Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Stuxnet Worm May Have Targeted Iranian Reactor

CmdrTaco posted more than 3 years ago | from the stux-on-this dept.

Security 322

yuna49 writes "Analysis of the Stuxnet worm suggests its target might have been Iran's nuclear program. "Last week Ralph Langner, a well-respected expert on industrial systems security, published an analysis of the Stuxnet worm, which targets Siemens software systems, and suggested that it may have been used to sabotage Iran's Bushehr nuclear reactor. A Siemens expert, Langner simulated a Siemens industrial network and then analyzed the worm's attack. Experts had first thought that Stuxnet was written to steal industrial secrets, but Langner found something quite different. The worm actually looks for very specific Siemens settings — a kind of fingerprint that tells it that it has been installed on a very specific Programmable Logic Controller (PLC) device — and then it injects its own code into that system."

cancel ×

322 comments

So....the CIA wrote it? (2, Interesting)

wandazulu (265281) | more than 3 years ago | (#33652410)

Sounds eerily similar to the Siberian Pipeline explosion [wikipedia.org] but, had it actually worked, the consequences could have been much much worse.

Re:So....the CIA wrote it? (5, Insightful)

Wyatt Earp (1029) | more than 3 years ago | (#33652466)

Nope, Israel.

The Saudis, UAE or Qatar have strong interests in Iran not going nuclear, but military computer science stuff is going to be Israel, Russia, China or the US, my money is on Israel in this one.

Re:So....the CIA wrote it? (4, Insightful)

erroneus (253617) | more than 3 years ago | (#33652834)

Definitely. Using more conventional power generation technologies, they are a target for aerial bombing. If a nuclear power plant were to be bombed, any sort of disaster might occur making the bomber look extremely evil. (The only way they could hope to get away with it is to make the bombing look as if it came from Iran itself.) In any case, enemies would be less inclined to attack a nuclear power plant as opposed to conventional ones.

As to who is responsible for the targeted malware? I can't imagine.

Re:So....the CIA wrote it? (0)

Anonymous Coward | more than 3 years ago | (#33653224)

If you're bombing a power plant (nuclear or otherwise) you're doing it wrong. just bomb the transformer stations that rout the power to somewhere useful.

Re:So....the CIA wrote it? (2, Informative)

Wyatt Earp (1029) | more than 3 years ago | (#33653264)

In the case of a nuclear weapons program, you want to destroy the facilities to make the weapons, not just knock out power lines.

Re:So....the CIA wrote it? (1)

operagost (62405) | more than 3 years ago | (#33653268)

Israel launched a direct strike on the Iraqi Tammuz 1 reactor in 1981. That being said, it was still under construction.

Re:So....the CIA wrote it? (1)

cayenne8 (626475) | more than 3 years ago | (#33653190)

Hey, no matter who did it...all I can say is "cool"!!

Nice to see a virus at least aimed at some bad guys for a change.

Re:So....the CIA wrote it? (5, Funny)

Anonymous Coward | more than 3 years ago | (#33652480)

CIA?

Researchers studying the worm all agree that Stuxnet was built by a very sophisticated and capable attacker

doubtful.

Re:So....the CIA wrote it? (0)

Anonymous Coward | more than 3 years ago | (#33652482)

by Anonymous Coward on Tuesday September 21, @01:12PM
They're thinking HAMAS....but yeah, that's pretty crazy. What eludes me is how we all scoff at most countries cybersecurity practices but put the blame on them for some the most advanced cyber espionage practices. There's a quite from Sun Tzu waiting to be posted about that, I suppose.

Does thinking about this stuff too much hurt anyone else head? Bring on the theories!

Re:So....the CIA wrote it? (1)

WrongSizeGlass (838941) | more than 3 years ago | (#33652764)

Bring on the theories!

Homer: Hey Lenny, whatcha got there?
Lenny: Um, nothin' Homer.
Carl: Um, it's a Stonecutter's flash drive.
Homer: Really? How do I get one?
Lenny: Gee Homer, I don't know ...
[Carl hands the flash drive to Homer]
Carl: It's like one of those metaphorical butterflies. You just set it free and see if it comes back to you.
Homer: Really? Thanks Carl!
Carl: You should send it to our friends in Iran. If they send it back you know you were meant to have it.
Homer: That's a great idea!

Re:So....the CIA wrote it? (1, Informative)

Anonymous Coward | more than 3 years ago | (#33652736)

The CIA did not actually produce the special (i.e. modified to run the super high pressure test after a set period of normal operation) pipeline management hardware and software themselves. Instead, they convinced a private company to produce them and ensured that the modified parts made their way into Russian hands. Supposedly, the resulting explosion and subsequent fire, near Vladivostok in eastern Russia where the pipeline was located, were so large that they were detected by satellites designed to monitor nuclear tests. I wonder if it is possible for this worm, once inside the controller, to adjust the operating parameters in such a way to ensure a catastrophic failure (i.e. meltdown) occurs? What does this say about reactor safety system design?

Re:So....the CIA wrote it? (1, Insightful)

TheCarp (96830) | more than 3 years ago | (#33652882)

Or better, if so, what does it say about the moral character of the person who wrote it?

