Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Iran Claims New Cyberattacks On Industrial Sites

Soulskill posted about 2 years ago | from the christmas-gift-from-the-nsa dept.

Security 75

wiredmikey writes "Iranian officials on Tuesday said a 'Stuxnet-like' cyberattack hit some industrial units in a southern province. 'A virus had penetrated some manufacturing industries in Hormuzgan province, but its progress was halted,' Ali Akbar Akhavan said, quoted by the ISNA news agency. Akhavan said the malware was 'Stuxnet-like' but did not elaborate, and that the attack had occurred over the 'past few months.' One of the targets of the latest attack was the Bandar Abbas Tavanir Co, which oversees electricity production and distribution in Hormuzgan and adjacent provinces. He also accused 'enemies' of constantly seeking to disrupt operations at Iran's industrial units through cyberattacks, without specifying how much damage had been caused. Iran has blamed the U.S. and Israel for cyberattacks in the past. In April, it said a voracious malware attack had hit computers running key parts of its oil sector and succeeded in wiping data off official servers."

Sorry! There are no comments related to the filter you selected.

Hope the saying isnt true.... (2)

ihatewinXP (638000) | about 2 years ago | (#42392283)

"What goes around, comes around."

Ill go back tomorrow and read this at -1 to see the real discussion....

The nature of the attack (1)

Taco Cowboy (5327) | about 2 years ago | (#42392537)

Presumably the Stuxnet virus was released to retard the development of Iranian nuclear program.

Wonder what's the real aim for this latest round of stuxnet-like virus?

Re:The nature of the attack (0)

Anonymous Coward | about 2 years ago | (#42392863)

Presumably the Stuxnet virus was released to retard the development of Iranian nuclear program.

Wonder what's the real aim for this latest round of stuxnet-like virus?

To cause their generators to spin out of control and break slinging UF6 everywhere.


Posted from my PLC.

Re:Hope the saying isnt true.... (3, Informative)

jimmydevice (699057) | about 2 years ago | (#42392565)

A viral attack on a sovereign country is war.

Re:Hope the saying isnt true.... (0)

Anonymous Coward | about 2 years ago | (#42392833)

I don't think that would bother Israel. They've been itching to pummel Iran for a while now.

Re:Hope the saying isnt true.... (0)

Anonymous Coward | about 2 years ago | (#42392999)

...and funding, recruiting and training terrorists isn't...ok

Re:Hope the saying isnt true.... (0)

MiniMike (234881) | about 2 years ago | (#42394615)

Iran has funded and controlled terrorists [] in Argentina, Israel, India, Iraq, Kenya, Lebanon, and Saudi Arabia. Setting off bombs in another country, firing missiles randomly at another country's civilian population, and attacking military targets could all be considered acts of war, are far more serious attacks than a computer virus, and have been going on for far longer than Stuxnet has been around. If Stuxnet is the only payback Iran receives for what they've done, they're getting off very lightly.

Re:Hope the saying isnt true.... (2)

Uberbah (647458) | about 2 years ago | (#42399065)

Iran has funded and controlled terrorists in Argentina, Israel, India, Iraq, Kenya, Lebanon, and Saudi Arabia.

You mean accused of funding terrorists. There's a big difference between claims and proof - or have you forgotten about "Nigerian yellow cake" and "aluminum tubes?"

But, lets go ahead and say that the worst things you claim about Iran are true - they'd still be the molehill next to the mountain of U.S. and Israeli aggression. Iran hasn't launched two bogus wars of choice in the last ten years or set up a world wide torture regime. Iran isn't running an apartheid state against half it's population.

As for terrorism again, wake us up when giant banks that have laundered money for Al Queda aren't granted sweeping immunity [] from prosecution, along with American shills for the terrorist group MEK. []

Re:Hope the saying isnt true.... (0)

Anonymous Coward | about 2 years ago | (#42395011)

A viral attack on a sovereign country is war.

Can be considered an act of war. There's a difference.
And that decision is not up to you... probably a good thing.

Hrmpf. (1)

Johann Lau (1040920) | about 2 years ago | (#42392287)

I *just* heard on German radio they now withdrew that claim, but I didn't pay closer attention sorry ^_^

Re:Hrmpf. (2)

Johann Lau (1040920) | about 2 years ago | (#42392297)

Well, that doesn't excuse being sloppy: I heard they withdrew their knee-jerk accusing US and Israel for it, *not* that an attack took place. And this isn't even contrary to the Slashdot summary, so ignore all of this.

Re:Hrmpf. (1)

Anonymous Coward | about 2 years ago | (#42392781)

Tehran - A local civil defense official denied an earlier account that a fresh cyber attack on industrial units in the southern province of Hormuzgan had been repelled, Iran's state broadcaster website reported Tuesday. []

Re:Hrmpf. (0)

Anonymous Coward | about 2 years ago | (#42393265)

Oh. Thanks ^^

Maybe they should just stop their warmongering. (0)

Anonymous Coward | about 2 years ago | (#42392365)

Feel free to curse the White Yankee Devil, but pump the oil and don't make waves.

You'll be happier.

Re:Maybe they should just stop their warmongering. (-1, Troll)

Anonymous Coward | about 2 years ago | (#42392445)

What warmongering? Have they been assassinating scientists, like Israel? Have they been invading oil-producers one after another, like the US?

Re:Maybe they should just stop their warmongering. (0)

Anonymous Coward | about 2 years ago | (#42394033)

Funny how in your question you cite EXACTLY what Iran has been doing.

Re:Maybe they should just stop their warmongering. (2)

Johann Lau (1040920) | about 2 years ago | (#42392749)

You know, the Iranian revolution in '79 was co-opted by murderous poopyheads who have had their grip on the country since then, right? My point is that your beef is, by and large, not with Iranians, especially not with the younger generation. There is nothing to gain and a lot to loose by missing this.

But first you kinda have to drop this attidude of talking down to servants, just because the guys who hold your collar can beat up the guys holding theirs. That is beyond pathetic.

