Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Stuxnet Still Out of Control At Iran Nuclear Sites

timothy posted more than 3 years ago | from the wee-bit-of-a-disaster dept.

Security 361

Velcroman1 writes "Iran's nuclear program is still in chaos despite its leaders' adamant claim that they have contained the computer worm that attacked their facilities, cybersecurity experts in the US and Europe say. Last week President Mahmoud Ahmadinejad, after months of denials, admitted that the worm had penetrated Iran's nuclear sites, but he said it was detected and controlled. The second part of that claim, experts say, doesn't ring true. Owners of several security sites have discovered huge bumps in traffic from Iran, as the country tries to deal with Stuxnet. 'Our traffic from Iran has really spiked,' said a corporate officer who asked that neither he nor his company be named. 'Iran now represents 14.9 percent of total traffic, surpassing the United States with a total of 12.1 percent.'"

cancel ×

361 comments

Sorry! There are no comments related to the filter you selected.

Don't worry Iran... (5, Funny)

Anonymous Coward | more than 3 years ago | (#34508584)

...patch Tuesday is coming. ;)

Iran... (5, Interesting)

pilgrim23 (716938) | more than 3 years ago | (#34508728)

Ahmadinejad's speech needs to be heard from the perspective of knowing something of Persian culture. We tend to think we understand people by what they say and in this case and, frankly in most cases we do not when Iranians speak. For example: If someone dies, it is considered not polite to just say "Shogi is dead". You break it gradually. So on the first inquiry, "Shogi is feeling unwell" is the reply, then, "Shogi took a turn for the worse" , then "Shogi has passed". Also, it is considered dishonorable for a man to admit ignorance. This makes it very hard to teach new ideas in Iran. Speak to a Persian and you are met with "Yes Yes, this I know, next thing please" The Persian culture is actually a very beautiful thing full of warm people, but they are NOT American People. They are a seperate culture. when Ahmadinejad announces ____ fill blank. we believe him, Persians think "there goes Dinner Jacket again.."

Re: Iran... (4, Insightful)

Threni (635302) | more than 3 years ago | (#34508834)

> Also, it is considered dishonorable for a man to admit ignorance.

So how do you explain that fucking bearded cunt in a suit saying stuff like `the holocaust didn't happen` and `we have no homosexuals in Iran`?

Re: Iran... (5, Informative)

pilgrim23 (716938) | more than 3 years ago | (#34508924)

I do not, I do as many Persians do and ignore him. Most there believe they have no voice anyway (see last election).

Re: Iran... (2)

Pharmboy (216950) | more than 3 years ago | (#34509396)

I feel for you, I really do, to have such a rich culture taken over by an ideology. As terribly flaws as we Americans are, perhaps there are two things you can learn from us: 1. It is ok to admit you don't know something, as that is how you learn more. 2. When a government is oppressing its citizens, it should be removed by any and all means necessary to accomplish the task.

I am hoping the US does not get involved directly in a war with Iran. I also wish the citizens would find a way to take control their own destiny, with whatever form of representative government you choose.

Re: Iran... (1, Insightful)

Anonymous Coward | more than 3 years ago | (#34509510)

#1... ok, although it's not just an American thing, you know

#2... whom are you kiddin' ?

And don't sound so condescending. US is but a part of a larger western civilization, it's had its glory days, it's had and still has its many failings.

Re: Iran... (0)

Anonymous Coward | more than 3 years ago | (#34508926)

He's not admitting it, is he? :)

Re: Iran... (1)

wmac (1107843) | more than 3 years ago | (#34509202)

His theory is to put west in defensive state and Iran in offensive when it comes to talking shit. Most of the propaganda is for that. He accused Khatami (previous president) of putting Iran in defensive in international talks.

However I would prefer to be in defensive in "talks" instead of "actual everyday life".

Re: Iran... (0)

Anonymous Coward | more than 3 years ago | (#34510064)

The Persian culture is actually a very beautiful thing full of warm people, but they are NOT American People.

When Ahmadinejad denies the effectiveness of Stuxnet, he is lying. This is not an unusual thing for him to do, either, based on his past behavior, so the only surprise here is that anyone would think there was anything "beautiful" about it.

Furthermore, if the Persian culture were so beautiful and warm, why does it manage such a convincing pretense of the most grievously hateful, greedy, selfish, violent, sexist, backward, theocratic barbarism outside Africa itself?

Also, it is considered dishonorable for a man to admit ignorance.

It is also stupid. So he compounds his ignorance with willful ignorance. The more a fool, he.

truth vs US propoganda (0)

Anonymous Coward | more than 3 years ago | (#34508990)

i wonder if those spikes they are detecting aren't payback for the origins of the worm....

I AM HE AS YOU ARE ME AND WE ARE ALL (-1)

Anonymous Coward | more than 3 years ago | (#34508596)

Screwed !! Welcome to ObamaGate !!

Half of the Summary is not true? (0)

Stregano (1285764) | more than 3 years ago | (#34508640)

According to half of the summary, experts say that half of it is not true, but we are going to go ahead and provide links and go into it anyway. "The second part of that claim, experts say, doesn't ring true.". Why even start explaining the second part if you just said that experts say it is not true?