I mean seriously, say what you want about international politics, there are human beings there, on the ground. Any action that intentionally endangers those people is irresponsible. Whoever wrote it, CIA or not, should spend the rest of his life behind bars... along with whoever authorized its production and distribution.

This is just not an acceptable action... no matter who the target is or why.

-Steve

Re:So....the CIA wrote it? (3, Insightful)

amicusNYCL (1538833) | more than 3 years ago | (#33653044)

That's a very idealistic view. There are several people who would argue that destroying Iran's nuclear capabilities is actually protecting lives, not destroying them. Of course, that all depends on Iranian government intentions. But considering the many discussions held in Iran about destroying Israel, a world without Israel, etc, it's not exactly a stretch to imagine that Iran would use its nuclear capability to attack Israel. It's also not difficult to imagine that Israel would attack Iran's nuclear program, as they have in the past with Iraq and Syria. Iran's program would be the first operational Arabic nuclear program that hasn't been destroyed by Israel before becoming operational.

Israel does not live in an idealistic world, from their point of view they can't afford to not attack an enemy nuclear installation just because there's a guy there sweeping the floor who may get killed.

Re:So....the CIA wrote it? (2, Insightful)

Anonymous Coward | more than 3 years ago | (#33653422)

Iran is not an arabic country. They are actually quite different than the surrounding countries and this is way Ahmadinejad is sticking his neck out as much as he does.

Re:So....the CIA wrote it? (4, Interesting)

mrops (927562) | more than 3 years ago | (#33653446)

Apparently you have never called an Iranian "Arab". Iranians take it personally.

Iranian's don't like being called Arabs; A) They are Persians, B) They feel proud being associated with the Persian empire and the culture they inherited.

In fact, during my miss-fortunate discussion calling an Iranian an Arab, I felt the individual almost felt insulted.

Re:So....the CIA wrote it? (0)

Anonymous Coward | more than 3 years ago | (#33653466)

>> Iran's program would be the first operational Arabic nuclear program that hasn't been destroyed by Israel before becoming operational.

You're missing an important distinction- Iran is not part of the Arab world, despite the geophysical proximity. The Arab world would most likely prefer that Iran not posses nuclear weapons, either, however they can't be perceived as taking Israel's side in this situation.

Re:So....the CIA wrote it? (0)

Anonymous Coward | more than 3 years ago | (#33653524)

Do you have any sources for the "many discussions held in Iran about destroying Israel, a world without Israel"?
And (this is a rhetorical question) do you know of any discussions held in Israel about destroying Iran?

Re:So....the CIA wrote it? (0)

Anonymous Coward | more than 3 years ago | (#33653550)

So some innocent people should die for the sake of crimes that might be commited in the future?

Re:So....the CIA wrote it? (1)

Score Whore (32328) | more than 3 years ago | (#33653056)

First, the headline here could easily be "We have no evidence the Stuxnet worm may have targeted Iranian reactor." The case for such targeting is entirely circumstantial and not very tight. All they have is event A happened on date 1, event B happened on date 2. They must be related.

Second, human beings on the ground can humbly and quietly get about doing their work without ever engaging in direct violent confrontation, but they can still are building nuclear weapons. There are some things that are dangerous and unacceptable regardless of how quiet the people engaged in the activity are.

Re:So....the CIA wrote it? (1, Insightful)

jd (1658) | more than 3 years ago | (#33653428)

I would have to agree. Sadly, certain three-letter organizations have also been known to fire hellcat missiles into busy streets to get one or two specific individuals and to hell with anyone else. Carnage as a method of controlling public opinion is given a very specific name. State-sponsorship of such carnage is a serious offense in the eyes of the World Court (now the ICJ).

Yes, I accept the argument that certain nations have... issues... that make certain technologies inadvisable. It does NOT help that two such nations were given nuclear technology by the US, and this has indeed been used as justification for equally hazardous nations possessing the know-how. That was a seriously bad mistake, as deliberate violations of the Nuclear Proliferation Treaty by key members of the Security Council makes it much much harder for the UN to enforce said treaty. But that is just the point. This is a UN issue, the US by being a member of the UN is subordinate to the UN on all international matters - whether it likes it or not. I would point out that the reason that the League Of Nations collapsed was because of nations deciding their political agendas were more important than the good of all.

Perhaps the UN lacks teeth. Perhaps the members of the Security Council would like to explain why said teeth were pulled, knowingly and willingly, by each and every one of them. Perhaps they would also like to explain what "Security" they propose to offer when there's nothing to offer it with. No, of course they won't. And the bombs will continue to be planted/launched, people will suffer indiscriminately (in violation of many other laws - not to mention every manual ever written on how to wage war), nothing will change. Further, the purported objectives will never be met.

(I say "purported" precisely because manuals like "The Art of War" specifically prohibit senseless killing or destruction. Can something be a true objective if you pursue a path that you know MUST fail, that every text tells you WILL fail, that every attempt in history to succeed by that path HAS failed? If you really want to achieve a result, would you not follow a path that would really achieve it? Of course, you have to consider the possibility that those giving the orders really do believe in what they claim they want, but are too deluded, too far under the Napoleonic Complex, to comprehend that they are wrong. That is actually a bit more likely than the 1984 scenario of a permanent war, engineered to subvert the minds of others, but no less terrifying. Consider this - if the people in high office are all criminally insane, and the population is knowingly electing them, what does that tell you about the population?)

