Stuxnet Still Out of Control At Iran Nuclear Sites 361
Velcroman1 writes "Iran's nuclear program is still in chaos despite its leaders' adamant claim that they have contained the computer worm that attacked their facilities, cybersecurity experts in the US and Europe say. Last week President Mahmoud Ahmadinejad, after months of denials, admitted that the worm had penetrated Iran's nuclear sites, but he said it was detected and controlled. The second part of that claim, experts say, doesn't ring true. Owners of several security sites have discovered huge bumps in traffic from Iran, as the country tries to deal with Stuxnet. 'Our traffic from Iran has really spiked,' said a corporate officer who asked that neither he nor his company be named. 'Iran now represents 14.9 percent of total traffic, surpassing the United States with a total of 12.1 percent.'"
Don't worry Iran... (Score:5, Funny)
...patch Tuesday is coming. ;)
Iran... (Score:5, Interesting)
Re: Iran... (Score:4, Insightful)
> Also, it is considered dishonorable for a man to admit ignorance.
So how do you explain that fucking bearded cunt in a suit saying stuff like `the holocaust didn't happen` and `we have no homosexuals in Iran`?
Re: Iran... (Score:5, Informative)
Re: (Score:3)
I feel for you, I really do, to have such a rich culture taken over by an ideology. As terribly flaws as we Americans are, perhaps there are two things you can learn from us: 1. It is ok to admit you don't know something, as that is how you learn more. 2. When a government is oppressing its citizens, it should be removed by any and all means necessary to accomplish the task.
I am hoping the US does not get involved directly in a war with Iran. I also wish the citizens would find a way to take control their
Re: (Score:3, Insightful)
Please stop (Score:4)
I don't know why every time someone mentions Mossadegh he is moderated insightful. You don't need a time machine, just try to inform yourself better instead of repeating old political propaganda from the Soviet Union.
First of all, Mossadegh wasn't really that democratic at all. For instance, Wikipedia says "Realizing that the opposition would take the vast majority of the provincial seats, Mosaddegh stopped the voting as soon as 79 deputies just enough to form a parliamentary quorum had been elected."
Second, Iran was in deep economic trouble from the oil industry nationalization under Mossadegh. With or without CIA intervention, he was doomed to fall sooner or later.
Finally, if the CIA were able to manipulate foreign governments that well, they should get better results. If they succeeded in overthrowing Mossadegh then why are they unable to overthrow the Islamic government of Iran?
OT -- your sig (Score:3)
Divide a cake by zero. Is it still a cake?
A cake divided by zero is an infinite cake. If you can find a way to divide a cake by zero, well, CAKE FOR EVERYBODY!
Re: Iran... (Score:5, Insightful)
Scroll up, douchebag and realize that there are people in Islamist states who have been killed for writing a single article. There are people in North Korea who disappear for speaking badly about the Government.
All the people marching in the streets this week about Julian Assange... Where were they when it was Iranian, North Korean or Chinese dissidents? Nowhere.
These people don't truly care about freedom at all. If anything, their reflexive anti-American views are the exact opposite. People serving jail time for opposing their government must look at Julian Assange like a spoilt little brat.
Re: Iran... (Score:5, Insightful)
So how do you explain that fucking bearded cunt in a suit saying stuff like `the holocaust didn't happen` and `we have no homosexuals in Iran`?
He's saying things his constituents want to hear, just like other fucking cunts say things like "we don't torture" or "the US government does not spy on American citizens without a warrant". In both cases it's not ignorance, it's deliberate deception.
Re: (Score:2)
But you are absolutely right in that it is deliberate deception. If he even wanted to tell the truth he would not remain in office long. Anyone who rises to his level already knows what he is
Re: Iran... (Score:4, Insightful)
When he says 'let's nuke Israel and kill another six million Jews', I don't see how you can compare that to even the worst thing a Western politician has EVER said.
And if that's truly what his constituents want to hear, then they too deserve everything they get.
Re: (Score:2)
So how do you explain
[...] the holocaust didn't happen
"I don't wanna hear about the holocaust anymore"
we have no homosexuals in Iran
"Men holding hands and kissing are not homosexuals."
Simple, same as (Score:3, Insightful)
Simple same as the American's have LONG denied the holocaust against the natives and the concentration camps for Americans whose ancestors came from Japan. Or that those who wrote "All men are equal" really meant "White MEN, with sufficient standing, that we approve off, are equal, somewhat".
