This page has been archived and commenting is disabled.
DEADF007 - Is Stuxnet The Secret Weapon To Attack Iran's Nukes; Is A Virus About To Revolutionize Modern Warfare?
One of the most interesting stories in the last few days, has little to do with finance and economics (at least right now), but arguably very much to do with geopolitics. A fascinating report which cites computer security experts claims that the recent uber-cryptic malware worm Stuxnet is nothing less than a weapon designed to infiltrate industrial systems, and based on attack patterns, the ultimate object of Stuxnet may be none other than Iran's Busher nuclear reactor, which could be targetted for destruction without absolutely any military intervention. Has modern warfare just become obsolete courtesy of a computer virus?
From Yahoo:
Cyber security experts say they have identified the world’s first known cyber super weapon designed specifically to destroy a real-world target – a factory, a refinery, or just maybe a nuclear power plant.
The cyber worm, called Stuxnet, has been the object of intense study since its detection in June. As more has become known about it, alarm about its capabilities and purpose have grown. Some top cyber security experts now say Stuxnet’s arrival heralds something blindingly new: a cyber weapon created to cross from the digital realm to the physical world – to destroy something.
A brief history of Stuxnet:
Stuxnet surfaced in June and, by July, was identified as a hypersophisticated piece of malware probably created by a team working for a nation state, say cyber security experts. Its name is derived from some of the filenames in the malware. It is the first malware known to target and infiltrate industrial supervisory control and data acquisition (SCADA) software used to run chemical plants and factories as well as electric power plants and transmission systems worldwide. That much the experts discovered right away.
But what was the motive of the people who created it? Was Stuxnet intended to steal industrial secrets – pressure, temperature, valve, or other settings –and communicate that proprietary data over the Internet to cyber thieves?
And it gets much more eerie:
Since reverse engineering chunks of Stuxnet's massive code, senior US cyber security experts confirm what Mr. Langner, the German researcher, told the Monitor: Stuxnet is essentially a precision, military-grade cyber missile deployed early last year to seek out and destroy one real-world target of high importance – a target still unknown.
"Stuxnet is a 100-percent-directed cyber attack aimed at destroying an industrial process in the physical world," says Langner, who last week became the first to publicly detail Stuxnet's destructive purpose and its authors' malicious intent. "This is not about espionage, as some have said. This is a 100 percent sabotage attack."
Stuxnet is so sophisticated it may revolutionize the way modern warfare if fought entirely:
Stuxnet's ability to autonomously and without human assistance discriminate among industrial computer systems is telling. It means, says Langner, that it is looking for one specific place and time to attack one specific factory or power plant in the entire world.
"Stuxnet is the key for a very specific lock – in fact, there is only one lock in the world that it will open," Langner says in an interview. "The whole attack is not at all about stealing data but about manipulation of a specific industrial process at a specific moment in time. This is not generic. It is about destroying that process."
The virus has already spread to the point where it is safe to say most critical SCADA infrastructure may already be infected.
So far, Stuxnet has infected at least 45,000 industrial control systems around the world, without blowing them up – although some victims in North America have experienced some serious computer problems, Eric Byres, a Canadian expert, told the Monitor. Most of the victim computers, however, are in Iran, Pakistan, India, and Indonesia. Some systems have been hit in Germany, Canada, and the US, too. Once a system is infected, Stuxnet simply sits and waits – checking every five seconds to see if its exact parameters are met on the system. When they are, Stuxnet is programmed to activate a sequence that will cause the industrial process to self-destruct, Langner says.
Has Stuxnet already hit its target?It might be too late for Stuxnet's
target, Langner says. He suggests it has already been hit – and
destroyed or heavily damaged. But Stuxnet reveals no overt clues within
its code to what it is after.
Will DEADF007 be the keyword that everyone will soon focus on?
Langner's analysis also shows, step by step, what happens after Stuxnet finds its target. Once Stuxnet identifies the critical function running on a programmable logic controller, or PLC, made by Siemens, the giant industrial controls company, the malware takes control. One of the last codes Stuxnet sends is an enigmatic “DEADF007.” Then the fireworks begin, although the precise function being overridden is not known, Langner says. It may be that the maximum safety setting for RPMs on a turbine is overridden, or that lubrication is shut off, or some other vital function shut down. Whatever it is, Stuxnet overrides it, Langner’s analysis shows.
"After the original code [on the PLC] is no longer executed, we can expect that something will blow up soon," Langner writes in his analysis. "Something big."
And the punchline - Iran's nuclear plant may have already been destroyed without anyone firing a shot anywhere:
A geographical distribution of computers hit by Stuxnet, which Microsoft produced in July, found Iran to be the apparent epicenter of the Stuxnet infections. That suggests that any enemy of Iran with advanced cyber war capability might be involved, Langner says. The US is acknowledged to have that ability, and Israel is also reported to have a formidable offensive cyber-war-fighting capability.
Could Stuxnet's target be Iran's Bushehr nuclear power plant, a facility much of the world condemns as a nuclear weapons threat?
Langner is quick to note that his views on Stuxnet's target is speculation based on suggestive threads he has seen in the media. Still, he suspects that the Bushehr plant may already have been wrecked by Stuxnet. Bushehr's expected startup in late August has been delayed, he notes, for unknown reasons. (One Iranian official blamed the delay on hot weather.)
