Stuxnet: An actual Cyber attack weapon

[Triple Zero]

Dunno if people are still following this thing, but this blog is filled with good info about StuxNet and it's purposes.

One recent development is that they are now almost completely sure that StuxNet has been built to target the nuclear facility in Tehran. This is because while examining the code*, they found it targeting another specific piece of hardware, which runs at a special frequency and there's only two industrial facilities that match this. One in Finland and one in Tehran, Iran. Everybody seems to agree that it's a pretty safe bet that it's probably not specifically targeting the one Finland

*you may wonder why this takes so long. StuxNet is really big for a virus. It's 1-2MB in size, and given that viruses are mostly pure code, that is a lot (the reason why most software needs a 700MB CD-ROM to install is because they are filled with graphics, documentation, help, translations in 20 languages and drivers and libraries), meaning it's very complex. Another, probably the most important, reason is that it's targeting industrial microcontroller devices. Most viruses are designed for PCs, in fact even Macs run on an Intel processor today. It's the processor that determines the lowest level language you can write code on the machine, and that's what viruses are written in--ok sometimes they are written in C/C++ like most software, but that is translated (compiled) to machine language, and when you get an executable, that's all you got. It's like when you examine DNA you get basepairs, but what you want is the amino acids. ANYWAY pretty much all desktop computers use a machine language called 80x86. But industrial microprocessors use a different one, and I believe that there are not nearly as many people able to speak that language. Also because every company (in this case it's Siemens) sometimes made their own language, and especially has their own quirks and oddities.

Otherwise, big news like this would have had the entire worldwide black, white and greyhat communities pour over StuxNet's code and it'd be completely transparent in a few weeks.



One other link, talking about the strategic significance of StuxNet: Better than bunker busters: The virtual Chinese water torture

[Triple Zero]

MORE: Stuxnet attacker profiling (especially the last/conclusiony parts)

Damnit this stuff reads like a modern-day cyberpunk thriller.

[the last yatto]

Q: Did Stuxnet sink Deepwater Horizon and cause the Mexican oil spill?
A: No, we do not think so. Although it does seem Deepwater Horizon indeed did have some Siemens PLC systems on it.

Wasn't there gossip about a korean turpedo at the same time as this event?

[Cain]

Are we sure Finland's not the target?  I mean, they have vodka.  And a land border with Russia.  And reindeer.  You could do a lot with that, even in this day and age.

[Cramulus]

I continue to be fascinated and terrified

also, thank god this is targeting Iran and not us

[the last yatto]

http://blogs.forbes.com/firewall/2010/09/29/did-the-stuxnet-worm-kill-indias-insat-4b-satellite/

[Cain]

If it did, and the US had a hand in its creation....that's some nasty blowback.

India and the USA = BFF or until China reverts to its historical norm (patchland of warring states).

[Triple Zero]

Iran admits Stuxnet malware sabotaged uranium centrifuges
wired.com -- by Kim Zetter, November 29, 2010 4:18 pm

In what appears to be the first confirmation that the Stuxnet malware hit Iran's Natanz nuclear facility, Iranian President Mahmoud Ahmadinejad said Monday that malicious computer code launched by "enemies" of the state had sabotaged centrifuges used in Iran's nuclear-enrichment program.

The surprise announcement at a press conference coincided with news that two of Iran's top nuclear scientists had been ambushed Monday by assassins who killed one scientist and seriously injured the other.

Iran had previously acknowledged that Stuxnet infected the personal computers of workers at its Bushehr nuclear power plant but had insisted that the malware had not infected work systems involved in the nuclear program, and that the program itself had not been harmed. Officials did not mention then whether any computers at its nuclear facility at Natanz had been infected.

Natanz is engaged in enriching uranium that could be used to manufacture weapons. It was therefore believed by various computer security experts to have been Stuxnet's likely target.

Ahmadinejad did not mention Natanz by name at Monday's press conference but admitted that malware had "succeeded in creating problems for a limited number of our centrifuges."

According to a recent report from the United Nations' International Atomic Energy Agency, Iran had temporarily halted uranium enrichment at its Natanz plant for unknown reasons earlier this month. Thousands of centrifuges reportedly stopped production as a result.

Iran has had various problems over the years with equipment used in its nuclear facilities. The problems have delayed progress in both the country's nuclear power plants and the uranium-enrichment program, which Iran has insisted is for peaceful purposes only.

Ahmadinejad said the malware that caused problems with its centrifuges was in software that the attackers had "installed in electronic parts." He said the infection had been halted.