Re:So....the CIA wrote it? (5, Informative)

Tailhook (98486) | more than 3 years ago | (#33653480)

What does this say about reactor safety system design?

Nothing, because the entire scenario (adjust parameters...meltdown) is a fiction that exists exclusively inside your head.

The reactor is a Russian PWR that follows contemporary design principles and has parity with western reactors. The ECCS is not subject to the exclusive control of vulnerable PLCs. Safety systems aren't networked together in Ethernet broadcast domains waiting for stuxnet infections. Worst case; control rods can be inserted manually and feedwater/HPCI/LPCI pumps activated manually regardless of the state of any given PLC. The manual controls on these safety systems are deliberately simple for a reason.

Maybe a really clever attack designed to confuse operators into making the wrong decisions (see TMI-2 1979) could produce core damage. This still isn't some containment free RMBK graphite bomb reactor like Chernobyl. Contained PWR designs are more forgiving; they don't contaminate things even when they do melt down.

Re:So....the CIA wrote it? (1)

elhamrose (1905984) | more than 3 years ago | (#33653136)

I agree!!!

Re:So....the CIA wrote it? (1)

camperslo (704715) | more than 3 years ago | (#33653410)

The timing of the natural gas line related explosion in northern California had me wondering if excessive pressure could have triggered it. Very disturbing stuff...

Some people don't care how many others they screw (5, Insightful)

Anonymous Coward | more than 3 years ago | (#33652428)

There's one non-secular country in the world that is famous for it's disregard for anyone but itself and its fundamentalist religious belief in their own specialness in the eyes of their own god, which they believe justifies their evil actions.

The truth is some evil people will do anything for wealth and power.

Re:Some people don't care how many others they scr (1)

Wyatt Earp (1029) | more than 3 years ago | (#33652526)

The government of Burma doesn't have that much experience in computer science though.

Re:Some people don't care how many others they scr (1)

ColdWetDog (752185) | more than 3 years ago | (#33652732)

I was thinking Canada myself.

Or perhaps New Zealand.

Re:Some people don't care how many others they scr (1)

h4rr4r (612664) | more than 3 years ago | (#33652778)

Burma has not existed in decades. I think you might be thinking about Myanmar.

Re:Some people don't care how many others they scr (1)

Wyatt Earp (1029) | more than 3 years ago | (#33652896)

The United States, United Kingdom, Australia, Canada, France, Voice of America, The Washington Post, the BBC, ITN, The Times of India, Time and most British newspapers use Burma for the name.

Good enough for all of them, good enough for me.

https://www.cia.gov/library/publications/the-world-factbook/geos/bm.html [cia.gov]
http://www.state.gov/r/pa/ei/bgn/35910.htm [state.gov]
http://news.bbc.co.uk/2/hi/europe/country_profiles/1300003.stm [bbc.co.uk]
http://www.diplomatie.gouv.fr/fr/pays-zones-geo_833/birmanie_551/index.html [diplomatie.gouv.fr]

Re:Some people don't care how many others they scr (0)

Anonymous Coward | more than 3 years ago | (#33653376)

It will always be Burma to me.

Re:Some people don't care how many others they scr (1)

ByOhTek (1181381) | more than 3 years ago | (#33652532)

Just one?

What the hell planet do you live on, and how do I get there?

Re:Some people don't care how many others they scr (1, Funny)

Anonymous Coward | more than 3 years ago | (#33652738)

Truly it sounds like paradise. Unobtainium must exist there.

Re:Some people don't care how many others they scr (0)

Anonymous Coward | more than 3 years ago | (#33652672)

Canada?

Re:Some people don't care how many others they scr (1, Insightful)

Anonymous Coward | more than 3 years ago | (#33652868)

Texas? That's just a state though, not a country.

Re:Some people don't care how many others they scr (1)

AffidavitDonda (1736752) | more than 3 years ago | (#33652966)

No, Switzerland would lose too much Iranian customers doing something like that...

Re:Some people don't care how many others they scr (2, Insightful)

amicusNYCL (1538833) | more than 3 years ago | (#33653104)

There's one non-secular country in the world that is famous for it's disregard for anyone but itself and its fundamentalist religious belief in their own specialness in the eyes of their own god, which they believe justifies their evil actions.

Fundamentalist Muslims are not limited to one country.

Intolerance isn't exactly limited to borders drawn on a map...

Re:Some people don't care how many others they scr (1)

bmo (77928) | more than 3 years ago | (#33653250)

Intolerance isn't exactly limited to borders drawn on a map..

No kidding. Intolerance happens to go on the Sunday Morning political shows and compare muslims with Nazis.

--
BMO

Re:Some people don't care how many others they scr (0)

Anonymous Coward | more than 3 years ago | (#33653132)

LATVERIA!

It's Latveria, right?

Smooth (2, Funny)

Platinum Dragon (34829) | more than 3 years ago | (#33652432)

Brilliant - let's get one up on the Iranians by messing with their nuclear reactor controls! What could possibly go wrong?

