Was Iran Targeted by the Stuxnet Worm?

  • Context: News 
  • Thread starter Thread starter lisab
  • Start date Start date
Click For Summary

Discussion Overview

The discussion revolves around the Stuxnet worm and its potential targeting of Iran's nuclear facilities, specifically the Bushehr power plant and the Natanz centrifuge facility. Participants explore the implications of cyber warfare, the nature of espionage in cyberspace, and the possible origins and motivations behind the worm's creation and deployment.

Discussion Character

  • Exploratory
  • Debate/contested
  • Technical explanation

Main Points Raised

  • Some participants speculate that the Stuxnet worm was specifically designed to target Iran's nuclear facilities, raising questions about the security measures in place at these sites.
  • There is a suggestion that the worm's deployment could have been a successful mission by intelligence agencies, though others question whether it was a well-planned operation or a failed attempt that gained attention.
  • Some argue that the worm's complexity indicates it may have been developed by a nation-state, while others propose that it could have been created by an individual or small group of hackers.
  • Participants discuss the implications of the worm's ability to exploit specific process control systems, suggesting that such knowledge may be limited to professionals with insider experience.
  • There are references to the broader context of cyber warfare and the vulnerabilities of nations, with some expressing a sense of irony regarding the situation.
  • Concerns are raised about the interpretation of media reports, particularly regarding the portrayal of security measures at the targeted facilities.

Areas of Agreement / Disagreement

Participants express a range of views on the origins and implications of the Stuxnet worm, with no clear consensus on whether it was a state-sponsored attack or the work of independent hackers. The discussion remains unresolved regarding the motivations and effectiveness of the worm's deployment.

Contextual Notes

Some participants highlight the limitations of understanding due to language barriers and the complexity of technical details surrounding the worm's operation and its implications for cybersecurity.

lisab
Staff Emeritus
Science Advisor
Gold Member
Messages
2,050
Reaction score
612
There's been speculation surrounding the "Stuxnet" worm for some time. Now the Christian Science Monitor (and others) are reporting the worm may have been targeted specifically to hit Iran's Bushehr nuclear power plant, or perhaps its Natanz nuclear centrifuge facility.

It blows my mind that Iran surrounded Bushehr with missiles, but allowed contractors to freely use USB memory sticks - apparently how the worm spreads.

It's an amazing article, a modern 'who dunnit?' which sounds like it's straight out of a Clancy novel.

http://www.csmonitor.com/USA/2010/0924/Stuxnet-worm-mystery-What-s-the-cyber-weapon-after

http://www.symantec.com/connect/blogs/stuxnet-introduces-first-known-rootkit-scada-devices
 
Last edited by a moderator:
Computer science news on Phys.org
And then we think Ahmadinejad is a crackpot...
 
Cyberspace is naturally becoming a target for espionage.

Assuming this is due to the efforts of the CIA, or NSA, or what-have-you, was it a success mission, or bumbled probing that became noticed?
 
Phrak said:
Cyberspace is naturally becoming a target for espionage.

Assuming this is due to the efforts of the CIA, or NSA, or what-have-you, was it a success mission, or bumbled probing that became noticed?

Well Bushehr was supposed to be up and running but it isn't, and they haven't told why. Also the centrifuge facility had several failures at the time this worm was active (according to the article, it had a halt date). So...maybe the attack was successful, but Iran certainly won't affirm that.

Your list of possible perpetrators is a good start...I'd add Israel, I think.
 
Could it not be a case of the combined resources of the Wetern world's intelligence agencies failing where one maverick with the ability to write worm viruses succeeded?
 
Maybe, a lot of wizzkids act alone, doing incredible things, anyway I read:

"Bushehr has all kinds of missiles around it to protect it from an airstrike," Langner says. "But this ..."

I have no idea why this was included in the writing. Could be suggestive of more hyperbole, missiles going off and hitting targets whereever, steered by the worm. The article does not state anything like that, but that interpretation is certainly not discouraged.

