This page has been archived and commenting is disabled.
Is a Rogue Computer Virus Shutting Down Nuclear Plants Worldwide?
It is now common knowledge that the U.S. and Israel developed the
Stuxnet computer virus in order to slow down Iran's nuclear program.
As the New York Times noted in January:
Over the past two years, according to intelligence and military experts
familiar with its operations, Dimona has taken on a new, equally
secret role — as a critical testing ground in a joint American and
Israeli effort to undermine Iran’s efforts to make a bomb of its own.
Behind Dimona’s barbed wire, the experts say, Israel has
spun nuclear centrifuges virtually identical to Iran’s at Natanz, where
Iranian scientists are struggling to enrich uranium. They say Dimona
tested the effectiveness of the Stuxnet computer worm, a destructive
program that appears to have wiped out roughly a fifth of Iran’s
nuclear centrifuges and helped delay, though not destroy, Tehran’s
ability to make its first nuclear arms.
“To check out the
worm, you have to know the machines,” said an American expert on
nuclear intelligence. “The reason the worm has been effective is that
the Israelis tried it out.”
Though American and Israeli
officials refuse to talk publicly about what goes on at Dimona, the
operations there, as well as related efforts in the United States, are
among the newest and strongest clues suggesting that the virus was
designed as an American-Israeli project to sabotage the Iranian
program.
***
Officially, neither American nor Israeli
officials will even utter the name of the malicious computer program,
much less describe any role in designing it.But Israeli
officials grin widely when asked about its effects. Mr. Obama’s chief
strategist for combating weapons of mass destruction, Gary Samore,
sidestepped a Stuxnet question at a recent conference about Iran, but
added with a smile: “I’m glad to hear they are having troubles with
their centrifuge machines, and the U.S. and its allies are doing
everything we can to make it more complicated.”
***
By
the accounts of a number of computer scientists, nuclear enrichment
experts and former officials, the covert race to create Stuxnet was a
joint project between the Americans and the Israelis, with some help,
knowing or unknowing, from the Germans and the British.
And the Telegraph noted last month:
A showreel played at a retirement party for the head of the Israeli
Defence Forces has strengthened claims the country's security forces
were responsible for a cyber attack on the Iranian nuclear programme.The
video of Lieutenant General Gabi Ashkenazi's operational successes
included references to Stuxnet, a computer virus that disrupted the
Natanz nuclear enrichment site last year, Ha'aretz reported.Although Israel has not officially accepted responsibility for the
Stuxnet attack, evidence of its role has been mounting since it was
first discovered last July.***
Attributing the source
of cyber attacks in notoriously difficult, but security researchers
say factors including complexity of the operation, which would have
required human sources inside the Iranian nuclear programme, point strongly to the Israeli security forces.
As PC World pointed out last November,
The
sophisticated Stuxnet is a "game changer" for companies and
governments looking to protect their networks, said Sean McGurk, acting
director of the National Cybersecurity and Communications Integration
Center in the U.S. Department of Homeland Security.
***
As
of last week, there were still about 44,000 computers infected with
Stuxnet worldwide, with about 60 percent of them in Iran, said Dean
Turner, director of Symantec's Global Intelligence Network. About 1,600
of the current infections are in the U.S., he said.
***
"Stuxnet
demonstrates that industrial control systems are more vulnerable to
cyberattacks than in the past for several reasons, including their
increased connectivity to other systems and the Internet," he said.
"Further, as demonstrated by past attacks and incidents involving
industrial control systems, the impact on a critical infrastructure
could be substantial."
Indeed, one of the
computer experts quoted by the New York Times, German cyber-security expert
Ralph Langner, noted in a Ted talk last month that Stuxnet could
be used to attack Western nuclear power plants and other types of
automated plants:
As Israel National News writes today:
[Langner] went on to describe the risk that Stuxnet could be used to blow up power plants:"The idea here is not only to fool the operators in the control
room. It actually is much more dangerous and aggressive. The idea here
is to circumvent a digital safety system.... when they are
compromised, then real bad things can happen. Your plant can blow up
and and neither your operators nor your safety system will notice it.
That's scary. But it gets worse - and this is very important, what I
am going to say. Think about this: this attack is generic. It doesn't
have anything to do with specifics with centrifuges, with uranium
enrichment. So it would work as well, for example in a power plant or
in an automobile factory. It is generic. And as an attacker you don't
have to deliver this payload by a USB stick, as we saw it in the case
of Stuxnet. You could also use conventional worm technology for
spreading. Just spread it as wide as possible. And if you do that,
what you end up with is a cyberweapon of mass destruction.""That's the consequence that we have to face," he said, deliberately,
while showing a map that marked Western countries (Israel not
included) in green. "So unfortunately, the biggest number of targets
for such attacks are not in the Middle East. They are in the United
States, in Europe and in Japan. So all the green areas, these are your
target-rich environments. We have to face the consquences and we
better start to prepare right now."