If true, this is reckless endangerment, and the people involved - government-backed or lone wolves - should be prosecuted. Just because the Iranian government is full of militaristic and theocratic jerks does not give anyone the right to endanger the lives of any old (or young) person living or working in and around that facility. Indeed, it's the kind of stunt that can only push their ruling class farther into paranoia and fear, the kind tha leads to... nuclear weapons development.

Re:Smooth (3, Informative)

Tragek (772040) | more than 3 years ago | (#33652616)

Hence why no one knows where it came from.

Re:Smooth (1)

Platinum Dragon (34829) | more than 3 years ago | (#33652692)

Hence why someone should investigate.

Re:Smooth (1)

X0563511 (793323) | more than 3 years ago | (#33653002)

... and you honestly think that isn't already happening?

I'm going to jump in with the "smarter people than us are already working on it" crowd that usually heckles armchair-$JOBs in scientific articles.

Re:Smooth (0)

Anonymous Coward | more than 3 years ago | (#33653066)

Hence why someone should investigate.

Um, wasn't this an article about someone investigating?

Re:Smooth (1)

Even on Slashdot FOE (1870208) | more than 3 years ago | (#33653226)

Hence why no one will investigate effectively. It's the less tension-building thing to do.

Re:Smooth (1)

cjb658 (1235986) | more than 3 years ago | (#33653170)

So, I'm wondering, why is the computer that controls a nuclear reactor hooked up to the internet?

That's just asking for trouble.

Re:Smooth (1)

Nadaka (224565) | more than 3 years ago | (#33653486)

the stuxnet worm is a usb infecting worm...

Re:Smooth (4, Insightful)

interkin3tic (1469267) | more than 3 years ago | (#33653346)

Brilliant - let's get one up on the Iranians by messing with their nuclear reactor controls! What could possibly go wrong?

Maybe less than would go wrong if Iran got the bomb?

I don't know how likely that is, but I'm guessing whoever did this probably has a different calculus than I do for weighing the two, like (Iranian civilian deaths)= 0.1(own civilian deaths). So from their perspective, probably not much could go wrong.

World War III (2, Funny)

Sonny Yatsen (603655) | more than 3 years ago | (#33652434)

And Iran is probably going to blame Israel and then the shit hits the fan and it's WWIII. And we're all dead. Seriously, this is the kind of stuff that gives me ulcers.

Re:World War III (0)

Anonymous Coward | more than 3 years ago | (#33652540)

According to my book, Iran doesn't blame Israel until a malfunctioning Pakistani missile hits an Iranian power plant. Ok, maybe I'm not the best author...

Re:World War III (5, Informative)

ultramk (470198) | more than 3 years ago | (#33652650)

Iran already blames Israel, for pretty much everything including why the crops fail. I mean, christ, they made the 100th anniversary of the original publishing of "the protocols of the elders of zion" (you know, the anti-semitic forged pamphlet) into a national holiday. It's not like things could get any worse.

The only reason that Iran doesn't attack Israel is because they know that Israel has nukes, and the will to use them with very little provocation. Even for those countries who would likely come down on Iran's side in any conflict, how many of them have any military to speak of? How many have nukes? Even one?

Really, it's in Israel's best interest that Iran starts hostilities and the sooner the better, before Iran gets nukes. In many ways it would actually stabilize the region to have Iran beat down somewhat--you know, at least from Israel's perspective.

Also, you should know by now that ulcers come from infection, not stress. Seriously, there was a Nobel Prize and everything.

Re:World War III (2, Informative)

Anonymous Coward | more than 3 years ago | (#33652872)

Infection is not the only cause of peptic ulcers. Nonsteroidal anti-inflamitory drugs, for instance, are just one example. Further, stress may not directly cause ulcers, but has been found to exacerbate existing conditions that lead to peptic ulcers.

Re:World War III (4, Interesting)

Anonymous Coward | more than 3 years ago | (#33652928)

Iran wants to provoke a conflict with Israel. It doesn't want to start one. There is apparently an Islamic sect that believes in their version of Rapture and they believe it will be triggered by Israel's attack on Iran. Iran cannot be the aggressor here - that's the belief at least. Iran will then be saved by the 12th Imam. And that's the Islamic version of Rapture.

"Our revolution's main mission is to pave the way for the reappearance of the 12th Imam, the Mahdi," Ahmadinejad said in the speech to Friday Prayers leaders from across the country.
      http://analysis.threatswatch.org/2005/11/understanding-ahmadinejad/

There are a number of crazzy sites that "predict" stuff about him,
      http://www.satansrapture.com/hitler2.htm

"Bush said: 'God said to me, attack Afghanistan and attack Iraq.' The mentality of Mr. Bush and Mr. Ahmadinejad is the same here - both think God tells them what to do," says Mr. Mohebian, noting that end-of-time beliefs have similar roots in Christian and Muslim theology."
    http://www.csmonitor.com/2005/1221/p01s04-wome.html

Really, it's in Israel's best interest that Iran starts hostilities and the sooner the better, before Iran gets nukes.