Re:Maybe they should just stop their warmongering. (0)

Anonymous Coward | about 2 years ago | (#42393133)

Watch out, he'll tell you to Argofuckyourself.

Re:Maybe they should just stop their warmongering. (0)

Anonymous Coward | about 2 years ago | (#42393277)

That, silence, non-sequiturs.. is all the same to me.

don't need Irant anyway (3, Interesting)

swschrad (312009) | about 2 years ago | (#42392401)

but the real fun is when some nitwit turns the worms loose on the so-called "smart grid," which has more holes than security.

Re:don't need Irant anyway (0)

Anonymous Coward | about 2 years ago | (#42394053)

hehe, yeah. That's a dirty little secret we'd rather keep to ourselves. Smart grid has all the characteristics of swiss cheese. It's soft & full of holes. The wireless meetering alone should be enough to suggest to anyone that they're on the wrong track there.

Must be the "I love you virus" (0)

Anonymous Coward | about 2 years ago | (#42392421)
Link related.

Dear Iran (4, Informative)

Osgeld (1900440) | about 2 years ago | (#42392427)

Fix your shit or quit complaining that the same basic attack keeps infecting your systems

thank you

Re:Dear Iran (0)

Anonymous Coward | about 2 years ago | (#42393377)

Oh my diddly kikerino

Re:Dear Iran (1)

AmiMoJo (196126) | about 2 years ago | (#42393681)

TFA mentions that the attacks failed. TFS is misleading.

Re:Dear Iran (1)

IamTheRealMike (537420) | about 2 years ago | (#42394289)

In what universe was Stuxnet a "basic attack"? Did you ever read how it worked?

Re:Dear Iran (1)

dropadrop (1057046) | about 2 years ago | (#42403151)

Fix your shit or quit complaining that the same basic attack keeps infecting your systems

thank you

Because changing a countries complete IT infrastructure to a new platform is something that can be done in a blink of an eye? With every attack I would imagine we will get closer to Iran moving to a really controlled environment, but weather that is a huge fix is another issue (I would imagine the US and Israel have the capability to infect anything they wish).

A warning (4, Insightful)

Black Parrot (19622) | about 2 years ago | (#42392431)

Commerce, industry, governments, and militaries need to get *real* serious about computer security. If intelligence operatives can make attacks on critical infrastructure now, script kiddies will be able to do it before too many years. People will be shutting down critical industry just for the lulz.

Re:A warning (1)

Anonymous Coward | about 2 years ago | (#42392457)

Script kiddies can do it right now, but most of them aren't as malicious as governments.

Re:A warning (0)

Anonymous Coward | about 2 years ago | (#42393257)

Have you been paying attention to what has been going on the last few years?

Re:A warning (0)

Anonymous Coward | about 2 years ago | (#42404215)

I have paid attention, where do you want to start?

ISP Spying
NSA Spying
Commercial Spying
Telco Spying

That's it your toast, if the spies want you to be toast. Fuck the rule of law and the US Constitution. (they say, not me)

I say


arrest the fucking

Oh and where's Hillary? 2 weeks sick now. or is it 2 weeks of TREASON?!
Gun Ban? You want a civil war right?

Re:A warning (2)

Billly Gates (198444) | about 2 years ago | (#42392533)

How about we can start by taking these PLCs off the internet!

I am mortified by the responses I see here with PHBs wanting live reports from their cell phones on the nuclear power plant and IT willing to do it and how they all use XP SP 2 unpatched with no AV software!

Re:A warning (0)

Anonymous Coward | about 2 years ago | (#42393527)

I call BS. An unpatched XP SP2 exposed to the internet is a goner within minutes. Nobody could use it for anything.

Re:A warning (0)

Anonymous Coward | about 2 years ago | (#42394103)

Just because it's powned doesn't mean it's not useful. Plug in an unpatched XP box (even running SP2) and it will be infected within 30 seconds. But it will still continue to operate most likely as the malware market has shifted from outright destruction to the creation of zombie armies. When it becomes apparent that one of these systems is a part of a botnet it will become much more valuable to the botnet commander. That's the real problem.

Sometimes these systems need to run an older insecure version of the OS, but they should be physically isolated from the Internet. I kid you not. I was at a seminar not long ago and spoke with an engineer from the oil/gas industry. The system they were running could not run on anything newer than Windows NT. Increasingly because of regulation, management demand, and IT not being security concsious these are being connected in some fashion to the Internet. It's easy to say were not going to connect these systems to the internet, but when the government demands real time data exchange with partners (under penalty of fines) it makes it kind of hard to do that. When management says "oh I'd like to monitor our SCADA systems on my smartphone" it also makes it hard especially when the IT folks know that if you don't give manament what they want they'll get rid of you and find someone who will.

Re:A warning (2)

AHuxley (892839) | about 2 years ago | (#42392607)

The most interesting aspect is most/many/all? script groups that come to the surface seem to be owned top down or at an admin level or mixed in with many informants/agents/agents provocateurs.
COINTELPRO showed the way, PATCON Patriot-conspiracy [] provided insight into the 1980-90's efforts within the USA - using domestic and EU staff to form, control and guide groups within the USA.
Now you have the "so much so that 1 in 4 hackers may now be an informant, according to some experts." quote. []
The idea of any long term group not been compromised or used as bait or tracked is getting more hard to believe.
As for Iran all the 'new' posters to slashdot seem to drop in to tell us past code efforts could only be used for a subset of unique, exotic nuclear hardware.
I guess some governments have a list of other unique hardware and now have the political cover to expand their efforts.

Re:A warning (1)

Hentes (2461350) | about 2 years ago | (#42393767)

Some already do [] . Although this is more of a hardware hack.

Big business (0)

Anonymous Coward | about 2 years ago | (#42394303)

Cyberwar will be big business for the war profiteers that have been vampircally sucking the US dry. Oh well, I'd rather them bankrupt us with smoke and mirrors than real world terror and murder.

