News Was Iran Targeted by the Stuxnet Worm?

[lisab]

There's been speculation surrounding the "Stuxnet" worm for some time. Now the Christian Science Monitor (and others) are reporting the worm may have been targeted specifically to hit Iran's Bushehr nuclear power plant, or perhaps its Natanz nuclear centrifuge facility.

It blows my mind that Iran surrounded Bushehr with missiles, but allowed contractors to freely use USB memory sticks - apparently how the worm spreads.

It's an amazing article, a modern 'who dunnit?' which sounds like it's straight out of a Clancy novel.

http://www.csmonitor.com/USA/2010/0924/Stuxnet-worm-mystery-What-s-the-cyber-weapon-after

http://www.symantec.com/connect/blogs/stuxnet-introduces-first-known-rootkit-scada-devices

 

[Borek]

And then we think Ahmadinejad is a crackpot...

 

[Phrak]

Cyberspace is naturally becoming a target for espionage.

Assuming this is due to the efforts of the CIA, or NSA, or what-have-you, was it a success mission, or bumbled probing that became noticed?

 

[lisab]

Cyberspace is naturally becoming a target for espionage.

Assuming this is due to the efforts of the CIA, or NSA, or what-have-you, was it a success mission, or bumbled probing that became noticed?

Well Bushehr was supposed to be up and running but it isn't, and they haven't told why. Also the centrifuge facility had several failures at the time this worm was active (according to the article, it had a halt date). So...maybe the attack was successful, but Iran certainly won't affirm that.

Your list of possible perpetrators is a good start...I'd add Israel, I think.

 

[Ken Natton]

Could it not be a case of the combined resources of the Wetern world's intelligence agencies failing where one maverick with the ability to write worm viruses succeeded?

 

[Andre]

Maybe, a lot of wizzkids act alone, doing incredible things, anyway I read:

"Bushehr has all kinds of missiles around it to protect it from an airstrike," Langner says. "But this ..."

I have no idea why this was included in the writing. Could be suggestive of more hyperbole, missiles going off and hitting targets whereever, steered by the worm. The article does not state anything like that, but that interpretation is certainly not discouraged.

Maybe that the reporter had asked about such an scenario and got an 'don-t-worry' answer that he did not like, so he may have excluded that.

So let me give that don't-worry answer.

Air defense missiles are designed just to do that, with a limited range to strike air targets, also with a rather limited payload, a few kilograms rather than tonnes. This makes them virtually incapable of hostile action against groundtargets at longer range than one or two hunderd kilometers. Most point defence weapons are in the dozen kilometer order of magnitude range, if not less.

Just my two cents.

 

[Office_Shredder]

I have no idea why this was included in the writing. Could be suggestive of more hyperbole, missiles going off and hitting targets whereever, steered by the worm. The article does not state anything like that, but that interpretation is certainly not discouraged.

It's supposed to give you the impression that the place is bristling with defenses, and is intended to be impervious, except there's a gaping backdoor.

 

[Borek]

It's supposed to give you the impression that the place is bristling with defenses, and is intended to be impervious, except there's a gaping backdoor.

That's how I read it.

 

[Ivan Seeking]

I think this is funny! We have been worried about the grid and defensive systems for a long time now. I forget how many cyber attacks the Pentagon fends off each day, but it's a big number. The notion that this same threat could keep ole looney toons in check for a time, is downright poetic.

It reminds a bit of the homing beacons that we hid in printers sold to Saddam - printers that we knew were going to defensive facilities! When the first Gulf War broke out, we just activated the beacons remotely and keyed missiles to the signals from the beacons.

 

[medgar]

It's supposed to give you the impression that the place is bristling with defenses, and is intended to be impervious, except there's a gaping backdoor.

that's the obvious point. missed by some.

 

[Hurkyl]

that's the obvious point. missed by some.

It's only obvious to those who find it obvious. When one doesn't say what one means, there is always the danger the meaning will get lost.

 

[medgar]

It's only obvious to those who find it obvious. When one doesn't say what one means, there is always the danger the meaning will get lost.

agreed. sorry if it seemed judgemental.

 

[Borek]

Don't forget English is not a first language to many of PF posters, sometimes unexpected subtleties work against our understanding of seemingly obvious statements.

 

[skippy1729]

There's been speculation surrounding the "Stuxnet" worm for some time. Now the Christian Science Monitor (and others) are reporting the worm may have been targeted specifically to hit Iran's Bushehr nuclear power plant, or perhaps its Natanz nuclear centrifuge facility.

It blows my mind that Iran surrounded Bushehr with missiles, but allowed contractors to freely use USB memory sticks - apparently how the worm spreads.