There is much more to this story than merely creating page click inducing headlines. Computerworld itself is on the case:
A highly sophisticated computer worm that has spread through Iran, Indonesia and India was built to destroy operations at one target: possibly Iran's Bushehr nuclear reactor.
That's the emerging consensus of security experts who have examined the Stuxnet worm. In recent weeks, they have broken the cryptographic code behind the software and taken a look at how the worm operates in test environments. Researchers studying the worm all agree that Stuxnet was built by a very sophisticated and capable attacker -- possibly a nation-state -- and it was designed to destroy something big.
Though it was first developed more than a year ago, Stuxnet was discovered in July 2010, when a Belarus-based security company found the worm on computers belonging to an Iranian client. Since then it has been the subject of ongoing study by security researchers, who say they have never seen anything like it before. Now, after months of private speculation, some of the researchers who know Stuxnet best say that it may have been built to sabotage Iran's nukes.
And ever more experts are chiming in:
Last week Ralph Langner, a well-respected expert on industrial systems security, published an analysis of the worm, which targets Siemens software systems, and suggested that it may have been used to sabotage Iran's Bushehr nuclear reactor. A Siemens expert, Langner simulated a Siemens industrial network and then analyzed the worm's attack.
Experts had first thought that Stuxnet was written to steal industrial secrets -- factory formulas that could be used to build counterfeit products. But Langner found something quite different. The worm actually looks for very specific Siemens settings -- a kind of fingerprint that tells it that it has been installed on a very specific programmable logic controller (PLC) device -- and then it injects its own code into that system.
Because of the complexity of the attack, the target "must be of extremely high value to the attacker," Langner wrote in his analysis.
The evidence supporting that the attack is truly focusing on Iran is moving beyond the merely circumstantial:
This specific target may well have been Iran's Bushehr reactor, now
under construction, Langner said in a blog post. Bushehr reportedly
experienced delays last year, several months after Stuxnet is thought to
have been created, and, according to screenshots of the plant posted by UPI, it uses the Windows-based Siemens PLC software targeted by Stuxnet.
Another article by Computerworld discusses the lack of patching of a bug which Windows promised had been fixed, yet which allowed the entry of the virus into attacked systems. One wonders why Windows may have misrepresented this weakness...
Microsoft confirmed Wednesday that it overlooked the vulnerability when it was revealed last year.
The vulnerability in Windows Print Spooler service was one of four
exploited by Stuxnet, a worm that some have suggested was crafted to sabotage an Iranian nuclear reactor.
Last week, researchers at both Kaspersky Lab and Symantec, the firms that had reported the bug to Microsoft
in July and August, respectively, said the print spooler vulnerability
had not been publicly disclosed before they found Stuxnet was using the
flaw.
Yesterday Microsoft this omission:
"Microsoft is aware of claims that the print spooler vulnerability in
MS10-061 was partially discussed in a publication in April 2009," said
company spokesman Dave Forstrom in an e-mail Wednesday. "These claims
are accurate. Microsoft was not directly made aware of this
vulnerability nor its publication at the time of release."
And for the paranoid, there are at least two other unpatched bugs which allow Stuxnet to enter any system it desires:
The security firms also notified Microsoft of two other unpatched bugs that the Stuxnet worm exploited. Those flaws, which can be used by attackers to upgrade access privileges on compromised PCs to administrator status, will be patched in a future update, Microsoft said last week. It has not set a timetable for the fixes, however.
Little information is available about the two lesser vulnerabilities. Danish bug tracker Secunia, for example, has posted only bare-bones advisories, noting that one affects Windows XP while the other affects Vista and Windows Server 2008 machines.
In other words, the entire world could very well be open to attacks by the most sophisticated targeted virus ever created, whose sole purpose may be the eradication of targets which previously involved the involvement of armed combat.
Is the face of warfare about to change forever?
»
- 38447 reads
- Printer-friendly version
- Send to friend
- advertisements -
This is nothing new. One way to stop this, unplug your computer from the Internet or all phone lines. How did it get to the Iranian nuclear power plant without the plant having Internet connection (assuming it did not)?
flash drive
That implies we have a spy on the ground or infiltration. Is that what you are saying? I figure the intial strike in warfare would be a strike at information technology.
I heard a network security specialist on the radio describing the flash drive trick. You just scatter a few in the parking lot in hopes that someone will pick one up, take it into the office and use it.
Down, next you are going to tell me birds are going to drop these flash drives in the parking lot from a hundred miles away. ;)
The Marines have a small, hand-launched drone aircraft with eyecams on it, why not a small bomb rack (for the thumb drives)?
Jihad Joe... Double spy!
Jihad Jane..........Double D's spy
Why do you think it was "we"?
the story reports on a Russian consultant (who also "consults" in Pakistan).
could be a lot of vectors.
Not even. Just find out who fills their IT purchase orders, intercept a shipment of office stuff, insert your USB Trojan horse, and wait.
A high school kid can figure this stuff out.
Too funny...
So simple...
http://www.brighthub.com/computing/smb-security/articles/84629.aspx
One other question about this virus. Even if it was delivered using a USB flash stick, what if the Iranians are running Linux software? Makes the virus useless?
IIRC, Iran uses CP/M.
Linux isn't supported for operator stations in plant control systems. Maybe for the firewalls and webservers but definitely not for the OWS.