Re:Half of the Summary is not true? (0)

Anonymous Coward | more than 3 years ago | (#34508692)

Because this was previously reported here:

http://tech.slashdot.org/story/10/11/29/2344218/Iran-Admits-Stuxnet-Affected-Their-Nuclear-Program

But we did not have any information with which to refute anything at that time.

Re:Half of the Summary is not true? (1)

sanchom (1681398) | more than 3 years ago | (#34508708)

From the summary: "[...] he said it was detected and controlled. The second part of that claim, experts say, doesn't ring true." The second part being, "and controlled". The summary then goes on to give reasons why experts believe that the second part of that claim isn't true. What's wrong with that?

This Is Real Hacktivism (4, Insightful)

Anonymous Coward | more than 3 years ago | (#34508648)

Unlike those kids at Anonymous, the perpetrators of stuxnet are showing who are the real hacktivists.

Targeted precise strike on Iran's nuclear capabilities, this is a bigger win for freedom and security in the free world and anything wikileaks or their supporters could dream of doing.

I commend these hackers for slowing down the evil Iranian government's nuclear ambitions.

Re:This Is Real Hacktivism (5, Insightful)

Anonymous Coward | more than 3 years ago | (#34508676)

These weren't 'hacktivists'. These were government employed/contracted hackers.

Re:This Is Real Hacktivism (3)

wampus (1932) | more than 3 years ago | (#34508678)

Yes indeed. Go team Mossad.

Re:This Is Real Hacktivism (4, Insightful)

icebike (68054) | more than 3 years ago | (#34508760)

Your glee might be tempered a bit when this thing gets propagated to Europe, North America, and the rest of the world.

It seems just as likely that the guys running Turbines for your local power company are no better equipped to handle this than Iran. In Iran, they have unlimited budget and first call upon the best brains in the country.

Your local power company? Not so much.

Viruses and worms seem unlikely to honor boundaries forever. At least a surprise bombing run on a reactor in Iran is unlikely to hit Con-Edison in NY.

Re:This Is Real Hacktivism (1)

TheKidWho (705796) | more than 3 years ago | (#34508810)

You're assuming the virus works in the USA/Europe?

Re:This Is Real Hacktivism (2, Funny)

icebike (68054) | more than 3 years ago | (#34508836)

If it didn't when sent, it will upon return.

Re:This Is Real Hacktivism (1)

TheKidWho (705796) | more than 3 years ago | (#34508904)

What makes you so sure about that? A computer virus could discriminate just as much as a real biological virus yah know.

Re:This Is Real Hacktivism (1)

icebike (68054) | more than 3 years ago | (#34509126)

And when the Iranians finally figure out how it works and revise it and send it back to us it will be VERY Discriminating.

Re:This Is Real Hacktivism (1)

TheKidWho (705796) | more than 3 years ago | (#34509304)

Sure, it's as simple as downloading the source code and modifying it.

I'm sure the designers of stuxnet never thought of that.

Re:This Is Real Hacktivism (1)

Hijacked Public (999535) | more than 3 years ago | (#34508910)

Other than Siemens controllers being less common in the US, why wouldn't it?

Re:This Is Real Hacktivism (1)

TheKidWho (705796) | more than 3 years ago | (#34508950)

It hasn't hit the USA or Europe so far and it's been out for quite a while. As for why, this clearly is the work of Western national cyber warfare agencies, I don't think they would want to cause havoc amongst their own citizens.

Re:This Is Real Hacktivism (1)

Hijacked Public (999535) | more than 3 years ago | (#34509054)

http://www.zdnetasia.com/stuxnet-infections-continue-to-rise-62201930.htm [zdnetasia.com]

There are infections in Step 7 showing up at what I'm guessing are either automation companies or companies with big in house automation support, given that they are known to Siemens.

Re:This Is Real Hacktivism (1)

TheKidWho (705796) | more than 3 years ago | (#34509426)

And what exactly has it done to those systems? Nothing? Right.

Re:This Is Real Hacktivism (1)

Hijacked Public (999535) | more than 3 years ago | (#34509578)

It is using them to propagate, which is more than nothing.

It isn't breaking any hardware given its enormously specific payload, but that can be remotely updated.

Re:This Is Real Hacktivism (1)

wampus (1932) | more than 3 years ago | (#34508862)

That was sarcasm. I am not a fan of either of the parties here.

Re:This Is Real Hacktivism (1)

Mysteray (713473) | more than 3 years ago | (#34509040)

It seems just as likely that the guys running Turbines for your local power company are no better equipped to handle this than Iran. In Iran, they have unlimited budget and first call upon the best brains in the country. Your local power company? Not so much.

I dunno man.

I'd put my local power company up against those "Your nuclear power plant control software license has expired please obtain a valid license [upi.com] " clowns any day.

The local guys may be clowns too. But the difference is that my clowns can at least download a patch.

Re:This Is Real Hacktivism (1)

Anonymous Coward | more than 3 years ago | (#34509064)

The difference is that if a stuxnet attack is reported in the USA/Europe, the location will be visited by black suits wearing sunglasses and they will plug in a device, wipe out the virus as well as any trace they had been there, and any personel involved will get the whole "We were never here, nothing ever happened" spiel. It might also involve several waves of the hand, the flash of a peculiar device, and all the sudden these folks lose the memory of ever being visited by such individuals. In fact...wait...no...NO!..