Being a cunt is not restricted to beard faces.
And really, does the US have any right to talk about the treatment of homosexuals? The republican cunts are now blocking reform of the "Do not ask, do not tell" policy unt
Re: (Score:3)
The U.S. has long admitted the "concentration" camps if by that you mean concentration camps light rather than what the Nazies were engaged in.
The U.S. also fought a bloody civil war over slavery, a million people lost their lives in it. You may have heard of it. At the Constitutional Convention, there were anti-slavery folks. Eventually, they compromised and produced a constitution that America eventually grew into.
Now, let's take a list of Muslim countries where respect for minority rights is built into t
Re: (Score:2)
They also need to understand words have meaning. It's fine and well that they can say one thing and mean something else, but they need to understand the rest of the world will judge them on what they say and do not what they thought they implied.
Re: Iran... (Score:5, Interesting)
Another example:
People also get confused with chants like "Death to America" which isn't as extreme as it sounds once translated. For example a Persian stuck in heavy traffic is often heard to say "Death to Traffic".
Re: Iran... (Score:4, Insightful)
Do Persian public representatives chant "death to traffic" in unison as the first order of business after getting power?
Is being beaten to death by mounted police / getting stoned to death a bizarre pastime for Persian women?
Are covert uranium enrichment facilities just another wacky Iranian cultural quirk?
Re: Iran... (Score:4, Interesting)
People also get confused with chants like "Death to America" which isn't as extreme as it sounds once translated.
Yeah, right. The GP said If someone dies, it is considered not polite to just say "Shogi is dead". Yet you say "Death to America" is not that bad. WTF?
If your language is so incoherent, then it's your duty to take better care how you speak.
Re: (Score:2, Interesting)
Furthermore, if the Persian culture were so beautiful and warm, why does it manage such a convincing pretense of the most grievously hateful, greedy, selfish, violent, sexist, backward, theocratic barbarism outside Africa itself?
It's sorta've like if the Kansas board of education got elected to national office, and started running shit in America. Or like how we Americans are had to be very clear during the Bush years that, yes, our American government is a bunch of assholes, but individual Americans aren't necessarily like that.
A good portion of the population isn't like that, and is embarrassed by it.
I've known enough individual Persians who aren't religious lunatics to know it's not an inherently broken culture. There's just a
Re: Iran... (Score:4, Insightful)
Seriously... do you think the Iranians are somehow genetically different from the rest of us?
Err... Yes?
Just as black people are genetically different to whites, Asians are to Swedes.
Did your brain just explode? Or is this where you call me a racist?
This Is Real Hacktivism (Score:4, Insightful)
Unlike those kids at Anonymous, the perpetrators of stuxnet are showing who are the real hacktivists.
Targeted precise strike on Iran's nuclear capabilities, this is a bigger win for freedom and security in the free world and anything wikileaks or their supporters could dream of doing.
I commend these hackers for slowing down the evil Iranian government's nuclear ambitions.
Re:This Is Real Hacktivism (Score:5, Insightful)
These weren't 'hacktivists'. These were government employed/contracted hackers.
Re:This Is Real Hacktivism (Score:4)
Yes indeed. Go team Mossad.
Re:This Is Real Hacktivism (Score:5, Insightful)
Your glee might be tempered a bit when this thing gets propagated to Europe, North America, and the rest of the world.
It seems just as likely that the guys running Turbines for your local power company are no better equipped to handle this than Iran. In Iran, they have unlimited budget and first call upon the best brains in the country.
Your local power company? Not so much.
Viruses and worms seem unlikely to honor boundaries forever. At least a surprise bombing run on a reactor in Iran is unlikely to hit Con-Edison in NY.
Re: (Score:2)
You're assuming the virus works in the USA/Europe?
Re: (Score:3, Funny)
If it didn't when sent, it will upon return.
Re: (Score:2)
What makes you so sure about that? A computer virus could discriminate just as much as a real biological virus yah know.
Re: (Score:2)
And when the Iranians finally figure out how it works and revise it and send it back to us it will be VERY Discriminating.
Re: (Score:2)
Sure, it's as simple as downloading the source code and modifying it.
I'm sure the designers of stuxnet never thought of that.
Re: (Score:2)
Re: (Score:2)
It hasn't hit the USA or Europe so far and it's been out for quite a while. As for why, this clearly is the work of Western national cyber warfare agencies, I don't think they would want to cause havoc amongst their own citizens.