What are you talking about?
Simply rebutting the Linux inclusion. Linux is not a supported Operator Workstation (OWS) for any major DCS vendor. Simply, the virus was written for Windoze systems because that's what is used for all OWS across all DCS vendors.
What makes you think they didn't develop multiple versions of the same worm? The idea that any one OS gives you universal protection from malware is a false one.
Regardless, given the specific target information of the PLC it is likely the developers of this bug knew exactly what OS they needed to program it for.
The target is a Microsoft Windows based control system driving a Siemens PLC. This configuration is publicly known to be utilized in the Iranian reactor.
Hey Tyler, here's a story from 1 year ago that dovetails perfectly with this one in that it pretty clearly points out who is behind this:
Wary of naked force, Israel eyes cyberwar on Iran
Published: Reuters 07.07.09
Decade-old cyberwarfare project seen as new vanguard of Israel's efforts to block Tehran's nuclear ambitions; American expert says 'malicious software' could be inserted to corrupt, commandeer or crash the controls of sensitive sites like uranium enrichment plants
In the late 1990s, a computer specialist from Israel's Shin Bet internal security service hacked into the mainframe of the Pi Glilot fuel depot north of Tel Aviv.
It was meant to be a routine test of safeguards at the strategic site. But it also tipped off the Israelis to the potential such hi-tech infiltrations offered for real sabotage.
"Once inside the Pi Glilot system, we suddenly realized that, aside from accessing secret data, we could also set off deliberate explosions, just by programming a re-route of the pipelines," said a veteran of the Shin Bet drill.
So began a cyberwarfare project which, a decade on, is seen by independent experts as the likely new vanguard of Israel's efforts to foil the nuclear ambitions of its arch-foe Iran.
The appeal of cyber attacks was boosted, Israeli sources say, by the limited feasibility of conventional air strikes on the distant and fortified Iranian atomic facilities, and by US reluctance to countenance another open war in the Middle East.
"We came to the conclusion that, for our purposes, a key Iranian vulnerability is in its on-line information," said one recently retired Israeli security cabinet member, using a generic term for digital networks. "We have acted accordingly."
Cyberwarfare teams nestle deep within Israel's spy agencies, which have rich experience in traditional sabotage techniques and are cloaked in official secrecy and censorship.
They can draw on the know-how of Israeli commercial firms that are among the world's hi-tech leaders and whose staff are often veterans of elite military intelligence computer units.
"To judge by my interaction with Israeli experts in various international forums, Israel can definitely be assumed to have advanced cyber-attack capabilities," said Scott Borg, director of the US Cyber Consequences Unit, which advises various Washington agencies on cyber security.
Technolytics Institute, an American consultancy, last year rated Israel the sixth-biggest "cyber warfare threat," after China, Russia, Iran, France and "extremist/terrorist groups."
The United States is in the process of setting up a "Cyber Command" to oversee Pentagon operations, though officials have described its mandate as protective, rather than offensive.
Asked to speculate about how Israel might target Iran, Borg said malware -- a commonly used abbreviation for "malicious software" -- could be inserted to corrupt, commandeer or crash the controls of sensitive sites like uranium enrichment plants.
'Cyberwar clandestine and deniable'
Such attacks could be immediate, he said. Or they might be latent, with the malware loitering unseen and awaiting an external trigger, or pre-set to strike automatically when the infected facility reaches a more critical level of activity.
As Iran's nuclear assets would probably be isolated from outside computers, hackers would be unable to access them directly, Borg said. Israeli agents would have to conceal the malware in software used by the Iranians or discreetly plant it on portable hardware brought in, unknowingly, by technicians.
"A contaminated USB stick would be enough," Borg said.
Ali Ashtari, an Iranian businessman executed as an Israeli spy last year, was convicted of supplying tainted communications equipment for one of Iran's secret military projects.
Iranian media quoted a security official as saying that Ashtari's actions "led to the defeat of the project with irreversible damage." Israel declined all comment on the case.
"Cyberwar has the advantage of being clandestine and deniable," Borg said, noting Israel's considerations in the face of an Iranian nuclear program that Tehran insists is peaceful.
"But its effectiveness is hard to gauge, because the targeted network can often conceal the extent of damage or even fake the symptoms of damage. Military strikes, by contrast, have an instantly quantifiable physical effect."
Israel may be open to a more overt strain of cyberwarfare.
Tony Skinner of Jane's Defense Weekly cited Israeli sources as saying that Israel's 2007 bombing of an alleged atomic reactor in Syria was preceded by a cyber attack which neutralized ground radars and anti-aircraft batteries.
"State of War," a 2006 book by New York Times reporter James Risen, recounted a short-lived plan by the CIA and its Israeli counterpart Mossad to fry the power lines of an Iranian nuclear facility using a smuggled electromagnetic-pulse (EMP) device.
A massive, nation-wide EMP attack on Iran could be effected by detonating a nuclear device at atmospheric height. But while Israel is assumed to have the region's only atomic arms, most experts believe they would be used only in a war of last resort.
http://www.ynetnews.com/articles/0,7340,L-3742960,00.html
Scott BORG. LMAO
Just to clarify: I read up on Stux and its exploit vector was a buffer overrun in the .lnk shortcut thumbnail/icon processor.
