Security Expert Suggests Stuxnet Originated In Israel

Tyler Durden's picture

More information is starting to emerge about the Stuxnet virus which we discussed extensively previously. Richard Falkenrath, a principal at Chertoff Group, talks to Bloomberg and does a good overview of the impact of Stuxnet, and just how substantial its destructive potential could be. Among his observations is that "it took the resources of a nation state to create this piece of malware." And considering that the ultimate target of Stuxnet infections is Iran, and specifically its Bushehr nuclear reactor, it is not all that surprising that according to Falkenrath the originating country is Israel. The only question is whether Iran also has access to comparable high sophisticated technology (and if so, whether the recent crash in the CFTC's server preventing the disclosure of today's Committment of Trader report has anything to do with it). The amusing bit, is that Iran's nuclear power plant actually does run Windows. Which makes one wonder why go to such great lengths instead of having someone merely remind the host computers that the local version of Win95 is and has always been pirated.

More in the clip below:

 

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
Azannoth's picture

How about any1 using the word 'bitchez' getting an IP ban from now on ?

ArrestBobRubin's picture

Been around here long? Good luck with that.

traderjoe's picture

Are you going to kick TD off his own site (used term just a couple weeks ago)?

Can't the non-Bitchez people just scroll past our need to be adolescent for a moment?

Deirdra Bolton is hot Bitchez!

http://www.maxim.com/girls/44100/tvs-10-hottest-news-anchors.html?p=6

Chump's picture

Wait, Rachel Maddow made that list?  I'll be right back, dinner is coming back up.

sysin3's picture

"any1" is not a word in any language except teenager-text-speak.

"bitchez" is kind of a community joke now.  We like the neighborhood just fine, mostly.

schoolsout's picture

neighborhood comraderie, bitchez

sysin3's picture

junk me again, bitchez !

Your objection has been duly noted, and promptly ignored.

Lol, pull up your big girl panties and have a little fun now and then.

nmewn's picture

The little wall flower bitchez must be a hoot at party's.

"Ohhh Buffy!...another napkin please, this rude man is back and drooling on my Gucci's again."

Bitchez...LOL.

NotApplicable's picture

Dear fellow n00b.

Romans, bitchez!

/thanks for providing me with a legitimate opportunity for my first bitchez post, as I didn't want to appear to be just another band-waggoner

SheepDog-One's picture

I wish every Zerohedge post contained the word bitchez myself.

monkeyfaction's picture

011000100110100101101110011000010111001001111001001000000110001001001001011101000110001101101000011001010111001100100001

Azannoth's picture

Cyberwarfare will alway be secret, no1 will admit they got infected while surfing porn in a Nuclear facility ;)

Internet Tough Guy's picture

Upping the ante on porn surfing everywhere. Click on the wrong picture and all of a sudden your hot water tank explodes.

RobD's picture

Or your smart-meter goes into hyper-drive.(Or maybe in reverse, that would be cool)

MayIMommaDogFace2theBananaPatch's picture

Stuxnet now growing nano-antennae to report back to mothership!  All your 10baseT are belong to us!

Uncle Remus's picture

Uuuhhhh, this is Iran. RG-58, coax & LANtastic.

A Nanny Moose's picture

Ahh..the simple life. Endless nights of finding cable breaks, and looking for the end of the line to probe those faulty terminating resistors.

FunkyMonkeyBoy's picture

Simple, just pull the network connection to the outside. Surely a nuclear power stations network shouldn't be directly connected to a WAN/internet?

Doesn't pass the plausibility test to me.

schoolsout's picture

I thought it was reported to have been uploaded through a flash drive

FunkyMonkeyBoy's picture

Well, if it's via USB sticks then that's even more crazy still. If you can get an object (a USB stick) inside the plant, why not send in explosives inside a cake or something instead.

 

Sounds like a lot of dumbness to me.

RobD's picture

A USB stick is a little easier to hide then a few pounds of C-4 and easier to pass if you know what I mean. :)

kinetik's picture

Allowing operators to actually use flash drives on any LCN (local control network) is a huge no-no.  You lock the operator console (the part that runs on Windoze) down to the point where they cant' actually do anything else but use the HMI to monitor the plant.  The actual control software is not Windows based.

kinetik's picture

Allowing operators to actually use flash drives on any LCN (local control network) is a huge no-no.  You lock the operator console (the part that runs on Windoze) down to the point where they cant' actually do anything else but use the HMI to monitor the plant.  The actual control software is not Windows based.