Who am I?

What was I writing?,,,

Carefully Targeted (1)

IronicToo (514475) | more than 3 years ago | (#34509090)

The researchers who found this noticed it will only activate on certain controllers that are controlling centerfuges built in either Iran or Poland I believe. There are additional restrictions, I think something about a certain percentage must be or Iranian manufacture of something. Since there are virtually no Iranian centrifuges outside of Iran it is as targeted as it is possible to be to only Iranian nuclear processing facilities.

Re:Carefully Targeted (2, Insightful)

icebike (68054) | more than 3 years ago | (#34509244)

No, not true.

It was targeted at a particular Siemens chipset. That chipset is used world wide and not just for centrifuges. (its already infected Iranian turbine generators).

But again, as I mentioned elsewhere in this thread, viruses and worms are built using the skeletons of other viruses and worms.

Iran will eventually figure out this tool, and tailor it to new targets. Centrifuges do not have GPS chips installed. They don't know where they are. At best the controllers that run them know a time zone and a language setting. How long will it take to adjust that?

Re:This Is Real Hacktivism (1)

John Hasler (414242) | more than 3 years ago | (#34509102)

Your glee might be tempered a bit when this thing gets propagated to Europe, North America, and the rest of the world.

It already has: it was first detected outside Iran. It does no significant damage outside the correct environment. Stuxnet [wikipedia.org]

It seems just as likely that the guys running Turbines for your local power company are no better equipped to handle this than Iran.

The guys at my local power company can request (and receive) assistance from Siemens, Microsoft, the US Government... Iran? Not so much.

Re:This Is Real Hacktivism (3, Informative)

headhot (137860) | more than 3 years ago | (#34509548)

The attack was very specific. Uranium enrichment requires and exact rpm over a long period of time. Most industrial equipment does not have that exacting level of tolerance needed.

Re:This Is Real Hacktivism (3, Informative)

icebike (68054) | more than 3 years ago | (#34509620)

Enrichment does not require EXACT rpm. Its a centrifuge, nothing more.

Thousands of industrial applications require exact speed (far greater exactness than a centrifuge). Electrical Generators, Paper machines, rolling mills, sewage pumps, blower motors, automated bottling lines, automated assembly lines of all kinds.

Try not to make assertions your experience will not back up.

Iran Saving The Middle East From Israeli Terrorism (1)

Anonymous Coward | more than 3 years ago | (#34508762)

Thank god for Iran's successful nuclear program. We are soon to see the end of the Middle East living in fear of Israeli terrorism and wars.

If the IDF terrorists, who are use to gunning down women and children, got their asses kicked so hard by the tiny but bad-ass Hezbolla fighters in Lebanon. Just imagine how quickly the IDF is going to be put down by a real military like Iran's.

Re:Iran Saving The Middle East From Israeli Terror (1)

TheKidWho (705796) | more than 3 years ago | (#34508932)

You think the Arab nations will be so glee at the thought of a powerful Iran? In case you haven't been paying attention, "The enemy of my enemy is my friend." The wikileaks cables show quite clearly that Iran doesn't have much support from their Arab neighbors.

Re:Iran Saving The Middle East From Israeli Terror (0)

Anonymous Coward | more than 3 years ago | (#34509130)

"wikileaks cables show quite clearly "

LOL

What a fucking idiot.

Way to make a complete fool of yourself. Iran has massive support from the populations of their Arab neighbors.

But, golly!, yes the anti-democratic US propped up governments in the region have different view of Iran...

Someone needs to smack the fucking shit out you.

Re:Iran Saving The Middle East From Israeli Terror (1)

abigor (540274) | more than 3 years ago | (#34509132)

To be more precise, the Saudis have been putting strong pressure on the US to attack Iran and "cut off the head of the snake".

Re:Iran Saving The Middle East From Israeli Terror (0, Flamebait)

wampus (1932) | more than 3 years ago | (#34508992)

I wouldn't cry if the entire region nuked itself into giant molerats, to be honest. People die all the damn time, why not a bunch of angry people? The land would be poisoned and worthless, but the same set of assholes have been fighting over it for the last 6000 or so years, so it can die, too.

Re:Iran Saving The Middle East From Israeli Terror (4, Insightful)

nyctopterus (717502) | more than 3 years ago | (#34509404)

Angry people... like you?

Re:Iran Saving The Middle East From Israeli Terror (0)

Anonymous Coward | more than 3 years ago | (#34509996)

your an angry people..

should make you think..

Re:This Is Real Hacktivism (1)

alexborges (313924) | more than 3 years ago | (#34508764)

My thoughts exactly.

Re:This Is Real Hacktivism (0)

Anonymous Coward | more than 3 years ago | (#34508740)

Hacktivism is not what governments do. They strike, and this was a strike. Probably from Mossad. Likely not from the US, since we don't have people who could get the worm the last inch.