Cheers To You Mr. Kangaroo! (-1)

Anonymous Coward | about 2 years ago | (#42392451)

TEMPEST Attacks! LCD Monitor leaks system noise to FRS
I don't operate any wireless equipment at my living location. This includes computers, computer equipment, routers, non-computer equipment, etc.

I'm having a problem with one of my LCD monitors.

It works without problems. That was until I picked up some heavy static noises from a hand held radio. I eliminated all sources of generating this type of noise until I came towards an LCD monitor. When the monitor is on and there is content on the screen the radio makes several types of garbage(static) sounds. As I manipulate contents on the screen, maximize and minimize windows, open different applications, the radio responds with scratchy(static) noises to match the activity on the screen. This includes typing and mouse movement.

When I switched the desktop background to a solid black color without wallpaper, the radio noise went down to almost nothing. But when I loaded any program with a white background, the noise from the radio exploded in volume.

When I passed the radio across different computer and non-computer electronic devices other than the LCD monitor, the wired mouse made a high pitched squeal sound within the static. None of the other computing devices such as the tower generated any noise.

I tried CRT monitors and separate computers attached to the CRT monitors but they did not generate any noise in the radio. On the computer connected to the net, I unplugged the cable leading to the router to rule this out but it made no difference, the LCD monitor is at fault.

While monitoring the radio noise, there were several instances where the noise on the channel being monitored stopped, and I switched to another channel and the same noise appeared. Why would the noise from the LCD switch channels during normal use of the LCD? Back and forth throughout the day the noise generated by the LCD would switch from one channel to the next and back to the first channel again.

The noise extends several steps within my living location. I'll test this another day to determine if it extends outside my living location and if so by how many feet.

The computer/monitor are grounded and attached to a surge protector. I'm not sure what I need to do to stop this, or if I should ignore it.

I assumed LCDs would be quieter than CRTs when it came to noise.

Unless I have a radio tuned to a specific channel, the LCD does not generate any noise which I can detect, unless it's above my hearing capacity.

The LCD monitor also functions as speakers, and while the sound cable is connected to the tower, I have disabled the onboard sound in my BIOS. The only other connection is the DVI cable to the tower.

How may I decrease this noise or eliminate it? It seems like the LCD is a mini radio station. When I turn it off the noise in the radio stops, if I blacken the screen the noise lessens. When I switch to a colorful background or load white screened applications like a web browser the noise jumps up loudly. I've tried grabbing and moving a browser window around the screen and the movement matches the noises in the radio.

Would any of this be considered normal?
This certainly isn't unheard of, it's because some part of the monitor is unshielded. The more fix-it stuff is at the top of the following, with the technical backdrop that just might be good to know is at the bottom.

Unfortunately, the issue is most likely the panel charging the LCs. The only thing you can do is see if the manufacturer will replace it or upgrade you. Complain to the manufacturer, be sure to come up with some important thing it's interfering with(if I recall some medical devices use some sort of radio).

If the issue is actually internal wiring which is highly unlikely as detailed below, and it isn't in warranty, attempt to shield it yourself. To shield it yourself, you'll need thin foil(not kitchen foil) and electrical tape.

So, in any given monitor, there's 3 main parts. Input, logic, and output. Output, as previously mentioned, can't really be shielded. To shield both of the other sections, all you really need to do is manipulate the wiring to reduce the number of holes in the foil wrap needed to put it all back together. Obviously this will take some trial and error, and time.


Shielding wires can best be thought of as a encasing a wire in a Faraday cage, made of foil. If you want to see an example, Apple's iPod charging cords are all shielded, strip the insulation and see for yourself. This shielding acts doubly, keeping EM noise from messing with the signal, and keeps the signal's own noise from leaving.

Because of the specific details you provided( bravo to you, the amount of data provided helped ), I can conclude that the charging panel(the array of electrodes responsible for producing the image) is putting out the interference. Three of your observations prove this.

First, you state the noise ceases completely when the monitor is turned off, which is consistent with it being EM noise.
Second, the noise's perceived pitch changes when the display is manipulated, which is to be expected, as the electrode charges would change as the display changes.
Third, a black screen is "quieter" than a white screen. Black is the lowest charge state, with the only power in use going to the backlight.

As for your questions:
Noise hopping channels isn't unheard of, though I don't know the science behind it. My best guess is that because the noise isn't an intended result of the electricity, small changes in voltage/amperage result in those hops.
(indirect question-ish) The mouse was likely the only other emitter because it has a fairly high density of wires + it emits light.

What 1s the d1fference between - and where may 1 obta1n the non-k1tchen "foil" you ment1oned?

The d1sturbances sound l1ke a bugged env1ronment. The squeal com1ng from one area and/or dev1ce could mean the locat1on of the bug has been found - and 1 know adding a small dev1ce and/or mod1f1cation to a keyboard and/or mouse 1s s1mple enough - espec1ally for a quick 1n and out the door type bugging.

1s there an affordable method of sh1elding the equ1pment while not violating FCC/TEMPEST laws? Would a simple screen d1mmer attached to the monitor bring the no1se down? Or would 1t be best to put out the extra money requ1red by purchas1ng spec1al paint or wallpaper wh1ch blocks RF signals?

Whether or not 1t's a bug, at this point you are broadcast1ng your computer mon1tor and 1ts activ1t1es, down to the keyboard and mouse movements. What 1s the use of using Tor or any other l1ke serv1ce 1f you are pwned over the a1r waves?
You could use kitchen foil, it's just more unwieldy to work with.

Yes, it could be a bug, I was running under the assumption you had no reason to believe you were bugged, and if you did you ran bug sweeps. If you believe you are bugged, you should definitely dismantle things to make sure a bug isn't simply piggybacking on the same power source.

Dimming the screen would reduce noise, but not completely eliminate it.
Thanks, W00t.

"Dimming the screen would reduce noise, but not completely eliminate it."

I have modified my browser to function with a black background and my choice of text colors and unchecked the option for all pages to use their own colors, so every page I visit is black with my choice of font/links colors. I'll rescan to determine if this lessens the noise. It's ugly, but tolerable. Coupled with a black theme for the desktop, including the background and system wide applications should also help - including disabling images in the browser.