You did not need to actually execute any code for this exploit to succeed. Just plug in the flash, when Windoze goes to look at the lnk files, the worm gained access.
There is so much garbage code out there as to defy belief...one of the reasons I despise C++ so much is it makes it easy for developers to be really stupid.
Calling C++ and object-oriented language is like nailing 4 more legs on a dog and calling it an octopus. (still one of my favorite descriptions!)
I think Iran is still on Windows '95 so they should take that into consideration.
BTW does anyone else hate MS Office 2010 and Windows 7 as much as I do? Give me back my menus and stop trying to be an Iphone app. AAaarrhhhh!!
While there's not much you can do about Office 2010, you can modify Win 7 to look and act similar to XP if you want. Though some things are hardwired in and can't be changed.
Or you can learn the new system, which is much better in my view. There is more functionality and many things you wished you could do in XP that you can do in Win 7.
Or is this a case of an old dog and new tricks? :>)
Don't know about Win7, but I recently upgraded to Office 2007, and I'm mortally pissed off. Simple things that took two clicks before now require a host of searching through various levels to accomplish. And things that used to work in 2003, don't work at all in 2007.
For example, say you imported a document that has a lot of extra carriage returns. In Word 2003, you simply did a "find and replace" with "^l" as your search string, and " " as the replace. This no longer works in 2007; there is no easy way to do it unless you're good with Visual Basic, and want to build a macro that uses the "Clean" function.
Excel 2007 does have some functionality - huge increase in spreadsheet size, etc. - that was worth it, but that they chose to destroy the interface that everyone had used for a decade, without at least giving you the option to use the old one, is criminal arrogance.
I felt the same way when I moved to Office 2007. But once I learned the new interface, I found it very intuitive, with many of the same functions now grouped together. I do agree some things were lost in the transition though. Change is always difficult, particularly if you've spent a great deal of time learning an interface only to have it change beyond recognition.
I does appear Microsoft is appealing to the lowest common denominator who wishes to be entertained and has a severe case of ADHD.
CD, try the Apple ecosystem. In 20 years of office work, entertainment, communications, whatever, I have had no need for anything but intuition and common sense to fully enjoy any product.
And I believe I've saved a huge amount of time and money not having to deal with any anti-virus crapola.
I actually bought an Apple a year ago. And I love it.
But my business runs Windows, my family runs Windows (and I build their computers for them) so I'm still attached to MSFT.
what does your wife runs, poopey?
No, eventually I'll be forced to figure it out...this is only day 2.
Excel (possibly the most useful computer program ever) looks like it may actually be better than before but generally there seems to be a tendency to hide useful information in an effort to make the interface look slick and more Iphone-y. The 'File' tab blots out the entire screen when you click on it and what the hell happened to 'undo' ??
Windows Media Center, which I'll eventually replace anyway, is so far the worst in this regard: no drop-down menus of any kind - just an endless loop of button choices you don't want (let's play chess!) as you flail away in vain trying to get the thing to recognize your CD. All it's missing is that annoying hippy chick voice that seems like it's on every automated call center on the planet right now.
Your indoctrination and assimilation will progress rapidly.
It is futile to resist.
The astonishing lameness of Win7's version of Media Player made me wonder if MS has purchased CyberLink, which it would seem to be virtually promoting in comparison.
OMG! How could Media Player possibly get LAMER than it already was. <facepalm>
Well, for starters, they could remove the fast forward and rewind buttons. Hell, MP--as well as $19 DVD players--had that function years ago, iirc.
Are you talking about Windows Media Center (which tries unsuccessfully to combine all types of media functions into a user friendly interface) or Windows Media Player?
I agree that Media Center is worse than garbage. But Media Player didn't change much with Win 7.
Player. Perhaps I don't recall correctly, since I've used alot of players over time, but it seems to me that it used to have rewind and fast forward (as opposed to just chapter skipping)?
I bought a new computer to replace my slightly older one that was on XP. The newer vista machine now three years old never ran well. Slow startups freezeups just shit. My old XP machine is still working fine and is still faster than vista ever was. Won't replace it till it dies now.
Lots of luck getting it to properly interface w/ the robot in question. The Borg from Star Trek does not exist. (Well, the Fedborg maybe, but you know what I mean)
So the IDF is going to attack their centrifuge systems.
(Black) hats off to the engineers that made this bespoke piece of w0rmw@r3z.
It beats the hell out of armed conflict.
One wonders if it is meant to be retargeted in the field on demand.
They're gonna wheel out their perpetual-motion-machine next week. If you talk really nice to them maybe you can get in on the IPO.
Yawn.
From what I have read it seems to target printing presses setting them to go into overdrive :-). Roll on QE3
+100
The balance of physical gold in your vault cannot be reduced to 0 by Skynet once it becomes sentient. The proverbial, gratuitous GOLD BITCHEZ.
Hopefully there is a version out there for killing HFT systems.
I would not be surprised if someone developed a trojan horse and launched it against an HFT. Think about it, go short before you force a stock to crash. Oh shit, the authorities are watching! Hi CIA and NSA.
Dude, you've been echeloned.
Wouldn't this be better utilized on Goldman Tower and its back up datacenters?
Your time might be better spent researching the background of Stephen Friedman and the various intel organizations he's affiliated with, and those intel commissions he's sat on.