Re:This Is Real Hacktivism (1, Interesting)

future assassin (639396) | more than 3 years ago | (#34508780)

>Targeted precise strike on Iran's nuclear capabilities, this is a bigger win for freedom and security in the free world and anything wikileaks or their supporters could dream of doing.

More like cripple them so the US with the approval of other Arab countries like Saudi would go in and start another war for extra few years of oil supply.

Re:This Is Real Hacktivism (0)

Anonymous Coward | more than 3 years ago | (#34509068)

totally agree. stuxnet rocks! probably engineered by our govt., though.

Re:This Is Real Hacktivism (0)

wmac (1107843) | more than 3 years ago | (#34509230)

How about hacktacking US military? If we bring their network totally down perhaps we can avoid them from starting/participating in more wars and therefore make the world a more peaceful place? You know that US has started/participated in almost 50 wars.

Re:This Is Real Hacktivism (2)

TheKidWho (705796) | more than 3 years ago | (#34509408)

Hah, Hah, Hah, right. Creating a huge power vacuum is going to create peace, hah.

Re:This Is Real Hacktivism (0)

Anonymous Coward | more than 3 years ago | (#34509422)

Unlike those kids at Anonymous, the perpetrators of stuxnet are showing who are the real hacktivists.

Targeted precise strike on Iran's nuclear capabilities, this is a bigger win for freedom and security in the free world and anything wikileaks or their supporters could dream of doing.

I commend these hackers for slowing down the evil Iranian government's nuclear ambitions.

I hope you swallow, 'cause the Mossad guys get all twitchy when you spit (something about Leviticus and Gawd getting angry about seed on the ground).

The real question (1)

zippo01 (688802) | more than 3 years ago | (#34508652)

The real question is why would you use Windows7 in your nuclear facility? Linux? I wonder if they got the extended warranty. Hah!

Re:The real question (5, Informative)

wampus (1932) | more than 3 years ago | (#34508738)

If you read about how this thing works, the real payload is a rootkit for a motor drive plc built by an Iranian manufacturer and spinning in the range needed to enrich uranium. It was also targetted at the desktop software designed to program said motor drive, which is windows. If they were running Linux, I'm sure there are a few zero day sploits out there suitible for hiding a rootkit dropper. The people that made this thing had time, information, legitimate driver signing certificates, and resources. I doubt there are many platforms that can deal with such a determined attacker.

Re:The real question (1)

zippo01 (688802) | more than 3 years ago | (#34509150)

I agree, but the complexity of the code would be dramatically more had it been written against a Unix/Linux style operating system. Or a windows to Unix/Linux transfer would again adds complexity. But that isn’t the question, Would you run Windows7 as the operating system of choice for your top secret nuclear facility?

Re:The real question (0)

Anonymous Coward | more than 3 years ago | (#34509308)

I'm sure there would be, e.g. specialist niche software like Step 7 is often a pile of bugs duck taped together.
Even so several of the attack vectors smack of Windows security, in particular the fucking autorun exploit. Actually, looking it up, even the Step 7 vulnerability was rather Windows flavoured.

The difference engineering makes (4, Informative)

Rich0 (548339) | more than 3 years ago | (#34508672)

I think this attack just shows the difference that good engineering can make. Most worms out there are relatively unsophisticated, or are developed by people with limited means to pull off quick scams.

Stuxnet shows what a truly determined adversary can do. One who knows your internal processes. One who understands your industry-specific software - the stuff nobody outside the industry ever touches. One who has a large team of talented programmers, carefully designing and building the attack. One who has access to government resources - the ability to tap communications lines, inject traffic, etc. One who is funded strategically - they don't want to hold your business for ransom for $1M, they want your $100B company to collapse so that one they favor can take over, or whatever.

The software out there that runs on intranets around the world is some of the most insecure stuff you'll ever see. It rarely gets subjected to serious attack, and the vulnerabilities aren't evident to the average corporate IT guy who is just doing basic due-diligence. Your average PHB doesn't want to pay for testing that will actually uncover serious flaws - they want the system to look good to their customers and have the right bells and whistles - and pricetag.

We'll see more of these attacks in the future - count on it...

Re:The difference engineering makes (1)

RightSaidFred99 (874576) | more than 3 years ago | (#34508716)

True enough, but from a business standpoint does it make sense to spend $100 million over 5 years securing your environment properly to avoid a virus that may or may not cost you anywhere near that much, when there's a possibility that something could _still_ infect your intranet?

I think due diligence (and only due diligence) makes sense for many intranets, there's no need to go all apeshit crazy when all your preparations will cost productivity and may have been for naught anyway.

Re:The difference engineering makes (1)

AdmiralXyz (1378985) | more than 3 years ago | (#34509056)

does it make sense to spend $100 million over 5 years securing your environment properly to avoid a virus that may or may not cost you anywhere near that much, when there's a possibility that something could _still_ infect your intranet?

It all depends on the situation and the cost-benefit. If that intranet is backing your country's nuclear weap^H^H^H^H energy program- which almost every nation on earth has condemned, and at least one has expressed the desire to bomb to ashes- then yeah, it might. Dunder-Mifflin Paper's Scranton office and a state nuclear development apparatus probably have different security requirements, let's leave it at that.

