Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Stuxnet Worm Claimed To Be Devastating In Iran

CmdrTaco posted about 4 years ago | from the new-same-world dept.

Worms 390

sciencewatcher writes "At debka.com, a website associated with intelligence communities focusing on the Middle East, the claim is made that Tehran this week secretly appealed to a number of computer security experts in West and East Europe with offers of handsome fees for consultations on ways to exorcise the Stuxnet worm spreading havoc through the computer networks and administrative software of its most important industrial complexes and military command centers."

cancel ×

390 comments

Sorry! There are no comments related to the filter you selected.

So what's the word, people. (4, Interesting)

Pojut (1027544) | about 4 years ago | (#33733212)

Do you think the US did this in an official capacity, an "official" capacity, or had nothing to do with it?

Re:So what's the word, people. (5, Funny)

Anonymous Coward | about 4 years ago | (#33733276)

No, they didn't. Proof: it worked.

Re:So what's the word, people. (5, Insightful)

Bert64 (520050) | about 4 years ago | (#33733284)

Doesn't really matter either way...

Iran was grossly negligent in allowing their critical infrastructure to run on software controlled by a hostile government (and which they most likely had to pirate because there are export restrictions against iran).

The Stupid. It Burns! (-1, Flamebait)

Anonymous Coward | about 4 years ago | (#33733392)

"Iran was grossly negligent in allowing their critical infrastructure to run on software controlled by a hostile government (and which they most likely had to pirate because there are export restrictions against iran)."

Fucking idiots are actually pretending any of this shit is true?

LOL. Boggle at the stupidity. It really is sickening to realize just how many fucking morons like Ber64 are out there.

Re:So what's the word, people. (5, Informative)

xaxa (988988) | about 4 years ago | (#33733412)

(and which they most likely had to pirate because there are export restrictions against iran).

For the US -- there's nothing stopping me selling computer software to Iran, unless that software is of military/nuclear/etc use (you can see the full details of what's not allowed here (the PDF) [businesslink.gov.uk] ).

Re:So what's the word, people. (4, Insightful)

Darkness404 (1287218) | about 4 years ago | (#33733464)

...Except for the fact that encryption software is often times classified as "military" technology, making the distribution of most software impossible.

Re:So what's the word, people. (1)

onepoint (301486) | about 4 years ago | (#33733524)

I am not sure, but I do recall that anything above a 56 bit encryption is not ok to export outside of the USA back in 2003, I am not up to the rules and reg of current time.

Re:So what's the word, people. (4, Informative)

chill (34294) | about 4 years ago | (#33733598)

Crypto in U.S. law was removed from the munitions classification back in 1996 by then President Clinton.

Shortly thereafter one of the exemptions granted was for open source. If the source code was freely available, you don't need an export license.

Re:So what's the word, people. (4, Informative)

gyranthir (995837) | about 4 years ago | (#33733636)

For the US, Cuba, Iran, Syria, Libia and a bunch of other countries are under an embargo, where american companies cannot export to them...

Re:So what's the word, people. (0)

Anonymous Coward | about 4 years ago | (#33733438)

mydigitallife's windows 7 pirating guide looks so clean, I can't help but think that it could be a DoD trick.

Re:So what's the word, people. (1)

Drakkenmensch (1255800) | about 4 years ago | (#33733492)

You assume that they couldn't find an ethically bankrupt businessman willing to sell them things under the table. Think George Bluth Sr. from Arrested Development.

Re:So what's the word, people. (0)

Anonymous Coward | about 4 years ago | (#33733706)

You assume that they couldn't find an ethically bankrupt businessman willing to sell them things under the table. Think George Bluth Sr. from Arrested Development.

I've only seen that show a few times... but I am *pretty* sure he is fictitious.

Re:So what's the word, people. (0)

Anonymous Coward | about 4 years ago | (#33733682)

They're not pirates if they never signed the Berne convention.

Re:So what's the word, people. (2, Insightful)

Hijacked Public (999535) | about 4 years ago | (#33733740)

So they should have built their own software to run on S7 PLCs? What country that you know of does that? Do you know of any country that does? If so name them, because I've been to dozens and never seen anything of the sort.

They could have probably run a lot of their automation with relay logic, but at a significantly increased cost.

Re:So what's the word, people. (3, Insightful)

Randle_Revar (229304) | about 4 years ago | (#33733362)

If Stuxnet is attacking Iran, I'd bet on Israel (just) ahead of the US.

Re:So what's the word, people. (2, Insightful)

John Hasler (414242) | about 4 years ago | (#33733440)

So would I, but I'd put Israel way ahead. However, I don't discount the possibility that no government was involved.