Gawd, I hope achmeds Norton anti-virus is up to date.
Everyone knows Norton gives you more headaches than it cures. AVG/Avira FTW
Pretty cool, if true.
Two questions.
If so, then we should... long or short SI? And who gets the full briefing on this, POTUS or Bill Gates?
"There is much more to this story than merely creating page click inducing headlines."
I'm getting more cynical everyday - as I was skimming this I had two thoughts:
1. this is just mind-candy to generate web traffic (ie, sell newspapers)
2. this is a distraction from what's really going on
As I type this and consider the comments so far in this thread, two more thoughts occur to me
3. this is justification for an increase in some agencies budget
4. this is justification for limiting access to information (the internet?)
seems like BS to me but, like I said, I'm a cynic ...
bronzie, you nailed it, dude! Exactimento!
Yup, we had that recent publication and book tour by Richard Clarke, former national security advisor to Clinton and Bush, who conveniently neglects to the mention --- while shouting to the hills about the coming Chinese --- that the Clinton administration handed over the over-the-horizon missile targeting tech (the most advanced military tech) to the Chicom totalitarian capitalists, thus erasing the 25-year offensive lead of the USA, while the Bush administration allowed the Chicom totalitarian capitalists to purchase that highly advanced strategic ball bearing factory, in Ohio if I recall correctly, which put them drastically ahead and equal to the US in offensive electro-mechanical tech relating to tanks, sea-going vessels, etc.
So they ship the jobs and factories to China, along with the most advanced military tech, then try to scare us with, "The Chinese are coming, the Chinese are coming."
Meanwhile, massive funding is required by the new Cyber Command, and DHS stooge, Janet Napolitano, is crying for ever more funds against all those evermore stealthy terrorist attacks.
I think they've been practicing on our washing machine
I'll do the thinning around here, Babalooee.....
so they destroy a turbine or whatever. they still have the radioactive material. a virus can't degrade the radioactive material. those bitchez will just pick it up with barehands and start lobbing it at their enemies.
They can target the centrifuges (pre-enrichment of uranium).
Some of you doubting this or suggesting that an EMP would be more effective don't understand what's going on here. I work in the chemical manufacturing industry and have a basic understanding of these PLC based operations. At these facilities a PLC runs the entire process. An operator approaches a touch screen and tells it which process to operate or which chemical to make. The PLC takes over from there and tells other machines to add the proper amounts of raw materials. The PLC tells the heaters to kick on and heat until the right temperature is reached. The PLC tells the mixer to kick on and mix at a certain speed for a specified amount of time. The entire operation is controlled by the PLC. If someone can unkowingly change the parameters of the PLC, then when a process is triggered by the operator the malicious code parameters can take over and instead of making polymer you're unkowingly make a two ton bomb.
This is better than an emp on some levels because you can actually generate an explosion. An emp will fry the electric circuits but not necessariy generate any fire works.
If this bug is tucked away in a piece of hardware, then it could be an extremely formiddable foe that pops up in different areas at different times.
I've built a number of chemical processing facilities in China. And while there are some very smart cookies in China (and Asia) many of them are not and the facilities need to be made pretty "idiot proof". This requires a lot of automation as Cobb suggests...and makes the PLCs vulnerable. I assume this is also the case in the Middle East.
That said, important to scrutinize any nfo on ZH as it has become increasingly "Drudge Report" Like
Your "basic" understanding is too basic. I fail to see how such an attack could be carried out. Maybe on a 1:1 basis with physical access, but PLCs are not PCs running a vulnerable operating system.
Nope, the article is agitprop, designed for western audiences. There has long been a "fear of the Internet" and "fear of computers" meme pushed by the PTB in attempt at widespread censorship.
Well said.
Perhaps you haven't worked around PLCs before. They might actually be more vulnerable because they are not PCs, and therefore are not provided the same level of protection that a PC might have. PLCs do, indeed run nearly all extremely critical operations in chemical manufacturing. This is to avoid operator error and to increase production over time.
The PLC makes the decision rather than an operator, and the PLC is frequently tied into a PC network so that an engineer can set PLC parameters remotely. This is very common. Someone could plant the program in hardware or software pretty easily, and the program could change steps in the process.
A PLC is programmed to run every step of an operation and they are extremely vulnerable at most facilities. Most facilities recognize this and take steps to protect some of the more valuable processes with passwords and other protections. However, they could still be corrupted easily from hardware or from someone unkowingly inserting the malware via corrupted software.
For example, if you changed the start event for pumps that normally come on at 7 psi or 95 degrees to come on at 50 psi or 200 degrees then your job is done. It's as simple as changing a couple of settings in a ladder diagram. That's the basic part. You could get much more complicated depending on the goal you had in mind.
The malware branched the SCADA control system, which I guess was Windows-based. WTF. The stupid PLC would then be taking orders from something that was actually out to kill it. Epic lulz ensue.
You don't have to attack the worker bee, just attack the trusted command+control structure.
Any1 using Windows is Asking for trouble, Linux Bitchez !
Linux Kernels have the occassional 0 day exploit as well.
OpenBSD, bitchez.
Windoze is the only supported OS for operator workstations (OWS) in major distributed control systems (DCS) vendors such as Siemens. Linux is completely worthless as a desktop client, BSD is even less suitable.