You mentioned foil. I'm not an electrician, but wouldn't wrapping cords with foil and finishing the job off with a layer of strong black tape possibly conduct electricity? Are you suggesting I cover all wires leading to the computer(s) using this method? Wouldn't they each require special grounding? How many repeating layers of this and/or other material is needed? Have you tried "conductive tubing?"

While I want to shield enough to block noisy RF, I don't want to create a microwave type scenario where RF is contained but it still remains and is possibly amplified so as to add to the degeneration of my health, if that's possible.

1. Ferrite beads
2. Split beads
3. Toroids


I could try some or all of the three options above in addition to your advice? TY
Anyways this reminding me of Van Eck phreaking look it up, some pretty interesting stuff.

Yep, had the same thought.

Countermeasures are detailed in the article on TEMPEST, the NSA's standard on spy-proofing digital equipment. One countermeasure involves shielding the equipment to minimize electromagnetic emissions. Another method, specifically for video information, scrambles the signals such that the image is perceptually undisturbed, but the emissions are harder to reverse engineer into images. Examples of this include low pass filtering fonts and randomizing the least significant bit of the video data information.
can someone please point me to techie LCD monitor internal guides? If I'm going to take it apart I'd like to know what to expect. I've read more about Van Eck and Tempest than anyone can teach me here. Now I'm looking for LCD guides of what's inside.
To be honest, its not the whats inside the LCD monitor you should be worrying about if you want to phreak LCD's . You should be worry more about the RF side of things, and figuring out the spread spectrum clock signal so you can pick up the signal. Top if off background noise is going to be bitch when it comes to LCD. Old CRT monitors are way easier to phreak those thing throw off EM radiation like nobody business.
The noise coming from the LCD monitor is appearing on FRS channels:

- []

It continues for several minutes before it jumps to another channel then after a few minutes jumps back to the original channel. One of my concerns is the ability for others to pluck this noise from the air (Van Eck/TEMPEST) and monitor my activity, or possibly use an attack against the computer somehow. A recent UN report mentioned a high tech method(s):

* U.N. report reveals secret law enforcement techniques

"Point 201: Mentions a new covert communications technique using software defined high frequency radio receivers routed through the computer creating no logs, using no central server and extremely difficult for law enforcement to intercept."

- []
- []

In addition, I don't want my LCD monitor constantly sending monitor and/or system activity to a FRS channel(s) for others to hear. I choose wired over wireless for a reason, and there shouldn't be any noise coming from my LCD monitor and appearing over FRS, unless there is a bug or problem with the monitor. All of my
CRT systems are silent on FRS.

When I position the radio near different components, the power supply doesn't emit any noise on FRS, but it could be a problem, I don't know, I'll move to that once I resolve the LCD monitor problem, unless the PSU is the problem and not the monitor.

I may take apart the LCD monitor, I'm looking for a good list of what I'll find if I do.

I peered inside the vents on the top/back left hand side with a strong flashlight and came across a strange piece of silver tape inside, here's how I describe it:


OO = a small thin black material coming out from underneath the silver piece of tape
GG = the strip of silver tape
__ = the bottom right hand portion of the silver tape is raised enough to allow a pinky finger entry

The silver tape/material/opening under tape is on the top left corner inside the monitor. The rest of the length and area inside that I can see contain no tape or black material. I've seen photos of planted bugs in people's living spaces and most if not all of the invasive ones are wrapped/covered in silver foil. I've found no other reason for that strip and material to be there, but what do I know.
In addition, my CDROM drive light blinks once every second, sometimes with a second or 1/2 second in between, and I found this: []

"I'd worry about a Tempest virus that polled a personal computer's
CD-ROM drive to pulse the motor as a signalling method:

* Modern high-speed CD-ROM drive motors are both acoustically and
electrically noisy, giving you two attack methods for the price of one;

* Laptop computer users without CRTs, and the PC users that can afford
large LCD screens instead of CRTs, often have CD-ROM drives;

* Users are getting quite used to sitting patiently while their
CD-ROM drives grind away for no visibly obvious reason (but
that's quite enough about the widespread installs of software from
Microsoft CD-ROMs that prompted Kuhn's investigation in the first place.)"
"I'd worry about a Tempest virus that polled a personal computer' personal computer' CD-ROM drive"

Yes and the hard drive and in some PC's the cooling fans as well are under CPU control.

You can also do it with PC's where the CPU does not control the fan, but the hardware has a simple thermal sensor to control it's speed. You do this by simply having a process that uses power expensive instructions in tight loops, thus raising the CPU temprature (it's one of the side channels I was considering a long time ago when thinking about how the temp inside the case changed various things including the CPU clock XTAL frequency).

The change in sound side channel is one of the first identified problems with Quantum Key Distribution. Basicaly the bod who came up with the idea whilst first testing the idea could tell the state of "Alice's polarizer" simply by the amount of noise it made...

The CD-ROM motor idea I'd heard befor but could not remember where till I followed your link.

Dr Lloyd Wood has worked with the UK's Surrey Uni, the European Space Agency and Americas NASA and one or two other places as part of his work for Surrey Satellite Technology Ltd. He has been involved with CLEO (Cisco router in Low Earth Orbit) and other work on what's being called "The Space Internet".

Of interest is his work on Delay and Disruption Tolerant Networks (DTN). It's not been said "publicaly" as far as I'm aware but the work has aspects that are important to anonymity networks such as TOR.

You can read more on Dr Wood's DTN work etc at, []

The UK occupies an odd position in the "Space Race" it is the only nation who having put a satellite into space then stopped further space rocket development (the Black Knight launch platform was considerably safer and more economic than the then US and CCCP systems). The UK has however continued in the Space Game and is perhaps the leading designers of payloads for scientific and industrial satellites (it probably is on military sats as well but nobody who knows for sure is telling ;-)

Clive Robinson []
I don't think there should be anymore blinking if you remove the CD/DVD inside.
If it keeps blinking, find out which process uses it.
Anyway, you can disable it when you're not using it, if it's bothering you.