Re:So what's the word, people. (0)

Anonymous Coward | about 4 years ago | (#33733568)

First, surely completely by chance: Richard Falkenrath of The Chertoff Group agrees with you on Bloomberg: http://www.youtube.com/watch?v=H6VipR0xBGo [youtube.com]

Second, coincidentally:

Registrant:
      DEBKAfile Ltd.
      4, Hamaapilim St.
      Jerusalem, 92545
      Israel

      Administrative Contact:
            Shamis, Giora admin@debka.com
            DEBKAfile ltd.
            4 Ha-Ma'apilim St.
            Jerusalem, 92545
            Israel
            25666882 Fax -- 25670038

      Technical Contact:
            Mikhailov, Vadim admin@debka.com
            DEBKAfile Ltd.
            4 Ha-Ma'apilim St.
            Jerusalem, 92545
            Israel
            544288197 Fax -- 25670038

What did Sun Tzu say about the third ?

Re:So what's the word, people. (0)

Anonymous Coward | about 4 years ago | (#33733378)

My first thought was Mossad, not US agencies. This is pure speculation of course, but I'm surprised that I haven't seen this possibility brought up yet.

Re:So what's the word, people. (0)

Anonymous Coward | about 4 years ago | (#33733502)

If you haven't seen that possibility brought up yet, then you must not have paid attention at all. Stuxnet is too advanced and targeted and equipped with too many high quality vulnerabilities as attack vectors to be the work of anything but military or an intelligence agency. Which one we'll probably never know, but the most likely attackers are the US, Israel and China. This is purely from a "who benefits" point of view, and because they've all proven in the past that they're capable and willing to use underhanded tactics on a large scale.

Re:So what's the word, people. (1)

Goaway (82658) | about 4 years ago | (#33733538)

It's been brought up in pretty much every single discussion of this I've seen so far.

Re:So what's the word, people. (3, Insightful)

davev2.0 (1873518) | about 4 years ago | (#33733394)

I think Iran did it to themselves.

Re:So what's the word, people. (1, Funny)

Anonymous Coward | about 4 years ago | (#33733728)

I think Iran did it to themselves.

THIS is the message we should promote. That's what they say about us, right?

Re:So what's the word, people. (4, Insightful)

NatasRevol (731260) | about 4 years ago | (#33733792)

Well given that they're running Windows for critical infrastructure & military command centers - apparently without AV, I'd say that yes, they did do it to themselves.

Re:So what's the word, people. (0)

Anonymous Coward | about 4 years ago | (#33733408)

It was probably some 12 year old armed with a never ending supply of hot pockets.

Re:So what's the word, people. (5, Informative)

Trevelyan (535381) | about 4 years ago | (#33733454)

It's more likely to have been Israel.

For example this story [ynetnews.com] , note that its from 2009 but still make a pretty good description of how stuxnet works. Google or following the links on stuxnet news stories will bring up other possible links to Israel.

Re:So what's the word, people. (1)

Rob Riggs (6418) | about 4 years ago | (#33733750)

The U.S.? No. There's a far more likely suspect...

A communications disruption (1)

Shivetya (243324) | about 4 years ago | (#33733218)

A communications disruption can mean only one thing - invasion.

well, what better time to fix that pesky reactor.

wait, couldn't they fix it with one of these (1)

macfanboy (1796606) | about 4 years ago | (#33733228)

Re:wait, couldn't they fix it with one of these (1)

Xest (935314) | about 4 years ago | (#33733590)

Why does this site try to resize your browser Window? Is this Iran's attempt at getting back at us Westerners for Stuxnet or something?

I HAVE FRIST POST (-1, Offtopic)

Anonymous Coward | about 4 years ago | (#33733232)

frist post! praise be to allah!

why don't they (2, Funny)

Anonymous Coward | about 4 years ago | (#33733240)

why don't they just use firefox instead of ie??

Re:why don't they (3, Informative)

Ant P. (974313) | about 4 years ago | (#33733268)

Or computer systems certified for safety-critical installations, instead of Windows which flat out says not to use it for that in the EULA?

Re:why don't they (0)

Anonymous Coward | about 4 years ago | (#33733784)

Or computer systems certified for safety-critical installations, instead of Windows which flat out says not to use it for that in the EULA?

Yeah, that'd be like using MS Excel to tally votes from a national election or something.

