Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Did Stuxnet Take Out 1,000 Centrifuges At Natanz?

timothy posted more than 3 years ago | from the down-for-routine-maintenance dept.

Security 189

AffidavitDonda writes "In late 2009 or early 2010, Iran decommissioned and replaced about 1,000 IR-1 centrifuges in the Fuel Enrichment Plant (FEP) at Natanz, implying that these centrifuges broke. Iran's IR-1 centrifuges often break, yet this level of breakage exceeded expectations and occurred during an extended period of relatively poor centrifuge performance. Although Iran has not admitted that Stuxnet attacked the Natanz centrifuge plant, it has acknowledged that its nuclear sites were subject to cyber attacks."

cancel ×

189 comments

All Lies (0)

Anonymous Coward | more than 3 years ago | (#34673776)

No, there are no weapons!!!

All Truthiness (1)

TrisexualPuppy (976893) | more than 3 years ago | (#34673798)

Yes, there are weapons!!!

Mod parent up...anyone? (0)

Anonymous Coward | more than 3 years ago | (#34674290)

A truthy reference...sigh

Re:All Lies (1)

lennier1 (264730) | more than 3 years ago | (#34674666)

These aren't the droi...weapons we're looking for?

Maybe we will know in the future. (2)

Suki I (1546431) | more than 3 years ago | (#34673810)

If this is for real, this targeting sounds like a big step in the cyber attack side of the world. I wonder how cyber defense will counter it.

Re:Maybe we will know in the future. (-1, Flamebait)

devxo (1963088) | more than 3 years ago | (#34673822)

It's interesting how US was jabbing so much about cyber warfare and how they need to defend themself, and still they're the first one to attack.

Re:Maybe we will know in the future. (1)

Aerorae (1941752) | more than 3 years ago | (#34673844)

Attacking is easy. Defense is hard. ( ex. Nuclear Weapons use)

Re:Maybe we will know in the future. (3, Insightful)

fuzzyfuzzyfungus (1223518) | more than 3 years ago | (#34673980)

I suspect that the problem is, depending on the sense in which you consider it, both better and worse than your analogy suggests:

On the one hand, hardening specific systems against electronic infiltration is probably(especially if you are willing to put up with hassles) easier and cheaper than burying them in sealed bunkers under entire mountains and other nuclear defense stuff.

On the other, it is overwhelmingly easier for just about anybody to launch petty, nibbling attacks against soft targets with minimal fear of reprisal, or even identification. A lot of such attacks even pay for themselves. The industry of nigerian scammers, spammers, PIN skimmers, etc. launches millions of such a year, some percentage of which net serious rewards, and only a trickle ever get caught. And that is largely a non-ideological private sector game. Once state actors, or ideologically driven non-state actors step up to the table, and start hitting similarly soft, but not necessarily profitable, targets, you have problems...

Re:Maybe we will know in the future. (3, Informative)

arisvega (1414195) | more than 3 years ago | (#34674034)

Attacking is easy. Defense is hard. ( ex. Nuclear Weapons use)

Not true, numerous counterexamples; the simplest one being barricaded somewhere on a mountain with the weather on your side, batteries, ammo, a trustworthy sniper rifle, lots of food, and an internet connection (for your idle time between headshots)

Re:Maybe we will know in the future. (0)

Anonymous Coward | more than 3 years ago | (#34674100)

...and an internet connection (for your idle time between headshots)

Call of Duty: Modern Warfare 2?

Re:Maybe we will know in the future. (3, Interesting)

khallow (566160) | more than 3 years ago | (#34674162)

Not true, numerous counterexamples; the simplest one being barricaded somewhere on a mountain with the weather on your side, batteries, ammo, a trustworthy sniper rifle, lots of food, and an internet connection (for your idle time between headshots)

You're either shallow enough to get burned out or deep enough to get buried. Very effective techniques for taking out pill boxes and deep fortifications were developed in the Second World War.

Re:Maybe we will know in the future. (1)

walshy007 (906710) | more than 3 years ago | (#34674194)

assuming you yourself aren't the actual target and are just trying to avoid being collateral damage, who would know you are even on the mountain?

Being sufficiently underground with enough supplies with nobody knowing that said bunker even exists is handy.

Re:Maybe we will know in the future. (1)

khallow (566160) | more than 3 years ago | (#34674236)

assuming you yourself aren't the actual target and are just trying to avoid being collateral damage, who would know you are even on the mountain?

That's nice if you are a zero value target. But if you aren't, then you can't defend yourself in that way.

Re:Maybe we will know in the future. (0)

Anonymous Coward | more than 3 years ago | (#34675170)

And anyone with a sniper gun is not a zero value target. If you have a gun, you assume you might need to use it. Once you used it, it is disclosed to your enemy and they will hunt you down or take other precautions.

Re:Maybe we will know in the future. (1)

Mr. Freeman (933986) | more than 3 years ago | (#34674270)

There's a difference between "defending yourself from nuclear attacks" and "not being the target of nuclear attacks in the first place".