Re:The difference engineering makes (1)

Rich0 (548339) | more than 3 years ago | (#34509604)

The other issue is the whole black swan thing. Your competitors probably aren't going to invest so heavily in security. So, they'll be at a cost advantage. It is guaranteed therefore that given sufficient time you will go out of business.

The question is then which will happen first - you going out of business, or your competitors all being taken out by a worm that you survive? Most managers would put their money on the former, and most of the time they're right. And that is why we don't have much security...

Re:The difference engineering makes (1)

KublaiKhan (522918) | more than 3 years ago | (#34508722)

Well, partly right, anyway.

The proprietary-machine-specific payload on the worm is pretty sophisticated stuff, yes. On the other hand, the delivery mechanism, from what I remember reading, was pretty much a standard off-the-shelf worm.

I would agree with the thought that there will be more attacks like this in the future, though; it seems like exactly the sort of thing a good industrial saboteur would be looking at.

Re:The difference engineering makes (1)

Zurk (37028) | more than 3 years ago | (#34508766)

the difference is basic stupidity. It was PHB stupidity which made the SCADA systems run windows - an operating system so unreliable the majority of servers are running a homegrown unix (linux) to ensure stability. If you insist on building your industrial infrastructure out of paper and cardboard, you should assume the first hurricane to come along will blow over your origami construction. A decent airgapped SCADA system running on any decent unix (heck just use a bunch of sun enterprise boxes on solaris to run it) would never be vulnerable to this sort of an attack. Build your industrial infrastructure on industrial equipment or face the consequences. since when is windows certified for running anything much less nuclear plants ???

Re:The difference engineering makes (2)

Hijacked Public (999535) | more than 3 years ago | (#34508870)

You don't even know the difference between a SCADA system and the PLCs controlling the equipment, why should anyone take your industrial network security musings seriously?

Re:The difference engineering makes (2)

Zurk (37028) | more than 3 years ago | (#34508956)

and what gave you the impression i dont ? If the SCADA systems interfacing to the PLC werent infected stuxnet would never have been able to reprogram the PLCs. Are you claiming Siemens' WinCC/PCS 7 on Windows platforms was NOT infected by stuxnet ? or that infecting the equivalent of s7otbxbx.dll on a unix would ever have been possible without root privileges ?
Maybe you should reevaluate your own knowledge of SCADAs and PLC systems.

Re:The difference engineering makes (0)

Anonymous Coward | more than 3 years ago | (#34509294)

Maybe you should check exploit-db.com before you say idiotic shit like "this would have never been possible on X or Y"

Re:The difference engineering makes (0)

Anonymous Coward | more than 3 years ago | (#34509010)

The attack is a neato hybrid of windows/plc stuff. Yes there are installations out there that use windows software to control these things. Go look at all the SDKs for the major players in the PLC space. They *ALL* have dev kits in windows. You would have to be stupid not to have one of your targets platforms as the 90% OS out there... Your customers are going to insist on it.

People are also making this out to be something amazing. It is just another worm. Also *MOST* plcs out there are seriously open. Like not even trying open. It is the way they were designed. It is cooked into the modbus spec. There is 0 security in them. What little there is quite laughable and at most would get you into legal trouble. But wouldnt stop you.

Re:The difference engineering makes (1)

wampus (1932) | more than 3 years ago | (#34508912)

The target was workstations that program embedded systems. Why the hell wouldn't you program your general purpose motor drives on a general purpose operating system?

Re:The difference engineering makes (0)

Anonymous Coward | more than 3 years ago | (#34509018)

because you want to control and sanitize the data fed into the general purpose motor drives in the first place ? its sheer stupidity to have a plain vanilla general purpose operating system programming your motor controllers when you can have a sanitized operating system ensuring the security and reliability of the data sent to them in the first place. its the same reason your web browser should run in a sandbox. and the same reason your general purpose java applet runs in one. and also the same reason your web browser should not be running as root.

Re:The difference engineering makes (1)

wampus (1932) | more than 3 years ago | (#34509100)

And would the attacker who was pretty determined to hit this particular target stop just because they ran Linux? No, but you'd probably not hear too much about the exploits that got patched.

Re:The difference engineering makes (1)

Rich0 (548339) | more than 3 years ago | (#34509818)

Yup. But, they would be stopped in their tracks. After all, nobody contributes kernel code from general-purpose operating systems, so there is no way a worm could sneak in the back door, right? :)

Re:The difference engineering makes (1)

DAldredge (2353) | more than 3 years ago | (#34509910)

I am sitting very close to a server running Windows Server 2008 R2 Datacenter, how do I make it be unreliable / make it crash?

Re:The difference engineering makes (0)

Anonymous Coward | more than 3 years ago | (#34508802)

I think this attack just shows the difference that good engineering can make. Most worms out there are relatively unsophisticated, or are developed by people with limited means to pull off quick scams.

Whatever. I'm making a fortune on v1@gr4 sales!

Stuxnet shows what a truly determined adversary can do. One who knows your internal processes. One who understands your industry-specific software - the stuff nobody outside the industry ever touches. One who has a large team of talented programmers, carefully designing and building the attack. One who has access to government resources - the ability to tap communications lines, inject traffic, etc. One who is funded strategically - they don't want to hold your business for ransom for $1M, they want your $100B company to collapse so that one they favor can take over, or whatever.