Worst made up bullshit article ever. (-1)

Anonymous Coward | about 4 years ago | (#33733250)

I'd copy and paste some quotes that are utter bullshit but the website is stopping me so fuck them.

interesting (1)

roman_mir (125474) | about 4 years ago | (#33733256)

the only problem with this contract is just how much of a target one can become if one decided to go for the money and the fun of 'exorcising' the demon from the nuclear power plant (and whatever else) systems.

I guess... (2, Funny)

Anonymous Coward | about 4 years ago | (#33733258)

...it really stux to be iranian.

Does it run on Linux? (1)

G3ckoG33k (647276) | about 4 years ago | (#33733264)

Does it run on Linux? For once a relevant question... ;)

Re:Does it run on Linux? (1)

John Hasler (414242) | about 4 years ago | (#33733456)

The worm? "...Windows-specific..."

Re:Does it run on Linux? (1)

MBGMorden (803437) | about 4 years ago | (#33733468)

It doesn't. It's Windows-only and is typically first inserted through an infected USB stick after which it can spread throughout an internal LAN.

Anyone else find that site a litte skeevy? (2, Interesting)

SlappyBastard (961143) | about 4 years ago | (#33733266)

I'm not a fan of quoting anything from a website whose motto is "We start where the media stop".

Treat anything from Debka cautiously (5, Informative)

Motard (1553251) | about 4 years ago | (#33733324)

This site has a lot of seemingly tantalizing information, but a lot of it is BS. It reported that one of Saddam's palaces had huge glass covered aquariums where sharks would swim under your feet. Now that all the palaces have been 'visited', there have been no reports of any such thing.

Re:Treat anything from Debka cautiously (1)

MiniMike (234881) | about 4 years ago | (#33733664)

Well that explains it. They must have actually been at SeaWorld [seaworld.com] (except there the sharks swim over you, make your own 'in soviet russia' style joke) and just fudged their expense report.

Re:Anyone else find that site a litte skeevy? (2, Informative)

Are You Kidding (1734126) | about 4 years ago | (#33733430)

The observation is well taken. Prior to the Iraq war, Debka had a series of stories from "inside sources" who said that Sadam had constructed vast underground bunkers in the desert in which he had hidden his weapons of mass destruction. It is hard to tell whether a story on Debka is intelligence or propaganda.

Re:Anyone else find that site a litte skeevy? (4, Funny)

couchslug (175151) | about 4 years ago | (#33733738)

Getting technical information from Debka is like getting your foreign affairs info from the New York Daily News.

Millions? (1)

AnonymousClown (1788472) | about 4 years ago | (#33733282)

While Tehran has given out several conflicting figures on the systems and networks struck by the malworm - 30,000 to 45,000 industrial units - debkafile's sources cite security experts as putting the figure much higher, in the region of millions. If this is true, then this cyber weapon attack on Iran would be the greatest ever.

Millions? They have that much interconnected? I mean really, when Seimens or some other industrial supplier comes in, do they automatically say, "Oh, we need to have this connected to the internet for critical software updates." ? Do they use Microsoft's updating methods?

I really can't believe that they are that careless. I think the number cited by the Iranians are mostly networks connected to the internet - non-critical networks.

Re:Millions? (5, Insightful)

Anonymous Coward | about 4 years ago | (#33733478)

Sadly, most industrial control stuff runs on Winderz. It's all DCOM-based and takes so much banging your head against the monitor to get configured and working properly that oftentimes, you end up having disabled most any security features available out of sheer "maybe THIS will work" frustration. When you finally DO get it working, the last thing you want to do is go back and start turning on the security features as it will just break this fragile house of cards.

At least that's been my experience with it.

Posting anonymously cuz I just kind of admitted I'm DOING IT WRONG. But I swear it's true.

Re:Millions? (2, Informative)

grub (11606) | about 4 years ago | (#33733550)


I mean really, when Seimens or some other industrial supplier comes in, do they automatically say, "Oh, we need to have this connected to the internet for critical software updates." ? Do they use Microsoft's updating methods?

I can't speak for Siemens' method of updating that type of software but I know that for the MRI console software they make (for the Siemens MRIs) we have a VPN between the console and Siemens directly. No full internet access required.

Perhaps it's just me... (3, Insightful)

d3ac0n (715594) | about 4 years ago | (#33733288)

But I'm having a really hard time getting upset over the Iranian government being brought to a crawl by a computer virus. These ARE the same people that have made no bones about wanting to commit genocide against all Jews, and have tortured and murdered millions of their own people.

Personally, I hope it causes a total collapse. Perhaps then the Green Revolution people (those that are still alive, anyway) can have a chance at creating a true Democracy in Persia. The Persian people certainly deserve it.