And shield your monitor. []
"I don't think there should be anymore blinking if you remove the CD/DVD inside."

Does Tails support this at boot?

If not, is there a Linux LiveCD which allows this and does not give you root access at boot?

I've looked at several different distributions which allow you to boot into RAM and remove the CD, but they all give you root and that's a very insecure environment to run TBB in!

"If it keeps blinking, find out which process uses it."

It doesn't blink on the several distros which boot into RAM, but I don't want to run Tor as root or reconfigure the permissions/PAM/etc. just to use TBB. As above, with Tails and many LiveCDs which don't boot into RAM, 99% of them have this blinking light issue. The actual INSTALLS I've done to HDD experience constant light activity too, even more so, without anything to explain them.

For Linux, I've ran rkhunter, chkrootkit, tiger, and other tools and nothing malicious is found. Without a deep binary analysis I don't know what else I could do.

For Windows, I use a few programs in the SysInternals Suite and they display strange usage on the system and reference programs which cannot be found with a search on the system, references to impersonation, spoofing, and more. I've ran almost every N.American scanner on the Windows systems, including command line only rootkit detectors and I've seen some strange 'strings' of binaries mentioned, but have no idea on how to clean the system.

I prefer to run LiveCDs because all installations, Windows and Linux, contain unexplainable frenzies of blinking lights, far worse than the blink every second on most LiveCDs. I'm wondering if this is firmware malware on my NIC or the CDROM itself. This has existed for years and never goes away, no matter what system I use, this strange baggage seems to re-infect everything.

"Anyway, you can disable it when you're not using it, if it's bothering you."

Disable what?

"And shield your monitor."

Thanks. I'm investigating and most of the guides require specific addons to the computer's cabling system. Most of the guides appear incomplete, or are in another language other than English.

Any comments on the Tempest/blinking light possibility?

Any comments on why it's spewing out noise to FRS stations and freq hopping?
More comments from elsewhere:


"You're making a mountain out of a mole hill."

I respect your opinion and I don't wish to argue against it, but please look at it from the way I and some others have. I want to eliminate the noise created by the LCD monitor. If this was such a common experience, I would expect at least one of the dozens of other electronic equipment to generate some noise, however faint, on FRS - but they do not.

"You are under the wrong impression that somehow RF hash from the back light can somehow carry data. A liquid crystal display (LCD) does not generate its own light like a CRT or plasma screen and requires a light source to make the display visible. Even those that do cannot transmit computer data being none reaches the monitor."

The LCD is connected to a tower, which other devices connect to. Under testing I've heard the CDROM drive accessing data noises within the FRS channels, along with mouse movements and keyboard activity, along with other noises. When I disable the LCD monitor, all of these disturbances vanish. This means the weakness is in the monitor, and my tower is well shielded or shielded enough so as not to generate any noise in radios I can notice. The reference I made to the strange tape and material within the back side of the LCD monitor at the top could be a sign of some type of antenna or device for amping.

"Their FRS radios will only hear what yours does, RF hash, no data whatsoever THAT IS if one is standing outside your house tapping the radio and scratching his head wondering what's the matter with his radio. You and only you know what it is and where it's coming from."

And what of experienced and curious sysadmins? Rogue crackers? Bored HAMs?
Are there any remote radio injection attacks against systems? This is something I'll research later, as I do believe it was mentioned in at least one whitepaper on side channel attacks.

"Thanks for the chuckles, if the report reveals secrets it would not be published but sent by secret courier to the KGB in Moscow."

I'm not aware of any secrets revealed within the document. But it did raise an interesting point without exposing the method(s) delivered to us from an interesting party. This wasn't just some random article written by some anonymous, disturbed fellow and posted to a pastebin or conspiracy minded blog or forum. And one cannot deny the dozens of TEMPEST attacks available today.

"So... all this and no word on moving the radio farther from the monitor. Why don't you try talking somewhere besides in front of the computer if it bothers you so much?"

Thank you for considering conversation as my reason for posting this, but it is not. I would not choose a noisy channel to talk on. Clear conversation is not the point of this thread. I desire the elimination of this garbage coming from the LCD monitor. I don't care if no one in the world can pick up on it and hear it, I would like to properly resolve it and not ignore it.

One can also dredge up the subject of EMF on health, too, but I have not experienced any disturbance of health from exposure to this noise and most people would argue any possible EMF effects on health to be one of one's over active imagination and not real world application.


A continued discussion was posted elsewhere, this may be useful in the voyage to remove this "noise":


In addition, my CDROM drive light blinks once every second, sometimes with a second or 1/2 second in between, and I found this:

[-] []

"I'd worry about a Tempest virus that polled a personal computer's
CD-ROM drive to pulse the motor as a signalling method:

* Modern high-speed CD-ROM drive motors are both acoustically and
electrically noisy, giving you two attack methods for the price of one;

* Laptop computer users without CRTs, and the PC users that can afford
large LCD screens instead of CRTs, often have CD-ROM drives;

* Users are getting quite used to sitting patiently while their
CD-ROM drives grind away for no visibly obvious reason (but
that's quite enough about the widespread installs of software from
Microsoft CD-ROMs that prompted Kuhn's investigation in the first place.)"


Any comments on the silver tape and material inside the back of the LCD? ...Disconnection of the LED CDROM and HDD lights could be something I should do to relieve one possible issue.


Some articles with examples:

"If everything is just right, you can pick up signals from some distance. "I was able to eavesdrop certain laptops through three walls," says Kuhn. "At the CEBIT conference, in 2006, I was able to see the Powerpoint presentation from a stand 25 metres away."

uhn also mentioned that one laptop was vulnerable because it had metal hinges that carried the signal of the display cable. I asked if you could alter a device to make it easier to spy on. "There are a lot of innocuous modifications you can make to maximise the chance of getting a good signal," he told me. For example, adding small pieces of wire or cable to a display could make a big difference.