Maybe that the reporter had asked about such an scenario and got an 'don-t-worry' answer that he did not like, so he may have excluded that.

So let me give that don't-worry answer.

Air defense missiles are designed just to do that, with a limited range to strike air targets, also with a rather limited payload, a few kilograms rather than tonnes. This makes them virtually incapable of hostile action against groundtargets at longer range than one or two hunderd kilometers. Most point defence weapons are in the dozen kilometer order of magnitude range, if not less.

Just my two cents.
 
Andre said:
I have no idea why this was included in the writing. Could be suggestive of more hyperbole, missiles going off and hitting targets whereever, steered by the worm. The article does not state anything like that, but that interpretation is certainly not discouraged.

It's supposed to give you the impression that the place is bristling with defenses, and is intended to be impervious, except there's a gaping backdoor.
 
Office_Shredder said:
It's supposed to give you the impression that the place is bristling with defenses, and is intended to be impervious, except there's a gaping backdoor.

That's how I read it.
 
I think this is funny! We have been worried about the grid and defensive systems for a long time now. I forget how many cyber attacks the Pentagon fends off each day, but it's a big number. The notion that this same threat could keep ole looney toons in check for a time, is downright poetic.

It reminds a bit of the homing beacons that we hid in printers sold to Saddam - printers that we knew were going to defensive facilities! When the first Gulf War broke out, we just activated the beacons remotely and keyed missiles to the signals from the beacons.
 
Last edited:
  • #10
Office_Shredder said:
It's supposed to give you the impression that the place is bristling with defenses, and is intended to be impervious, except there's a gaping backdoor.

that's the obvious point. missed by some.
 
Last edited by a moderator:
  • #11
medgar said:
that's the obvious point. missed by some.
It's only obvious to those who find it obvious. :wink: When one doesn't say what one means, there is always the danger the meaning will get lost.
 
  • #12
Hurkyl said:
It's only obvious to those who find it obvious. :wink: When one doesn't say what one means, there is always the danger the meaning will get lost.

agreed. sorry if it seemed judgemental.
 
  • #13
Don't forget English is not a first language to many of PF posters, sometimes unexpected subtleties work against our understanding of seemingly obvious statements.
 
  • #14
lisab said:
There's been speculation surrounding the "Stuxnet" worm for some time. Now the Christian Science Monitor (and others) are reporting the worm may have been targeted specifically to hit Iran's Bushehr nuclear power plant, or perhaps its Natanz nuclear centrifuge facility.

It blows my mind that Iran surrounded Bushehr with missiles, but allowed contractors to freely use USB memory sticks - apparently how the worm spreads.

It's an amazing article, a modern 'who dunnit?' which sounds like it's straight out of a Clancy novel.

http://www.csmonitor.com/USA/2010/0924/Stuxnet-worm-mystery-What-s-the-cyber-weapon-after

http://www.symantec.com/connect/blogs/stuxnet-introduces-first-known-rootkit-scada-devices

Cool! It's about time someone other than our DOD, State Department or LANL gets cyberattacked!
 
Last edited by a moderator:
  • #15
skippy1729 said:
Cool! It's about time someone other than our DOD, State Department or LANL gets cyberattacked!

I was waiting for someone to point out that we're just about as dumbly unprepared as most other nations in this arena.

I for one have no problem believing that this was the work of one person, or a small group of hackers or even script-kiddies with a bit of experience. Hell, it could even be a pissed of Iranian national or ex-pat with time and an education.
 
  • #16
nismaratwork said:
I was waiting for someone to point out that we're just about as dumbly unprepared as most other nations in this arena.

I for one have no problem believing that this was the work of one person, or a small group of hackers or even script-kiddies with a bit of experience. Hell, it could even be a pissed of Iranian national or ex-pat with time and an education.

