You're now on the archive server. Commenting has been disabled.
STUXNET (At Least It's Not Us)
OVER THE WEEKEND, I started to do some catch up reading on "cyber-terrorism" in the context of the continuing Anonymous/hacktivist DDoS attacks on commercial internet sites such as PayPal, MasterCard and Amazon.
In my preliminary search, I came across this report in last week's Time Magazine--Swampland.. Once again I was distracted by the STUXNET software worm which is familiar to ZH readers.
"The experts at the Congressional Research Service have just issued a chilling report entitled The Stuxnet Computer Worm: Harbinger of an Emerging Warfare Capability. Unfortunately, the title is a statement; there's no question mark at the end. The Stuxnet's initial target was apparently Iran's nuclear program, and it's obvious that someone, somewhere is developing insidious computer programs that could change life as we know it:
From the perspective of many national security and technology observers, the emergence of the Stuxnet worm is the type of risk that threatens to cause harm to many activities deemed critical to the basic functioning of modern society...Depending on the severity of the attack, the interconnected nature of the affected critical infrastructure facilities, and government preparation and response plans, entities and individuals relying on these facilities could be without life sustaining or comforting services for a long period of time. The resulting damage to the nation's critical infrastructure could threaten many aspects of life, including the government's ability to safeguard national security interests."
The significance of the STUXNET worm, which has been described as the "first precision guided cyber-munition" is apparent from this further excerpt:
"Since the invention of the first computer-assisted industrial control system (ICS) device over 40 years ago, both the technical and national security communities have voiced concerns about software and hardware vulnerabilities and potential security risks associated with these devices. Such concerns have generally involved the infiltration of a computer system for purposes of degrading its capabilities, manipulating data, or using the device to launch cyber attacks on other systems. The Stuxnet worm, which was first reported in June 2010 by a security firm in Belarus, appears to be the first malicious software (malware) designed specifically to attack a particular type of ICS: one that controls nuclear plants, whether for power or uranium enrichment. The malware attacks and disrupts a Microsoft Windows-based application that is employed by a particular ICS produced by the German company Siemens. The worm can be spread through an air-gapped network by a removable device, such as a thumb drive, and possibly through computers connected to the Internet, and it is often capable of remaining hidden from detection. It is difficult to determine the geographic origin of the malware, as cyber attackers often employ sophisticated methods such as peer-to-peer networking or spoofing IP addresses to obviate attribution. Likewise, malware placed on a removable device may contain no signatures that would identify its author. Some security analysts speculate that Stuxnet could have been developed by a Siemens insider who had direct access and knowledge of the system; others contend that the code’s sophistication suggests that a nation state was behind the worm’s development, either through proxy computer specialists or a government’s own internal government and military capabilities.
To date, numerous countries are known to have been affected by the Stuxnet worm to varying degrees of disruption in their technology systems. These include Iran, Indonesia, India, Pakistan, Germany, China, and the United States. A lack of publicly available information on the damage caused by Stuxnet in these countries makes it difficult to determine the malware’s potency."
It is fascinating to consider how bytes can be substituted for bombs. It is even more fascinating when you read reports of how STUXNET is wreaking havoc on its apparent target, the Iranian nuclear program.
Today Fox News (I know don't say it) reports: "Iran's nuclear program is still in chaos despite its leaders' adamant claim that they have contained the computer worm that attacked their facilities, cybersecurity experts in the United States and Europe say.
The American and European experts say their security websites, which deal with the computer worm known as Stuxnet, continue to be swamped with traffic from Tehran and other places in the Islamic Republic, an indication that the worm continues to infect the computers at Iran's two nuclear sites.
Ralph Langner, the German expert who was among the first to study and raise alarms about Stuxnet, said he was not surprised by the development.
“The Iranians don’t have the depth of knowledge to handle the worm or understand its complexity,” he said, raising the possibility that they may never succeed in eliminating it.
“Here is their problem. They should throw out every personal computer involved with the nuclear program and start over, but they can’t do that.