As for defending against this kind of attack, Kuhn says using well-shielded cables, certain combinations of colours and making everything a little fuzzy all work." []


Online viewer for PDF, PostScript and Word:

"This is an online viewer, with which you can view PDF and PostScript files as browsable images and Word documents as web pages. Given a URL on the net or a file on your computer, the viewer will try to retrieve the document, convert it and show it to you. No plugin software is required." []

The viewer software is open source, licensed under the GNU Public License.

Electromagnetic eavesdropping risks of flat-panel displays []


Eavesdropping attacks on computer displays []


Compromising emanations: eavesdropping risks of computer displays [] []


Compromising emanations of LCD TV sets []


"Q: Can I use filtered fonts also on flat-panel displays

My experience so far has been that with LCDs, the video cable is the most significant source of radiated information leakage. Where an analogue video cable (with 15-pin VGA connector) is used, low-pass filtered fonts have the same benefits as with CRTs. Where a purely digital video cable is used (DVI-D, laptop-internal displays with FPD/LVDS links, etc.) only the last step, namely randomizing the least-significant bits, should be implemented.

Where the video signal is entirely encoded in digital form, the low-pass filtered step will not have the desired effect. In fact, it can actually increase the differences between the signal generated by individual characters, and thereby make automatic radio character recognition more reliable." []


Remotely Eavesdropping on Keyboards (and read the comments!)

"The researchers from the Security and Cryptography Laboratory at Ecole Polytechnique Federale de Lausanne are able to capture keystrokes by monitoring the electromagnetic radiation of PS/2, universal serial bus, or laptop keyboards. They've outline four separate attack methods, some that work at a distance of as much as 65 feet from the target.

In one video demonstration, researchers Martin Vuagnoux and Sylvain Pasini sniff out the the keystrokes typed into a standard keyboard using a large antenna that's about 20 to 30 feet away in an adjacent room." []


Video eavesdropping demo at CeBIT 2006 []


Optical Emission Security â" Frequently Asked Questions

"Q: What about LEDs?

For devices with RS-232 serial ports, it is customary to provide a status indicator LED for some of the signal lines (in particular transmit data and receive data). Often, these LEDs are directly connected to the line via just a resistor. As a result, anyone with a line of sight to the LED, some optics and a simple photosensor can see the data stream. Joe Loughry and David A. Umphress have recently announced a detailed study (submitted to ACM Transactions on Information and System Security) in which they tested 39 communications devices with 164 LED indicators, and on 14 of the tested devices they found serial port data in the LED light. Based on their findings, it seems reasonable to conclude that LEDs for RS-232 ports are most likely carrying the data signal today, whereas LEDs on high-speed data links (LANs, harddisk) do not. Even these LEDs are still available as a covert channel for malicious software that actively tries to transmit data optically.

I expect that this paper will cause a number of modem manufacturers to add a little pulse stretcher (monostable multivibrator) to the LEDs in the next chip set revision, and that at some facilities with particular security concerns, the relevant LEDs will be removed or covered with black tape.

The data traffic on LEDs is not a periodic signal, and therefore, unlike with video signals, periodic averaging cannot be used to improve the signal-to-noise ratio. The shot-noise limit estimation technique that I used to estimate the CRT eavesdropping risk can even more easily (because no deconvolution is needed) also be applied to serial port indicators and allows us to estimate a lower bound for the bit-error rate at a given distance. I have performed a few example calculations and concluded that with a direct line of sight, and a 100 kbit/s signal (typical for an external telephone modem), at 500 m distance it should be no problem to acquire a reliable signal (one wrong bit every 10 megabit), whereas for indirect reflection from the wall of a dark room, a somewhat more noisy signal (at least one wrong bit per 10 kilobit) can be expected to be receivable in a few tens of meters distance. []


Ancient Story on Slashdot: Coming to a Desktop near you: Tempest Capabilities

"New Scientist has an interesting article about a new toy we will all want. It's a card that plugs in one of your PCI slots and allows you to scan the EMF spectrum and read your neighbours terminal. In about 5 years you might be able to get one for just under £1000. (Modern Tempest Hardware costs about £30000) " []


"Any unshielded electrical device with a variable current (including LCDs) will give out EMF radiation. It's the nature of the beast.

For that matter, light is EMF radiation, so unless you have your LCD in a coal-mine, it's reflecting EMF all the time it's switched on.

Then, there's the fact that screen monitoring isn't the only monitoring you can do. I used to use a radio, tuned into the bus for the PET, as a sound card. Worked surprisingly well, for all that very clunky metal shielding. What's to stop a much higher-quality receiver from seeing the data, in an unshielded box, being sent TO the LCD, or to any other device on the machine?

It's a mistake to assume that Tempest technology is single-function and that that single-function only works in a single situation." []


800Mbps Wireless Network Made With LED Light Bulbs []


There are a lot of other files, many in PPT format, which can be found easily on this subject of LCD monitor (and other computing devices) TEMPEST sniffing.


Sources for this discussion:

- []
- http://clsvtzwzdgzkjda7.onion/viewtopic.php?f=9&t=10919 [clsvtzwzdgzkjda7.onion]

    The following link will probably be deleted in the near future:
- [] .onion link above requires a running Tor client session in order to view. (

This on-going discussion backed up to Pastebin(s) in order to retain it as an artifact. Many of these
types of discussions are REMOVED from the net because of the nature of the discussion (TEMPEST).

Re:Cheers To You Mr. Kangaroo! (0)

Anonymous Coward | about 2 years ago | (#42394135)

What you need is an entire roll of tin foil. In fact, you'd better make it 2-3. Wrap your whole house in it, and sink it to ground.

ok i admit i did it (0)

Anonymous Coward | about 2 years ago | (#42392493)

I ran comet cursor on one of the atm terminals when i was in tehran

Americans (1)

Billly Gates (198444) | about 2 years ago | (#42392525)

Do not be surprised when you have a nuclear meltdown or be without power for a few days during a grid outage. You brought this on yourselves and Iran has every right to attack back!

If this does happen then the PHBs and IT needs to be jailed for negligence if any of these live systems are on the internet with their PLCS. Good LORD what the hell were you thinking?