Huh. Thanks for the tip! Now I know how to invest all my v1@gr4 $$$ - taking down big mega corps and demanding $100 BILLION dollars! Because today's megacorp does in fact have 100 BILLION dollars!

Your average PHB doesn't want to pay for testing that will actually uncover serious flaws - they want the system to look good to their customers and have the right bells and whistles - and pricetag.

Yep, it's true. We had a whole chapter in the "IT For PHBs" in my MBA program: "Cutting corners, making it look good, and blaming IT"

We'll see more of these attacks in the future - count on it...

Funk'in A Yeeeeeaaaaaaah! Yee-Haw! There's money out there for the taking!

Re:The difference engineering makes (1)

Rich0 (548339) | more than 3 years ago | (#34508906)

Because today's megacorp does in fact have 100 BILLION dollars!

Of course they don't - but that is what they are valued at, which of course takes into account likely future earning and not just cash on hand.

So, somebody looking to do industrial sabotage isn't trying to get a payment from the company that they're taking down. Instead they probably work for a government that wants to see the company go down so that some other company can take its place (think nationalism). They wouldn't ask for a ransom - they're not doing it for a payout - they win if the company goes bankrupt. The programmers themselves of course don't win big - they're just collecting salaries like anybody writing software for a living.

Um, no. (0)

Anonymous Coward | more than 3 years ago | (#34509290)

Because today's megacorp does in fact have 100 BILLION dollars!

Of course they don't - but that is what they are valued at, which of course takes into account likely future earning and not just cash on hand.

So, somebody looking to do industrial sabotage isn't trying to get a payment from the company that they're taking down. Instead they probably work for a government that wants to see the company go down so that some other company can take its place (think nationalism). They wouldn't ask for a ransom - they're not doing it for a payout - they win if the company goes bankrupt. The programmers themselves of course don't win big - they're just collecting salaries like anybody writing software for a living.

I think I could get a $100 BILLION dollars if a couple of these guys chip in. [gawker.com]

Some from these people [yahoo.com]

And of course these people [yahoo.com] could cough it ALL up as well as
these guys [yahoo.com]

Just say'in.

Re:The difference engineering makes (1)

StikyPad (445176) | more than 3 years ago | (#34508896)

Most virus writers have little or no cost of failure, aside from the time invested. If the virus isn't as successful as they'd like, they just write another one.

The whole point of this attack was (or seems to be) in launching a specific attack against a target where, if you fail, they will succeed in creating weapons to annihilate you. There are no do-overs. Once the target is aware of his vulnerabilities, he will likely close them forever, and the time to find another vulnerability (if one even exists) may be greater than the time it takes him to succeed. That's pretty good motivation to get it right the first time, I'd say.

Re:The difference engineering makes (3, Informative)

syousef (465911) | more than 3 years ago | (#34509206)

One who has a large team of talented programmers, carefully designing and building the attack.

http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_stuxnet_dossier.pdf [symantec.com]

Symantec speculates a team size around 5-10 not including QA (whatever the heck that means).

Personally I think there is probably a "team" of 1-3 people sniggering to and congratulating themselves. (Probably adding "Stupid Americans"). That is if they haven't been shot.

I'll give you talented, though.

Re:The difference engineering makes (5, Interesting)

timeOday (582209) | more than 3 years ago | (#34509316)

"Personally I think there is probably a "team" of 1-3 people sniggering to and congratulating themselves. "

No, I don't think this is the kid sitting at home ala "War Games," and here is why (from the article):

And Iran's anti-worm effort may have had another setback. In Tehran, men on motorcycles attacked two leading nuclear scientists on their way to work. Using magnetic bombs, the motorcyclists pulled alongside their cars and attached the devices.
One scientist was wounded and the other killed. Confirmed reports say that the murdered scientist was in charge of dealing with the Stuxnet virus at the nuclear plants.

Wow, you know they're serious when the cyberattack is coordinated with targeted assassinations.

Re:The difference engineering makes (5, Insightful)

Rich0 (548339) | more than 3 years ago | (#34509900)

Symantec speculates a team size around 5-10 not including QA (whatever the heck that means).

Uh, good thing that programmers don't need QA or managers, and so on.

And yes, QA matters for an operation like this. You're probably having spies plant the bug, and they could get killed in the process. You don't risk spies on code that isn't tested.

Likewise, a fizzled attempt will likely trigger countermeasures making a future attack more difficult.

QA means getting it right the first time. That probably means creating a simulated environment and testing the software out in this environment. Sure, you don't need actual centrifuges and turbines, but you probably need software that emulates the feedback such machines would return to their controllers. I'm sure they didn't factor that into their "5-10" count.

I've worked on some IT projects where quality was serious business, and you can easily spend as much on testing as you spend on development. For a typical military-style coding effort factor in a WHOLE lot more.

Re:The difference engineering makes (2, Interesting)

Anonymous Coward | more than 3 years ago | (#34509534)

Stuxnet shows what a truly determined adversary can do. One who knows your internal processes. One who understands your industry-specific software - the stuff nobody outside the industry ever touches. One who has a large team of talented programmers, carefully designing and building the attack.