Moreover, they are completely dependent on outside companies for the construction and maintenance of their nuclear facilities. They should throw out their computers as well. But they can’t,“ he explained. “They will just continually re-infect themselves.” [Emphasis added] “With the best of expertise and equipment it would take another year for the plants to function normally again because it is so hard to get the worm out. It even hides in the back-up systems. But they can’t do it,” he said.
Read the Full Article here: http://www.foxnews.com/scitech/2010/12/09/despite-iranian-claims-stuxnet...
Ouch!
On top of all of this, the Iranian scientist in charge of countering the STUXNET worm was recently blown up.
What we are witnessing is the nascent stage of a new and improved kind of warfare, which is apparently being waged very effectively by someone who does not like the idea of Iranians with atomic bombs. A kind of warfare that uses bytes alongside well placed bombs.
Most troubling, there is nothing that prevents this kind of Byte Warfare from being brought to our home turf. No doubt there are people in far away lands working 24/7 to figure out just how to do it. Moreover, the prospect of this technology falling into the hands of subnational terrorist/criminal organizations is frightening to say the least.
Is not not ironic that in the Iranian case, a program to create the ultimate form of Clausewitzobolical weapon (an Atomic bomb) is being stymied by an example of the new class of so called "asymmetrical cyberweapon."
Link to Full CRS Report: Here
On Cyberterrorism In The Information Age: Here
WB7
»
lol, another rothschild proxy screws a reindeer!
hilarious!
dude, cut back on the output and stop drinkin wikileaks koolaid.
still awaiting a channakah chutzpah holiday special,
prove youve got a pair or is the j word the zh 3rd rail?
we'll soon find out i guess, either way it'll be a good little holiday present...
here, this will get you started, check out how much 3 trillion in free
( & illegal per symington amendment)
ussa taxpayer $ buys, and they just upped our donations!
http://www.youtube.com/watch?v=p7fB06S8Bq8
some of that cash comes right back here to bribe/elect shabbos
goys and self chosenites. total capture, maybe you can make a clever chart
or something.
junk away....
WB7, ha, this is what you meant by still having a few bullets to write (eh, show) before heading out to holdiay (in NZ)?
Awesome.
Why is the middle one longer? Stupid me.
The true satirist can play no favorites ;-)
Jerichonorah.
Notice Israel hasn't been listed as infected. I guess they have the "antidote?"
Wouldn't it be a hoot if somebody stuck a thumb drive up the arse of a couple of co-located HFT machines?
I am waiting for the day ;-)
Bill...
Ms Stuxnet...
What the Hell is wrong with her mouth... ?
:-0
She was the original Miss A Bomb. No one knows where she went. Be glad you never run into her in a dark alley ;-)
Some back ground of what is known about STUXNET. It's been around since this year march. You can buy variants now that attack more than siemens systems. The security holes are called the unpatchable four. As in they can never be patched or it renders a system as useful as a brick.
STUXNET variant have been all over the news believe it or now. ricefarmer.blogspot.com tracks it like some people track bigfoot. My favorite variant is one that attacks satellite systems. It can be purchased for 140k in current gold prices.
The decompiled version which sells for roughly 2 million all the programmer comments are in hebrew. The assumption it was build in Calgary in the virus lab they built three years ago to research defensive measures.
Problem is while it was intended to attack Iranian 20 year old siemens systems by cutting through security measures like a hot knife through butter. The problem is all modern systems have the exact same four holes in them that can never be patched.
What has happened is when a virus is made, it is a pandora's box. Once opened it can never be closed. Ever. Not even with shutting down the internet. The virus just sits asleep waiting for a hole to crawl out of. Even hijacks virus checkers and pretends that it's monitoring your system. It can mask itself as a picture, video, pdf or whatever it needs to and is about as smart as a mouse. That's how it cuts through security. It tests traditional methods to slip around firewalls. Then like most root kits, assumes it's place in an OS and learns from your behavior.
Rinse and repeat. BTW I'm talking about old viruses and worms at this point. STUXNET has all that and more. So if you want to do research on how STUXNET works and has been...changing and how completely ineffective the US attempts at stopping its own frankenstein will be go check out the ricefarmer.