What DOES worry me is that this is, in some ways, a "genie out of the bottle" moment. Formal "Weaponized" use of a computer virus to attack a state. While I'm sure it was inevitable, it is still a bit of a shock to know that the day has arrived.

All the more reason to be sure to be using a variety of redundant and disparate OS types to support your infrastructure I guess.

Get The Fuck Off This Site You Racist Piece A Shit (-1, Troll)

Anonymous Coward | about 4 years ago | (#33733336)

Go crawl back to whatever rock you climbed out from under you right wing scumbag.

Don't you ever post your garbage on this site again.

Re:Get The Fuck Off This Site You Racist Piece A S (1, Insightful)

jDeepbeep (913892) | about 4 years ago | (#33733376)

If anything he said was untrue, I feel certain you would improve your argument against his statements, by providing information from factual unbiased sources. Just saying. *waits for offtopic mods*

Re:Get The Fuck Off This Site You Racist Piece A S (-1, Offtopic)

mu22le (766735) | about 4 years ago | (#33733532)

Don't feed the troll, young padawan!

Hilarious US Media Lies About Iran (0)

Anonymous Coward | about 4 years ago | (#33733602)

"If anything he said was untrue,"

http://www.youtube.com/watch?v=onNzrNEFs1E [youtube.com]

With crap like that filling your head why would anyone waste the effort on someone like you?

And BTW, adding 'Just saying.' to your comments makes you sound like an imbecile...

Just saying...

d3ac0n - The Stupidity Is Sickening (-1, Troll)

Anonymous Coward | about 4 years ago | (#33733470)

"These ARE the same people that have made no bones about wanting to commit genocide against all Jews"

Wow, you mean that lie that continues to be spread by the Western media? You are actually stupid enough to repeat it. In a public forum? Should we laugh or cry at the sickening stupidity?

Everytime someone wonders how did a braindead wacko like Sarah Palin get so many votes, you just have to look at people like d3ac0n and their nauseating ability to latch on to obvious and absurd lies as long as it is something they want to believe.

Shame on you. You're an embarrassment to the Human Race.

Re:d3ac0n - The Stupidity Is Sickening (1)

slapout (93640) | about 4 years ago | (#33733626)

"The uniform shout of the Iranian nation is forever 'Death to Israel.'" --Iranian president Mahmoud Ahmadinejad

Re:d3ac0n - The Stupidity Is Sickening (1)

m50d (797211) | about 4 years ago | (#33733676)

"Israel" != "all Jews"

Re:d3ac0n - The Stupidity Is Sickening (2, Informative)

Beezlebub33 (1220368) | about 4 years ago | (#33733796)

Take a look at the wikipedia page on Ahmadinejad and Israel. He's pretty nuts and definitely wants to get rid of Israel. I don't see a quote about genocide though, just wants to get rid of the state; weird comments about the holocaust and 9/11.

Re:Perhaps it's just me... (1, Troll)

Gordonjcp (186804) | about 4 years ago | (#33733496)

But I'm having a really hard time getting upset over the Iranian government being brought to a crawl by a computer virus. These ARE the same people that have made no bones about wanting to commit genocide against all Jews, and have tortured and murdered millions of their own people.

[citation needed]

In any case, are you saying they don't have a right to defend themselves from Israel's IDF paramilitary terrorists? The notorious war criminal Ariel Sharon said that all Arabs should be exterminated (yes, I know the Iranians are Persians, not Arabs). The present Israeli government seems to be doing a good job of herding the Palestinians into ghettos and taking over chunks of Palestine to expand their lebensraum. Would you like to live beside an expansionist who didn't think you were anything more than an animal?

Fake Baby Incubator Horror Stories (0)

Anonymous Coward | about 4 years ago | (#33733542)

I bet the idiot was similarly 'outraged' by the laughably fake Baby Incubator horror stories back before the first US attack on Iraq...

Re:Perhaps it's just me... (0)

Anonymous Coward | about 4 years ago | (#33733646)

Aah yes, a genius comes along and writes "citation needed", only to then go on and make a bunch of unsubstantiated claims.

Gee, your argument is brilliant! We have all seen the light now!

Israel Threated To Wipe Iran Off The Map (0)

Anonymous Coward | about 4 years ago | (#33733716)

It shouldn't be surprising to anyone that Iran is building up their defenses in preperation of possible Israeli terror attacks.

"Iran should be wiped off the map"

Benjamin Netanyahu

Re:Perhaps it's just me... (1)

couchslug (175151) | about 4 years ago | (#33733766)

"Would you like to live beside an expansionist who didn't think you were anything more than an animal?"

