"The Worm Turns" As Chevron 'Infected' By Stuxnet Collateral Damage

Tyler Durden's picture

"I don't think the US government even realized how far it had spread" is how the collateral damage from the Iran-attacking Stuxnet computer virus is described by Chevron. The sleep San-Ramon-based oil giant admitted this week that from 2010 on "we're finding it in our systems and so are other companies... so now we have to deal with it." It would seem that little consideration for just how viral this cyber warfare tactic has become and this news (reported by Russia Today) is the first time a US company has come clean about the accidental infection. Discovered in 2010, the Stuxnet worm was reported with all but certainty to be the creation of the United States, perhaps with the assistance of Israel, to set back Iran’s nuclear enrichment program as a preemptive measure against an eventual war. In a June 2012 article published by The New York Times, government agents with direct knowledge of Stuxnet claimed that first President George W. Bush, then Barack Obama, oversaw the deployment of the worm as part of a well-crafted cyberassault on Iran. On the record, the federal government maintains ignorance on the subject of Stuxnet, but perhaps Chevron sums up the impact of Stuxnet best (given the escalating Iranian enrichment program): "I think the downside of what they did is going to be far worse than what they actually accomplished."

 

Via Russia Today:

America’s cyberwar is already seeing collateral damage, and it’s hitting the country’s own billion-dollar companies. Oil giants Chevron say the Stuxnet computer virus made by the US to target Iran infected their systems as well.

 

California-based Chevron, a Fortune 500 company that’s among the biggest corporations in the world, admits this week that they discovered the Stuxnet worm on their systems back in 2010. Up until now, Chevron managed to make their finding a well-kept secret, and their disclosure published by the Wall Street Journal on Thursday marks the first time a US company has come clean about being infected by the virus intended for Iran’s nuclear enrichment program. Mark Koelmel of the company’s earth sciences department says that they are likely to not be the last, though.

 

“We’re finding it in our systems and so are other companies,” says Koelmel. “So now we have to deal with this.”

 

Koelmel claims that the virus did not have any adverse effects on his company, which generated a quarter of a trillion dollars in revenue during 2011. As soon as Chevron identified the infection, it was taken care of immediately, he says. Other accidental targets might not be so lucky though, and the computer worm’s complex coding means it might be a while before anyone else becomes aware of the damage.

 

“I don’t think the US government even realized how far it had spread,” Koelmel adds.

 

Discovered in 2010, the Stuxnet worm was reported with all but certainty to be the creation of the United States, perhaps with the assistance of Israel, to set back Iran’s nuclear enrichment program as a preemptive measure against an eventual war. Only as recently as this June, however, American officials with direct knowledge of the worm went public with Uncle Sam’s involvement.

 

In a June 2012 article published by The New York Times, government agents with direct knowledge of Stuxnet claimed that first President George W. Bush, then Barack Obama, oversaw the deployment of the worm as part of a well-crafted cyberassault on Iran. Coupled with another malicious program named Flame and perhaps many more, Stuxnet was waged against Iran as part of an initiative given the codename “Olympic Games.” Rather than solely stealing intelligence through use of computer coding, the endeavor was believed to be the first cyberattack that intended to cause actual hard damage.

 

“Previous cyberattacks had effects limited to other computers,” Michael Hayden, the former chief of the CIA, explained to the Times earlier this year. “This is the first attack of a major nature in which a cyberattack was used to effect physical destruction.”

 

On the record, the federal government maintains ignorance on the subject of Stuxnet. With American companies perhaps soon coming out of the woodwork to discuss how they were hit, though, the White House may have to finally admit that they’ve had direct involvement.

 

After the Times published their expose in June, Senator Dianne Feinstein, chairwoman of Intelligence Committee, called for an investigation to track down how the media was first made aware of America’s involvement in Olympic Games.

 

"I am deeply disturbed by the continuing leaks of classified information to the media, most recently regarding alleged cyber efforts targeting Iran's nuclear program,” Feinstein said through a statement at the time. “I made it clear that disclosures of this type endanger American lives and undermine America's national security."

 

When Feinstein spoke to DC’s The Hill newspaper, she said, "the leak about the attack on Iran's nuclear program could 'to some extent' provide justification for copycat attacks against the United States." According to the chairwoman, "This is like an avalanche. It is very detrimental and, candidly, I found it very concerning. There's no question that this kind of thing hurts our country."

 

Just last month, a shadowy Iranian-based hacking group called The Qassam Cyber Fighters took credit for launching a cyberattack on the servers of Capital One Financial Corp. and BB&T Corp., two of the biggest names in the American banking industry. Days earlier, Google informed some of its American users that they may be targeted in a state-sponsored cyberattack from abroad, and computer experts insist that these assaults will only intensify over time.