Google is worse than useless in finding out what STUXNET is. Article might be up for a week, then disappear. Ricefarmer keeps backups.
Thanks for the link.
They knew this would eventually happen when they switched everything to electronic control systems.
yeah i've noticed that google and short and very politically correct memory.
I suspect you are right.
Bill, superb as always.
A bit OT, but i though you might like the vision of this statement: KIEV, Ukraine -- Ukraine's government wants to turn Chernobyl, the site of the world's worst nuclear accident, into a
destination for tourists.
Just another example of how desperately fucked up in the genes the world has become.........
zh crowed would love to dwell on the absurdity of this picture, imho.
can't link to the article (it's a news flash) but here's the body:
Cheers, art.
(From THE WALL STREET JOURNAL)
By James Marson
KIEV, Ukraine -- Ukraine's government wants to turn Chernobyl, the site of the world's worst nuclear accident, into a
destination for tourists.
Ukraine's Emergency Situations Ministry said Monday it is working on a plan to open the area around the defunct plant
-- where a 1986 reactor explosion spread radiation across Soviet Ukraine, Belarus and Russia -- to visitors starting
next month.
The ministry said radiation levels in parts of the so-called exclusion zone, which stretches almost 20 miles around
the reactor, are returning to normal levels. Visitors will be able to take in views of the nuclear plant, as well as
towns and villages that were abandoned in the disaster's aftermath.
Tour operators would have to meet strict criteria to be allowed to operate, said Yulia Yurshova, spokeswoman for the
Emergency Situations Ministry, as straying from the route can expose visitors to unstable buildings or varying radiation
levels. "The Chernobyl zone isn't as scary as the whole world thinks," said Ms. Yurshova. "We want to work with big
tour operators and attract Western tourists."
Some 2,500 workers still maintain the plant, which is now closed. Tours to Chernobyl and the sealed area around the
plant -- many of which are run illegally, Ms. Yurshova says -- already attract some 6,000 visitors a year and cost
around $150. Official tours are now offered by a state firm that can accommodate only a few visitors at a time.
Ms. Yurshova said sanctioned tours would begin in January. She said more details on how tour operators would be chosen
would be announced next week.
Chernobyl is reachable on a day trip from Kiev, which is adding new hotels ahead of the European soccer championship
in 2012, which Ukraine is co-hosting with neighbor Poland.
Click here to go to Dow Jones NewsPlus, a web front page of today's most important business and market news, analysis
and commentary: http://www.djnewsplus.com/energy/al?rnd=wq9Gt7V4VL0%2BVxnnum8Zjw%3D%3D. You can use this link on the day
this article is published and the following day.
Does it top the banksta suicide bombers?? ;-)
I bet they'll put a brothel next to the reactor. ;-)
I once met a Ukranian scientist who was dying of Chernobyl cancer. Very sad.
Lead shielded condoms? A Trefoil tatooed on her belly....and below it: "abandon hope all ye who enter here?" Nice, WB. Back when I was young and stupider than I am now, I used to work the nuclear plant "outage" circuit....I was a "radiation worker." There is still a website - www.NukeWorker.com. We would travel around and work outages during the winter...all over the country. You always saw the same people at every site, from New York to California. We all saw each other naked (men and women) in the dressing rooms, since it was stupid to wear your own clothes under a nuke suit and risk getting them "crapped out" and dumped in the contaminated waste bin. When the reactor cores would get below 130 degress, we could go in...dressed out in a rubber suit, and stay maybe 15 minutes until we loaded up on Rads that day. The worst thingnwas fuel rod replacement....those damn things came out of the core hotter than hell. I remember the worst plant I worked at was Cooper Nuclear Station in Brownsville, Nebraska....they had dropped a fuel rod bundle on the reloading deck a few years back, and the whole damn thing was contaminated as hell. I got a "flea"...a radioactive particle in my hair, and they could not find it, so they shaved my head and washed it. That was in 1987....and I think I got paid $12.00 per hour, and all the overtime I could take before I reached my RAD limit and they fired me. God I love American business......
