chaos despite its leaders' adamant claim that they have contained the computer worm that attacked their facilities, cybersecurity experts in the US and Europe say. Last week President Mahmoud Ahmadinejad, after months of denials, admitted that the worm had penetrated Iran's nuclear sites, but he said it was detected and controlled. The second part of that claim, experts say, doesn't ring true. Owners of several security sites have discovered huge bumps in traffic from Iran, as the country tries to deal with Stuxnet. 'Our traffic from Iran has really spiked,' said a corporate officer who asked that neither he nor his company be named. 'Iran now represents 14.9 percent of total traffic, surpassing the United States with a total of 12.1 percent.'"
This Is Real Hacktivism (Score:4, Insightful)
Unlike those kids at Anonymous, the perpetrators of stuxnet are showing who are the real hacktivists.
Targeted precise strike on Iran's nuclear capabilities, this is a bigger win for freedom and security in the free world and anything wikileaks or their supporters could dream of doing.
I commend these hackers for slowing down the evil Iranian government's nuclear ambitions.
Re:This Is Real Hacktivism (Score:5, Insightful)
These weren't 'hacktivists'. These were government employed/contracted hackers.
Re:This Is Real Hacktivism (Score:5, Insightful)
Your glee might be tempered a bit when this thing gets propagated to Europe, North America, and the rest of the world.
It seems just as likely that the guys running Turbines for your local power company are no better equipped to handle this than Iran. In Iran, they have unlimited budget and first call upon the best brains in the country.
Your local power company? Not so much.
Viruses and worms seem unlikely to honor boundaries forever. At least a surprise bombing run on a reactor in Iran is unlikely to hit Con-Edison in NY.
Re: Iran... (Score:4, Insightful)
> Also, it is considered dishonorable for a man to admit ignorance.
So how do you explain that fucking bearded cunt in a suit saying stuff like `the holocaust didn't happen` and `we have no homosexuals in Iran`?
Thanks, Israel! (Score:0, Insightful)
Sincerely,
The Rest of the World (including, we now know, much of the Middle East)
Nucular, really? (Score:5, Insightful)
So Stuxnet chatter is still observed around the planet, including in Iran and the US. Duh.
Now how exactly does this "expert" come to the conclusion that, somehow, activity from the US etc must be from infected home PCs, yet the same from Iran must be from some seekret uranium enrichment plant, which typically wound not be connected to the internet?
Oh, my bad, forgot, this comes from ScareTV... Never mind.
Re:Carefully Targeted (Score:3, Insightful)
No, not true.
It was targeted at a particular Siemens chipset. That chipset is used world wide and not just for centrifuges. (its already infected Iranian turbine generators).
But again, as I mentioned elsewhere in this thread, viruses and worms are built using the skeletons of other viruses and worms.
Iran will eventually figure out this tool, and tailor it to new targets. Centrifuges do not have GPS chips installed. They don't know where they are. At best the controllers that run them know a time zone and a language setting. How long will it take to adjust that?
Re:Iran Saving The Middle East From Israeli Terror (Score:5, Insightful)
Angry people... like you?
Re: Iran... (Score:1, Insightful)
#1... ok, although it's not just an American thing, you know
#2... whom are you kiddin' ?
And don't sound so condescending. US is but a part of a larger western civilization, it's had its glory days, it's had and still has its many failings.
Re:Virus and Iran again in front page? (Score:5, Insightful)
Re:The difference engineering makes (Score:2, Insightful)
I think this attack just shows the difference that good engineering can make. Most worms out there are relatively unsophisticated, or are developed by people with limited means to pull off quick scams.
Stuxnet shows what a truly determined adversary can do. One who knows your internal processes. One who understands your industry-specific software - the stuff nobody outside the industry ever touches. One who has a large team of talented programmers, carefully designing and building the attack. One who has access to government resources - the ability to tap communications lines, inject traffic, etc. One who is funded strategically - they don't want to hold your business for ransom for $1M, they want your $100B company to collapse so that one they favor can take over, or whatever.
The software out there that runs on intranets around the world is some of the most insecure stuff you'll ever see. It rarely gets subjected to serious attack, and the vulnerabilities aren't evident to the average corporate IT guy who is just doing basic due-diligence. Your average PHB doesn't want to pay for testing that will actually uncover serious flaws - they want the system to look good to their customers and have the right bells and whistles - and pricetag.
We'll see more of these attacks in the future - count on it...
This, is why stuff that is important should NOT be connected to the internet. OR allowed to come into contact with jump drives or PCs or anything else that has been exposed to the internet. This is simple. This is stupid. This seems like an old guy railing about the dangers of new technology. This is absolutely true, and will continue to be true. Further examples will be provided by reality for the remainder of your lives. I will continue to be right. This advice will continue to be ignored because it is inconvienent or stupid or old fuddy duddy thinking whatever.
Re:The difference engineering makes (Score:5, Insightful)
Symantec speculates a team size around 5-10 not including QA (whatever the heck that means).
Uh, good thing that programmers don't need QA or managers, and so on.
And yes, QA matters for an operation like this. You're probably having spies plant the bug, and they could get killed in the process. You don't risk spies on code that isn't tested.
Likewise, a fizzled attempt will likely trigger countermeasures making a future attack more difficult.