Iran isn't beside Israel.

Re:Perhaps it's just me... (2, Insightful)

elrous0 (869638) | about 4 years ago | (#33733520)

If a virus like this were to succeed in its apparent goals (reeking havoc on the Natanz enrichment facility [globalsecurity.org] , or worse, the new Bushehr nuclear power plant [wikipedia.org] ) it could potentially cause an accident that could kill a LOT of innocent people. It had the very real capacity to send the reactors at Bushehr into meltdown. And I'm pretty sure the people who live around that facility had nothing to do with genocide against the Jews (nor have most Iranians ever fired so much as a shot against Israel).

Re:Perhaps it's just me... (0)

Anonymous Coward | about 4 years ago | (#33733678)

If a virus like this were to succeed in its apparent goals (reeking havoc on the Natanz enrichment facility [globalsecurity.org] , or worse, the new Bushehr nuclear power plant [wikipedia.org] ) it could potentially cause an accident that could kill a LOT of innocent people. It had the very real capacity to send the reactors at Bushehr into meltdown. And I'm pretty sure the people who live around that facility had nothing to do with genocide against the Jews (nor have most Iranians ever fired so much as a shot against Israel).

Too bad, so sad. Beats a nuclear war between Israel and Iran.

Re:Perhaps it's just me... (1)

elrous0 (869638) | about 4 years ago | (#33733756)

No, but it sure could start a region-wide conventional war that could last a lot longer and claim just as many lives in the end.

Re:Perhaps it's just me... (1)

Goaway (82658) | about 4 years ago | (#33733552)

Well, here we have someone who certainly likes to swallow his propaganda whole.

No hefty consultation fees needed (0)

guruevi (827432) | about 4 years ago | (#33733292)

Just reinstall the Windows machines with Linux, run Windows in a Virtual Machine with all outside communications firewalled if necessary, then restore the SCADA system software from backup (you do have a backup right?) or just re-upload a clean version of the systems.

Re:No hefty consultation fees needed (0)

Anonymous Coward | about 4 years ago | (#33733482)

Consultant Israel Goldberg at your service.
Of course I help you plenty. I have free USB sticks.
You got trouble now, you just wait. I fix plenty.

Re:No hefty consultation fees needed (0)

Anonymous Coward | about 4 years ago | (#33733658)

Just reinstall the Windows machines with Linux, run Windows in a Virtual Machine

Did anyone think that maybe the infection wasn't the end goal of this attack? If they need to bring computer "experts" in from outside to clean a lot of computers that gives many international agencies a chance to slip spies in with access to very sensitive computer and networks. Hell the primary distribution seems to be USB drives so it was probably planted in the first place.

LOL, Welcome To Fantasyland (0)

Anonymous Coward | about 4 years ago | (#33733294)

This reminds me of the old Vietnam engagement reports the military would put out where they would just make up absurd body counts that had a complete lack of any basis in reality yet the people putting them actually believed because they wanted them to be true.

In other words...yawn.

Cyber World War 2 and a Half... (2, Interesting)

wiredog (43288) | about 4 years ago | (#33733326)

Or something like that. Could get a bit scary, push comes t5o shove and all that. I wonder who will get hit with the retaliatory strike?

Alternatively, I wonder if this is the retaliatory strike?

You are in a twisty maze of little passages, all alike...

Nelson says it best (0)

Anonymous Coward | about 4 years ago | (#33733334)

"HAW HAW!"

DEBKAfile (1)

lightspeedius (263290) | about 4 years ago | (#33733340)

Are these guys reliable at all? On the face of it, I don't see any reason to accept DEBKAfile's "intelligence and Iranian sources".

Re:DEBKAfile (4, Interesting)

Attila Dimedici (1036002) | about 4 years ago | (#33733432)

My impression of Debkafile is that they have sources for just about everything they report, but that they are often used by various individuals and groups to get stories out there that are not true. On the other hand, every now and again, they break some story that every other news organization has ignored/missed because there are no solid sources, but once the story breaks, solid sources turn up. What that means is that if you see something on Debkafile, look around for other sources before you take it as true (although this may take some time).

Own goal? (1, Interesting)

Anonymous Coward | about 4 years ago | (#33733342)

The first thing the Iranians will want to do is to re-release this thing into the west.

This could hurt.

Incentive to give this impression (2, Insightful)

Anonymous Coward | about 4 years ago | (#33733358)

(repost as the first one isn't showing up)

They would in any case have an incentive to give the impression that everything grinds to a halt. The more their nuclear programme slows down the longer it will be until Israel feels the urgent need to bomb it.