I hope your health is ok!
Honey, I got shaved bald in the office today ;-)
I lost my rad-sheet ability to work in nuclear plants for the rest of my life in 1990. But, later, I needed a job....and the only one I could find then was working on nuclear submarines...so, fortunately, the government provided me with a solution....I could sign a waiver to bring my exposure back to zero...which I did. Is this a wonderful country or not! But, I knew what I was doing. But, if you combine that with all the asbestos, welding smoke, cigarettes ( I smoked 3-packs a day for 30 years) and other shit...then the radiation is probably minor. Oddly enough...I seem to be in pretty good shape! Yeah...per the shaved head bit, my wife thought that was very odd indeed. But, for years afterward, I kept my head shaved just out of convenience.
. some links to related topics
Frank Zappa - It Can´t Happen Here 1966
http://www.youtube.com/watch?v=vKITpVovTAE
.
The Gary Null Show - 12/09/10
http://www.progressiveradionetwork.com/the-gary-null-show-wnye/
.
this guy is great
http://www.youtube.com/watch?v=JfPzQAzYWBw
"I Love Her, She Loves Me" NRBQ
http://www.youtube.com/watch?v=CWt2elhrJZM&feature=related
.
The Firesign Theater Top Secret Government UFO Warning
http://www.youtube.com/watch?v=_V6z0OxuAzY
.
Lieberman Introduces Anti-WikiLeaks Legislationhttp://www.wired.com/threatlevel/2010/12/shield/
.
http://jessescrossroadscafe.blogspot.com/
The problem with Stuxnet is that almost all of the news surrounding its targets/intentions, is largely speculation. It does appear that Iran and Indonesia has the most known infections.....but, this could feasibly be by chance instead of by target. To create a virus that targets a specific country is - to my knowledge - impossible without the code obviously revealing targeting-specific data, so even if say, the virus was written by the US Gov or Israel, they would likely just seed it for generalized spread and code it to interact with a known, specific software environment or a flag of specific operation at a particular location. After all, the latest number of known computer infections in the US stand at about 1600 computers. Stuxnet is benign on a PC, only when it detects the specific Siemens system being used in a particular way does it become an issue. I also am not buying what people like Norton or Symantec are selling, that it is a virus that could only have been created by a government or sophisticated criminal operation. These people would infect their own mothers with the Conficker worm if they thought she would shell out $59.99 or whatever to save her own life. The problem here is....nobody knows. So, allow me to speculate a bit...maybe the thing was created by an entity to either stop or slow down implementation of Smart Grid Technology. Or, a competitor of Siemens who does not want them to corner the market on PLC's as this technology is implemented. Anything here is possible. Love your take, Willie....is that Matt Helm ignoring that one-shoed lass?
You raise some interesting points. The idea that the software targets a specified use as opposed to target.
I think it is Matt Helm.
Norton and Symantec are Silicon Valley's answer to ATM fees.
I use neither...I consider them viruses in their own right.
They are parasytes.
It all most has to be, WB, if it is indeed planned to be target specific in a way that would not bleed over into the entire world. Those system 7's are used all over the world in many different environments. Now, the virus itself bleeding over is of no consequence if the thing is use targeted. There would have to be a very singular circumstance, or a peculiar combination of circumstances the virus could recognize to activate its payload. I know a lot about nuclear plants, but have really not done much research on the Iranian plant....not even sure how much is in the public domain. Remember also, there are a lot of folks very unhappy about the Germans providing technology to Iran for this deal.....
As usual, software solutions are simple and elegant ;-)
One of the big Japanese companies that manufacture PLC's...Omron, or maybe even Schneider, the french company...or many others, have the capability to sabotage a competitor. And, per the press thing of having to have access to the bloody things...anyone can buy them, and years ago, working on an Intel site, I used to bring Allen Bradley modules home with me after work so I could upload ladder logic programs from my home PC. A few people have, in the past voiced warnings about the dangers of integrating PLC's with computers and critical systems - especially computers with internet ties, but for the most part, PLC's were considered pretty dumb...but nobody really considered the root-kit in the PLC EPROM being infected. This means it can manipulate the output instructions. This also makes getting rid of it absolute hell.
