Stuxnet Still Out of Control At Iran Nuclear Sites 361
Velcroman1 writes "Iran's nuclear program is still in chaos despite its leaders' adamant claim that they have contained the computer worm that attacked their facilities, cybersecurity experts in the US and Europe say. Last week President Mahmoud Ahmadinejad, after months of denials, admitted that the worm had penetrated Iran's nuclear sites, but he said it was detected and controlled. The second part of that claim, experts say, doesn't ring true. Owners of several security sites have discovered huge bumps in traffic from Iran, as the country tries to deal with Stuxnet. 'Our traffic from Iran has really spiked,' said a corporate officer who asked that neither he nor his company be named. 'Iran now represents 14.9 percent of total traffic, surpassing the United States with a total of 12.1 percent.'"
Iran... (Score:5, Interesting)
Re:This Is Real Hacktivism (Score:2, Interesting)
>Targeted precise strike on Iran's nuclear capabilities, this is a bigger win for freedom and security in the free world and anything wikileaks or their supporters could dream of doing.
More like cripple them so the US with the approval of other Arab countries like Saudi would go in and start another war for extra few years of oil supply.
Spengler saw this last year (Score:5, Interesting)
The columnist who writes for Asia Times On-line (www.atimes.com) under the name Spengler foresaw this situation last year. He noted that 95+% off the software that was being used in Iran was 'pirate-ware' from the West. He noted that there was an Iranian government-run file download site that held hundreds of popular Western software packages along with their kraks, passwords, and keygens. He predicted that this would allow viruses to run amok throughout Iran at some point in the future.
He also quotes a BBC reporter who states that almost nobody except government officials and their goon squads (and old ladies, of course) still believes in fundamental Islam in Iran. She (the BBC reporter) says that only about 2% of the population regularly go to Friday services at the mosques in Iran. And over 5% of Iranians are addicted to cheap Afghanistan heroin, the highest addiction rate in the world. Unemployment among the young is in reality over 50%. She says that Iran currently resembles the Soviet Union in the late 1980's; it's a country that will just fall apart in the next ten years if the rest of the world just leaves them alone and lets it happen.
At the time of the revolution in 1978, Iran's population was about 27 million (I remember the number quoted as 50 million at the time) and now it is over 70 million: a direct result of Khomeini's exortation for young people to -'get a-fuckin'- (in a manner of speaking) and make lots of babies. When Khomeini died that policy died also, and Iran launched a massive birth-control program. Now, the children of the revolution are having almost no babies and the birth-rate in Iran is 1.6 children per couple; one of the lowest in the world. But their remains this huge bulge in the population demographic there; all the people born in the 1980's.
They call themselves 'the burnt generation'.
If any of this is true then we shouldn't worry too much about Iran. We should never actually believe anything that they say. And we should, on an individual-to-individual basis, offer whatever assistance that we can. Nevertheless, I would recommend NOT offering any detailed technical assistance to people in Iran on any specific technological project over the web until the Iranian government stops all this 'Death To America' nonsense as offical government policy.
Thank you.
Re:The difference engineering makes (Score:5, Interesting)
No, I don't think this is the kid sitting at home ala "War Games," and here is why (from the article):
Wow, you know they're serious when the cyberattack is coordinated with targeted assassinations.
Re:Spengler saw this last year (Score:4, Interesting)
Re:The difference engineering makes (Score:2, Interesting)
Stuxnet shows what a truly determined adversary can do. One who knows your internal processes. One who understands your industry-specific software - the stuff nobody outside the industry ever touches. One who has a large team of talented programmers, carefully designing and building the attack.
You make not only an interesting point but an allusion (perhaps indirectly) that may counter all those folks saying "what happens if it comes back". I personally wonder what Siemens' role in this was. As the description says, the virus specifically targeted a vulnerability in the Siemens software Iran was using on their centrifuges. That software is known to have been pirated, so it will not be updated. It is logical to assume that A) Stuxnet cannot affect licensed, updated versions of the Siemens software if it targets this vulnerability, and B) Siemens may have had a role to play in designing Stuxnet, for whoever sent the attack be it Mossad, the US, or someone else. Siemens is a Government contractor for every major Western nation and many Middle Eastern ones.
Re: Iran... (Score:2, Interesting)
Furthermore, if the Persian culture were so beautiful and warm, why does it manage such a convincing pretense of the most grievously hateful, greedy, selfish, violent, sexist, backward, theocratic barbarism outside Africa itself?
It's sorta've like if the Kansas board of education got elected to national office, and started running shit in America. Or like how we Americans are had to be very clear during the Bush years that, yes, our American government is a bunch of assholes, but individual Americans aren't necessarily like that.
A good portion of the population isn't like that, and is embarrassed by it.
I've known enough individual Persians who aren't religious lunatics to know it's not an inherently broken culture. There's just a lot more lunatics per capita.