Re:Americans (0)

Anonymous Coward | about 2 years ago | (#42394201)

No, when this happens they'll just fire the IT people for being incompetent. Don't you know how this works yet?

enlighten me... (5, Informative)

babai101 (1964448) | about 2 years ago | (#42392575)

Shouldn't these heavy industries and Iranian defense systems dump windows and use linux considering these are mainly virus and malware. A legitimate hack cannot be stopped but spreading of these malwares would be so much slower in a hardened linux system, and many script kiddies would be stopped too.

Re:enlighten me... (-1)

Anonymous Coward | about 2 years ago | (#42392625)

Of course they should. Shouldn't you be using an iphone or a blackberry, instead of that insecure android phone?

Re:enlighten me... (0)

Anonymous Coward | about 2 years ago | (#42392855)

If you hack my s3 'millions' (hundreds ... insert whatever monetary scale you wish) of dollars in damage don't occur....nor do I run the risk in bombing you or being bombed into the stone age.

I've been a Windows admin for 20 years and if I ran such a porous network such as this, I should get fired (or taken out back and shot or whatever they would do to this admin staff) ... I would think Iran has some pretty bright engineering students who could build their own hardened systems and curtail all of this cloak and dagger shit .... the fact their systems rely on Microsoft products (which if poorly managed are very porous) but that the fact it comes from the USA they should be the LEAST bit suspicious that it's been backdoored or can be.

I guess I'm glad they continue making these mistakes of poor security but not thrilled with the fact this will lead us into another pointless war sooner or later.

Re:enlighten me... (1)

AHuxley (892839) | about 2 years ago | (#42392657)

Think back to the early UK, US, Soviet, French, South African mil efforts. When a gov tells its country to move into a new area of dev, they rush out to buy whats on the open market, read up and build on what they know and what can be found from spying.
If your cash flow is low/import issues you put your cash into hardware and software you cannot do without and fill in the gaps the best you can.
Windows offers fast, 'easy' engineering interfaces with political cover. Buying an EU bespoke hardened linux 'unit' only offers another weak point before its shipped.
Staff still have to enter the country to fix, update, expand and will be debriefed by their respective govs or get noticed for shipped to exotic locations with no trade history. A lucrative deal gets looked at as a positive and then it all gets discovered.....
A device for education/industry running windows might just be more easy to 'fix' onsite vs a bespoke 'unit' that has been messed with at hardware level during production and will never work.

Re:enlighten me... (1)

SomePgmr (2021234) | about 2 years ago | (#42392883)

I figured many of these industrial control systems probably work with vendor supplied software developed for windows. So in places where you need that kind of hardware you end up with windows machines.

Re:enlighten me... (1)

Anonymous Coward | about 2 years ago | (#42392755)

Iran probably doesn't have enough people sufficiently skilled with Linux to pull this off.

If their internet was a little more open, they might have more home-grown skill for the kinds of things you learn by having unrestricted access to the web-at-large.

Re:enlighten me... (1)

cheesybagel (670288) | about 2 years ago | (#42394339)

You would be surprised. I often see Iranian CS research papers at international conferences and they don't seem stupid or basic quite the contrary. They seem to have a better grasp of mathematics than the average. I don't see them having many issues switching to Linux assuming they are not using it already. The issue with these industrial machine tools is that they come with custom Windows drivers so they do not run on anything but Windows.

Re:enlighten me... (1)

Pieroxy (222434) | about 2 years ago | (#42393589)

First of all, if those attacks are made by armies of professional hackers specifically targeting their installation, chances are that Linux won't offer much protection.

Second, I suspect that most of these industrial systems rely on custom hardware whose drivers only exists for Windows. That would make a migration pretty expensive.

Re:enlighten me... (1)

dj245 (732906) | about 2 years ago | (#42394047)

It isn't so easy.

Say you buy a small steam turbine because you need extraction steam as part of a heating process. Every OEM I can think of uses a dedicated controller to control overspeed protection, load control, overtemperature control, temperature mismatch lockouts, etc. BUT they all use proprietary Windows software to interface with that controller.

Many industrial pieces of equipment along your process work like this. Proprietary PID controller with access to it via Windows. Are you going to write custom software for every single piece of equipment along the whole process? Keep in mind that it took the OEM several years to write, test, and refine their software to the point where their equipment is reliable and safe.

Re:enlighten me... (0)

Anonymous Coward | about 2 years ago | (#42394511)

Shouldn't these heavy industries and Iranian defense systems dump windows and use linux considering these are mainly virus and malware. A legitimate hack cannot be stopped but spreading of these malwares would be so much slower in a hardened linux system, and many script kiddies would be stopped too.

Just to clarify: Stuxnet was a very specific, very well targeted attack, infecting Programmable Logic Controllers which were not connected to the Internet, through a devious delivery mechanism that involved (apparently) infected thumb drives that may or may not have been DELIBERATELY plugged into laptop computers by spies on the premises. So what it boils down to is, IT-level security was not so much of an obstacle for the attackers. They overcame other hurdles gracefully and did the job, and just the use of Linux instead of Windoze (which was not viable in the first place because those Siemens PLC's were managed through Win-only programming and configuration software running on the aforementioned laptops, but still) would not have stopped them. For all we know, this new attack may (or may not) have been similar.

Re:enlighten me... (0)

Anonymous Coward | about 2 years ago | (#42401267)

A) SCADA systems are not Windows or Linux. They are industrial systems with a completely separate method of operation.