I like to play a little game called "Which world do we live in?". You describe two worlds that are generally similar but differ on some characteristics, and try to find out which of the two worlds we live in, or ways to go about finding out. I am not sure of an easy way to find out in this case.

Spreading havoc? (4, Insightful)

brian0918 (638904) | about 4 years ago | (#33733388)

It's my understanding that Stuxnet was designed to only *do only* to one certain computer/system that was specifically targeted. On all other computers that do not match the signature of that computer, it leaves them alone. So what is the "havoc" that it is causing?

Re:Spreading havoc? (2, Insightful)

dr2chase (653338) | about 4 years ago | (#33733544)

As I understand it (I just used teh Google to figure out whether this worm phones home), the worm does phone "somewhere", and worms on a network update among themselves in a peer-to-peer fashion.

So, perhaps it started as one thing, and has become another. In particular, if the party answering the "phone home" can tell who is calling, they might deliver different payloads to known-Iranian IP addresses and other addresses. (That's what *I* would do.)

Reality seems to be catching up to our more paranoid fantasies, and I'm not sure that's a good thing. I'm feeling better and better about cut-wire security, and it sounds like it would be a good idea to stuff the USB slot full of epoxy.

Re:Spreading havoc? (5, Insightful)

Jaktar (975138) | about 4 years ago | (#33733560)

IAAICT (I am an Instrumentation and Controls Tech)

Stuxnet specifically targets Siemens Simatic Wincc software and associated PLC's. Essentially, the Wincc software is the programming base to interact with the PLC's, which are discreet CPU/memory clusters running optimized code for whatever it is you'd like to do. There are many PLC manufacturers and they use their own programming software to upload/download to their cpu's. The fact that this worm only interacts with Siemens software is not surprising as Siemens is one of the major manufacturers of industrial equipment. I have a large number of Siemens devices all around where I work. I do not use Siemens PLC's though, so I am unaffected by this worm.

This whole thing smells to me like a disgruntled software guy that used to work for Siemens.

Re:Spreading havoc? (0)

Anonymous Coward | about 4 years ago | (#33733634)

How many disgruntled ex-employees do you know who hoard four zero-day Windows exploits?

Re:Spreading havoc? (1)

PseudonymousBraveguy (1857734) | about 4 years ago | (#33733672)

I guess GP referred to the studies that concluded stuxnet would only activate some of its more dangerous parts only if the infected PLC had some very specific building blocks. So the "true" havoc would only be unlashed when the infected machine was part of a very specific facility (which was rumored, but never confirmed, to be "noclear plant", but that may be just some sensationalist's guess), while on all other infected hardware it would mostly stay ineffective, (apart from spreading and probably phoning home)

Re:Spreading havoc? (5, Interesting)

elrous0 (869638) | about 4 years ago | (#33733832)

Having looked carefully at this worm (I'm preparing for a presentation on it at a local security conference), I can tell you it almost certainly wasn't written by one guy. It's the most complex piece of malware I've ever seen. It's written in three languages (C and C++ on the Windows side, MC 7 assembly language on the PLC side), it uses four different Windows exploits and two stolen code-signing certificates from companies in Taiwan (both of which read as legit until just recently), and it has one of the most aggressive and clever rootkits I've ever seen. And that's not even getting into how it can update itself. Unless said disgruntled employee was the goddamn jedi master of hackers in addition to his day-job, I would say this is definitely a major team effort (a very specialized team).

Re:Spreading havoc? (0)

Anonymous Coward | about 4 years ago | (#33733584)

The Morris worm wasn't designed to cause any damage either. How'd that work out?

Re:Spreading havoc? (4, Interesting)

elrous0 (869638) | about 4 years ago | (#33733606)

It targets two specific models of Seimens programable logic controllers (by targeting the Windows software used to program those PLC's). PLC's are used to control very time-intensive industrial processes. Pretty much every power plant, nuke plant, modern manufacturing plant, etc. uses these, and they control very dangerous physical equipment. Reeking havoc with these processes can cause explosions, radiation leaks, major industrial accidents, etc. (it could even cause nuclear reactors to go critical). That's very bad stuff. Best case scenario, it could cause serious damage to equipment. Worse case scenario, it could cause significant lose of life.

In other words, tampering with a PLC can make things go BOOM. In 1982, the CIA purported did this [wikipedia.org] with the Siberian pipeline, and the resulting explosion was so powerful it set off missile launch alarms in the U.S.