Re: (Score:2)
http://www.zdnetasia.com/stuxnet-infections-continue-to-rise-62201930.htm [zdnetasia.com]
There are infections in Step 7 showing up at what I'm guessing are either automation companies or companies with big in house automation support, given that they are known to Siemens.
Re: (Score:2)
And what exactly has it done to those systems? Nothing? Right.
Re: (Score:2)
It is using them to propagate, which is more than nothing.
It isn't breaking any hardware given its enormously specific payload, but that can be remotely updated.
Re:This Is Real Hacktivism (Score:5, Interesting)
Clearly? How do you know it wasn't Saudi warfare? They've got the money, plenty of smart people (especially in reverse engineering, which is useful in spec'ing from a snatched or bought sample centrifuge), and are Iran's primary foe in the world. They've been trying to get the US to bomb Iran for years, and are the primary target of an Iranian nuke programme.
How do you know it wasn't Russian marketing? The more Iran wastes uranium, the more Iran needs Russia. The longer it takes to get a fuel stockpile, the longer Iran needs Russia. Plus Russia isn't entirely evil, and is itself an old and longstanding enemy of Iran in more ways than it is an ally, and could just be defending itself from Iran's nuke programme. Likewise China.
Those are three very plausible sources of Stuxnet. And they're all increasingly Eastern, including the ultimate Eastern of all - not Western.
Iran is a very dangerous and isolated state. It's got lots of enemies with the means and motive to unleash Stuxnet. The question is which had the opportunity, which I expect we will never know, as Iran's windows of vulnerability in this respect are some of the most closely guarded secrets ever.
Re: (Score:2)
http://en.wikipedia.org/wiki/Stuxnet#PLC_infection [wikipedia.org]
Re: (Score:2)
That was sarcasm. I am not a fan of either of the parties here.
Re: (Score:2)
I dunno man.
I'd put my local power company up against those "Your nuclear power plant control software license has expired please obtain a valid license [upi.com]" clowns any day.
The local guys may be clowns too. But the difference is that my clowns can at l
Re: (Score:2)
It already has: it was first detected outside Iran. It does no significant damage outside the correct environment. Stuxnet [wikipedia.org]
The guys at my local power company can request (and receive) assistance from Siemens, Microsoft, the US Government... Iran? Not s
Re:This Is Real Hacktivism (Score:4, Informative)
The attack was very specific. Uranium enrichment requires and exact rpm over a long period of time. Most industrial equipment does not have that exacting level of tolerance needed.
Re:This Is Real Hacktivism (Score:4, Informative)
Enrichment does not require EXACT rpm. Its a centrifuge, nothing more.
Thousands of industrial applications require exact speed (far greater exactness than a centrifuge). Electrical Generators, Paper machines, rolling mills, sewage pumps, blower motors, automated bottling lines, automated assembly lines of all kinds.
Try not to make assertions your experience will not back up.
Re:This Is Real Hacktivism (Score:4, Interesting)
It's unlikely that any of the machines you list require the exact speeds that Stuxnet is programmed for (even other uranium enrichment centrifuges are unlikely to operate at exactly the same speeds). And yes, enrichment centrifuges do require precise speed control, though it is true that many other machines also do.
Re:This Is Real Hacktivism (Score:5, Interesting)
No, enrichment machines to not require precise speed.
You made that up. Post a link or retract it.
All it requires is high speed for a sustained periods. Precision is not a criteria. It doesn't matter whether it is 2000 rpm for 5 days or 2100 rpm for 5 days and 18 hours. There are no precision requirements for centrifuges. Its a trade off between the number of Gs you can induce over a period of time. There is no special precision requirement.
Its not like a paper machine where if one of the drying drums goes .002 rpms faster than the rest the web of wet paper breaks and the machine is useless.
Centrifuges are big machines, and you have to spin them up carefully using a stepped speed profile while getting up to speed or coming to a stop.
The worm simply radically alters the speed in unpredictable ways, spinning them up, then dropping to very low speeds, very quickly the jacking them up again. Doing this very fast breaks the machines. The worm's job is to break the machines.
The worm is not trying to alter the product. Its trying to break the machines. Do some reading on this subject, PLEASE.
Re: (Score:3)
I do not know much of anything about centrifuges or uranium, but I know I have seen a number of articles claiming that this was designed to speed up centrifuges to the point that the uranium was rendered useless.