 

“We absolutely have seen more activity from the Middle East, and in particular Iran has been increasingly active as they build up their cyber capabilities,” CrowdStrike Security President George Kurtz told the Times.

 

Speaking of the accidental impact Stuxnet could soon have in the US, Chevron’s Koelmel tells the Journal, "I think the downside of what they did is going to be far worse than what they actually accomplished.”

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
resurger's picture

Sexual prolification in progress....

NewThor's picture

"Teaming up with Skynet will make us unstoppable. What could possibly go wrong?" - USA GOV

mjorden's picture

Don't worry people, Once Obama's executive order comes into play ... he can just shut down the internetz.  No worries here.

NewThor's picture

Obama should also put a kill switch on the 30,000 drones.

I'd bet those bitches can be hacked.

JuliaS's picture

Takes $1000 worth of gear to spoof a GPS signal? We're safe then as in 5-10 years no one will have that kind of money except for the government workers.

Ident 7777 economy's picture

 

 

 

Give me a 10.23 MHz crystal, a handful of TTL chips (esp. an XOR gate for 'modulation') and an L band source (portions which can also be built derived from the 10.23 MHz rock) .. I don't think that amounts to 1,000 bucks even from Digi-key in small quantities ...

 

I don't even need that much accuracy in the 'rock' as I'll calibrate against a beat note derived from 10 MHz WWV ...

 

Should have a build-able proto on 'Destructables' in a few weeks.

 

 

 

 

CrazyCooter's picture

Um ...

TTL - In your use of the term, it is as generic as give me a "automobile" and I will achieve some "highly specific task" ... between the two is a shit ton of knowledge and engineering. I got a "TTL" book from when I was in college ... like ... 20 years ago ...

X MHz- Unless you can demonstrate why your cited band is so key to your objective, you are as important as "Obama and I play golf". Great. You can say it, but is it true and what are the implications. Right, you are talking shit.

Mhz rock - sounding cool doing XMHz from the previous bullet except you use "rock" in the assertion.

If you are such a fucking McGyver with 1k USD, then why are you trolling ZH instead of building your sub 1k fuck-the-system-whatever that is so clearly overlooked by any of the engineers that built said system.

STFU. Genius.

Regards,

Cooter

P.S. My humor filter is broken, so if I really missed the joke, my apologies.

monkeyboy's picture

I hear there's alot of money to be made on the interwebz.

A Nanny Moose's picture

Burn the village to save it...

putaipan's picture

it takes a nation of one hundred million smoking embers to educate a child....

cifo's picture

How is it going to be much worse if the virus was designed to damage the enrichment centrifuges?

Matt's picture

Somehow, the virus spread to an oil refiner. It demonstrates that malware can go well beyond its intended target. 

Also, retaliation; if other countries develop cyberwarfare programs in response to America, then you have risk of attack on oil refineries, nuclear plants, hydro dams, etc. 

 

NewThor's picture

Wait.

Are you implying there are countries that don't like America?

WHY DO THEY HATE FREEDOM?

CrockettAlmanac.com's picture

Some moron at About.com claims to have debunked the theory that Stuxnet was developed with Israeli assistance and that its intended target was Iran. It's really more poo-pooing than debunking. The supposedly debunked arguments look fairly compelling to me.

 

http://antivirus.about.com/b/2010/10/02/debunking-the-bunk-of-stuxnet.htm

OMG's picture

We have been bombing blowing up countries right & left bringing them the freedom they desire, it's obvious they LOVE US for it! A few countries could have pulled the plug years ago by refusing to buy our debt, they are all in on it....all of them. The red shields are playing both sides of the table and the middle.

A Nanny Moose's picture

I they hated us for our freedom, how could they possibly still hate us?

putaipan's picture

they don't. they hate the chicago school of rigged market ayn/ru/rand paulian neo-liberal bailout my ass rigged socialist/capitalism/fasciast system of economic eschatological chaos , or ,if might i be redundant, scholl of blasphamy. SHOW ME THE ORDER.

 

DOWN WITH RIBA ! VIVA ROCKY ! OCCUPY THE TEABAG ! FUCKY AMY GOLDMAN!/THE BERNAKE ! BIG UP THE SHINY .999% ! ! !

machineh's picture

Viruses: yet another 'benefit' of our unshakable relationship with a certain shitty little country.