QA means getting it right the first time. That probably means creating a simulated environment and testing the software out in this environment. Sure, you don't need actual centrifuges and turbines, but you probably need software that emulates the feedback such machines would return to their controllers. I'm sure they didn't factor that into their "5-10" count.
I've worked on some IT projects where quality was serious business, and you can easily spend as much on testing as you spend on development. For a typical military-style coding effort factor in a WHOLE lot more.
Re:Iran Saving The Middle East From Israeli Terror (Score:3, Insightful)
You think the Arab nations will be so glee at the thought of a powerful Iran? In case you haven't been paying attention, "The enemy of my enemy is my friend." The wikileaks cables show quite clearly that Iran doesn't have much support from their Arab neighbors.
"wikileaks cables show quite clearly "
LOL....
Yes, you are right. The vast majority of Arabs actually are in favor of a strong Iran. Their propped up autocracies aren't in favor of that of course.
/.
A poll recently done in the middle east showed that 80% of folks there thought that Israel was a threat. 77% thought that the US was a threat. Far down the line 10% thought that Iran was a threat. This was the "Common People off the street" type folks.
Be nice though, just because you are right and he has been watching too much Fox News doesn't mean that should be falling off your rocking chair there. Settle down, put the coffee away and maybe listen to some soothing music for a few hours - or wait till you are at least fourteen before you keep posting to
Re:This Is Real Hacktivism (Score:5, Insightful)
The whole piece is based on a Fox News article. That by definition makes it unreliable. Quoting anonymous "security experts" is worthless and just citing the number of users signing on to Stuxnet security sites is hardly any better. I don't know if the Iranians have this thing under control or not and in all likelihood neither does Fox News.
While you luxuriate in your little cocoon of ideologically induced ignorance, others might like to consider some of the facts:
1. Iran as a signatory to the NPT has a right to run nuclear power plants. Even Hilary Clinton doesn't object to the Bashehr facility.
2. Bushehr facility is a Russian VVER pressurized water reactor. Russia is supplying the fuel and taking away the spent fuel. PWRs are very unsuited to producing weapons grade material. They must be shutdown for refueling. To produce PU239 uncontaminated with significant PU240, which is for all practical purposes inseparable from PU239, you need a short fuel cycle. The frequent lengthly shutdowns makes this an infeasible proposition. PU239 contaminated with significant amounts of PU240 is just not much use for weapons - it would fry the bomb makers with significant risk of premature detonation.
3. Iran certainly has an uranium enrichment program and this would give them a "break out capability" but whether Iran is actually producing or about to produce nuclear weapons is another matter entirely and not supported by any substantive evidence.
4. Whether Iran's nuclear program is "evil" is at most a matter of opinion. However, what would be construed as evil by most thinking people is the installation of the Shah by the CIA at the behest of British oil interests with the support of the British government. Rather unsurprisingly, nations tend to know their own history and mostly do believe in their right to self determination. Viewed against this historical backdrop, the most likely factor in triggering an Iranian weapons program would be a continuing and ramped up aggressive posture by the United States.
Re: Iran... (Score:5, Insightful)
So how do you explain that fucking bearded cunt in a suit saying stuff like `the holocaust didn't happen` and `we have no homosexuals in Iran`?
He's saying things his constituents want to hear, just like other fucking cunts say things like "we don't torture" or "the US government does not spy on American citizens without a warrant". In both cases it's not ignorance, it's deliberate deception.
Re: Iran... (Score:3, Insightful)
Simple, same as (Score:3, Insightful)
Simple same as the American's have LONG denied the holocaust against the natives and the concentration camps for Americans whose ancestors came from Japan. Or that those who wrote "All men are equal" really meant "White MEN, with sufficient standing, that we approve off, are equal, somewhat".
Being a cunt is not restricted to beard faces.
And really, does the US have any right to talk about the treatment of homosexuals? The republican cunts are now blocking reform of the "Do not ask, do not tell" policy until they get a tax cut for the super rich. I think we got a new arm race. Who can produce the biggest cunt in a suit.
Re: Iran... (Score:5, Insightful)
Scroll up, douchebag and realize that there are people in Islamist states who have been killed for writing a single article. There are people in North Korea who disappear for speaking badly about the Government.
All the people marching in the streets this week about Julian Assange... Where were they when it was Iranian, North Korean or Chinese dissidents? Nowhere.
These people don't truly care about freedom at all. If anything, their reflexive anti-American views are the exact opposite. People serving jail time for opposing their government must look at Julian Assange like a spoilt little brat.
Re: Iran... (Score:4, Insightful)
When he says 'let's nuke Israel and kill another six million Jews', I don't see how you can compare that to even the worst thing a Western politician has EVER said.
And if that's truly what his constituents want to hear, then they too deserve everything they get.
Re: Iran... (Score:4, Insightful)
Seriously... do you think the Iranians are somehow genetically different from the rest of us?
Err... Yes?
Just as black people are genetically different to whites, Asians are to Swedes.
Did your brain just explode? Or is this where you call me a racist?
Re: Iran... (Score:4, Insightful)
Do Persian public representatives chant "death to traffic" in unison as the first order of business after getting power?
Is being beaten to death by mounted police / getting stoned to death a bizarre pastime for Persian women?
Are covert uranium enrichment facilities just another wacky Iranian cultural quirk?