Re:Spreading havoc? (1)

Dan East (318230) | about 4 years ago | (#33733624)

No one knows exactly what it does. More than likely it did target a specific industrial complex with the purpose of physically damaging machinery. However, there could be multiple targets, or the software could be collecting data / signatures of additional hardware which it could be instructed to attack at a later time.

This is purported to be the most advanced, complex and highest quality malware ever discovered. I seriously doubt it would be spreading as far and wide as it has for so long if it was targeting a single machine only. My hunch is it is collecting information, and will be used to simultaneously damage as much hardware as possible once it reaches a certain saturation across Iran's industries, and collected enough information to allow accurate targeting of the types of hardware the operators wish to damage.

jahbulon arrives on schedule (-1, Offtopic)

Anonymous Coward | about 4 years ago | (#33733390)

you call this 'weather'?

the search continues;
google.com/search?hl=en&source=hp&q=weather+manipulation

google.com/search?hl=en&source=hp&q=bush+cheney+wolfowitz+rumsfeld+wmd+oil+freemason+blair+obama+weather+authors

meanwhile (as it may take a while longer to finish wrecking this place); the corepirate nazi illuminati is always hunting that patch of red on almost everyones' neck. if they cannot find yours (greed, fear ego etc...) then you can go starve. that's their (slippery/slimy) 'platform' now. see also: http://en.wikipedia.org/wiki/Antisocial_personality_disorder

never a better time to consult with/trust in our creators. the lights are coming up rapidly all over now. see you there?

greed, fear & ego (in any order) are unprecedented evile's primary weapons. those, along with deception & coercion, helps most of us remain (unwittingly?) dependent on its' life0cidal hired goons' agenda. most of our dwindling resources are being squandered on the 'wars', & continuation of the billionerrors stock markup FraUD/pyramid schemes. nobody ever mentions the real long term costs of those debacles in both life & any notion of prosperity for us, or our children. not to mention the abuse of the consciences of those of us who still have one, & the terminal damage to our atmosphere (see also: manufactured 'weather', hot etc...). see you on the other side of it? the lights are coming up all over now. the fairytail is winding down now. let your conscience be your guide. you can be more helpful than you might have imagined. we now have some choices. meanwhile; don't forget to get a little more oxygen on your brain, & look up in the sky from time to time, starting early in the day. there's lots going on up there.

"The current rate of extinction is around 10 to 100 times the usual background level, and has been elevated above the background level since the Pleistocene. The current extinction rate is more rapid than in any other extinction event in earth history, and 50% of species could be extinct by the end of this century. While the role of humans is unclear in the longer-term extinction pattern, it is clear that factors such as deforestation, habitat destruction, hunting, the introduction of non-native species, pollution and climate change have reduced biodiversity profoundly.' (wiki)

"I think the bottom line is, what kind of a world do you want to leave for your children," Andrew Smith, a professor in the Arizona State University School of Life Sciences, said in a telephone interview. "How impoverished we would be if we lost 25 percent of the world's mammals," said Smith, one of more than 100 co-authors of the report. "Within our lifetime hundreds of species could be lost as a result of our own actions, a frightening sign of what is happening to the ecosystems where they live," added Julia Marton-Lefevre, IUCN director general. "We must now set clear targets for the future to reverse this trend to ensure that our enduring legacy is not to wipe out many of our closest relatives."--

"The wealth of the universe is for me. Every thing is explicable and practical for me .... I am defeated all the time; yet to victory I am born." --emerson

no need to confuse 'religion' with being a spiritual being. our soul purpose here is to care for one another. failing that, we're simply passing through (excess baggage) being distracted/consumed by the guaranteed to fail illusionary trappings of man'kind'. & recently (about 10,000 years ago) it was determined that hoarding & excess by a few, resulted in negative consequences for all.

consult with/trust in your creators. providing more than enough of everything for everyone (without any distracting/spiritdead personal gain motives), whilst badtolling unprecedented evile, using an unlimited supply of newclear power, since/until forever. see you there?

"If my people, which are called by my name, shall humble themselves, and pray, and seek my face, and turn from their wicked ways; then will I hear from heaven, and will forgive their sin, and will heal their land." )one does not need to agree whois in charge to grasp the notion that there may be some assistance available to us(

boeing, boeing, gone.

DEBKA is totally unreliable. (5, Interesting)

Noryungi (70322) | about 4 years ago | (#33733400)

This is DEBKA. Completely ridiculous website, riddled with disinfo.

Example:

Not only have their own attempts to defeat the invading worm failed, but they made matters worse: The malworm became more aggressive and returned to the attack on parts of the systems damaged in the initial attack.

'nuff said.