I agree but ... I think it comes down to whether you love the command line or not - and I do. Developed stuff (light-weight compared to what is being discussed here) for years in a Unix/Linux type of environment and only recently have had to move to a Windows development environment and I find it really sucks. They try to provide an "intuitive" interface but it isn't that at all. Recently I've been working (learning) SSRS for report generation. Learning the underlying language (MDX) was easy - trying to figure out Microsoft's badly designed reporting services tool was much more painful.
Sounds like pure BS. Somebody been watching Swordfish a bit too much
As a software engineer, this is much more likely than getting a hummer from Halle Berry.
Geez, I hated that godawful and idiotic film -- only went to see it in the movie theater for Halle's topless scene (yup, purely superficial at heart).
Your comment, lolmaster, reminded me of similar comments at Microsoft back in the mid to late '90s, when they first came out with Win95 and I was one of the contractors with their retail tech support.
First, they (MS senior engineers) claimed BIOS level viruses were impossible -- so I wrote one for a demonstration just to prove the nimrods wrong!
Next, we encountered one weird-ass virus. Some nefarious and enterprising soul (I say nefarious, but he may have had valid reasons for his revenge) wrote a capacitor-discharge virus, which attacked those (now) older CRTs, and it was scary indeed.
Made it sound like a metal-stamping machine in a printing press shop -- around 150 decibels, at least! And, if not shut off, not only would it destroy the CRT completely, but sometimes explode in a most dangerous fashion.
Truly mind blowing.
Don't be so quick to judge, unless you are the most technoid of the technoids.
Has anyone read Norbert Weiner's book that is quite dated (I read it in the early 60's) called "Cybernitics and Society"--The human use of human beings" I dimly recall something along these lines. Like I say it was many years ago. Milestones
NSA helped develop security protocols for Windows 7...
Knowing what you know about Apple, Blackberry and Android device OSs why do you not think Microsoft is in total lockstep with NSA.
This is a given and why China is working on their own OS so they can be secure without relying on MS.
Do you really think there is a platform out there that protects your individual information?
Surprise, surprise!
What you say may be correct, but it is a strawman because nuclear power plants don't run Android OS or Windows.
False statement.
It was already publicly confirmed last year by Iran itself that it's controller systems were MS Windows based driving Siemens PLCs. Stuxnet is designed to attack that configuration coupled with specific screening parameters to allow it to identify one specific PLC.
The bug is obviously real, right? It's the intent that is subject to speculation.
Any chance it was created purely as a smoke screen, so when the reactor is hit with an as-yet-undetectable physical weapons system, we can deny all responsibility and simply say it was blown up by a computer virus written by Jeff Goldblum?
Just a thought.
Your "Nuclear Power" plant is not responding.
:---------------------: :------------:
| End Task Now | | Cancel! |
|____________| |_______|
Ignore, Abort, Retry?
I recall the first gulf war. The Iraqi air force was charged with air defense ground radars. While the normal plan is to send in F-4 Wild Weasels with HARM missiles, in the months running up to the conflict, we inserted some extra EPROM into networked printers bound for Baghdad. The eve of conflict, those printers were sent instructions via the hacked network and much of the air defense system was disabled at headquarters disrupting C4I and bringing the air defense to chaos. Add a little chaff, some active EW and some drones and presto - more fog of war. That was twenty years ago. Chances are some Russian nerd can now shut off the tertiary cooling systems of any US nuke plant. Or how about shutting down the NYSE, NASDAQ, SWIFT or FEDLINE for no reason. Physical bitchez! Call Hollywood. No need for a stratosphere h-bomb and EMP parade. Now if only they can pin it on the Tea Party and the Oath Keepers working with Al-Qaeda.
I can think of some very good reasons for "shutting down the NYSE, NASDAQ . . . etc." . Maybe it's just me . . .
we know things are screwed up when we fantasize about a "communist dictatorship" saving our "capitalist democracy"
Ain't that the truth.
Sounds like bs to me. Why would an air defense system have printers connected to it? Why would it use TCP/IP instead of some hardened, custom protocol?
This aerojet has to be a bot, or something.
Why would DARPA have anything to do with the Internet?
Why would DARPA have anything to do with the military?
Why is the sky blue?
Why does anyone have printers?
Why do they need NOTAMNs, after all?
What is this strange ICAO system, huh?
So would you say that you personally have a more limited grasp on technology or is HISTORY your problem?
I see, continuation of us vs them stories that purportedly shows how nefarious west is always agitating against peaceful Islam.
http://www.youtube.com/watch?v=X_TUwI8UKY4
Take a look...
Read more: http://news.cnet.com/8301-1009_3-10014150-83.html#ixzz10N7gzLFl
Denial-of-Service attack on a public website == apples.
Claims in this article == oranges.
I want to know if it is really DEADF007 or if it is 1101 1110 1010 1101 1111 0000 0000 0111?
I've heard of people using 0xDEADBEEF, 0x0BADF00D, or even 0xB00BBABE, but not DEADF00T.
FEEDABBABABE, for those anorexic MAC addresses.
For the person who junked me:
The article was talking about the enigmatic final code DEADF007. They make it sound ominous, but it is common for computer scientists to use hexidecimal markers that can easily be spotted in code. If interpreted as hexadecimal then DE AD F0 07 is an 32-bit number (yes, it is a number). It's all comes down to numbers, specifically 0 and 1.
http://en.wikipedia.org/wiki/Hexspeak
0xDEADBEEF is especially useful for code that's running on 680x0 CPUs since the Processor(s) will execute a software exception trap when an odd address is found in the execution stream. Come on, folks do NOT junk what you do NOT understand!