Here are two examples I found with a quick google search, not necessarily the most credible sources, but there are plenty of people claiming it:
http://www.americanthinker.com/2010/12/wikileaks_stuxnet_cyberwar_and.html [americanthinker.com]
http://www.theatlantic.com/technology/archive/2010/11/stuxnet-worm-did-likely-targ [theatlantic.com]
Re: (Score:2)
I wrote: ...enrichment centrifuges do require precise speed control...
>
icebike writes:
> Precision is not a criteria.
> ...and you have to spin them up carefully using a stepped
> speed profile while getting up to speed or coming to a stop.
As I said, precise speed control.
> The worm is not trying to alter the product.
Nor did I say it was.
Re:This Is Real Hacktivism (Score:5, Interesting)
"Your glee might be tempered a bit when this thing gets propagated to Europe, North America, and the rest of the world.
"It seems just as likely that the guys running Turbines for your local power company are no better equipped to handle this than Iran. In Iran, they have unlimited budget and first call upon the best brains in the country."
It already has. It doesn't matter.
Stuxnet was VERY selective. It targeted only the S7 315 and 417 Programmable Logic Controllers (PLC). It looked for specific code blocks and data structures on those devices. You need to know that PLC applications code is usually custom written. It looked at the I/O networks and tried to find at least 33 instances of one of two models of a high speed motor drive. These are not ordinary Variable Frequency Drives. Had they come from the US, they'd be subject to export restrictions. The ones in use came from Finland and were also constructed locally in Iran.
Speaking as a control systems engineer, I don't know of any other massively parallel processes that involve many dozens (hundreds?) of high speed drives like this --other than Uranium enrichment. That's why the risk to other plants, including the Bushir nuclear reactor, are relatively small. The malware will install itself in the development workstations but it won't do much.
This is a good thing because had the malware been less selective, it would have done pretty much what you suggest. Most of you probably have little idea as to the extent and ubiquity of these PLC devices. The S7 PLC line is extremely popular and you'll find one in nearly half of all industrial settings around the world. If there were a malware that blindly attacked these devices, the world economy as we know it would take a massive change for the worse.
THAT is why nobody has done a broad based attack against PLC gear before. It will blow back on them. Once you realize what a PLC is and how widely it is used, you will also realize that an attack against this platform is the equivalent of a nuclear attack in the software world. In the case of a PC you only lose data. Most data can be restored. In this case, you lose an industrial process and it may be significantly damaged. An attack will almost certainly blow back on you and your neighbors. It will make the economic malaise of the present look tame by comparison.
Re: (Score:3, Insightful)
No, not true.
It was targeted at a particular Siemens chipset. That chipset is used world wide and not just for centrifuges. (its already infected Iranian turbine generators).
But again, as I mentioned elsewhere in this thread, viruses and worms are built using the skeletons of other viruses and worms.
Iran will eventually figure out this tool, and tailor it to new targets. Centrifuges do not have GPS chips installed. They don't know where they are. At best the controllers that run them know a time zone and
Re: (Score:2)
You think the Arab nations will be so glee at the thought of a powerful Iran? In case you haven't been paying attention, "The enemy of my enemy is my friend." The wikileaks cables show quite clearly that Iran doesn't have much support from their Arab neighbors.
Re: (Score:2)
To be more precise, the Saudis have been putting strong pressure on the US to attack Iran and "cut off the head of the snake".
Re: (Score:3, Insightful)
You think the Arab nations will be so glee at the thought of a powerful Iran? In case you haven't been paying attention, "The enemy of my enemy is my friend." The wikileaks cables show quite clearly that Iran doesn't have much support from their Arab neighbors.
"wikileaks cables show quite clearly "
LOL....
Yes, you are right. The vast majority of Arabs actually are in favor of a strong Iran. Their propped up autocracies aren't in favor of that of course.
A poll recently done in the middle east showed that 80% of folks there thought that Israel was a threat. 77% thought that the US was a threat. Far down the line 10% thought that Iran was a threat. This was the "Common People off the street" type folks.
Be nice though, just because you are right and he has been watching too much Fox News doesn't mean that
Re:Iran Saving The Middle East From Israeli Terror (Score:5, Insightful)
Angry people... like you?
Re: (Score:2, Interesting)
>Targeted precise strike on Iran's nuclear capabilities, this is a bigger win for freedom and security in the free world and anything wikileaks or their supporters could dream of doing.