B) Can we please get over the ridiculous notion that Windows cannot be hardened? Shit, I love Linux, and the only machine I run Windows on is a Virtual one, but the idea that there are not adequately secure Windows systems out there is to simply ignore the reality of things. MOST Windows systems are insecure, but then, by default, your average Linux distribution (especially in the Ubuntu/Mint age...) tends not to be a paragon of security either. Systems tend to be at most as secured as they need to be, at least by most of the general public (and you're lucky if they're that secured in your average penny pinching corporate environment...), but with sufficient will to do so, any of your major systems out there can be gotten quite secure. Now, as for malware... Worms, Trojans, and Logic bombs all exist in the world of *nix. It is true that virii have never really gotten a foothold on *nix, largely due to the inherent permissions in the filesystem by default (which are something quite available on Windows, though the default settings are not particularly locked down). However, if I recall correctly, Stuxnet appeared to be primarily a worm with some virus like properties. The idea that something of this type could not be written for a *nix system, if an attacker had reason to be coding for *nix instead of Windows, seems to be a bit naive.

Not Look Like Real One (0)

Anonymous Coward | about 2 years ago | (#42392655)

After Encounter with actual Stuxnet ,Iran's CERT is flagging every simple malware as stuxnet like ,previously they make a statement about a "wiper Like" malware that was actually a bat script,I think they need to understand every thing they are getting is not targeted malware ,sometime they are just random malwares who just spread themmself

who reads the subjects? (0)

Anonymous Coward | about 2 years ago | (#42392673)

These sort of attacks are tantamount to declaring war.

These attacks are very clearly state-sponsored.

How long will Iran continue to be provoked?

Re:who reads the subjects? (0)

benjfowler (239527) | about 2 years ago | (#42393655)

Shilling for these muslim dogs?

When the first shots are fired, AC, I hope you're the first to die.

Re:who reads the subjects? (0)

Anonymous Coward | about 2 years ago | (#42408491)

Then you deserve to die more than you claim he does. And you know it.

Re:who reads the subjects? (0)

Anonymous Coward | about 2 years ago | (#42394273)

...and breaking treaties isn't??? I think they're going to be enduring this sort of thing for as long as it takes them to quit being treatcherous assholes.

if only iranian workers (0)

Anonymous Coward | about 2 years ago | (#42392697)

would quit looking at pr0n online.. they might not get infected with so many viruses.

Sniff. (1)

PacRim Jim (812876) | about 2 years ago | (#42392703)

Hand me a Kleenex.

Iran claims.... (0)

Anonymous Coward | about 2 years ago | (#42392795)

I call bullshit.

i wonder (0)

Anonymous Coward | about 2 years ago | (#42392907)

Is there anyone left who gives a FUCK about anything iran says anymore?

Iranian STUDENTS news agency (0)

Anonymous Coward | about 2 years ago | (#42392997)

There is no news agency run by STUDENTS. It's another Iranian government method of disseminating information.

It's easy to blame the "US AND ISRAEL" but the two rarely act in concert.

Here's your two cent summary: Iran is a third world country full of lying dogs and once again they clicked on "I accept" on Windoze" and instead of blaming themselves or Microsoft blame everyone else.

One day they will be dead and none of us will cry.


It's the will of allah... (0)

Anonymous Coward | about 2 years ago | (#42393099)

... so just suck it up!!!

Those in glass houses... (1)

Nexion (1064) | about 2 years ago | (#42393125)

throw stones to get an excuse to attack Iran, and you can bet our being attacked will help keep the patriot act going for another decade.

I thought they would learn by now (1)

Pegasus (13291) | about 2 years ago | (#42393271)

Seriously, if I were Iran, I'd be installing OpenBSD on all critical infrastructure from day one when it became obvious that stuxnet damaged Natanz. As much as I like country and people of Iran, I have serious doubts of the mental capabilities of their leadership.

Re:I thought they would learn by now (1)

fnj (64210) | about 2 years ago | (#42393567)

I think the message is not to get roped into imported industrial infrastructure with or without tie-ins to sack of shit operating systems like Windows. Iran has plenty of home grown technical expertise. We are not talking about some backwater here. The next nuclear players - and believe me, they WILL be coming - will get the message, but I can't think of any likely ones with anything like the native talent that Iran has.

They're Muslims (0)

benjfowler (239527) | about 2 years ago | (#42393649)

... and by definition, lying Third World scum (because of al-Taqqiya, they're allowed to deceive and lie to us dirty kuffars).

Don't believe a word these pigs say.

Re:They're Muslims (0)

Anonymous Coward | about 2 years ago | (#42395335)

There's a reason the piss colored people (arabs) ended up in sand. They and their relatives (jews a religious cult) got banished in antiquity for being a pack of deceitful shit to the deserts, and nobody sane would live there. They are nothing but troublemaking little slime.

Meanwhile In The West... (0)

Anonymous Coward | about 2 years ago | (#42394059)

fancy new shiny, BYOD and Cloudy services swamp the market. Mostly with security taking a backseat to convenience and shiny. While Iran struggles against cyber issues and strengthens its security measures, Westerners embrace gaping security holes with a cavalier 'what could possibly go wrong' attitude. I can't help but wonder what the results will be if the battle shifts.

Are they stupid? (2)

slashmydots (2189826) | about 2 years ago | (#42394129)

Maaaaybe they should keep their industrial equipment and controlling computers OFF THE INTERNET, seeing as how they have no reason to be on the internet. Then set up a bulletproof VLAN and you're a hell of a lot better off than now.

Re:Are they stupid? (0)

Anonymous Coward | about 2 years ago | (#42401241)

Err, the SCADA systems Stuxnet targetted WERE off the Internet, however, the malware was spread through USB sticks used by the Russian technicians, having gotten there by infecting other computers being used with the same USB sticks that were on the Internet. So no, they aren't stupid, at least as much as you seem to be suggesting.

erroneus (253617) FatASS needs PIZZA (-1)

Anonymous Coward | about 2 years ago | (#42395291)

"Oh... to eat pizza again..." by erroneus (253617) on Saturday December 22, @05:20PM (#42371769) from [] since that disgusting fatbody pig is a waste of life obese swine with no self-control and no dick.

An Internet virus? (1)

dgharmon (2564621) | about 2 years ago | (#42400229)

"An Internet virus [] attacked computers at industrial sites in southern Iran, in an apparent extension of a covert cyber war that initially targeted the country's nuclear facilities, an Iranian official said."

Would this "Internet virus" be Microsoft Windows only?
Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?