Sure, being a long way away from the nuclear blast will make sure that you aren't hit by the blast wave, but it's by no means a "defense". A defense would be something that can prevent taking damage from a weapon that's targeted at you. For example, an anti-missile system or a shield. The problem is that anti-missile systems don't actually work all that well yet and no one has made a shelter that can survive a direct attack from a nuclear weapon.

Re:Maybe we will know in the future. (0)

Anonymous Coward | more than 3 years ago | (#34674812)

... and an internet connection (for your idle time between headshots)

You are too easy!

"IDF’s Military Intelligence Unit 8200" (4, Informative)

Suki I (1546431) | more than 3 years ago | (#34673856)

It's interesting how US was jabbing so much about cyber warfare and how they need to defend themself, and still they're the first one to attack.

From TFA, the rumored culprit is not the USA, it is "IDF’s Military Intelligence Unit 8200".

Re:"IDF’s Military Intelligence Unit 8200" (2)

Dutchmaan (442553) | more than 3 years ago | (#34673998)

It's interesting how US was jabbing so much about cyber warfare and how they need to defend themself, and still they're the first one to attack.

From TFA, the rumored culprit is not the USA, it is "IDF’s Military Intelligence Unit 8200".

You act as if people are willing to differentiate the two...

There are good reasons not to differentiate (0)

Anonymous Coward | more than 3 years ago | (#34674598)

The funding of that unit is probably indirectly done by the US because of the subsidies Israel gets on "defense". If somebody considers that units action to be terrorist activity, they will consider US to be sponsoring terrorism. The amount of veto's done by USA in favor of Israel will also make people blame USA. Tough luck, things have consequences.

Re:"IDF’s Military Intelligence Unit 8200" (0)

Anonymous Coward | more than 3 years ago | (#34674012)

Not going to call them incompetent; they're more than able to take care of the situation, but sometimes I wonder how much the USA is involved.

CIA Operative Sterling: Ah, computer worm designed to target Iranian enrichment activities. Hope we don't misplace this anywhere.

*Sterling shrugs, yawns, and drops a USB thumb drive while trying not to appear too obvious.

Gas Iran (0)

Anonymous Coward | more than 3 years ago | (#34674126)

Once and for all!

Re:"IDF’s Military Intelligence Unit 8200" (1)

joelpt (21056) | more than 3 years ago | (#34674204)

From TFA, the rumored culprits are "IDF’s Military Intelligence Unit 8200, .... or perhaps the United States. Langer said last week that in his opinion at least two countries were behind Stuxnet."

So yes, the USA is one possible rumoured culprit.

And Unit 8200 [slashdot.org] is a part of the Israel Defense Forces.

Re:Maybe we will know in the future. (4, Interesting)

fuzzyfuzzyfungus (1223518) | more than 3 years ago | (#34673884)

Seems pretty logical to me. Assuming that the US, or an ally close enough for them to know about it, was behind the work, the success of the attack presumably served as an oh-shit moment for anybody who wasn't a complete moron and hadn't previously had one on the topic of computer security. Plus, projecting your activities onto others seems to be a fairly common human trait. Not only would watching a successful attack team awaken them to the possibilities, it would likely increase their perception that others were likely up to similar things.

By all accounts, stuxnet caused considerable trouble and delay for Iranian enrichment efforts and(at least in public) the closest anybody has gotten to figuring out who did it has basically been pointing fingers at the intersection of "people who don't like Iran" and "people who are good at computers and stuff". A reasonable strategy, to be sure; but not one that suggests they have the slightest in hard evidence to go on. Unless it was unbelievably costly to develop, that is a pretty clear win for whoever was behind it.

I'm sure US military and industrial types could think of a few (thousand) things that they really would not want that happening to, never mind the continual, low-level; but costly, stream of financial scamming and fraud, much of which is electronic and much of which is a net flow from the US to assorted offshore gangs.

Re:Maybe we will know in the future. (1)

afidel (530433) | more than 3 years ago | (#34673988)

One of those big targets they need to protect is the US power grid. The entire thing is a big ball of outdated SCADA systems held together with bubble gum and bailing wire. It can barely handle a couple fault on a hot day let alone a concerted attack (see the great NE blackout of 2003).

Charlie Wilson's War II (2)

linzeal (197905) | more than 3 years ago | (#34674040)

Iran has stepped up efforts at helping Hamas, Hezbollah, the Taliban and is now releasing all of its Al Qaeda terrorists back into the wilds of the Middle East, the question we should be asking, was this attack worth it if terrorism increased because of it? From what I have seen, no, we are now dealing with Iran supplying larger and larger munitions to the Taliban, 'Charlie Wilson's War' is going to have a sequel and this time the protagonist is going to be Iranian.

Re:Charlie Wilson's War II (0)

Anonymous Coward | more than 3 years ago | (#34674528)

Maybe terrorism is preferable to a nuclear Iran?

Re:Charlie Wilson's War II (1)

AlterEager (1803124) | more than 3 years ago | (#34674952)

Iran has stepped up efforts at helping [...] the Taliban and is now releasing all of its Al Qaeda terrorists back into the wilds of the Middle East

Yes, and Ian Paisley is the pope. Iran owns the Afghani government, why would they help the Taliban who want to overthrow it and consider Iran heretics? Iran owns the Iraqi government, why would they help Al Quaida who would overthrow it and consider Iran heretics?