***It
seems possible that he thinks Israel could use the worm against
Western targets. Why the German consultant thinks Israel would want to
do this, one can only speculate.
***
In a correspondence with cyber-security firm Symantec some six months ago, Langner named a "hacker underground" as the possible threat:
"You fail to understand that the hacker underground has been
studying control systems for years without any success. You fail to
understand that this community will eagerly dismantle Stuxnet as a
blueprint for how to cyber-attack installations from the cookie plant
next door to power plants."***
The New York Times
recently reported that the Stuxnet virus could possibly still be
infecting Iranian systems and that it may unleash additional havoc on
new targets.
Has Stuxnet Already Caused Damage Outside of Iran?
Since the Japanese earthquake, Michael Rivero has posted hundreds of articles arguing that the Stuxnet virus has "gotten loose" and attacked other nuclear power plants outside of Iran.
The former editor of the Japan Times - Yoichi Shimatsu - writes:
Tepco
engineers suggested that the electric power inside the plant was
knocked out by something other than the tsunami. I have pointed to this
possibility early on, that the quake and control disruptions could have
made the control computers vulnerable to the Stuxnet virus.
According to Yomiuri, Stuxnet was in Japan as of October of 2010. However, I find it hard to believe that it was not the massive earthquake and the enormous tsunami which knocked out the power (although I suppose a virus could have exacerbated the damage).
There have been a lot of strange stories about unexplained nuclear power plant shutdowns. For example, as Fox News reported last week:
A
nuclear reactor at Plant Vogtle in eastern Georgia has been taken out
of service until authorities determine why it unexpectedly shut down.
I
have no idea whether or not the shutdowns were caused by Stuxnet
accidentally spreading to other reactors, instead of just hitting its
intended target: Iran.
But at the very least, the virus
created by the U.S. and Israel to slow down Iran's nuclear program has
opened a "Pandora's box" which leaves our nuclear plants and other
sensitive facilities open to attacks by hostile governments or rogue
hackers.
»
- advertisements -
Uhhhhh....just because the Iranian centrifuge banks were "nuclear" and nuclear power plants are "nuclear" does not mean that Stuxnet has any application to a nuclear power plant. This is unhinged conspiracy-weaving at its worst. Stuxnet was built -- using the not inconsiderable resources of two nations -- specifically to target the types of centrifuges and controllers used in the Iranian plant. Banks of like centrifuges had to be found, purchased and installed in the US (probably at INL in Idaho) and in Israel. The manufacturer of the control system, Siemens, had to cooperate in the effort. To suggest that some Stuxnet mutant had something to do with the disaster in Japan -- or any other commercial nuke plant issue -- is just patently absurd. Now, if some other country's fuel enrichment program was having problems, that would merit some chin-scratching.
No, not at all. The article said, correctly, that StuxNet could be used to attack nuclear plants or other types of automated plants. It can attack anything that uses Siemens SCADA software, which is very widespread.
StuxNet-style software must first figure out if it is inside the target plant (or one of them). Then, if the designers understood correctly how the SCADA software works to control the plant -- well, it could do anything that a malicious group of operators could do. Like cause a loss-of-coolant accident.
It seems bizarre to attribute Fukushima to a StuxNet attack -- but the existence of StuxNet, and the criminal release of it into the wild by Israel, is profoundly frightening.
This IS unhinged conspiracy-weaving.
Unless the rogue software can send the program back to the perpetrators for analysis, the perpetrators must at the very least have a copy of the scada program with the exact addresses to be changed and knowledge of what the function is at each address.
Mistake number one is using scada for control.
Mistake number two is not putting hard limits in the control program in the controller itself, not reachable by the scada program.
Mistake number three is using Siemens in the first place. Navigating its arcane bullshit software is like trying to read the U.S. tax code. It must have been developed with government money. Nobody uses it willingly.
Mistake number four is using Winbloes as a component in ANY critical automated system. That is just asking for it.
Mistake number five is being a 'scientist' or 'technician', working for such a regime and toward such a purpose. Which explains 100% why they BOUGHT a system with all that crap pre-installed instead of writing their own software or at least modifying it to secure it, which they undoubtedly had no clue about. Something any minimally competent controls engineer could do.
That's not to say there aren't lots of other vulnerable systems out there. There are a lot of less-than-minimally competent controls engineers around (little more than button-pushers). Still, if you decided you wanted to blow up a power plant with a computer virus, you aren't going to be able to do it without intimate knowledge of how EVERYTHING is set up.