More like cripple them so the US with the approval of other Arab countries like Saudi would go in and start another war for extra few years of oil supply.
Re:This Is Real Hacktivism (Score:5, Insightful)
The whole piece is based on a Fox News article. That by definition makes it unreliable. Quoting anonymous "security experts" is worthless and just citing the number of users signing on to Stuxnet security sites is hardly any better. I don't know if the Iranians have this thing under control or not and in all likelihood neither does Fox News.
While you luxuriate in your little cocoon of ideologically induced ignorance, others might like to consider some of the facts:
1. Iran as a signatory to the NPT has a right to run nuclear power plants. Even Hilary Clinton doesn't object to the Bashehr facility.
2. Bushehr facility is a Russian VVER pressurized water reactor. Russia is supplying the fuel and taking away the spent fuel. PWRs are very unsuited to producing weapons grade material. They must be shutdown for refueling. To produce PU239 uncontaminated with significant PU240, which is for all practical purposes inseparable from PU239, you need a short fuel cycle. The frequent lengthly shutdowns makes this an infeasible proposition. PU239 contaminated with significant amounts of PU240 is just not much use for weapons - it would fry the bomb makers with significant risk of premature detonation.
3. Iran certainly has an uranium enrichment program and this would give them a "break out capability" but whether Iran is actually producing or about to produce nuclear weapons is another matter entirely and not supported by any substantive evidence.
4. Whether Iran's nuclear program is "evil" is at most a matter of opinion. However, what would be construed as evil by most thinking people is the installation of the Shah by the CIA at the behest of British oil interests with the support of the British government. Rather unsurprisingly, nations tend to know their own history and mostly do believe in their right to self determination. Viewed against this historical backdrop, the most likely factor in triggering an Iranian weapons program would be a continuing and ramped up aggressive posture by the United States.
Re: (Score:3)
1. Iran as a signatory to the NPT has a right to run nuclear power plants. Even Hilary Clinton doesn't object to the Bashehr facility.
Their covert enrichment facilities violated the treaty, so the treaty is void. (The west doesn't oppose the Bashehr facility because it's harmless civilian power, just what Iran says it wants.)
If signing the NPT meant you could enrich uranium using centrifuges from Pakistani arms dealers with no-one knowing it would be pretty pointless; it is designed to allow the peaceful use of nuclear power with enough checks and balances to prevent it being put to use creating weapons.
2. Bushehr facility is a Russian VVER pressurized water reactor. Russia is supplying the fuel and taking away the spent fuel.
Yup.. It makes you wonder why Ir
Re: (Score:3)
You know, as far as brainless and brainwashed idiots go, you are near the top. "Freedom"?! What fucking freedom is improved by this?! Whose?! Israeli supremacist thugs to dick around the region unopposed?! "Freedom" of US military cartels to send their mercenaries to run over Iran and murder millions?! What the fuck are you, delusional fool, blabbering about?!
And no, do not e
Re: (Score:3)
Hah, Hah, Hah, right. Creating a huge power vacuum is going to create peace, hah.
Re: (Score:2)
Don't worry, we'll be returning to a multi-polar world soon enough once again. The new cold war is just getting started.
The difference engineering makes (Score:5, Informative)
I think this attack just shows the difference that good engineering can make. Most worms out there are relatively unsophisticated, or are developed by people with limited means to pull off quick scams.
Stuxnet shows what a truly determined adversary can do. One who knows your internal processes. One who understands your industry-specific software - the stuff nobody outside the industry ever touches. One who has a large team of talented programmers, carefully designing and building the attack. One who has access to government resources - the ability to tap communications lines, inject traffic, etc. One who is funded strategically - they don't want to hold your business for ransom for $1M, they want your $100B company to collapse so that one they favor can take over, or whatever.
The software out there that runs on intranets around the world is some of the most insecure stuff you'll ever see. It rarely gets subjected to serious attack, and the vulnerabilities aren't evident to the average corporate IT guy who is just doing basic due-diligence. Your average PHB doesn't want to pay for testing that will actually uncover serious flaws - they want the system to look good to their customers and have the right bells and whistles - and pricetag.
We'll see more of these attacks in the future - count on it...
Re: (Score:2)
Most virus writers have little or no cost of failure, aside from the time invested. If the virus isn't as successful as they'd like, they just write another one.