Re:Charlie Wilson's War II (0)

wmac (1107843) | more than 3 years ago | (#34675062)

Taliban and therefore parts of Al-Qaeda were created by CIA to counter. Both of them are arch enemies with Shiaa government in Iran. What you say is worthless.

Al-Qaeda is financed by US supported Saudi Arabia (which is incidentally another enemy of Iran). And if you have forgotten, let me remind you that Bin Ladan family has been a very close friend to US president Bush.

Now what I said is even documented in public domain sources. What you say is never proved.

Re:Maybe we will know in the future. (0)

Anonymous Coward | more than 3 years ago | (#34673916)

The article states it was the IDF, which is the consensus. Personally I think someone in their government might have written it in an attempt to spark something again the USA or Israel.

Re:Maybe we will know in the future. (1)

Opportunist (166417) | more than 3 years ago | (#34673986)

Where've you been the last decade. Attacking is the new defense. It's called "pre-emptive strike". In other words, blow up someone you think could probably some day maybe consider thinking about attacking you.

Re:Maybe we will know in the future. (1)

Urkki (668283) | more than 3 years ago | (#34674712)

Where've you been the last decade. Attacking is the new defense. It's called "pre-emptive strike". In other words, blow up someone you think could probably some day maybe consider thinking about attacking you.

"New"?

Well, ok, yeah. I guess more traditional approach would be to slaughter and enslave to keep them down, to minimize the need to to actually attack in a military sense...

Re:Maybe we will know in the future. (1)

Opportunist (166417) | more than 3 years ago | (#34674824)

Ok, ok, it's not new. I guess what's new is that it's generally accepted as a valid way to deal with (real or imagined) threats.

When Germany tried that stunt with Poland, a world war started.

Re:Maybe we will know in the future. (1)

thunderclap (972782) | more than 3 years ago | (#34674148)

Stuxnet isn't ours its the israeli who did this.

Re:Maybe we will know in the future. (1)

realityimpaired (1668397) | more than 3 years ago | (#34675174)

Because it's completely unfathomable that the arabs would be intelligent enough, and good enough at math and computer programming to pull something like this off?

And that's assuming it was even a government that did it. Most computer viruses out in the wild today are the work of a single individual, after all.

Re:Maybe we will know in the future. (0)

Anonymous Coward | more than 3 years ago | (#34673824)

Everything in the future will be analog. And World War IV will be fought with sticks and stones.

Re:Maybe we will know in the future. (2)

arisvega (1414195) | more than 3 years ago | (#34674054)

Everything in the future will be analog. And World War IV will be fought with sticks and stones.

No, it will be with cybernetics, that-thing-that-fries-opponents-with-an-arc, flying cars and LOTS of slow-motion KungFu

Re:Maybe we will know in the future. (-1)

Anonymous Coward | more than 3 years ago | (#34674686)

> I wonder how cyber defense will counter it.

Iranians give palestinian extremists a "letter of marque and reprise" to retaliate, by blowing up some crowded articulated buses in Haifa, etc. At least that was the method muslims and arabs used in the previous decade to punish zionists for the non-stop genocide in Gaza. Jews consider themselves "chosen people" and rabbis hold their lives are infinitely more valuable than "goyim" lives, so they cannot tolerate losses among jews, but have no problem culling arabs by the thousands. Arab bomb vest martyrs return this trend on the jews, to level the playing field.

Also, Iran ally Syria has large amounts of chemical warheads for Scud missiles and some russian backing, so the zionists cannot conquer them, despite the 220 or so nuclear bombs they have made in Dimona. Jews are much afraid of chemical warfare because of the memory of gas chambers in WWII, so Syria can hold the zionist entity by the balls, if it threatens Iran.

Of course eventually there will be a big war between zionists and their servants, versus arabs and muslims. Zionists prepare for the war with all their military might and are currently looking for a new host body to milk, as the USA is no longer able to donate them dozens of billions of dollars per year. Communist China is the news host body, firstly because communism is a jewish invention and secondly, the chinee have a lot of money to milk. Jews sell chicom military tech stolen from the american and the french, at highly inflated prices.

E.g. the IAI Lavi fighter jet prototype, composed of french Mirage delta wing + american F-16 fuselage, has been sold secretly to chicom, copied and became the red fighter type "J-10". Previously the jews promised never to sell the discontinued Lavi type, in exchange for 102pcs for free F-16I fighter planes, delivered from the USA, worth 50mio USD apiece. After that scandal the USA realized jews have been defrauding them for at least a century and so zionism is now looking for a new host body, to replace the USA. Sadly this means USA will fall soon, because jews run the global and USA fiscal scene.

There is no defense (0)

Anonymous Coward | more than 3 years ago | (#34674710)

There is absolutely no way to defend such an attack. Unless of course, you build every.single.thing in-house.

Re:Maybe we will know in the future. (1)

Yvanhoe (564877) | more than 3 years ago | (#34674908)

By using systems they fully control ? They were using windows, which HAS backdoors that are acknowledged by microsoft to install security updates.
People will manage to sell something like "cyber-defense" when all that is needed, really, is to use the good tool for the good job...