Iran will not start hostilities :)

Re:World War III (1)

interkin3tic (1469267) | more than 3 years ago | (#33653462)

There is apparently an Islamic sect that believes in their version of Rapture and they believe it will be triggered by Israel's attack on Iran. Iran cannot be the aggressor here - that's the belief at least. Iran will then be saved by the 12th Imam. And that's the Islamic version of Rapture.

So religion is going to keep a country from going to war? That's awfully optimistic. With the right spin, rationalization, and perspective, Iran could do anything and still not be "the aggressor".

"Countrymen, believe me, nuking Israel, Iraq, all of Europe, the US, Canada, Japan, China, Russia, South AND north Korea, Australia, and Israel again was the LAST thing I wanted to do, but I had no choice. You see, God told me to. He said they had ALL already launched nukes at US but these were really slow nukes that would be destroyed if we nuked their countries of origin first. Yeah, God talked to me personally. What can I say, that's probably why you all voted for me even though you didn't think you did."

Re:World War III (0)

Anonymous Coward | more than 3 years ago | (#33652936)

Really, it's in Israel's best interest that Iran starts hostilities and the sooner the better, before Iran gets nukes. In many ways it would actually stabilize the region to have Iran beat down somewhat--you know, at least from Israel's perspective.

I'm not sure how this is in either countries best interests. Talking and foaming in the mouth is in both countries best interests. If Iran does develop a nuke and detonate it in Israel, it's almost certain that any western power that doesn't have laws disallowing hostile action will attack. I wouldn't be surprised if Russia joined in. Heck, even the neighboring countries might attack also, not to mention China, who'd have a fantastic pretext to flex it's muscles.

Even if some foaming mouthed fundamentalist madman did rise into power in Iran, the military would probably rebel if they knew about a nuclear attack. There's no way they'd sacrifice an entire country for it, besides, it'd just get occupied by the western infidels.

Re:World War III (1)

elrous0 (869638) | more than 3 years ago | (#33653072)

Yeah, but you're forgetting Saudi Arabia in your equation. They most definitely DO NOT want such a conflict. And their oil gives them even more say than the Israelis and their money/lobby. No way does the U.S. want Israel provoking a conflict. And Israel needs the U.S. (who do you think gave them the nukes, guns, and fighter jets to begin with).

Re:World War III (2, Insightful)

mr100percent (57156) | more than 3 years ago | (#33653130)

In many ways it would actually stabilize the region to have Iran beat down somewhat--you know, at least from Israel's perspective.

That was the thinking by the Neocons and the far right in Israel when the choice was made to attack Iraq, but it wound up backfiring. Israel felt and probably is much less safe now, since it galvanized the Arab world to cooperate with Israel even less and support "reisistance" groups like Hamas even more (Iraqi politicians like Muqtada Al-Sadr are now supporting them), and swung Iranian public opinion toward throwing out the moderate Khatami and voting for Ahmadinejad (the first time at least), and the expansion of training camps in Iraq meant that Israel now has long-term problems. Israel's generals can't say it openly, but in many conversations to the press it's been treated as a given that the whole misadventure put the region on less stable footing and has overall hurt Israeli security.

Re:World War III (1)

Monkeedude1212 (1560403) | more than 3 years ago | (#33652668)

I'm hoping the Mutually Assured Destruction clause they taught me throughout social studies holds true in this day and age as it has throughout the past decades.

Worst case scenario though, recent video games and pop culture have taught me how to handle a post apocalyptic world. I mean, if I survive the blasts, I'm sure Book of Eli, The Road, and Fallout 3 have shown me that I can live with radiation.

Re:World War III (0, Troll)

danny_lehman (1691870) | more than 3 years ago | (#33652742)

Hopefully by that time, Stephen Harper will no longer be prime minister, some other asshat will. And Canada will go back to its "peacekeeping" role. We're safe up here!

Re:World War III (1)

X0563511 (793323) | more than 3 years ago | (#33653026)

It's only a world war if the world gets involved.

If everyone stands back and lets the middle-east glass itself, that's not a world war.

Not saying it wouldn't be a catastrophe, but just sayin' it wouldn't be WWIII.

Unless someone decides to nuke a superpower for some (retarded) reason in the fray.

Re:World War III (1)

shoehornjob (1632387) | more than 3 years ago | (#33653042)

Yeah but Israel will bomb the shit out of their reactor like they did back in 81 to Iraq. The Saudi's have already told Israel that they can use a narrow corridor of their airspace to bomb Iran. Hell they already have the targets picked out. http://www.msnbc.msn.com/id/37653040/ns/world_news-mideastn_africa/

Oh Noes! (2, Funny)

ByOhTek (1181381) | more than 3 years ago | (#33652448)

The worms in the reactor will eat the fuel rods, become radioactive, mutate, and destroy/dominate the world!

* Preemptive defense against the person who will take this post seriously: I realize most mutations have no significant effect, most of the remainder are harmful, and the chances of a slightly beneficial mutation, let alone a highly beneficial mutation is highly negligible. This post is for humor sake only.

Re:Oh Noes! (0)

demonbug (309515) | more than 3 years ago | (#33652588)

One step away from Wormboy Hell?

(I guess the one step would be the development of espers)

Re:Oh Noes! (2, Funny)

tacarat (696339) | more than 3 years ago | (#33652716)

That's not entirely true. Scientists have found that most creatures with radioactivity induced mutations take on an applewood bacon smoked flavor. The intensity of the flavor peaks when they start glowing, though.