"Our specialists stopped that and they will not be able to do it again," he said, according to the BBC. Ahmadinejad blamed Israel and "the West" for spreading the malware.

The Stuxnet worm was discovered on computers in Iran in June by a Belarusian security firm and has infected more than 100,000 computer systems worldwide, most of them in Iran. The targeted code was designed to attack Siemens Simatic WinCC SCADA systems. The Siemens system is used in various facilities to manage pipelines, nuclear plants and various utility and manufacturing equipment.

But speculation has focused on Iran's nuclear facilities — at Bushehr, Natanz and other locations — being the most likely target. The sophisticated malware is believed to have been created by a well-financed nation state, with speculation focusing on Israel and/or the United States.

Security firm Symantec recently determined that the malware specifically targets Siemens systems that are used with frequency-converter drives made by two firms, one based in Iran and one in Finland. Even more specifically, Stuxnet targets only frequency drives from these two companies that are also running at high speeds — between 807 Hz and 1210 Hz.

Frequency-converter drives are used to control the speed of a device. Although it's not known what device Stuxnet aimed to control, it was designed to vary the speed of the device wildly but intermittently over a span of weeks, suggesting the aim was subtle sabotage meant to ruin a process over time but not in a way that would attract suspicion.

"Using nuclear enrichment as an example, the centrifuges need to spin at a precise speed for long periods of time in order to extract the pure uranium," Symantec's Liam O Murchu told Threat Level earlier this month. "If those centrifuges stop to spin at that high speed, then it can disrupt the process of isolating the heavier isotopes in those centrifuges ... and the final grade of uranium you would get out would be a lower quality."

Iran's confirmation this week that malware was behind recent problems with its centrifuges suggests that Stuxnet may indeed have been designed specifically to target Iran's nuclear program. But if this is the case, the assassinations on Monday could indicate that whoever targeted Iran felt the malware was insufficient to halt Iran's nuclear program.

According to news reports, the scientists were targeted in separate but nearly simultaneous car bomb attacks near Shahid Beheshti University. Majid Shahriari and Fereydoun Abbasi, along with their wives, were driving to work when assailants on motorcycles zipped by their vehicles and slapped magnetized explosives to the cars, which were detonated within seconds.

Shahriari, who was head of an unnamed Iranian nuclear program, was killed. Abbasi, a high-ranking Ministry of Defense official who reportedly holds a Ph.D. in nuclear physics, was wounded. Both wives were wounded in the attacks.

Two other Iranian nuclear scientists have been killed in recent years. A senior physics professor at Tehran University was killed in January, when a bomb attached to a motorcycle exploded near his car as he was leaving for work. A second nuclear scientist died in 2007 from gas poisoning.

Ahmadinejad blamed Monday's assassination attacks on Israel and the West.

"Undoubtedly, the hand of the Zionist regime and Western governments is involved in the assassination," he said, according to an Associated Press account of the news conference.

Sunday's disclosure of U.S. State Department documents also show that Arab nations share the same concerns that Israel and the United States have about Iran's nuclear programs. The documents, given to various media outlets by the secret-spilling site WikiLeaks, reveal that King Abdullah of Saudi Arabia pleaded with the United States to stop Iran before it could develop an atomic weapon. Other Arab leaders were equally urgent that Iran had to be stopped.

There have been suggestions, however, that the Iranian government itself could have been responsible for the attacks on the two nuclear scientists.

[The Johnny]

Yes, im sure that they killed their own scientists, not only that, but infected themselves with Stuxnet so they can invade Israel and the USA.

Oh wait, no.

Btw, i dont even know who would come up with that ridiculous hypothesis, its kind of resurrecting the 9/11 meme that the USA gov. blew up their own buildings looking for an excuse to war but now planted unto Iran's supposed intents.

[Cain]

False flag operations have happened historically (SS members dressed as Polish soldiers and staged an attack on a German border town, in order to justify the invasion and annexation of Poland, for example), but the standard for evidence to prove them is very high, and seem absent in this case.  Iran does not appear to have the technical expertise to create something like Stunext, and I suspect if it were a false flag op, the targets it would be hitting would be less critical to Iranian national security.

[the last yatto]

Or maybe those two scientists were the ones responsible for the sabotage and Iran wanted to avoid an embarrassing trial

[Nephew Twiddleton]

I continue to be fascinated and terrified

also, thank god this is targeting Iran and not us

For now, but this opens up a whole new level of sabotage to other countries. On the bright side, if it was the US, it shows that we're a little more ahead of the curve than I thought.