Re:Maybe we will know in the future. (5, Interesting)

arivanov (12034) | more than 3 years ago | (#34674934)

Not really.

It sounds like a much more professional attack than previously considered.

Varying speed by itself should have just sent yield to hell. Varying speed properly with the full knowledge of the centrifuge design and construction allows to select resonating frequencies (which each centrifuge has) and keep it at those until it disintegrates. In my "previous life" doing biotech I have seen what happens when a rotor goes off balance at 50000 rpm. The effect is more or less similar to that of a hand grenade in a closed space.

Add to that the fact that a broken uranium enrichment centrifuge will leak UF6 all over the place which is highly toxic and corrosive and you have your perfect sabotage method.

There is one more question to be answered here which puts the final dots over Is and crosses the last Ts. The people who have analysed the source so far in AV companies were malware professionals, not chemists or industrial automation experts. So they left one question open - does it try to determine the frequencies or it knows them already. If it is the latter, this means that the attacker has managed to obtain the exact design of a centrifuge with the actual improvements used by Iran so Iran's nuclear programme is way leakier than we thought and everyone and their dog has that centrifuge design now (with the actual improvements done by Iran after they got it from our "allies" in Pakistan). If it is the former, the same attack can be applied to all kind's of industrial automation equipment and Siemens kit provides enough telemetry to run the attack. That is probably even scarier than the first possibility. Resonance is lovely stuff... Nothing can withstand it for a sufficiently long time.

Re:Maybe we will know in the future. (1)

xded (1046894) | more than 3 years ago | (#34674998)

I wonder how cyber defense will counter it.

Changing the default password in network-enabled Siemens PLCs.

Really? (1)

khoonirobo (1316521) | more than 3 years ago | (#34673818)

Well Doh!!

The malware seems to have specific code to target the centrifuges. There is reportedly sub par performance and high replacement rate for the centrifuges.

Do you need a diagram too?

Re:Really? (1)

garyisabusyguy (732330) | more than 3 years ago | (#34673830)

Sure, a diagram would be nice.

I'd also like to know the network topology of the facility in question, its connectivity to the internet and their protocols for isolating their systems from threats

Thanks for asking

Re:Really? (1)

TooMuchToDo (882796) | more than 3 years ago | (#34673880)

Apparently, the "virus" was not spread via network connectivity, but via payloads that piggybacked on removable media (USB sticks).

Re:Really? (1)

garyisabusyguy (732330) | more than 3 years ago | (#34673896)

ZING!

And I have to ask, why the heck does removable media still have so many vulnerabilities?

Re:Really? (1)

TooMuchToDo (882796) | more than 3 years ago | (#34673910)

Because it's viewed as more secure than network connectivity when it shouldn't be? Build a better heuristics scanner, and someone will build a more obscure/innocent-looking binary.

Re:Really? (0)

Anonymous Coward | more than 3 years ago | (#34673954)

removable media or the device you connect them to?

Re:Really? (1)

linzeal (197905) | more than 3 years ago | (#34674062)

A company I worked for left some USB sticks laying around our break room one weekend, us local IT guys and corporate were the only ones in on it, by the end of the day, 8 out of 10 of the USB sticks had been plugged in. One low-level manager, had 3 of them and when we came into his office, he was offloading porn and mp3s from his work computer unto them.

Re:Really? (3, Informative)

sjames (1099) | more than 3 years ago | (#34674638)

Because normal people consider removable media to contain data but MS and by extension Windows considers it something that must be executed without gaining consent from or even informing the user.

Windows must be kept locked up in a padded cell and straitjacket. If it sees a bottle marked poison, it will drink it. If it sees a pencil it'll jam it up it's nose. Give it a pillow and it'll suffocate itself.

Well that was the intention of the virus (1)

Ancantus (1926920) | more than 3 years ago | (#34673842)

Everyone is pretty sure Stuxnet was targeting Iranian nuclear centrifuges, it was a well build virus that did its creators job well. The team who created it did their research, and figured this was the best stab at slowing the Iranian nuclear processing. Just goes to show good planning/funds and smart programmers can do significant damage to some secure facilities.

Re:Well that was the intention of the virus (4, Interesting)

garyisabusyguy (732330) | more than 3 years ago | (#34673876)

Just spent a minute at wikipedia...

Apparently the virus is Windows specific and targets industrial control systems manufactured by Siemens.

They have distributed a removal tool, which is dependent on current patching from Microsoft

Of course, this soooo many questions, like;
Who else uses the same Siemens controllers, should they be worried as well?
Who holds the keys to this thing?
What is preventing anybody else from hijacking the root kitted systems?
What are the chances of any Microsoft patches being poisoned by the author?

And finally... Why the heck are our friends at Siemens selling systems to the Iranians?

Re:Well that was the intention of the virus (2)

Ancantus (1926920) | more than 3 years ago | (#34673944)

It also uses (i believe) 4 windows specific 0 day hacks. Usually a 'common' virus writer uses only one, because you can use the other 3 to make 3 more viruses. It really shows these people REALLY wanted this to work. and for it to infect as many systems as it could before caught and stopped. Siemens can sell to whomever they want. Iran can use those controllers for making plush teddy bears just as easily as for nuclear refinement. And the command/control servers for the virus were taken offline a while ago, so no-one holds the keys to deactivating virus anymore.