The whole point of this attack was (or seems to be) in launching a specific attack against a target where, if you fail, they will succeed in creating weapons to annihilate you. There are no do-overs. Once the target is aware of his vulnerabilities, he will likely close them forever, and the time to find another vulnerability (if one even exists)
Re:The difference engineering makes (Score:4, Informative)
One who has a large team of talented programmers, carefully designing and building the attack.
http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_stuxnet_dossier.pdf [symantec.com]
Symantec speculates a team size around 5-10 not including QA (whatever the heck that means).
Personally I think there is probably a "team" of 1-3 people sniggering to and congratulating themselves. (Probably adding "Stupid Americans"). That is if they haven't been shot.
I'll give you talented, though.
Re:The difference engineering makes (Score:5, Interesting)
No, I don't think this is the kid sitting at home ala "War Games," and here is why (from the article):
Wow, you know they're serious when the cyberattack is coordinated with targeted assassinations.
Re:The difference engineering makes (Score:5, Insightful)
Symantec speculates a team size around 5-10 not including QA (whatever the heck that means).
Uh, good thing that programmers don't need QA or managers, and so on.
And yes, QA matters for an operation like this. You're probably having spies plant the bug, and they could get killed in the process. You don't risk spies on code that isn't tested.
Likewise, a fizzled attempt will likely trigger countermeasures making a future attack more difficult.
QA means getting it right the first time. That probably means creating a simulated environment and testing the software out in this environment. Sure, you don't need actual centrifuges and turbines, but you probably need software that emulates the feedback such machines would return to their controllers. I'm sure they didn't factor that into their "5-10" count.
I've worked on some IT projects where quality was serious business, and you can easily spend as much on testing as you spend on development. For a typical military-style coding effort factor in a WHOLE lot more.
Re: (Score:3)
If Stuxnet was indeed targeted at the Uranium Enrichment facility in Natanz, it would have taken exactly what the Symantec paper suggested.
You think talent alone is all it takes?
You would need process engineers with at least an understanding of how gas centrifuges work and who know how to set the couple hundred registers for a high speed VFD --one of which was designed and built in Iran; and two models of PLC gear. You'd need network specialists to collect information from the target (there was an Italian f
Re: (Score:2, Interesting)
Stuxnet shows what a truly determined adversary can do. One who knows your internal processes. One who understands your industry-specific software - the stuff nobody outside the industry ever touches. One who has a large team of talented programmers, carefully designing and building the attack.
You make not only an interesting point but an allusion (perhaps indirectly) that may counter all those folks saying "what happens if it comes back". I personally wonder what Siemens' role in this was. As the description says, the virus specifically targeted a vulnerability in the Siemens software Iran was using on their centrifuges. That software is known to have been pirated, so it will not be updated. It is logical to assume that A) Stuxnet cannot affect licensed, updated versions of the Siemens softw
Re: (Score:2)
Yup. I tend to agree. No guarantees that they were involved, but they could have cooperated with efforts (providing source code, helping analysts understand potential vulnerabilities, witholding patches, etc).
I'm sure that the usual NATO allies were all on board - certainly the nation where Siemens was headquartered and the US OKed the attack. Companies don't just do business with the Mossad or whatever without making sure their parent governments are OK with it.
The US triggered a massive refinery disast
Re: (Score:2, Insightful)
I think this attack just shows the difference that good engineering can make. Most worms out there are relatively unsophisticated, or are developed by people with limited means to pull off quick scams.
Stuxnet shows what a truly determined adversary can do. One who knows your internal processes. One who understands your industry-specific software - the stuff nobody outside the industry ever touches. One who has a large team of talented programmers, carefully designing and building the attack. One who has access to government resources - the ability to tap communications lines, inject traffic, etc. One who is funded strategically - they don't want to hold your business for ransom for $1M, they want your $100B company to collapse so that one they favor can take over, or whatever.
The software out there that runs on intranets around the world is some of the most insecure stuff you'll ever see. It rarely gets subjected to serious attack, and the vulnerabilities aren't evident to the average corporate IT guy who is just doing basic due-diligence. Your average PHB doesn't want to pay for testing that will actually uncover serious flaws - they want the system to look good to their customers and have the right bells and whistles - and pricetag.
We'll see more of these attacks in the future - count on it...