Re:This Is Real Hacktivism (Score:4, Interesting)
It's unlikely that any of the machines you list require the exact speeds that Stuxnet is programmed for (even other uranium enrichment centrifuges are unlikely to operate at exactly the same speeds). And yes, enrichment centrifuges do require precise speed control, though it is true that many other machines also do.
Re:This Is Real Hacktivism (Score:5, Interesting)
No, enrichment machines to not require precise speed.
You made that up. Post a link or retract it.
All it requires is high speed for a sustained periods. Precision is not a criteria. It doesn't matter whether it is 2000 rpm for 5 days or 2100 rpm for 5 days and 18 hours. There are no precision requirements for centrifuges. Its a trade off between the number of Gs you can induce over a period of time. There is no special precision requirement.
Its not like a paper machine where if one of the drying drums goes .002 rpms faster than the rest the web of wet paper breaks and the machine is useless.
Centrifuges are big machines, and you have to spin them up carefully using a stepped speed profile while getting up to speed or coming to a stop.
The worm simply radically alters the speed in unpredictable ways, spinning them up, then dropping to very low speeds, very quickly the jacking them up again. Doing this very fast breaks the machines. The worm's job is to break the machines.
The worm is not trying to alter the product. Its trying to break the machines. Do some reading on this subject, PLEASE.
Re:This Is Real Hacktivism (Score:5, Interesting)
Clearly? How do you know it wasn't Saudi warfare? They've got the money, plenty of smart people (especially in reverse engineering, which is useful in spec'ing from a snatched or bought sample centrifuge), and are Iran's primary foe in the world. They've been trying to get the US to bomb Iran for years, and are the primary target of an Iranian nuke programme.
How do you know it wasn't Russian marketing? The more Iran wastes uranium, the more Iran needs Russia. The longer it takes to get a fuel stockpile, the longer Iran needs Russia. Plus Russia isn't entirely evil, and is itself an old and longstanding enemy of Iran in more ways than it is an ally, and could just be defending itself from Iran's nuke programme. Likewise China.
Those are three very plausible sources of Stuxnet. And they're all increasingly Eastern, including the ultimate Eastern of all - not Western.
Iran is a very dangerous and isolated state. It's got lots of enemies with the means and motive to unleash Stuxnet. The question is which had the opportunity, which I expect we will never know, as Iran's windows of vulnerability in this respect are some of the most closely guarded secrets ever.
Re: Iran... (Score:5, Interesting)
Another example:
People also get confused with chants like "Death to America" which isn't as extreme as it sounds once translated. For example a Persian stuck in heavy traffic is often heard to say "Death to Traffic".
Re: Iran... (Score:4, Interesting)
People also get confused with chants like "Death to America" which isn't as extreme as it sounds once translated.
Yeah, right. The GP said If someone dies, it is considered not polite to just say "Shogi is dead". Yet you say "Death to America" is not that bad. WTF?
If your language is so incoherent, then it's your duty to take better care how you speak.
Re:This Is Real Hacktivism (Score:5, Interesting)
"Your glee might be tempered a bit when this thing gets propagated to Europe, North America, and the rest of the world.
"It seems just as likely that the guys running Turbines for your local power company are no better equipped to handle this than Iran. In Iran, they have unlimited budget and first call upon the best brains in the country."
It already has. It doesn't matter.
Stuxnet was VERY selective. It targeted only the S7 315 and 417 Programmable Logic Controllers (PLC). It looked for specific code blocks and data structures on those devices. You need to know that PLC applications code is usually custom written. It looked at the I/O networks and tried to find at least 33 instances of one of two models of a high speed motor drive. These are not ordinary Variable Frequency Drives. Had they come from the US, they'd be subject to export restrictions. The ones in use came from Finland and were also constructed locally in Iran.
Speaking as a control systems engineer, I don't know of any other massively parallel processes that involve many dozens (hundreds?) of high speed drives like this --other than Uranium enrichment. That's why the risk to other plants, including the Bushir nuclear reactor, are relatively small. The malware will install itself in the development workstations but it won't do much.
This is a good thing because had the malware been less selective, it would have done pretty much what you suggest. Most of you probably have little idea as to the extent and ubiquity of these PLC devices. The S7 PLC line is extremely popular and you'll find one in nearly half of all industrial settings around the world. If there were a malware that blindly attacked these devices, the world economy as we know it would take a massive change for the worse.
THAT is why nobody has done a broad based attack against PLC gear before. It will blow back on them. Once you realize what a PLC is and how widely it is used, you will also realize that an attack against this platform is the equivalent of a nuclear attack in the software world. In the case of a PC you only lose data. Most data can be restored. In this case, you lose an industrial process and it may be significantly damaged. An attack will almost certainly blow back on you and your neighbors. It will make the economic malaise of the present look tame by comparison.