Re:Well that was the intention of the virus (2)

keeboo (724305) | more than 3 years ago | (#34673962)

Apparently the virus is Windows specific and targets industrial control systems manufactured by Siemens.

Why the hell Siemens is running Windows for such kind of application, to begin with?

And finally... Why the heck are our friends at Siemens selling systems to the Iranians?

Friends?
Neither companies nor government have friends, they have interests.

Re:Well that was the intention of the virus (2)

mangu (126918) | more than 3 years ago | (#34674668)

Why the hell Siemens is running Windows for such kind of application, to begin with?

My question exactly. Twenty years ago the standard system for such applications was the VAX/VMS and I still have to see any successful virus for the VAX/VMS. There have existed many proof-of-concept viruses and worms written for VMS, sure, but never one that caused any widespread damage.

There's a good analysis of the reasons for this here [hoffmanlabs.com] . In simple words, VMS is not quite as user-friendly as Windows and that makes all the difference.

That's the reason why I wish the "year of Linux on the desktop" will never come. We don't need an Eternal September [wikipedia.org] on the Linux desktop.

Re:Well that was the intention of the virus (1)

Anonymous Coward | more than 3 years ago | (#34674756)

You don't seem to understand.
Siemens PLC's don't run Windows.
The design tools for developing PLC applications is Windows based.
The attack targets the design tools as a vector to get into the design that is used for industrial control.
I am not an expert on Stuxnet but from what I read there are multiple injections of harm in the PLC's which again don't run Windows. Root kits for the PLC is just one such vector.

So why do Siemens sell to Iran. First of all, the cannot really do it due to embargo, but it is easy to get hold of basically commodity hardware. Besides the Iranians have been operating without a license. Also, according to the Euorpean Commission, Siemens is the most corrupt organization in the world and has a long standing tradition of suspect business dealings worldwide including my home country of Norway. Another example to show a timeline is that Siemens labelled product as Austrian as German companies were embargoed in Israel for a long time after WW2. Apparrently it worked like a charm.

Re:Well that was the intention of the virus (1)

DriedClexler (814907) | more than 3 years ago | (#34674070)

And finally... Why the heck are our friends at Siemens selling systems to the Iranians?

I don't know, but I hope they shoot 'em an even bigger load next time [/couldn't resist].

Re:Well that was the intention of the virus (1)

X.25 (255792) | more than 3 years ago | (#34674080)

And finally... Why the heck are our friends at Siemens selling systems to the Iranians?

What makes you think you are their friend, and who are you to tell Siemens who they should do business with?

Re:Well that was the intention of the virus (1)

MichaelSmith (789609) | more than 3 years ago | (#34674626)

And finally... Why the heck are our friends at Siemens selling systems to the Iranians?

Siemens are German. Many European countries sell technology to Iran.

Re:Well that was the intention of the virus (2)

sjames (1099) | more than 3 years ago | (#34674660)

1. There are a lot of perfectly legitimate uses for industrial controllers. 2. Corporations have no friends, only avarice. They may act friend-like if you are currently the highest bidder but the moment they have your money they'll turn to the next highest bidder.

Re:Well that was the intention of the virus (0)

Anonymous Coward | more than 3 years ago | (#34674890)

And finally... Why the heck are our friends at Siemens selling systems to the Iranians?

I guess answer to that is now obvious. Siemens was silently OK'ed to sell systems to Iranians so that their friends would have accurate information on their procurement and configuration.

Better question is why the heck are Iranians buying their strategically critical systems from Siemens, the friends of their enemy? Siemens may have good reputation and expertize in industrial control, but when you are deemed evil, no one's reputation will be stained for betraying you, quite contrary!

If you are on the quest to appropriate an entire new (to you) technology, developing your own supporting technologies is just a little extra cost on top of already huge spending. In fact, that's why huge endeavors are so beneficial to overall technical and scientific progress of nations.

Re:Well that was the intention of the virus (2)

ddrichardson (869910) | more than 3 years ago | (#34674902)

Eset has a particularly interesting paper [eset.com] on Stuxnet which may interest you.

Re:Well that was the intention of the virus (1)

thegarbz (1787294) | more than 3 years ago | (#34674932)

Who else uses the same Siemens controllers, should they be worried as well?

From my understanding of the virus when the analysis was posted a while back the virus was more specific than you can imagine. It didn't generically target Siemens systems as much as verify which actual Siemens system it was attached to. It had a very specific payload that moved quite specific control points around. I think at the time the basic thought was if you weren't the one being specifically targeted you didn't' have too much of an issue.

Re:Well that was the intention of the virus (1)

nutshell42 (557890) | more than 3 years ago | (#34674990)

And finally... Why the heck are our friends at Siemens selling systems to the Iranians?