Re:Oh Noes! (1)

electron sponge (1758814) | more than 3 years ago | (#33653414)

Mutations smell delicious

Re:Oh Noes! (1)

snspdaarf (1314399) | more than 3 years ago | (#33653430)

So Raymond Burr was in Tokyo to eat Godzilla?

Begun, the Cyber Wars Have. (3, Interesting)

Rashkae (59673) | more than 3 years ago | (#33652490)

Looks like national cyber security is about to get a much higher priority than copyright protection.

Say What? (0)

Anonymous Coward | more than 3 years ago | (#33652498)

"...Bushehr is a plausible target, but there could easily be other facilities -- refineries, chemical plants or factories that could also make valuable targets, said Scott Borg, CEO of the U.S. Cyber Consequences Unit, a security advisory group

They Can't Be That Stupid... (2, Insightful)

IonOtter (629215) | more than 3 years ago | (#33652512)

Why in the Hell is Iran connecting their nuclear reactor to the Internet???

Either Iran is unbelievably stupid, or they've got some blindingly incompetent IT people working at that plant. And considering the international attention that plant is getting, you'd imagine that any incompetent operators would have been sent into the desert to look for minefields while wearing clown shoes long ago.

Re:They Can't Be That Stupid... (3, Informative)

makomk (752139) | more than 3 years ago | (#33652602)

Which is why this malware has multiple infection routes, including USB sticks.

Re:They Can't Be That Stupid... (4, Interesting)

Caerdwyn (829058) | more than 3 years ago | (#33652916)

One of the most effective ways to penetrate a company is to drop a couple of USB sticks in their parking lot with some "special" autoinstalled software. Someone sees it, picks it up, takes it in side and plugs it in to see what's on it. A few boring things, maybe a naked picture of someone, and a rootkit.

I've worked for a couple of companies which have had security audits performed on them that included hiring outside firms to do "social engineering" penetration tests to see how good the employees are about that sort of thing. It's strange... someone who won't be fooled by "we're from IT and need your password" sweet-talk and who would never open an attachment to an email will happily stuff a flash drive into their computer. The penetration testing firms tell me they almost always get a hit with the USB drive trick. (And, for the record, one of my companies passed the test, 100%. Woot! Let's not talk about the other, though...)

So yeah, physical devices > air-gap.

Where did all the pseudo-/.ers go? (1)

drdrgivemethenews (1525877) | more than 3 years ago | (#33653516)

Where are all the posts, after parent, reminding us that the USB memory stick trick doesn't work on Linux? (or Apple)?

* Regarding title: real /.ers generally have more substantive things to say.

Re:They Can't Be That Stupid... (2, Informative)

daremonai (859175) | more than 3 years ago | (#33652652)

They're not connecting it to the Internet, so far as I know. The speculation in the article is that the Russian contractor building the facility brought in infected PCs for the control system. Coincidentally(?), the contractor (AtomStroyExport) had its own website hacked recently.

They don't need to be that stupid (1, Insightful)

Anonymous Coward | more than 3 years ago | (#33652662)

I can simply imagine an Mosad/CIA agent bringing it on a USB stick. Who said that some low rank technician with access to facility office LAN doesn't need additional income.

Re:They don't need to be that stupid (1)

spun (1352) | more than 3 years ago | (#33652768)

They don't even need an insider. Just drop some USB sticks near where employees live or work. Someone will take the "ground score" USB stick in to work with them, and click on PORNSHOW.EXE or CUTECATS.EXE to see what it is.

Re:They don't need to be that stupid (1)

Even on Slashdot FOE (1870208) | more than 3 years ago | (#33653248)

And this is why you format found USB sticks on a computer that has autorun turned off.

Re:They Can't Be That Stupid... (1)

OzPeter (195038) | more than 3 years ago | (#33652806)

Why in the Hell is Iran connecting their nuclear reactor to the Internet???

Where have you been hiding out. There has been uproar in the US over recent months with public awareness of how much of the US infrastructure is connected to the internet. This is not anything new.

Re:They Can't Be That Stupid... (0)

Anonymous Coward | more than 3 years ago | (#33652828)

Whoever wrote this worm probably also took steps to ensure that it found its way, perhaps via USB thumb drive, into the right facilities. In other words, the last hop was probably made via sneakernet not Internet.

Re:They Can't Be That Stupid... (0)

Anonymous Coward | more than 3 years ago | (#33652852)

You do realize that most civilians within Iran country have very little access to the Internet and therefore may not have as much opportunity to learn and research various topics that are well-known amongst individuals in most other countries, right?

Siemens Patch Release (1)

JamJam (785046) | more than 3 years ago | (#33652516)

Taking the tin foil hat off, it almost sounds like a "Siemens Patch" for the PLC device - then that got me thinking, wouldn't this be an interesting way to patch other (zero day) vulnerabilities in MSFT, Adobe Reader, and other products? Maybe that would only help for Joe Public who is not patching their software anyway...

We've analysed their attack... (0)

Anonymous Coward | more than 3 years ago | (#33652562)

Langner: We've analysed their attack Sir,and there is a danger.Shall I have your ship standing by?