The first step in securing any industrial control system is preventing network access in the first place. If you can't do that, then you secure it, and there are a number of ways to do that. If you work for government, you say fuggit and give them what they want when they insist on scada control from their porn-surf Winbloes machines, I guess.
A hacked Winbloes scada machine could probably send the scada program back to the perpetrator for analysis at his leisure. It would not be necessary to hack the scada program or the network, or the controller programming software. It is very easy to stuff values silently anyplace you want in Winbloes. But you're not going to know what to put where without that scada program. If you MUST have scada, you DISCONNECT it from the outside network and MONITOR, DISALLOW, and ALARM any unauthorized traffic on the inside network. That's probably too complicated for government work.
"Siemens, had to cooperate in the effort."
Agreed.
Naive or disingenuous - you make the call.
With "friends" like Israel, one doesn't need enemies.
No kidding -too bad 98% of Americans have their heads up their asses and aren't able to figure this out. "They" control our mainstream media, Wall Street, our politicians -some goon sitting in some room in israel know doubt has my computer targeted for a future virus.
Who are 'they" ? I've got a pretty good idea, i think. But I really can't say. A lot of players involved, a lot of possibilities.
What if you get a virus up ur ASS
might I suggest a modicum of cumspection prior to rectal penetration?
I suggest a prophylactic security system to protect both hardware and software interfaces.
the virus...leaves our nuclear plants and other sensitive facilities open to attacks by hostile governments...
I thought the NWO was designed to make us all one big happy family. You mean to say we have some among us who didn't get enough "Imagine" through their earbuds?
Yeah blowback's a bitch and, unlike nuclear weapons, stuxnet style programs can be developed and launched clandestinely. May not even require the resources of a nation state.
In other news, I was watching to NHK news and, to my utter disbelief, saw a report on a nuclear power plant in Miyagi prefecture being inspected for damage. There is some but no radiation leaks but that wasn't what blew me away. The Japanese are using the facility as a shelter for those whose home were destroyed or had to evacuate from the contaminated zone!
I was at the Kewaunee plant in WI, mid '80s. The Aux Building, where nuclear waste is processed, was "cleaner" than the parking lot, due to the Chinese atmospheric bomb tests. So, no surprise. - Ned
D'OH
yawn...after tsunami we now have stuxnet...black swans are becoming like common farm hens clucking around the barn. Who cares...how we go...it'll be preplanned by man...not by God. I don't think God cares much for man to take over...as for man... he is already hog tied in debt, inflation... and now nuclear fallout and...stuxnet...
We have met the enemy and he is us.
no it's Microsoft ...seller of monopolistic shit software for decades ..so much for the Lemon Law and Cionsumer Groups, how did Bill Gates get away with selling crate loads of MS crap year after year?
Monopolistic? Shit software? lol!
Do enlighten us as to how it's a monopoly when Microsoft not only has to compete with Apple, Google, and a plethora of LINUX outfits, but also its own products. Do tell, do tell.
Furthermore, while your opinion of their products may be low, you can scarcely overlook the indisputable worldwide popularity of and preference for Microsoft's products. No one else comes close. Just how do you suppose this came about? Were Microsoft's products forced on firms and consumers at gunpoint?
Using data from Wiki there is an ~45% probability that you wrote your post in IE, with an ~80% probability that you did it in a Windows environment. Kinda hard to push the "crap" line with numbers like that.
Why don't you educate yourself before you start tossing around terms such as "monopolistic". I'll help you get started:
http://tinyurl.com/microstan
WeekendAtBernankes ?
Is that you Bill?
Defending MS... heh. All that profit from all that OS misery. Let's discuss Windows 98, ME and Hasta La Vista Baby.
May the blue screen of death resurrect itself and reformat your brain.
Gates and the gang ought to be shot simply for the lost productivity from MS boot ups and shutdowns.
Oh and VHS was better than Beta.
Being a de facto standard does not mean you are better. Could mean you stole ideas and bought out competitors...
Quit your troll MS butt licking and re-educate yourself using Firefox on an Android device..... PUD master.
Any good, free, competing MS Outlook products out there that can sync with exchange and handle all of the MS Outlook features like appt requests? Honest question. I don't feel like popping 120 bucks for it if there is an equiv for much less and Open Office doesn't have one. I've dumped Office completely in lieu of Open Office, but Winmail sucks! was thinking maybe Thunderbird if there are plugin's for it that at least offer most of the Outlook functionality.
Caveat emptor. Ease of use for the public skewl ed-u-kaytud, or drowning in support calls. Your choice.
Just wait. Crapple's turn in the barrel is coming.
Mazel tov! We've been waiting for you to figure that out.
stuxnet=skynet
Remember the love Bug issue? I think they have the same author. But this is worst, this virus destroys Nuclear power Plant. We don't know what happened in Japan is because of this virus created by US and Israel. secured loans
Great article GW... thanks.