Had you spent just a minute at wikipedia it would have told you that it's general purpose industrial PLC, not some specialized system tailored for one specific use. You want one? Let me google that for you: here [google.com]

That's the main problem with Stuxnet. While there are a few checks to tailor it to the specific situation in Iran, we're still talking about large volume off-the-shelf equipment. The military's used to collateral damage but in cases like this (Stuxnet's just the beginning; it's been a tremendous success so everyone's gonna want one) the collateral damage might be people dying in an industrial accident in a completely unrelated country half way around the world.

Re:Well that was the intention of the virus (2)

xded (1046894) | more than 3 years ago | (#34675012)

And finally... Why the heck are our friends at Siemens selling systems to the Iranians?

Because otherwise the Russians would.

And then, good luck getting right the cyrillic encoding for the default password.

You don't get plenty of chances (0)

Anonymous Coward | more than 3 years ago | (#34674860)

The team who created it did their research, and figured this was the best stab at slowing the Iranian nuclear processing.

This part is especially interesting, critical for the success of such an attack, I'd say. You can't afford to make it work through trial and error, because your target will get alarmed when failed attack is detected and entryway security holes may get plugged. If you don't have an operative in the field, or inside the vendor which delivered the equipment to your target, then you have to have some sort of very low profile "scout worms" that would gather information about the target facility, map the network, retrieve sample of code that runs on machines, etc. Also, similar to aerial and artillery attacks, you need to get feedback information on attained damage. Are we really sure that Stuxnet attack was a success and Iranian centrifuges are damaged? How do we know? Is the source of information authoritative? And so on.

Mission Accomplished (2)

dragonhunter21 (1815102) | more than 3 years ago | (#34673868)

Somewhere, some guy working for the CIA/NSA/TLA just shat himself laughing.

They didn't laugh (0)

Anonymous Coward | more than 3 years ago | (#34674632)

The idiots in Israel is known to only think about their own interests. They have full support of the US no matter what crap they pull. The operatives in secret agencies knows that Stuxnet is now a gun-for-hire internationally. It is a security-threat, and the world already has too many of those.

Re:Mission Accomplished (0)

Anonymous Coward | more than 3 years ago | (#34675066)

until Stuxnet is reprogrammed for other targets and gets into the US system?

Would Windows Security Essentials have protected? (2, Interesting)

BadAnalogyGuy (945258) | more than 3 years ago | (#34673890)

What antivirus software would have protected the victims of this virus? Kaspersky? AVG? Windows Security Essentials? ClamAV?

While on the one hand, it is important to prevent infections from becoming a massive swarm with the ability to hammer away at particular locations in a DDOS, in this particular case it seems like specific machines were infected with the goal of harming them directly. Since these machines are running on specialized hardware, it doesn't really make sense to consider StuxNet a "swarm" virus. The swarming aspect only seems to have helped it spread in an organic way towards the targeted systems.

On the very end lay the centrifuges, but between those and the Internet lay Windows PCs. Would having Norton (or any other AV) running on startup have blocked this virus?

If none, then what hope do we really have of protecting ourselves from deliberate attacks on our network infrastructure?

Quite frightening, actually. (Unless Windows Security Essentials would have caught it.)

Re:Would Windows Security Essentials have protecte (3, Insightful)

afidel (530433) | more than 3 years ago | (#34674010)

No, AV software would not have protected those systems from infection because the virus didn't attack the OS or any 'normal' program that an AV vendor would be used to protecting, it attacked a very specific installation of an industrial control package. Better computer hygine like not taking media from lower security systems to higher security ones would have prevented the infection of the vulnerable machines but even the NSA has admitted that they do not have 100% control over such procedures.

Re:Would Windows Security Essentials have protecte (1)

MichaelSmith (789609) | more than 3 years ago | (#34674650)

Better computer hygine like not taking media from lower security systems to higher security ones would have prevented the infection of the vulnerable machines but even the NSA has admitted that they do not have 100% control over such procedures.

No kidding [wikipedia.org]

Re:Would Windows Security Essentials have protecte (1)

Opportunist (166417) | more than 3 years ago | (#34674020)

None. No AV kit can protect you from a single target attack.

Re: Your stupid sig (-1)

Anonymous Coward | more than 3 years ago | (#34674386)

Re: Your stupid sig: In the USA, the government gives big businesses, especially defense contractors, and foreign governments, all the money they want (on pallets no less), courtesy of the US taxpayers. And the US government controls commerce. What's your point?

Re: Your stupid sig (1)

chrisG23 (812077) | more than 3 years ago | (#34675076)

Whoosh

Re:Would Windows Security Essentials have protecte (1)

BadAnalogyGuy (945258) | more than 3 years ago | (#34674402)

But the virus required a vector, which was unprotected Windows systems. If the virus never reached the target devices, then how would the virus infect them?

If these top security facilities can't prevent viruses, how can protect ourselves with our measly little free AV software packages?

Re:Would Windows Security Essentials have protecte (3, Interesting)

Opportunist (166417) | more than 3 years ago | (#34674802)

You're not a high profile target.

Could your apartment door keep out an exceptional burglar who specialized in breaking into high profile objects? Could your home safe stop someone who is an expert in opening bank safes? Would someone trained in defeating multi layer security systems trip your alarm system at home?

I think none of those answers could be answered positively.

But these people do not break into your home. They got better, more profitable, targets to rob.