Taint Boil's picture

I am a PLC [programmable logic controller] programmer for the automotive industry. I can tell you right now that you could cause havoc with processes and control, etc. but you could NEVER destroy a facility with a virus. There are too many safeties in place especially with something like a nuclear plant. When I mean safeties I mean HARDWIRED safeties that are not dependent on the PLC program or software.

Again … I only have automotive experience, but I would assume multiple redundancies. In our industry, our “Safety PLC” has 2 processors from 2 different manufacturers running different code, etc, etc. everything is “double” and if you try to bypass something it “knows” and will fault out.

You could get around all of this if something was physically installed at the plant – some kind of “bypass” that was hardwired in place by an “inside guy”. Not impossible ….. but it would have to be very, very clever. You could program the PLC to activate this hardwired device.

Besides …..allah  [no cap] would stop you.

Off topic ….. but amazing how allah (or any god) never tells you to give all your money to a good cause, only how to kill. How many people have been killed in the name of “god”.

AEGeneral's picture

Thought that was just a theory for now.

 

Another question to ask is if it really was from a flash drive & there is no WAN access to the internet, then how have other businesses been infected? How did it spread?

Biosci's picture

Think bigger.  If this really was a targeted attack by a state, there are a hell of a lot of ways to get to the target. 

Where do you think all those computers and other hardware come from?  And the software?  Hint:  it isn't manufactured in Iran.  And if it's made somewhere else, then there are lots of opportunities for others to put their fingers on it.

Or if you prefer simpler solutions, just pay someone to carry in a flash drive.

Question:  why is everyone so focused on Bushehr?  Wouldn't the enrichment facility be a better target?  Media attention being drawn to someone jangling something shiny in their faces again, I guess.

 

Sancho Ponzi's picture

Maybe Bushehr is a diversion

Azannoth's picture

That would be the ultimate irony, Iran getting their Nuclear Plant software written in Israel ;)  and getting their Hardware from Germany (owned and controled by the Zionists)

Greed's picture

Question:  why is everyone so focused on Bushehr?  Wouldn't the enrichment facility be a better target?  Media attention being drawn to someone jangling something shiny in their faces again, I guess.

Well,well,well: http://wikileaks.org/wiki/Serious_nuclear_accident_may_lay_behind_Irania...

Actually there are some people speculating about your question. 


Biosci's picture

Fascinating.  I wonder if the timelines are consistent.

[edit]

Apparently so:

The Stuxnet malware appears to have begun infecting systems in January 2009. In July of that year…WikiLeaks posted an announcement saying that an anonymous source had disclosed that a “serious” nuclear incident had recently occurred at Natanz… The site decided to publish the tip after news agencies began reporting that the head of Iran’s atomic energy organization had abruptly resigned for unknown reasons after 12 years on the job.

 

http://www.richardsilverstein.com/tikun_olam/2010/09/23/german-cyber-sec...

Thanks for the pointer.

 

rosiescenario's picture

...just as crows are attracted to bright and shiny objects...

Greed's picture

...or magpies collecting conspiracies... 

New_Meat's picture

fmb-

"Surely a nuclear power stations network shouldn't be directly connected to a WAN/internet?"

Not in the U.S., Canada, at least, and getting more strict/stringent by the minute.  FERC/NERC still not having their act together, tho.

and there are layered systems (24 theme a'int happening). 

- Ned

williambanzai7's picture

I think it came for the swine flu virus after one of President I'm a Nut Jobs animalistic orgies.

POST CARD FROM THE UN

http://williambanzai7.blogspot.com/2010/09/post-cards-from-un-2010.html

MayIMommaDogFace2theBananaPatch's picture

Stuxnet now shape-shifting into -- wait for it -- a Chertoff Group naked full-body scanner.

NotApplicable's picture

Chertoff and naked should never be used in the same sentence.

And now to shake that ugly thought, beer-thirty, here I come.

palmereldritch's picture

Added bonus: the image you see here

http://www.csmonitor.com/var/ezflow_site/storage/images/media/images/123...

from a Dutch airport.  It has become the standard accompaniment to the L3 full body scanner in most airports now.

It is instructional on many levels but no more than on how to submit as a slave to all-seeing surveillance.

Now where have I seen that eye symbol before, so cleverly and subconsciously created in this instance by hands clasped over a simple generic stick figure?

Oh yeah...Now I remember....

http://www.whale.to/b/images/all_seeing_eye.jpg

alien-IQ's picture

I am Jacks total lack of surprise.

I also said so yesterday. And then the megaphonies went batshit on me.

so here...have at it again...let the junking commence!

 

PS: OK THESE FUCKIN CAPTCHA MATH QUIZES ARE GETTING STUPID!

SheepDog-One's picture

alien-IQ did you know you dont even have to do the captcha quizes?