This really is an interesting development (with Ahmedinejad's statements and the deaths of the nuclear scientist)

[Telarus]

New article in the NY Times pretty much spell out that the US and Israel are behind StuxNet.

http://www.nytimes.com/2011/01/16/world/middleeast/16stuxnet.html?_r=1

C&P the first page (it's 4 pages long) due to stupid login-wall:

Israeli Test on Worm Called Crucial in Iran Nuclear Delay
By WILLIAM J. BROAD, JOHN MARKOFF and DAVID E. SANGER
Published: January 15, 2011

The Dimona complex in the Negev desert is famous as the heavily guarded heart of Israel's never-acknowledged nuclear arms program, where neat rows of factories make atomic fuel for the arsenal.

Over the past two years, according to intelligence and military experts familiar with its operations, Dimona has taken on a new, equally secret role — as a critical testing ground in a joint American and Israeli effort to undermine Iran's efforts to make a bomb of its own.

Behind Dimona's barbed wire, the experts say, Israel has spun nuclear centrifuges virtually identical to Iran's at Natanz, where Iranian scientists are struggling to enrich uranium. They say Dimona tested the effectiveness of the Stuxnet computer worm, a destructive program that appears to have wiped out roughly a fifth of Iran's nuclear centrifuges and helped delay, though not destroy, Tehran's ability to make its first nuclear arms.

"To check out the worm, you have to know the machines," said an American expert on nuclear intelligence. "The reason the worm has been effective is that the Israelis tried it out."

Though American and Israeli officials refuse to talk publicly about what goes on at Dimona, the operations there, as well as related efforts in the United States, are among the newest and strongest clues suggesting that the virus was designed as an American-Israeli project to sabotage the Iranian program.

In recent days, the retiring chief of Israel's Mossad intelligence agency, Meir Dagan, and Secretary of State Hillary Rodham Clinton separately announced that they believed Iran's efforts had been set back by several years. Mrs. Clinton cited American-led sanctions, which have hurt Iran's ability to buy components and do business around the world.

The gruff Mr. Dagan, whose organization has been accused by Iran of being behind the deaths of several Iranian scientists, told the Israeli Knesset in recent days that Iran had run into technological difficulties that could delay a bomb until 2015. That represented a sharp reversal from Israel's long-held argument that Iran was on the cusp of success.

The biggest single factor in putting time on the nuclear clock appears to be Stuxnet, the most sophisticated cyberweapon ever deployed.

In interviews over the past three months in the United States and Europe, experts who have picked apart the computer worm describe it as far more complex — and ingenious — than anything they had imagined when it began circulating around the world, unexplained, in mid-2009.

Many mysteries remain, chief among them, exactly who constructed a computer worm that appears to have several authors on several continents. But the digital trail is littered with intriguing bits of evidence.

In early 2008 the German company Siemens cooperated with one of the United States' premier national laboratories, in Idaho, to identify the vulnerabilities of computer controllers that the company sells to operate industrial machinery around the world — and that American intelligence agencies have identified as key equipment in Iran's enrichment facilities.

Seimens says that program was part of routine efforts to secure its products against cyberattacks. Nonetheless, it gave the Idaho National Laboratory — which is part of the Energy Department, responsible for America's nuclear arms — the chance to identify well-hidden holes in the Siemens systems that were exploited the next year by Stuxnet.

The worm itself now appears to have included two major components. One was designed to send Iran's nuclear centrifuges spinning wildly out of control. Another seems right out of the movies: The computer program also secretly recorded what normal operations at the nuclear plant looked like, then played those readings back to plant operators, like a pre-recorded security tape in a bank heist, so that it would appear that everything was operating normally while the centrifuges were actually tearing themselves apart.

The attacks were not fully successful: Some parts of Iran's operations ground to a halt, while others survived, according to the reports of international nuclear inspectors. Nor is it clear the attacks are over: Some experts who have examined the code believe it contains the seeds for yet more versions and assaults.

"It's like a playbook," said Ralph Langner, an independent computer security expert in Hamburg, Germany, who was among the first to decode Stuxnet. "Anyone who looks at it carefully can build something like it." Mr. Langner is among the experts who expressed fear that the attack had legitimized a new form of industrial warfare, one to which the United States is also highly vulnerable.

Officially, neither American nor Israeli officials will even utter the name of the malicious computer program, much less describe any role in designing it.

[Triple Zero]

Here is the complete article, print version, pasted to PasteHTML.com :

http://pastehtml.com/view/1cu5zad.html

[Adios]

Can't say I am surprised.