How about one on drone proliferation? US using them right and left... the new normal?
How about bad dudes launching one of these babies off the coast of Nantucket.
Pandora's box indeed has been opened in many ways. She's become loose as a goose.
Right on Ying, under our very noses and over our heads and in our system, the silent take-over.
Pretty awe-some-ful, depending on perspective.
ORI
http://aadivaahan.wordpress.com/2011/04/24/phase-shift/
STUXNet has been for sale online for a while. The newest version for sale is called STAR. What makes the virus so particularily effective it takes advantage of the four unpatchable system holes which are required to keep systems talking with one another.
The STUXNet version of the virus targets seimens equipment. The latest model, STAR, targets anything you want and can deliver any payload for the low low price of 475k. STAR was developed as a reaction to STUXNet after the black hats cracked it open and found out it was Israel and the US behind the virus. Some 14 year old kid in Iran put his own touches on it and released it this weekend. If anyone has seen the Playstation network, that's what it does. Knocks ANY equipment right off the rails.
So make sure you do the Microsoft/Apple/Linux updates so your home PC's/Office PC's asap.
I'm half expecting a rebuttal to the STAR virus. Since STUXNet has shown how viruses can be used to knock out engineered complex systems. I'm waiting for the future generations to start attacking hospital equipment.
CPL, exactly right. Although I disagree that future versions will attack hospital equipment -- althought the thought is indeed terrifying.
From what I know about the subject -- almost all efforts are being redirected towards mobile -- particularly Android.
Android is the 'host' of choice for all new virus development because it is not only extremely difficult to patch hardware holes, but handset manufacturers are slow to react and handhelds carry all-important financial transaction data. The fruit is too low-hanging and plump to resist.
The USA and Israel governments are cyber terrorists on steroids. The people who authorized this worm virus should be tried in the Hague for crimes against humanity.
Real operating systems do not require security holes for communication. If Siemens is building SCADA software on top of Microsoft OSes, those Germans are good-looking but not very clever.
And at some point, Microsoft should be blamed for selling garbage.
Oh, and um ... I don't think that Israel gets a free pass for infecting computers all over the world because ... they felt like it. This is the morality of cannibals.
On your last point -- it was only a couple years ago when the entire world was weighing the possibility of an outright Israeli attack which would have killed hundreds of thousands of innocents (maybe millions).
**UNLIKE** NATO and the United States, Israel thought "outside the box" and didn't just 'invade'. If you want to point the finger at twisted morality, there are far richer targets in the 'first world' nations of Europe and America. Israel came up with a novel solution which has had **ZERO** collateral damage in terms of human life.
You can disagree with Israel's politics, but on this score one must note that they're doing a whole lot better than NATO and the United States.
Personally, I'd like to see America and Europe do a little more creative, non-violent disruption -- and a little less killing.
Most states are pathetic in what they hold themselves to be Vs what they are actually about this includes NATO, Iran, Russia, China, USA, UK etc.. etc.. most states are just enablers for the globalist elite that are taking away ALL PEOPLES RIGHTS IN ALL THE COUNTRIES OF THE WORLD!!!
Way to completely miss the point. I can see you're just itching to talk about how bad Israel is. Okay. Done now?
Stay on topic Banjo. I said: In *this* scenario, there were no collateral casualties. This was non-violent policy at its core. If this had been NATO or the US, (or China for that matter) there would be thousands of deaths already.
The total number of deaths in Palestine is a tiny, tiny, tiny fraction of the civilian deaths caused by the US in Iraq and Afghanistan. If you had to pick one nation which is far and away the largest killer of innocents in the last ten years -- its America. (Well... actually I take that back... it's Sudan, and the USA is a close second.)
To be a realist, conflict is conflict and it isn't going anywhere. We're never going to have a world without it. But what is decidedly *new* here is that **this** conflict drew no blood. All I'm saying is that is noteworthy -- particularly in the times we live in.
If *ALL* countries handled their conflicts through non-violent means, we'd be better off. I don't think we're on different pages. We are in agreement on your last point.
Hospitals? Meh. I would go with widespread vote tampering. If you want to cause a nice little shit-storm, let's have say 400 million votes for any single POTUS candidate in the next general election. Perhaps some wide-spread unanimous precints would do it.
/evil grin.
"The STUXNet version of the virus targets seimens equipment."
...so it must be some short sellers at it again???
Lets make some real money and target Amazon's cloud...oh, you say they di last week???
I have long thought that Seimens was complicit.
Maybe partially but non the less I think they delivered compromised firmware and system code or we would have seen global disruptions by now.
Guilty people are always blaming the Semen.