I'm not so sure it's a single person or even a small group. Apparently the worm seeks a very specific process control fingerprint, made only by Siemens*. Once it recognizes the fingerprint, it launches and re-writes the process control software. That's pretty specific knowledge.

*I'm not sure if Siemens also uses that process control code for other industrial processes. If it's specific to nuclear reactors, that makes it even more likely that it was written by a nation state.
 
  • #17
lisab said:
I'm not so sure it's a single person or even a small group. Apparently the worm seeks a very specific process control fingerprint, made only by Siemens*. Once it recognizes the fingerprint, it launches and re-writes the process control software. That's pretty specific knowledge.

*I'm not sure if Siemens also uses that process control code for other industrial processes. If it's specific to nuclear reactors, that makes it even more likely that it was written by a nation state.

Or someone who works or worked for Siemens. Never underestimate the power of a pissed-off employee.
 
  • #18
I have read one thing the Chinese do is have whole specialized teams of elite hackers work together. And not just one team either. They'll have a team for one part of a major hack, then another team handle another part of the hack, and so on; this they believe is how the Chinese stole all sorts of information from some major American corporations without said corporations even being aware at first.
 
  • #19
CAC1001 said:
I have read one thing the Chinese do is have whole specialized teams of elite hackers work together. And not just one team either.

Do you think this is unusual amongst major nations?
 
  • #20
CRGreathouse said:
Do you think this is unusual amongst major nations?

...and here I thought the NSA was just there for show! *facepalm*

Then again, CAC1001 isn't wrong, china does in fact do just what he said. He's just... selective in his view.
 
  • #21
CRGreathouse said:
Do you think this is unusual amongst major nations?

No I don't think it is unusual, I was responding more to nismaratwork's post when he said he thought the Iran attack was the work of one person, so I thought I would mention that the Chinese attack was likely the work of whole entire teams.

I am well-aware that if the Chinese use hacker teams that the NSA and so forth probably do the same, but we know for sure that the Chinese attacked some major American corporations. We can only suspect via commonsense, that America does the same.
 
  • #22
CAC1001 said:
No I don't think it is unusual, I was responding more to nismaratwork's post when he said he thought the Iran attack was the work of one person, so I thought I would mention that the Chinese attack was likely the work of whole entire teams.

I am well-aware that if the Chinese use hacker teams that the NSA and so forth probably do the same, but we know for sure that the Chinese attacked some major American corporations. We can only suspect via commonsense, that America does the same.

Ahhh, the creation of a worm doesn't need to be a team effort; China and the USA (and others) tend to focus those group efforts on coordinated attacks, rather than the creation of a self-propagating bug. Much as so many viruses come out of places like Romania (education + no job prospects), but an actual "cyber attacK" takes coordinated work.
 
  • #23
Listening to the news this morning, apparently this same worm as affected a few other systems around the world, as well. It's surmised that its effect on the Iranian nuclear program was serious because their cyber security was so poor.

I understand their approach to security was "don't hook it up to the Internet," but when contractors are constantly plugging into the power station's LAN with thumb drives... (sneakernet)
 
  • #24
nismaratwork said:
Ahhh, the creation of a worm doesn't need to be a team effort; China and the USA (and others) tend to focus those group efforts on coordinated attacks, rather than the creation of a self-propagating bug. Much as so many viruses come out of places like Romania (education + no job prospects), but an actual "cyber attacK" takes coordinated work.

Ahh okay, I see what you were saying.
 
  • #25
CAC1001 said:
Ahh okay, I see what you were saying.

Yeah, the jargon is often mixed in the media, so there's no reason that you or anyone would assume anything other than what you did.
 

Similar threads

Stuxnet specifically to destroy a real-world target
  • · Replies 1 ·
Replies
1
Views
3K
Iran's Nuclear Weapons Program Crippled by Computer Worm
  • · Replies 8 ·
Replies
8
Views
4K