If we send the mideastern leeches another $3 billion, would they kindly provide the 'uninstall' key?

putaipan's picture

YOU CANT OR COULDNT OR CUNT THE VIRUSEES!!!!!!!!!!!!!!!!!!!!!!!

Papasmurf's picture

It makes you wonder how these critical resources remain on public networks.

A Nanny Moose's picture

They aren't. If designed correctly, they are firewalled from the rest of the internal network.

Regardless, the weak spot is the personnel in charge of them, who are easily socially engineered.

putaipan's picture

and it makes me wander...............

malikai's picture

Stuxnet is designed to attack SCADA systems, which are generic control systems for many, many commercial/industrial applications.

SCADA systems can be found in aviation, power plants and distribution grids, pipelines, refineries, manufacturing plants, etc.

http://en.wikipedia.org/wiki/SCADA

Kiwi Pete's picture

It would be a real bitch if it somehow spread to your own nuclear power plants. I understand you have a few centrifuges too and rumours of a well developed program to produce WMDs.

JustObserving's picture

You cannot have a war without firendly-fire casualties.  Of course, for every enemy target there are 1000 friendly targets in a cyberwar.  

Maybe, Chevron can sue Obama for damages.

You cannot escape your own viruses or your karma.

 

resurger's picture

true, for a broke fucking oil compnay which faces thousands of legal suits, it could be possible that they will sue Obama administration for some $$$

Mr Lennon Hendrix's picture

When you put it like that it is almost as if they corporations want to be infected so they have an excuse for not meeting earnings and whatnot.

NewThor's picture

Bank of America accounts are experiencing trouble today.

knukles's picture

BofA has trouble every fucking day

putaipan's picture

ain't no reason to delay....

IridiumRebel's picture

Thanks for reminding me why I dropped those cocksuckers last year. Small banks are better if any of them are any good which they are not.

Kassandra's picture

Credit Unions are also good, except for mine, who managed to keep my fucking drivers license yesterday!!

Deo vindice's picture

If your driver's license has that kind of ability, it will be worth a lot - just for the sheer entertainment value if nothing else.

No wonder they kept it.

PLira's picture

I have, so far, zero complaints about my Credit Union. I've been banking with the them for more than 15 years.

DollarMenu's picture

Mine is just o.k.

I think the non-profit mentality results in a service level

that I imagine would be the same as if the USPS did banking.

Long lines at slow ATMs, and forget about actually taking a number for

anything involving a human on their side.

It's odd, standinng in an ATM line as someone feeds a

several hundred dollar deposit in cash into the machiine.

Guy probably works for cash, and that's easier/faster than spending the whole afternoon in a teller line.

Still, it's not JPM or BofA, although I miss their ATM's.

Tirpitz's picture

So, are our Revolutionary Guard hacker friends striking back? Can't be some GWB'ush project pushed by O'bummer is getting out of [zionist] control.

Sow the wind, reap the consequences.

seek's picture

It's not Iran striking back, pure collateral damage. Like real-life viruses, you can't control where these things go once released into the wild.

Not surprised the wicked witch of the west's response to this is to try to find out who leaked it in order to keep secrets. One day we may see a half dozen refineries go up in smoke, and they'll lay the blame on China or Iran when it's far more likely it's a fuckup by our own guys persuing a cyberwar strategy that wasn't thought out very well.

Stuxnet is only the beginning. Don't forget that Duqu and Flame are related, newer, state-sponsored trojans, and Flame went undiscovered for years, and that some antivirus firms and Microsoft have been suspected or even proven to be complicitly supporting government-backed intrusions.

Power-mad control freaks have a habit of blowing themselves up, and unfortunately take a lot of innocent bystanders with them.

Urban Redneck's picture

I am not sure Stuxnet is the beginning, only that that is the first time they've been caught letting the genie out of the bottle.  In the Bubba Bubble of the 90's- an old acquaintance mentioned one of his companies was developing advanced cyber weapons to disrupt critical infrastructure, so they would have been well along the way to opening Pandora's box even before the post-9/11 spending orgy kicked off, much less the US invasion of Iraq in 2003 (which had plenty of critical infrastructure whose disruption could have beneficial to US efforts).

virgilcaine's picture

I believe the Def Sec. Panetta was speaking of this recently. ? Going to use my term for the Year it seems.. 'quite strange'. Get used to weird, strange and things that go bump in the night.

Kaiser Sousa's picture

nobody except amerikka and the zionist entity could possible posses the intelligence and capacity to wage this kind of war.  they're so much superior to everyone else....

 

 

 

 

 

 

 

sarcasm: stupid American Hegemonic Bitchez.......