I think Tyler puts posts like this here so that he can determine if his followers have become gullible rubes. Nice science fiction writing (actually not, but I'm being kind) but this is a huge bunch of bullsh*t.
Agreed, complete and utter bullshit. Whoever ran this story had another purpose in mind.
A box of chocolates for each of you. Thanks for thinking.
reportedly the Chinese have planted malware in our power grid. Of course there is no problem if your computers have no outside access and cannot acquire malware. While a power grid is open a reactor would not need to be online. Secondly these things always seem to target the latest software, for instance, if you ran an older version mailbox the virus wouldn't target your inbox. so there are probably simple ways to get around the danger. It seems like the attacks are so specific that any minor change blocks their access, but I'm not an expert by any means.
Sensitive Computer Infrastructure is either Stand Alone or on Silicon, one has no contact with the outside world and the other is more of a mechanical process... so I have some issues with our infrastructure being tainted specificly when that what we are looking for, if our energy infrastructure is tainted then I would have to say we as a Country let it happen... or more accurately that the powers that be let it happen. How much money would be lost for a single power outage?
like knowing bin laden is out to get you, he bombed the world trade center once, and he will do it again, and then letting it happen?
The answer to the title of this article is no. We have installed a far more dealy system than any virus. In the spring, Goldman and Citi were permitted banking rights in Iran. Coincidentally, about the same time this whole nuke controversy began. So in return for allowing us to install zombie banks, our government agreed not to bomb them to hell. What could the Israeli's do. Nada.
We have installed the ultimate virus. Our banking system. They probably already have the reactor as collateral or packaged in a CDO somewhere.
+1984
Now that I believe! If only the banking system could overcome the other nasty mental virus known as religion.
Did you mean the nasty mental virus known as avarice?
I'm still wondering how they get around Islamic banking laws.
Zero Hedge, love your work, but ... If there's any chance at all that this is true, why publish it? Doing so can only reduce the likelihood of its success, and nonviolent interference with Teheran's nuclear program is something that I think every civilized person should see as a good thing.
He's just reposting and commenting on a story posted on Yahoo news. Not like he's breaking state secrets or anything.
The missing point is that this virus is sitting in front of 40,000 other machines/factories/power plants around the world... pinging them every 5 seconds. This means the creator now has an inventory of known infected machines to retarget if interested. The creator of this virus, is sure to have put in a path way to reload it.
It doesn't take a genius to see that someone now has the ability to shut down factories or whole national level economies, with a simple reloading of the virus to target its now known inventory of infected computers.
If I was China and not the creator, I would be freaking out. Someone can reprogram their whole fleet of brand new factories, into self destructing bombs in reality. A new version of a trade war... If you embargo us, we will tell you factories to self destruct in as explosive of a way as possible. Who needs N class weapons, when you can make your enemy self destruct using their own chemical factories.
The next Pearl Harbor is going to happen, this virus type structure appears to be the approach.
I don't buy it. None of those system are wide open to the Internet unless the people who run them are GROSSLY incompetent. I could believe a handful back in say, 2000, but not now, not after 9/11 and all the "cyber warfare" claptrap that has gone on the past decade.
You are quite right. It does not take a genius -- it takes a RUBE.
Yes, that's why people are nervous. This is a big deal for industrial espionage and for trade war. These numb nuts around here who don't believe this is possible will make it all the more likely.
Industries could protect themselves, probably, but I doubt it will be cheap or easy.
Proper DCS implementation includes reducing the computers that interface with the control system to an extremely limited .exe set. On systems I've designed you must use PS/2 keyboards and mice because the system disables any USB ports because you can't control the idiot operators who insist on putting stuff on their USB keys.
Oh it's a lot worse than that:
Protecting themselves would mean reducing the product feature set.
If the next leading widget in your vertical has a TCP stack and SSH login, then your product will to. And all your griping that this opens up customers to sabotage and exploits won't count for shit because those are customer problems after the sale and not marketing problems before the sale. And oh yeah, and if they are that hip you can then sell them installation and monitoring services to ensure security. Cha-ching, smells like money.
"the next pearl harbor"..."after 911"
That's the beauty of this one. As a few others on this chain have pointed out, either scenario has an ugly genesis. Either its true and we're all vulnerable, or someone wants us to think that so they can get greater control over cyberland
Arrrrr! Ye need a zero-day-hedge ye scurvy dogs!
Therefore it was definitely a high school hacker.
Physical gold and physical silver are not connected to the internet. They do not have flash drives either.
Bill says, Hey remember that anti-trust suit?
We're even.
I work with SCADA systems. Number one rule is never connect them to the Internet. Number 2 rule is never attach USB or other mass storage devices.
Another rule that I would apply is nver use Windows. Use Unix or Linux.
Story = Unlikely
http://www.f-secure.com/weblog/archives/00001993.html
http://www.eweek.com/c/a/Security/Sophisticated-Stuxnet-Worm-Uses-4-Micr...
So your kernels don't have USB stacks at all, right?