Of course, that does not mean Iran is not hit hard by Stuxnet - just that everything you read at this site should be taken with a big grain of salt.

Re:DEBKA is totally unreliable. (1)

onepoint (301486) | about 4 years ago | (#33733644)

If the above were true, then that would be a signature of a bot network ( or it's control center ). From what I have read in the past, upon playing with the bot, it responds with different attacks including 1 or 2 forms of deleting the hard drive but embedding itself within the hard drive to become recoverable upon restoring the windows files.

Well if anything, this looks like the start of a simple cyber-war... reduce the ability to eat ( food plant breakdowns ), reduce the availability of water ( water filtration breakdown ), Next should be transport, then it should be fuel, then the last should be available public power. All leads to government breakdown and the next revolution.

Re:DEBKA is totally unreliable. (1)

jlusk4 (2831) | about 4 years ago | (#33733662)

Second.

MILLIONS of additional system? C'mon....

So... (0)

frozentier (1542099) | about 4 years ago | (#33733506)

Was this an inside job, or are sensitive government and military sites actually internet accessible?

actually scary (1)

SpinningCone (1278698) | about 4 years ago | (#33733526)

jokes aside Stuxnet worm is pretty scary. researchers definitely believe it was developed by something with significant backing. it's very sophisticated and extremely targeted. It contained multiple 0 day exploits and was designed specifically to disrupt industrial systems.

though this article contradicts others i have read that say due to its specificity that it wasn't too damaging.

also a note: these systems aren't necessarily internet connected the worm is designed to infect usb drives so it can reach systems which are unconnected for security reasons.

this type of crap scares me because i'm not confident that the US infrastructure is hardened enough o protect against malicious cyber attacks.

Re:actually scary (1)

couchslug (175151) | about 4 years ago | (#33733804)

"this type of crap scares me because i'm not confident that the US infrastructure is hardened enough o protect against malicious cyber attacks."

Nor will it be unless it is attacked. End Lusers don't care about security until their system is broken. That cannot change due to human nature, so if we are to have some immunity we need coercive damage to force change.

Got stux with windowz ? unstux that with Linux ! (1)

noddyxoi (1001532) | about 4 years ago | (#33733596)

Got stux with windowz ? unstux that with Linux or even better freebsd !

Worse it what could follow (1)

elrous0 (869638) | about 4 years ago | (#33733688)

I know that Mossad, the CIA, or whoever did this probably intended this to be a one-shot deal and didn't expect it to go as viral as it did. But I hope they truly appreciate what a nasty thing they've started. Now everyone will be doing it. And these sorts of viruses have the potential to cause real-world loss of life.

All this for a petty strike against a country that probably didn't even work (and would only have pushed them closer to war even if it had).

Is this really stupid, or... what? (2, Insightful)

Dr. Crash (237179) | about 4 years ago | (#33733708)

What I don't understand is why the *heck* the SCADA systems running Iran's { illegal | sooper-sekrit | stealth } nuclear weapons program aren't air-gapped! Isn't that something like standard procedure?

Whatever became of (-1, Redundant)

Anonymous Coward | about 4 years ago | (#33733724)

format c:\?

Cures what ails ya...

Debka == BS (1)

andy1307 (656570) | about 4 years ago | (#33733734)

Debka is BS at times and Israeli misinformation at other times.

the accepted liability of running windows (1, Interesting)

bl8n8r (649187) | about 4 years ago | (#33733800)

Go ahead and mod me down, but it's only a matter of time before this happens again. You either accept the liability and put your trust in microsoft for patches, or do something else. It's not a stretch to expect more of the same.

"At the same time, the company said it would not patch Windows because doing so would cripple existing applications."
http://www.computerworlduk.com/news/applications/3236953/microsoft-confirms-unpatched-vulnerabilities-in-key-enterprise-programs/ [computerworlduk.com]

"The security firms also notified Microsoft of two other unpatched bugs that the Stuxnet worm exploited"..."Microsoft said last week. It has not set a timetable for the fixes, however."
http://www.techworld.com.au/article/361843/microsoft_confirms_it_missed_stuxnet_print_spooler_zero-day [techworld.com.au]

"was first identified by information security researchers in June"
http://www.gartner.com/DisplayDocument?doc_cd=207166&ref=g_homelink [gartner.com]

why are they such dummies? (0)

Anonymous Coward | about 4 years ago | (#33733824)

Iran is probably the most west-critical state on the face of the earth. Then why in the world do they use western technology when they know they'll be turned off whenever the west doesn't like them. They come across as such dummies. It's time the Iranians develop their own computer systems...

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?