Ahmadinejad: Evacuate?! In our moment of triumph?

Windows for Industrial/control use (0, Redundant)

Danathar (267989) | more than 3 years ago | (#33652574)

Maybe it's the developer tools available? The overall windows ecosystem availability?

Whatever it is, the IDEA of using windows for mission critical control systems is insane from a security perspective (along with other reasons). Given that windows was never designed for embedded use, is probably not updated for security patches with systems that are not networked (on a regular basis) and is the target of the worlds computer security issues it seems a no-brainer to stay AWAY from it. I suppose money had something to do with it and not actual real thought to the dangers of using windows for these systems.

Re:Windows for Industrial/control use (1)

confused one (671304) | more than 3 years ago | (#33652850)

And yet... you'll find Windows used in mission critical control systems anyway.

Re:Windows for Industrial/control use (0)

Anonymous Coward | more than 3 years ago | (#33653448)

Saving Hackers/Rogue Nations everywhere the trouble of creating their own worms.

I'm still having a problem with... (1)

Cheerio Boy (82178) | more than 3 years ago | (#33652582)

...why ANY nuclear reactor or power plant needs to be directly connected to a computer network. I can see it having say a USB port for upgrades of controller firmware but a network connection? Nope.

And even with a USB connection have a failsafe ROM backup so if it starts acting strange after the update then smack the "Default" button to bring it back under control.

Re:I'm still having a problem with... (1)

chill (34294) | more than 3 years ago | (#33652704)

The reactor and/or plant is part of a network itself. I doubt it is directly connected to any external network, like the Internet. It might be part of a separate, secure network that monitors multiple plants remotely.

Most likely the infection was brought in manually.

Re:I'm still having a problem with... (2, Interesting)

amicusNYCL (1538833) | more than 3 years ago | (#33653252)

I'm still having a problem with......why ANY nuclear reactor or power plant needs to be directly connected to a computer network. I can see it having say a USB port for upgrades of controller firmware but a network connection? Nope.

So you're saying that you can't see any use for having the two reactors on site both connected to the same control room? I mean, why the hell would people in one central location want to monitor both reactors at once, in real time, right? That's crazy!

What do you think, that when someone needs to shut down or modify the parameters of a reactor or centrifuge that they actually walk up to the component and hit a button on it? What if they need to start 100 centrifuges at the same time, do they have 100 technicians standing there all on a giant conference call waiting for the "go" signal? If they want to check the current core temps or fuel levels, what do they do, call each one and ask them what the gauge says? What the hell do you think all of this equipment is for:

http://www.upi.com/News_Photos/Features/The-Nuclear-Issue-in-Iran/1581/19/ [upi.com]

Re:I'm still having a problem with... (1)

Cheerio Boy (82178) | more than 3 years ago | (#33653538)

I'm still having a problem with......why ANY nuclear reactor or power plant needs to be directly connected to a computer network. I can see it having say a USB port for upgrades of controller firmware but a network connection? Nope.

So you're saying that you can't see any use for having the two reactors on site both connected to the same control room? I mean, why the hell would people in one central location want to monitor both reactors at once, in real time, right? That's crazy!

What do you think, that when someone needs to shut down or modify the parameters of a reactor or centrifuge that they actually walk up to the component and hit a button on it? What if they need to start 100 centrifuges at the same time, do they have 100 technicians standing there all on a giant conference call waiting for the "go" signal? If they want to check the current core temps or fuel levels, what do they do, call each one and ask them what the gauge says? What the hell do you think all of this equipment is for:

http://www.upi.com/News_Photos/Features/The-Nuclear-Issue-in-Iran/1581/19/ [upi.com]

What I'm saying is that there should be no "write access" from an outside network.

In fact I'll even go one further. Any computer system that is connected to the control circuitry of the reactor should have no connection whatsoever to ANY standard network. It should be isolated from both the internal desktops AND the outside. AND you shouldn't be able to put in any device like a USB drive or floppy without the reactor being shut down.

In the case of a central monitoring location install a second set of sensors that are in no way linked to the control systems. Minuscule money compared to the entire cost of the plant.

The consequences of getting this stuff wrong is just too nasty. This of course points me in the direction of wanting smaller PBR units instead of one big unit.

speculation anyone? (4, Insightful)

superstick58 (809423) | more than 3 years ago | (#33652606)

Ugh, what a terrible article. There's no firm conclusions at all, just mindless speculation. Here's some gems: "The only thing I can say is that it is something designed to go bang" and "'If I had to guess what it was, yes that's a logical target' he said, 'but that's just speculation'"

This could be an interesting topic, but unfortunately, it is turned into a pointless article spewing wild guesses. And the findings are to be submitted in a closed door security meeting? WTF? I guess we'll never know.

I have programmed many PLC's in my day, but unfortunately not Siemens. Does anyone have experience with siemens that can comment on the mysterious operational block 35?

Re:speculation anyone? (4, Funny)

shadowrat (1069614) | more than 3 years ago | (#33652814)

i have analyzed windows running on an isolated machine. While it's seemingly random crashes seem harmless enough, if this were to happen on the right system under the right circumstances, the results could be devastating! My conclusion is windows was engineered to be installed at norad and thwart a nuclear counterstrike by presenting inaccurate progress bars representing the ETA of incoming soviet warheads.