Hopefully they've disabled the USB ports on all workstations directly inferfacing the local control network. If you allow your operators to surf the internet on operator workstations you are a fucking idiot.
No one has ever gone broke underestimating stupidity!
Those of you recommending UNIX and Linux perhaps do not recall the early years of UNIX in which the various flavors shipped complete wide open and it was up to the admin to close them down as appropriate. Every single type of exploit that has ever existed happened on UNIX first. Then came Windows, where Microsoft earned its bad reputation for not taking advantage of 20 years of lessons learned.
Infosec is replete with examples where offline systems were put online by clueless IT drones wanting to do a firmware update or who open a port for a remote technician to log in and check something. I cannot imagine that SCADA systems are 100% network-autistic. They really should be.
And if they are, then they must have USB ports and CD slots for software installations and upgrades. "Our product is closed once delivered and does not upgrade" would not sell to most managers who lack an infosec background. Hell, managers and bean-counters will actually demand upgrade contracts and might even specify MS Windows as an OS, because it's "the industry standard OS and all our IT workers are familiar with it". Seriously.
These things ought to operate as black boxes. Bet they don't. As such, they are blown in advance.
Uh... It's not like TD pulled this out of his ass.
Symantec has an entire blog dedicated to this bug http://www.symantec.com/connect/symantec-blogs/security-response/11761/a...
Also, have you worked with any SCADA systems in Iran? I'm assuming not, so how the heck would you know what they're development rules are?
SCADA systems are in cell tower buildings to monitor sensors like heat, power and so on. Yes the telcoms have them connected to the Internet with security protocols.. heh heh.
So your assumption is incorrect!
MS has a large installed base which is why NSA is working with them.
Think what you please but reality is something else.
Windows? C'mon, Tyler.
Most of the victim computers, however, are in Iran, Pakistan, India, and Indonesia.
Hopefully it destroyed a few outsourced call centres.
Are you saying 'Jeff' was really 'Jafar'?
DEADF007 is l33t speak for "dead fool" is my guess.
Nice touch. "Powned! You're dead, fool."
Soon everyone will have the source code for this and then all your SCADA are belong to us. Kill all the machines and go home.
I likes.
Why are several of my favorite ZH posters animals? Like you or Rocky Racoon? What is it about a personality that chooses an animal for an ID and avatar that brings out the brilliance?
Now where's my $10? :>)
ur monies r 1n teh m4i7z, d00d
LOL
Like I said, brilliance. Only a feline mind addled by cat nip could come up with this shit. :>)
We hide behind the furry, cuddly facade. When you least expect it:
Angry raccoon!
what does my avatar say about me, cutey?
.
Mossad has this Iran problem well under control.
RE: John, you are correct. Plus SI is a german co. i.e. they still hate jews.
So...coming from a computer idiot;
Ya'll talk about introducing this thing to a system.
What if it was introduced into the components before the system was built?
That has happened lots of time, but is easy to detect. On should assume that SCADA system components are quality checked for this kind of thing. There could be an insider slipping malware in, but that's hard as well.
If the SCADA were fully offline and could not be breached, you would be right; bad chips. But nothing these days operates fully offline, not even your home appliances, so it really would be fairly easy to breach a "closed" system if you were at all interested.
More to your point however, someone might well have either infiltrated the contractor, or sold them tainted USB equipment. I seriously suspect the latter. It would be trivial for a State security apparatus to intercept an order of IT parts (or just lose the order enroute) and substitute contaminated USB thumb drives. Very easily done. Saturate the contractor with infected units and one or more will by chance hit their target, if only indirectly.
All this is too easy. It's not even interesting work. The interesting work was coding up the payload. Brilliant work, looks like. If this ever escalates I can see some really interesting outcomes across the board.
I wonder if the PLC control software has online activation, or a patching process that made it a good candidate for delivery.
firewalls and secure networks are only as good as the unconnected system.
The implication in the article was that the payload was not delivered over the Internet, but via portable media. So in this case, the best FW in the world would not have helped.
I suspect you are correct; the control software probably could be used to update firmware, and was used to inject the malware straight into the OS. No hardware protections anywhere, wide open upgrade process, major pwnage ensues.
Unbelievable. Brilliant work though.
There are so many ways in that, as you said above, it's not even interesting. It's the method of exploitation that is where the genius lay. I'm not up on it at all, but a dear and close friend is. And we've had a few sit downs where he's "educated" me on what's really going on out there.
World War 3 is currently underway and has been for the better part of two decades.
Oh absolutely yes. And the loser will be left trying to run their state and economy on 16bit DR-DOS running in 640K RAM.
Awaiting our orders, Commodore Vic.
no M A X K E I S E R just said today on the max keiser report, that someone told him, ww3 is over and now we have started WWIIII,
hey genius, glad you have a dear and close friend and it is a he.
Computer systems are fairly easy to secure, even ones connected to networks and the internet. Of far more concern is if the original code has malicious back doors.
These problems occour when very basic precautions are not taken, and I'm not talking about crappy non functioning anti-virus software either.
A country capable of owning nuclear power should be able to employ a few competent IT staff.
Computer systems are fairly easy to secure? Hah.
Yes, I guess unplugging the computer putting it on the shelf and never using it is fairly easy, but if you plan to actually get some use out of it keeping a computer system or and especially a network of computer systems completely secure is a constant battle.