This, is why stuff that is important should NOT be connected to the internet. OR allowed to come into contact with jump drives or PCs or anything else that has been exposed to the internet. This is simple. This is stupid. This seems like an old guy railing about the dangers of new technology. This is absolutely true, and will continue to be true. Further examples will be provided by reality for the remainder of your lives. I will continue to be right. This advice will continue to be ignored because it is in
Re: (Score:2)
Stuxnet shows what a truly determined adversary can do. One who knows your internal processes.
Gee, I wonder who would that be. *cough* IAEA *cough*
They tried but found nothing to show Iran is enriching fuel for military purposes. But they got all info they needed to commission the development of a sophisticated, precisely targeted worm...
Re: (Score:3)
Re: (Score:2)
and what gave you the impression i dont ? If the SCADA systems interfacing to the PLC werent infected stuxnet would never have been able to reprogram the PLCs. Are you claiming Siemens' WinCC/PCS 7 on Windows platforms was NOT infected by stuxnet ? or that infecting the equivalent of s7otbxbx.dll on a unix would ever have been possible without root privileges ?
Maybe you should reevaluate your own knowledge of SCADAs and PLC systems.
Re: (Score:2)
There have been security problems with USB drivers included in Linux kernels supplied by popular distros.
Re: (Score:2)
The target was workstations that program embedded systems. Why the hell wouldn't you program your general purpose motor drives on a general purpose operating system?
Re: (Score:2)
And would the attacker who was pretty determined to hit this particular target stop just because they ran Linux? No, but you'd probably not hear too much about the exploits that got patched.
Re: (Score:2)
Yup. But, they would be stopped in their tracks. After all, nobody contributes kernel code from general-purpose operating systems, so there is no way a worm could sneak in the back door, right? :)
Re: (Score:2)
Re: (Score:2)
I am sitting very close to a server running Windows Server 2008 R2 Datacenter, how do I make it be unreliable / make it crash?
Cut the power cables to the cooling fans...
Re: (Score:2)
You just need more guns :)
http://www.youtube.com/watch?v=LzRF-5IWrm0 [youtube.com]
Re: (Score:2)
Re: (Score:2)
Because today's megacorp does in fact have 100 BILLION dollars!
Of course they don't - but that is what they are valued at, which of course takes into account likely future earning and not just cash on hand.
So, somebody looking to do industrial sabotage isn't trying to get a payment from the company that they're taking down. Instead they probably work for a government that wants to see the company go down so that some other company can take its place (think nationalism). They wouldn't ask for a ransom - th
Re: (Score:2)
does it make sense to spend $100 million over 5 years securing your environment properly to avoid a virus that may or may not cost you anywhere near that much, when there's a possibility that something could _still_ infect your intranet?
It all depends on the situation and the cost-benefit. If that intranet is backing your country's nuclear weap^H^H^H^H energy program- which almost every nation on earth has condemned, and at least one has expressed the desire to bomb to ashes- then yeah, it might. Dunder-Mifflin Paper's Scranton office and a state nuclear development apparatus probably have different security requirements, let's leave it at that.
Re: (Score:2)
The other issue is the whole black swan thing. Your competitors probably aren't going to invest so heavily in security. So, they'll be at a cost advantage. It is guaranteed therefore that given sufficient time you will go out of business.
The question is then which will happen first - you going out of business, or your competitors all being taken out by a worm that you survive? Most managers would put their money on the former, and most of the time they're right. And that is why we don't have much secur
Not Convincing (Score:3)
a) Everybody in Iran with a Stuxnet-infected computer is going to be trying desperately to get rid of it and everybody in Iran with a computer that they even suspect may be infected with anything is going to be trying to read up on Stuxnet. They are not going to believe that it won't harm their systems. They are going to believe that every little glitch might be Stuxnet come to steal their secrets (whether they have any or not).
b) If most of the Iranian traffic to these sites was coming from people at the the Iranian nuclear facilities studying Stuxnet there would be very little of it because there would not be all that many people assigned to such research.
so.... (Score:3)
Spengler saw this last year (Score:5, Interesting)
The columnist who writes for Asia Times On-line (www.atimes.com) under the name Spengler foresaw this situation last year. He noted that 95+% off the software that was being used in Iran was 'pirate-ware' from the West. He noted that there was an Iranian government-run file download site that held hundreds of popular Western software packages along with their kraks, passwords, and keygens. He predicted that this would allow viruses to run amok throughout Iran at some point in the future.