It looks like it is impossible to get rid of.
Remember the control room scene in China Syndrome...
Yeah...I do. The problem with beast is, it infects every vector you have that is Win based....or Win integrated...say you are an Iranian Nuc plant, you have the normal run of PC's, laptops, PLC's, and all the thumb drives, CD's, network and possibly internet connections, and this thing gets in there and infects the root kit of you PLC's, all your computers, and your plant systems, Factory Link, Wonderware or Sinatic Manager.....how do you get rid of it? Junk your hardware? Very possibly.
True......like your work.....satirical software.
I think the "target was a country" thread opened up when someone pointed out that the malware was probably delivered via physical media, either a CD or a USB thumbdrive, and probably the latter. While it's possible that a contractor somewhere in China was making thumbdrives for use world over that had the malware embedded, it is actually far more likely that a shipment of thumbdrives on order was simply intercepted and opened, infected from a laptop or replaced with similar units preconfigured with the payload, and continued to their known destination. Mission accomplished via surgical insertion. Less risk of discovery. Less risk of collateral damage. Maximum risk of pain to the target.
It's actually old skool espionage applied to the digital age. No surprise on that front.
Double post.
Well, after its original discovery, Stuxnet evolved to using removable drives for transmission....but originally - and to this day - it is still capable of being transmitted over the internet using the conficker worm as a transmission train. I think this evolution is more of a belt-and-suspenders manner of insuring its wide implementation than anything else. It may well be targeted to something specific - initially, but I think its creators want a wide distribution of the core virus. I do not know why....but considering the upgrades that keep popping up, it might be that it allows a latent ability to control a lot of things down the road. A lot of American nuclear plants use Allen Bradley PLCs....maybe they are next. One troubling aspect is the DWORD instruction in data block 890, which appears to be a process variable. If this is true (any nobody knows) then it could be the process-specific link for attacking the Iranian reactors, but could also be easily upgraded to attack another string of variables on any system
I am sure you are right about the cross applications. It is like the neutron bomb. Why bother with destruction when you can accomplish the same goal otherwise.
What parts of the code I have seen...and that is a very few, suggest it is a very flexible application that could have many future uses. I have been scanning my friends computers remotely (with their permission) looking for that DB 8062 code fragment to try and get access to the entire Wincc code...no luck yet.
I thought I read somewhere that the original infection came in on a LapTop that was left unattended.
Maybe...but the creator must assume it would spread back...just like someone releasing a biological virus.....you either have a defense against it, or it is coded to only do its dirty work in a very specific set of country/company circumstances.
There are more vectors everyday.
It's almost impossible to stay risk free if you can't have Total Facist Control over a system.
Users hate that, so it never happens fully.
You know, if you are targeted by pros, you are screwed. Maybe not today, maybe not tomorrow... But sooner or later you will slip up and plug that phone into your PC or load that SD Card or Jump Drive... Then they got ya.
But in the case of Stuxnet, only as a vector of spead if you just have a win-PC not connected to a system-7 PLC. But...this brings up interesting issues of homes/commercial buildings/government installations that have environmental and other system connected to PC's. Not that the Stuxnet virus can impact them, but a variant might well do so.
Dude, are you saying the Iranians have stuxnet in their Siemens?
Gross
LOL ;-)
Thats what they get for slapping the monkey with fishnet stockings;>O Forgive me
speech less
like the last pictures of humor, though†
bitches. got that right heel stiletto dropped.
Did you you change your avatar again?
can't you tell,
D R A W , bitch, d r a w
Kinda trivializes what to get aunt Martha for Christmas, say what! Milestones
Get her some STUXNET mittens ;-)
Blame the fucking sub-contractor's and withhold payment till they get their shit together WTF? This ain't rocket science Akmood
The lost the warranty card ;-)
And guess where they make all those usb sticks, and press the CD's??? Same country that standardized on FreeBSD...
stux us...