Likewise, nobody would "waste" 4 0day vulnerabilities just to infect YOU, and ONLY YOU (a blanket attack on multiple, nonspecific, targets is usually trivial to discover through early warning means and also quite easy to protect against).

As odd as it may sound, there's safety in numbers. The garden variety trojan is not targeted. They don't care too much who they infect, their goal is not a specific target, their goal is to infect as many machines as possible, for various reasons, but no matter what the reason, it's better (for them) to infect many instead of a specific target. Phishing, botnets, they all need many, but not specific, machines.

This is not the case here. The target was very specific and I am actually quite sure that infecting anything else with this trojan would actually have been seen as a flaw in the whole operation.

I'd guess that the malware was installed specifically where it should strike, not in the usual "release and wait" way but targeted and planted. In other words, I'd guess it would have taken a physical person to be physically present to get this rolling.

This is nothing that would affect you, or any Joe Randomsurfer for that matter.

Re:Would Windows Security Essentials have protecte (1)

thegarbz (1787294) | more than 3 years ago | (#34674962)

None. This attack was quite targeted. I would imagine the person writing this virus didn't just unleash it to the general public with the hope that one day maybe it would make it to intended target. Antivirus software needs a sample or otherwise needs a virus to match some kind of heuristic signature. Just to put this into perspective we actually got this virus where I work (industrial plant at the other side of the world but no Siemens controllers). The .lnk exploit wreaked havoc on the commercial network but no permanent harm done. None the less we all had the latest and greatest antivirus packages installed. We got a notice from IT saying that all network access has been suspended and the control networks have been isolated from the business networks and that we'll get more information when the AV vendor gets back to IT.

Took about 7 hours for the response. Then the advice was to run an update on the AV package and a notice that network drives would be brought online once they were properly cleaned.

Now you'd have no hope in hell of spreading quite the same way in our plant but at the time the virus and the 0-day exploit it used were quite foreign. It didn't actually manage to infect the control system due to due care in network design and physical access, but if it did, and we ran Siemens PLCs, and we were the intended target .... well 7 hours is a heck of a long time for a malicious program to do damage.

Software can't damage hardware (0)

Anonymous Coward | more than 3 years ago | (#34673904)

......that's what she said.

We've Advanced Beyond Mere Dupes! (1)

bill_mcgonigle (4333) | more than 3 years ago | (#34673930)

Dupes are one thing, but, wow, this is new territory.

Iran Admits Stuxnet Affected Their Nuclear Program [slashdot.org]

If the submitter had gone straight to the Google [google.com] none of this ever would have happened.

Re:We've Advanced Beyond Mere Dupes! (0)

Anonymous Coward | more than 3 years ago | (#34674202)

Depends which keywords you use. The old article talks about "a limited number of our centrifuges" but this one gives the number 1,000. Why do you say "this is new territory"? Google indexes Slashdot pretty quickly. The only way to be worse than a dupe is if the new story has older information.

cccc (1)

Anonymous Coward | more than 3 years ago | (#34673970)

Centrifuge subterfuge!

And the downside is? (0)

Anonymous Coward | more than 3 years ago | (#34674048)

Okay so we have a weapon that disables the target without killing anyone. I'd call it a major advance and any government crying foul needs to consider the purpose of the centrifuges. Would it be better to bomb the place and kill hundreds of people?

This is real simple (0)

Anonymous Coward | more than 3 years ago | (#34674152)

we need to quit doing warnings. Simple tell them that if they blow a nuke, that the west will drop in conventional bombs to take out their nuke sites. If they launch a missile during that time, then the bombs will change to nukes and will rain them down on them.

That's the old model centrifuge (4, Informative)

Animats (122034) | more than 3 years ago | (#34674302)

The IR-1 is an older model centrifuge. It's basically a copy of an old URENCO design. Iran has an IR-2 and an IR-3 model, which use carbon fibre rotors, and new installations use those. Iran has at least three enrichment plants, incidentally, and they're all different. Various reports indicate replacement of the older models by newer ones, so some of this might be a routine phase-out.

Re:That's the old model centrifuge (1)

deetoy (1576145) | more than 3 years ago | (#34674542)

Makes sense that the IR-1 is a superceded model and this story is a divsersion. "Iran usually ran its motors at 1,007 cycles per second to prevent damage, while Stuxnet seemed to increase the motor speed to 1,064 cycles per second." Any mechanical design that results in failure due to a speed change of 6% was prone to failure anyway. I was expecting a more sophisticated attack that would deliver process failure rather than a mechanical failure. Much more effective to make the plant manager think his process is flawed rather than delivering an obvious mechanical failure.

Re:That's the old model centrifuge (2)

Ensign Morph (1824130) | more than 3 years ago | (#34674600)

IIRC it did that as well. Specifically it didn't just speed up the centrifuges (which would probably be noticed) but did so in brief oscillating bursts, with the intent of mixing up the partly separated isotopes again.

What percentage is that? (1)

dave562 (969951) | more than 3 years ago | (#34674350)

Is that even 10% of their entire production capacity?