It's an amazing article, a modern 'who dunnit?' which sounds like it's straight out of a Clancy novel.

http://www.csmonitor.com/USA/2010/0924/Stuxnet-worm-mystery-What-s-the-cyber-weapon-after

http://www.symantec.com/connect/blogs/stuxnet-introduces-first-known-rootkit-scada-devices

Cool! It's about time someone other than our DOD, State Department or LANL gets cyberattacked!

 

[nismaratwork]

Cool! It's about time someone other than our DOD, State Department or LANL gets cyberattacked!

I was waiting for someone to point out that we're just about as dumbly unprepared as most other nations in this arena.

I for one have no problem believing that this was the work of one person, or a small group of hackers or even script-kiddies with a bit of experience. Hell, it could even be a pissed of Iranian national or ex-pat with time and an education.

 

[lisab]

I was waiting for someone to point out that we're just about as dumbly unprepared as most other nations in this arena.

I for one have no problem believing that this was the work of one person, or a small group of hackers or even script-kiddies with a bit of experience. Hell, it could even be a pissed of Iranian national or ex-pat with time and an education.

I'm not so sure it's a single person or even a small group. Apparently the worm seeks a very specific process control fingerprint, made only by Siemens*. Once it recognizes the fingerprint, it launches and re-writes the process control software. That's pretty specific knowledge.

*I'm not sure if Siemens also uses that process control code for other industrial processes. If it's specific to nuclear reactors, that makes it even more likely that it was written by a nation state.

 

[nismaratwork]

I'm not so sure it's a single person or even a small group. Apparently the worm seeks a very specific process control fingerprint, made only by Siemens*. Once it recognizes the fingerprint, it launches and re-writes the process control software. That's pretty specific knowledge.

*I'm not sure if Siemens also uses that process control code for other industrial processes. If it's specific to nuclear reactors, that makes it even more likely that it was written by a nation state.

Or someone who works or worked for Siemens. Never underestimate the power of a pissed-off employee.

 

[CAC1001]

I have read one thing the Chinese do is have whole specialized teams of elite hackers work together. And not just one team either. They'll have a team for one part of a major hack, then another team handle another part of the hack, and so on; this they believe is how the Chinese stole all sorts of information from some major American corporations without said corporations even being aware at first.

 

[CRGreathouse]

I have read one thing the Chinese do is have whole specialized teams of elite hackers work together. And not just one team either.

Do you think this is unusual amongst major nations?

 

[nismaratwork]

Do you think this is unusual amongst major nations?

...and here I thought the NSA was just there for show! *facepalm*

Then again, CAC1001 isn't wrong, china does in fact do just what he said. He's just... selective in his view.

 

[CAC1001]

Do you think this is unusual amongst major nations?

No I don't think it is unusual, I was responding more to nismaratwork's post when he said he thought the Iran attack was the work of one person, so I thought I would mention that the Chinese attack was likely the work of whole entire teams.

I am well-aware that if the Chinese use hacker teams that the NSA and so forth probably do the same, but we know for sure that the Chinese attacked some major American corporations. We can only suspect via commonsense, that America does the same.

 

[nismaratwork]

No I don't think it is unusual, I was responding more to nismaratwork's post when he said he thought the Iran attack was the work of one person, so I thought I would mention that the Chinese attack was likely the work of whole entire teams.

I am well-aware that if the Chinese use hacker teams that the NSA and so forth probably do the same, but we know for sure that the Chinese attacked some major American corporations. We can only suspect via commonsense, that America does the same.

Ahhh, the creation of a worm doesn't need to be a team effort; China and the USA (and others) tend to focus those group efforts on coordinated attacks, rather than the creation of a self-propogating bug. Much as so many viruses come out of places like Romania (education + no job prospects), but an actual "cyber attacK" takes coordinated work.

 

[mugaliens]

Listening to the news this morning, apparently this same worm as affected a few other systems around the world, as well. It's surmised that its effect on the Iranian nuclear program was serious because their cyber security was so poor.

I understand their approach to security was "don't hook it up to the Internet," but when contractors are constantly plugging into the power station's LAN with thumb drives... (sneakernet)

 

[CAC1001]

Ahhh, the creation of a worm doesn't need to be a team effort; China and the USA (and others) tend to focus those group efforts on coordinated attacks, rather than the creation of a self-propogating bug. Much as so many viruses come out of places like Romania (education + no job prospects), but an actual "cyber attacK" takes coordinated work.

Ahh okay, I see what you were saying.

 

[nismaratwork]

Ahh okay, I see what you were saying.

Yeah, the jargon is often mixed in the media, so there's no reason that you or anyone would assume anything other than what you did.