You make not only an interesting point but an allusion (perhaps indirectly) that may counter all those folks saying "what happens if it comes back". I personally wonder what Siemens' role in this was. As the description says, the virus specifically targeted a vulnerability in the Siemens software Iran was using on their centrifuges. That software is known to have been pirated, so it will not be updated. It is logical to assume that A) Stuxnet cannot affect licensed, updated versions of the Siemens software if it targets this vulnerability, and B) Siemens may have had a role to play in designing Stuxnet, for whoever sent the attack be it Mossad, the US, or someone else. Siemens is a Government contractor for every major Western nation and many Middle Eastern ones.

Re:The difference engineering makes (1)

Rich0 (548339) | more than 3 years ago | (#34509938)

Yup. I tend to agree. No guarantees that they were involved, but they could have cooperated with efforts (providing source code, helping analysts understand potential vulnerabilities, witholding patches, etc).

I'm sure that the usual NATO allies were all on board - certainly the nation where Siemens was headquartered and the US OKed the attack. Companies don't just do business with the Mossad or whatever without making sure their parent governments are OK with it.

The US triggered a massive refinery disaster in the USSR back during the cold war. This involved the full cooperation of vendors.

Re:The difference engineering makes (1, Insightful)

DoninIN (115418) | more than 3 years ago | (#34509706)

I think this attack just shows the difference that good engineering can make. Most worms out there are relatively unsophisticated, or are developed by people with limited means to pull off quick scams.

Stuxnet shows what a truly determined adversary can do. One who knows your internal processes. One who understands your industry-specific software - the stuff nobody outside the industry ever touches. One who has a large team of talented programmers, carefully designing and building the attack. One who has access to government resources - the ability to tap communications lines, inject traffic, etc. One who is funded strategically - they don't want to hold your business for ransom for $1M, they want your $100B company to collapse so that one they favor can take over, or whatever.

The software out there that runs on intranets around the world is some of the most insecure stuff you'll ever see. It rarely gets subjected to serious attack, and the vulnerabilities aren't evident to the average corporate IT guy who is just doing basic due-diligence. Your average PHB doesn't want to pay for testing that will actually uncover serious flaws - they want the system to look good to their customers and have the right bells and whistles - and pricetag.

We'll see more of these attacks in the future - count on it...

This, is why stuff that is important should NOT be connected to the internet. OR allowed to come into contact with jump drives or PCs or anything else that has been exposed to the internet. This is simple. This is stupid. This seems like an old guy railing about the dangers of new technology. This is absolutely true, and will continue to be true. Further examples will be provided by reality for the remainder of your lives. I will continue to be right. This advice will continue to be ignored because it is inconvienent or stupid or old fuddy duddy thinking whatever.

Traffic (0)

Anonymous Coward | more than 3 years ago | (#34508712)

'Iran now represents 14.9 percent of total traffic, surpassing the United States with a total of 12.1 percent.'"

If a few iranian nuclear engineers can cause such reverberation, that probably only indicate that the security site generally does not get alot of traffic.

Re:Traffic (0)

Anonymous Coward | more than 3 years ago | (#34508922)

I presume they're talking about botnet traffic...

Re:Traffic (1)

TheKidWho (705796) | more than 3 years ago | (#34509112)

I think they're talking about forum registrations and such actually. The article is sketchy on details.

Wikileaks DoS connection? (1)

jamessnell (857336) | more than 3 years ago | (#34508734)

Heh, maybe the pwned machines in Iran are being re-purposed to help in the flurry of DoS attacks both against and in defense of Wikileaks?

Not Convincing (2)

John Hasler (414242) | more than 3 years ago | (#34508758)

a) Everybody in Iran with a Stuxnet-infected computer is going to be trying desperately to get rid of it and everybody in Iran with a computer that they even suspect may be infected with anything is going to be trying to read up on Stuxnet. They are not going to believe that it won't harm their systems. They are going to believe that every little glitch might be Stuxnet come to steal their secrets (whether they have any or not).

b) If most of the Iranian traffic to these sites was coming from people at the the Iranian nuclear facilities studying Stuxnet there would be very little of it because there would not be all that many people assigned to such research.

so.... (2)

Charliemopps (1157495) | more than 3 years ago | (#34508854)

Iran obviously hasn't had experience fixing their in-laws computers and are actually wasting their time trying to save their familly photos. FORMAT!

Thanks, Israel! (0, Insightful)

Anonymous Coward | more than 3 years ago | (#34509014)

Thanks, Israel!
Sincerely,
The Rest of the World (including, we now know, much of the Middle East)

Virus and Iran again in front page? (-1, Offtopic)

MrJones (4691) | more than 3 years ago | (#34509072)

Virus, Iran, ... really? In the front page? Slashdot is getting more about politics and less about tech. Really a slow news day :(

Re:Virus and Iran again in front page? (5, Insightful)

Dr. Spork (142693) | more than 3 years ago | (#34509582)

Hey, this is a serious "nerds at war" story. Slashdot would be remiss to not cover what might be greatest exploit of weapons grade professional hacking in world history. How long before Slashdot "friends" find themselves on opposite sides of an actual war where key infrastructure is literally exploding? Because that's exactly what those worm coders did: Blow up uranium centrifuges in militarized underground bunkers. This really is the start of a new era in the history of nerddom, and if anything, it should be getting more attention from nerds. Maybe some of the authors of that worm even have user accounts here.