Re:speculation anyone? (2, Informative)

Anonymous Coward | more than 3 years ago | (#33652826)

OB35 is a an interrupt function which is periodically called by a timer, generally every 100ms.
If you were to inject malicious code into OB35, it would be periodically executed, assuming that OB35 was loaded onto the controller in the first place.
No idea what this code might be expected to do. Crash the software running on the PLC maybe.

Re:speculation anyone? (2, Informative)

peacefinder (469349) | more than 3 years ago | (#33653372)

The mere fact that it's speculative does not make it a terrible article.

Considering the nature of the malware, the apparent difficulty of extracting information from it, and the sensitivity of the information already disclosed, I'd say it's a pretty fine write-up. It tells you what they know and can disclose, tells you there's more they can't disclose, and that there's still mroe that they know they don't know.

I mean seriously, hooray for forthright honesty here. No one is pretending to certainty that they don't have, which puts it in the top 1% of journalistic articles right there.

Taliban... (1)

frozentier (1542099) | more than 3 years ago | (#33652610)

The Taliban is responsible for this, and it is a threat to the infrastructure of the United States. We'd better send troops immediately.

Testing (0)

Anonymous Coward | more than 3 years ago | (#33652676)

1 2 3

Rrrriiight. (4, Insightful)

bmo (77928) | more than 3 years ago | (#33652774)

Siemens PLCs are everywhere. Same with GE and others. They run everything from nuke plants to little benchtop lathes and aerospace applications. How this person decided that it *had* to be the Iranian nuke plant baffles me.

How does he know that it wasn't targeted at various military targets? Iranian medium and short range missile installations also come to mind. Does he *have* the Siemens PLC configuration from the nuke plant in his hot little hands? Or does he even have the model numbers?

Reading TFA, no.

Peterson believes that Bushehr was possibly the target. "If I had to guess what it was, yes that's a logical target," he said. "But that's just speculation."

Well, there you go. Nothing to see here.

That's not to say that actual cyber-warfare is not happening, but to come out with wild-ass speculation and present it as newsworthy reminds me of Fox "News" and the rest of the Murdoch "empire."

--
BMO

Re:Rrrriiight. (0)

Anonymous Coward | more than 3 years ago | (#33652830)

RTFA. The worm looks at a specific configuration of the PLCs, and hints at coordinated identification of a network of PLCs in a specific configuration. In other words, a specific deployment.

Re:Rrrriiight. (1)

bmo (77928) | more than 3 years ago | (#33653032)

Yes, but *which* specific deployment of Siemens PLCs? Which company? Which government? Which military branch? Which *building*?

There's a whole bunch of speculation but no facts. Until someone can match up even the model numbers with what the software was targeting, there is no "there" there.

And with the way that Iran procures items for its government/military (through ghost companies run by the Revolutionary Guard (read up on this, it's fascinating)) it's highly unlikely that we could ever trace where Siemens PLCs went from Germany to wherever in Iran without actually walking up to the machine cabinets, opening them up, and writing down the serial and model numbers.

Sorry, AC. Read TFA closer.

--
BMO

Re:Rrrriiight. (2, Insightful)

elrous0 (869638) | more than 3 years ago | (#33653188)

Yeah, why won't Iran just hand over the specific serial numbers for the logic controllers in their nuke plants? Would you like them to give you their military cryptography keys too, why they're at it?

Re:Rrrriiight. (2, Informative)

amicusNYCL (1538833) | more than 3 years ago | (#33653304)

They run everything from nuke plants to little benchtop lathes and aerospace applications. How this person decided that it *had* to be the Iranian nuke plant baffles me.

That's exactly what I first thought, that a country would use its resources (you RTFA'd, right?) to attack benchtop lathes around the world. It must be just a coincidence that the infection started in Iran and that 60% of infected computers are in Iran.

It targets one specific platform? (0)

Anonymous Coward | more than 3 years ago | (#33652886)

Umm... Isn't that what all worms do?

Why is it so hard... (1)

kannibul (534777) | more than 3 years ago | (#33653360)

Why is it so hard to have 2 completely seperate networks? One for running everything (critical network) One for connecting to the rest of the world for email, etc. If you need to remotely monitor something - put an IP camera on it and connect it to the non-critical network...

Could it be a reverse setup? A business measure? (1)

davidwr (791652) | more than 3 years ago | (#33653420)

I doubt the Western Governments would do this because they would know that suspicion would eventually fall on "state enemies of Iran" including the US and Israel. Neither of those countries is that stupid.

However, an enemy of a country who is an enemy of Iran and who doesn't care if Iran's nuclear plant blows up might just pull this off. Think North Korea or maybe China.

On the other hand, maybe a Western power DID do it hoping people would think they wouldn't be "that politically stupid" and blame some other country like I just did.

Another more Mafia/Ferengi-esque possibility:

Iran failed to pay some private company or government on a contract, and that company or government is using this for purely "business" reasons. "Nothing personal Iran, but we can't sit idly by and let you not pay your invoices, what would our other customers think?"

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...