Centrifuges? (1)

linuxgeek64 (1246964) | more than 3 years ago | (#34674398)

Moar liek centripets, amirite? http://xkcd.com/123/ [xkcd.com]

israel already has nukes (1)

Dan667 (564390) | more than 3 years ago | (#34674434)

and based on their reckless oppression of people there is a lot more concern about forcing israel to get rid of their nukes.

Re:israel already has nukes (0)

Anonymous Coward | more than 3 years ago | (#34674884)

and based on their reckless oppression of people there is a lot more concern about forcing israel to get rid of their nukes.

Yes, and that concern is typically expressed by people who dream of finishing the work the Nazis failed to do by driving the Jews into the sea.

As long as Israel has nuclear weapons all that such people can do is piss and moan and pound sand up their ass.

Re:israel already has nukes (1)

wmac (1107843) | more than 3 years ago | (#34675070)

Which nukes?

Someone should get rid of Israel's nukes. Iran does not have nukes and is under supervision of IAEA.

Re:israel already has nukes (0)

Anonymous Coward | more than 3 years ago | (#34675172)

Iran does not have nukes THAT WE KNOW OF and is under supervision of Muhammad Shahrul Ikram Yaakob, another Israel-hating Muslim who wants nothing more than to see Israel wiped off the map.

No. (1)

Alex Belits (437) | more than 3 years ago | (#34674474)

The answer is no.

Because even if it was true (what is extremely unlikely), any confirmation of this would encourage idiots at Pentagon and similar places to write idiotic viruses and trojan horses that will end up doing nothing but creating massive epidemies among completely unrelated Windows computers.

So no it is.

Oh, and to Iranian nuclear engineers: keep all information about your facilities secret. What kind of kindergarten are you runnung there?

Iran would be happy with these rumors too (2)

seyyah (986027) | more than 3 years ago | (#34674480)

I think Iran -- or any other country -- would be pleased to have these kind of rumors about the damage done circulating. Disinformation or uncertainty as to the present condition of their activities can only benefit them, especially if it causes the enemy to underestimate their power. This assumes that Stux wasn't feeding back information about its activity or that another good source doesn't exist.

Re:Iran would be happy with these rumors too (1)

mangu (126918) | more than 3 years ago | (#34674684)

Disinformation or uncertainty as to the present condition of their activities can only benefit them, especially if it causes the enemy to underestimate their power.

More importantly, it causes people to doubt their capabilities. If there existed a consensus that the Iranian nuclear project poses a danger to the whole world, there would be pressure to stop that project at any cost. If they are perceived as incompetent bunglers no one will take them seriously and the nuclear program will continue.

Re:Iran would be happy with these rumors too (2)

m50d (797211) | more than 3 years ago | (#34674770)

Not for nuclear weapons. The whole point of nukes is to let other people know you have them; no-one wants to have to actually use the things.

Re:Iran would be happy with these rumors too (2)

AlterEager (1803124) | more than 3 years ago | (#34675004)

Not for nuclear weapons. The whole point of nukes is to let other people know you have them; no-one wants to have to actually use the things.

Dr. Strangelove: Of course, the whole point of a Doomsday Machine is lost, if you *keep* it a *secret*! Why didn't you tell the world, EH?

Ambassador de Sadesky: It was to be announced at the Party Congress on Monday. As you know, the Premier loves surprises.

Re:Iran would be happy with these rumors too (1)

cowboy76Spain (815442) | more than 3 years ago | (#34674872)

I sincerely doubt that the OIA, the CIA, the Mossad and the like will evaluate the success or failure of Stuxnet based on what anyone posts in Slashdot, or some journalist post (unless he is recognized to have expertise in the field and/or good contacts). So the ones understimating Iran would be, at the very maximum, the general public (and now we know/have confirmation from wikileaks how little are we informed/taken in account by our governments)...

Did the centrifuges break -or the controllers? (5, Insightful)

RubberDogBone (851604) | more than 3 years ago | (#34674622)

My take on this story was that the Siemens controllers were the problem. The centrifuges quit working right because the controllers went nuts, and then the controllers were careful to hide their defect.

So if Iran examined the controllers and centrifuges and figured (wrongly) that the centrifuges were the problem and replaced them, wouldn't the controllers just wreck the new ones as well? And if so, wouldn't that cause Iran to spend a lot of time replacing centrifuges again and again? It seems like that could account for some of the buying.

And of course, once the actual problem is figured out, then you need to replace the controllers and probably the centrifuges that got broken the second or third time around, and of course figure out how to keep the whole thing from happening again. Sure, you can replace the rogue controllers but how did they go bad to start with? If you don't know, this could cause a lot of extreme paranoia.

How Iran actually reacted is not clear to me, but I know what would happen if this occurred in a US factory.

If a machine broke, you'd replace the machine. If it broke again, you'd replace it again and start getting mad. If it broke again, then maybe you'd look at the controller. If it tests OK -and why would it lie to you- then you replace the centrifuge again. Etc. It might take a relatively long time to figure out that the controller is actually the problem AND that it was deliberately being subtle about it to avoid detection. The assumption with machines is that they don't lie to you. If they are good or bad, generally they will be straightforward to sort out via testing or diags.

So to start with, you have to accept the concept that yes, they can lie, before the source of the problem can begin to be understood much less dealt with.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...