Spengler saw this last year (5, Interesting)

Simonetta (207550) | more than 3 years ago | (#34509082)

The columnist who writes for Asia Times On-line (www.atimes.com) under the name Spengler foresaw this situation last year. He noted that 95+% off the software that was being used in Iran was 'pirate-ware' from the West. He noted that there was an Iranian government-run file download site that held hundreds of popular Western software packages along with their kraks, passwords, and keygens. He predicted that this would allow viruses to run amok throughout Iran at some point in the future.

    He also quotes a BBC reporter who states that almost nobody except government officials and their goon squads (and old ladies, of course) still believes in fundamental Islam in Iran. She (the BBC reporter) says that only about 2% of the population regularly go to Friday services at the mosques in Iran. And over 5% of Iranians are addicted to cheap Afghanistan heroin, the highest addiction rate in the world. Unemployment among the young is in reality over 50%. She says that Iran currently resembles the Soviet Union in the late 1980's; it's a country that will just fall apart in the next ten years if the rest of the world just leaves them alone and lets it happen.

    At the time of the revolution in 1978, Iran's population was about 27 million (I remember the number quoted as 50 million at the time) and now it is over 70 million: a direct result of Khomeini's exortation for young people to -'get a-fuckin'- (in a manner of speaking) and make lots of babies. When Khomeini died that policy died also, and Iran launched a massive birth-control program. Now, the children of the revolution are having almost no babies and the birth-rate in Iran is 1.6 children per couple; one of the lowest in the world. But their remains this huge bulge in the population demographic there; all the people born in the 1980's.

    They call themselves 'the burnt generation'.

    If any of this is true then we shouldn't worry too much about Iran. We should never actually believe anything that they say. And we should, on an individual-to-individual basis, offer whatever assistance that we can. Nevertheless, I would recommend NOT offering any detailed technical assistance to people in Iran on any specific technological project over the web until the Iranian government stops all this 'Death To America' nonsense as offical government policy.

    Thank you.

You Fucking Piece Of Garbage (-1)

Anonymous Coward | more than 3 years ago | (#34509186)

You need to fucking die now.

Get the fuck off and stay the fuck off this site.

Michael Kristopeit... (1)

Frosty Piss (770223) | more than 3 years ago | (#34509464)

...Is that you?

Re:Spengler saw this last year (3, Interesting)

Dr. Spork (142693) | more than 3 years ago | (#34509438)

And this is supposed to be comforting how? I mean, I can't find confirmation for anything that you say apart from the fertility numbers, but if Iran is a collapsing nation of heroin zombies, that doesn't exactly inspire my confidence in the stability of that part of the world. Add nuclear weapons to the mix and you'll see that something could possibly go wrong.

Nucular, really? (4, Insightful)

olden (772043) | more than 3 years ago | (#34509172)

So Stuxnet chatter is still observed around the planet, including in Iran and the US. Duh.

Now how exactly does this "expert" come to the conclusion that, somehow, activity from the US etc must be from infected home PCs, yet the same from Iran must be from some seekret uranium enrichment plant, which typically wound not be connected to the internet?

Oh, my bad, forgot, this comes from ScareTV... Never mind.

Traffic Spike Proves Nothing (0)

Anonymous Coward | more than 3 years ago | (#34509388)

OK, so security sites have experienced a lot of traffic coming from Iran. How does that prove that the virus is still affecting them? Do you mean to tell me that the only reason people have for visiting security sites is because they are being affected by stuxnet? What if they have another virus? What if they have no virus and are pursuing preventative measures? What if there is an increased general interest in computer security?

The "adamant claims" jab cuts both ways. We can make the baseless assumption that the Iranian government is plagued by this virus despite adamant claims otherwise, or we could point the finger at American media and say that the Iranian government is no longer affected by stuxnet despite adamant claims by the American press. The press has the same reasons to misrepresent the situation that the Iranian government does, so we can truly learn nothing from these back and forth claims.

Uh... (1)

Locke2005 (849178) | more than 3 years ago | (#34509670)

I thought the hosts that Stuxnet was targeted at weren't connected to the internet at all, meaning the surge in traffic can only be coming from collateral damage infected hosts. Meaning it is spreading but not really damaging anything.

Maybe NSA is redirecting Anonymous' attacks.... (1)

gatkinso (15975) | more than 3 years ago | (#34509864)

...not likely but that would be hilarious,

Note to self (2)

fishbowl (7759) | more than 3 years ago | (#34509972)

When I'm a leader of a rogue state, I will not connect the control systems of my super-secret nuclear facility to any external network.

Really? (0)

Anonymous Coward | more than 3 years ago | (#34510054)

A link to Foxnews that cites an anonymous source? Stop wasting our time.

Coincidently the CAPTCHA word is "brazen"

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?