He also quotes a BBC reporter who states that almost nobody except government officials and their goon squads (and old ladies, of course) still believes in fundamental Islam in Iran. She (the BBC reporter) says that only about 2% of the population regularly go to Friday services at the mosques in Iran. And over 5% of Iranians are addicted to cheap Afghanistan heroin, the highest addiction rate in the world. Unemployment among the young is in reality over 50%. She says that Iran currently resembles the Soviet Union in the late 1980's; it's a country that will just fall apart in the next ten years if the rest of the world just leaves them alone and lets it happen.
At the time of the revolution in 1978, Iran's population was about 27 million (I remember the number quoted as 50 million at the time) and now it is over 70 million: a direct result of Khomeini's exortation for young people to -'get a-fuckin'- (in a manner of speaking) and make lots of babies. When Khomeini died that policy died also, and Iran launched a massive birth-control program. Now, the children of the revolution are having almost no babies and the birth-rate in Iran is 1.6 children per couple; one of the lowest in the world. But their remains this huge bulge in the population demographic there; all the people born in the 1980's.
They call themselves 'the burnt generation'.
If any of this is true then we shouldn't worry too much about Iran. We should never actually believe anything that they say. And we should, on an individual-to-individual basis, offer whatever assistance that we can. Nevertheless, I would recommend NOT offering any detailed technical assistance to people in Iran on any specific technological project over the web until the Iranian government stops all this 'Death To America' nonsense as offical government policy.
Thank you.
Re:Spengler saw this last year (Score:4, Interesting)
Michael Kristopeit... (Score:2)
Nucular, really? (Score:5, Insightful)
So Stuxnet chatter is still observed around the planet, including in Iran and the US. Duh.
Now how exactly does this "expert" come to the conclusion that, somehow, activity from the US etc must be from infected home PCs, yet the same from Iran must be from some seekret uranium enrichment plant, which typically wound not be connected to the internet?
Oh, my bad, forgot, this comes from ScareTV... Never mind.
Uh... (Score:2)
Re: (Score:2)
The theory is that the machines were infected via thumb drives. The traffic is supposed to be coming from thousands of Iranian "nuclear scientists" sitting in internet cafes desperately searching for a solution to their Stuxnet problem.
Maybe NSA is redirecting Anonymous' attacks.... (Score:2)
...not likely but that would be hilarious,
i can haz infection? (Score:2)
Note to self (Score:2)
When I'm a leader of a rogue state, I will not connect the control systems of my super-secret nuclear facility to any external network.
Re: (Score:3)
But will you epoxy up all the USB connectors on your minions' computers?
Microsoft in Iran (Score:2)
I sort of find it entertaining that the US government appears to be happy for Microsoft to export Windows to Iran so that it can be used in their nuclear industry.
But at the same time companies like Amazon, Mastercard, Visa and PayPal are so scared of Wikileaks (and/or the US government's reaction to their commercial relation to Wikileaks) that they're pulling their commercial ties as soon as possible.
Of course, as soon as they switch to Linux, I assume it (and open source) will painted as the evil, terrori
Re:The real question (Score:5, Informative)
If you read about how this thing works, the real payload is a rootkit for a motor drive plc built by an Iranian manufacturer and spinning in the range needed to enrich uranium. It was also targetted at the desktop software designed to program said motor drive, which is windows. If they were running Linux, I'm sure there are a few zero day sploits out there suitible for hiding a rootkit dropper. The people that made this thing had time, information, legitimate driver signing certificates, and resources. I doubt there are many platforms that can deal with such a determined attacker.
Re: (Score:2)
Could the Commodore 64 possibly be immune? ;)
Re: (Score:2)
You are more inclined to run an operating system that has *NO* protection of resources of any kind than windows 7? Even if you believe the "windows is full of holes" propaganda at least windows 7 is making some attempt at resource protection. MS DOS does not make any attempt whatsoever.
Simply stating that you are safe because MS-DOS does not support multi tasking is misguided. Viruses were spreading in MS-DOS systems before most people reading this site were even born. Even if your concern is a backgrou
Re: (Score:2)
I think they're talking about forum registrations and such actually. The article is sketchy on details.
Re:Virus and Iran again in front page? (Score:5, Insightful)
Re: (Score:3)
If it were Canadian, it would have asked permission before installing itself. And then annoyed you by constantly telling you that it's ready to uninstall itself at any time if it's overstayed its welcome.