Stuxnet's Earliest Known Version Discovered and Analyzed 77
An anonymous reader writes "Symantec researchers have discovered an older version of the infamous Stuxnet worm that caused the disruption at Iran's nuclear facility in Natanz: Stuxnet 0.5. According to a whitepaper released by the researchers at RSA Conference 2013, Stuxnet 0.5 has first been detected in the wild in 2007 when someone submitted it to the VirusTotal malware scanning service, but has been in development as early as November 2005. Unlike Stuxnet versions 1.x that disrupted the functioning of the uranium enrichment plant by making centrifuges spin too fast or too slow, this one was meant to do so by closing valves."
2005? (Score:2, Funny)
It took that long to get this damn this to do what it was supposed to do? What was it originally called, Windows Longhorn Stuxnet Edition?
Re: (Score:2, Funny)
It was a government IT project. Of course it took years. Probably cost 100 times the original estimate too.
Re: (Score:1)
Yep, if only they hadn't hired private sector contractors to please those that complain about government inefficiency, maybe it would have gotten done in a reasonable time under a reasonable budget.
Re: (Score:1)
Says someone who has never worked in the government or for a contractor (I've done both for more than a decade). If you think private-sector contractors are either more efficient or more competent you couldn't be more wrong.
Re: (Score:2)
Most of my dealings with the government on the state level, is that they have their heads wedged up their ass, and none of their employees are happy doing what they do... so they are all jaded and drag their ass.
Re: (Score:2)
If that be so, then what was the purpose of the great "War On Drugs"?
Re: (Score:2)
anyone who adopts the position that all government is inept and corrupt is only trying to obtain the power for private corporations to control your life and bleed you dry.
Oh, please. At the higher levels, you're damned right they are inept and corrupt. The line employees, not so much. I've had jobs with gov't and contracted to them. The managers are between a rock and a hard place (fixing stuff is mind boggling BS), but the people I rubbed shoulders with day to day knew what they were doing and cared. Some are still my best friends.
BTW, I do call myself a libertarian/Objectivist, and I'm no fan of corporates nor regulatory capture.
Re: (Score:3, Insightful)
The only reason the private contractors were needed is because the private contractors lobbied for "small government" that got the govt IT employees laid off. (Nevermind that in-house govt IT ops always did their job at a reasonable cost, where over budget years late is considered a good turnout for a private contract job.)
Ever wonder how every self-described libertarian here seems to be a private contractor?
Re: (Score:3)
Wow, this derailed in a different direction than I expected. Should I skip down a few topics to get to the Jew bashing?
State sponsored (Score:5, Insightful)
Re: (Score:2)
Re:State sponsored (Score:5, Insightful)
The code conducts an attack by closing valves in the six top rated cascades out of the possible 18 cascades. The states of two types of valves are modified:
Centrifuge valves – a set of three valves (feed, product, tails) that work in unison per centrifuge to control uranium hexafluoride (UF6) flow into each centrifugeStage valves – one per stage to control UF6 flow into each stage
Auxiliary valves – valves that control UF6 flow into or out of each stage (stage valve) or the cascade as a whole"
Keep in mind, this is working backwards by dissecting the virus. The programmers would have to know this information up front to create the virus. I do not see anyone but "governments or their agents" creating this virus. Another explanation is naive.
Re: (Score:1)
Because breaching government systems and stealing sensitive and/or classified info has never been done by anyone before, right?
Re: (Score:1)
Well, lets just think, what does anybody have to gain out of it?
Outside of a government, does anybody care enough? And if they do, do they have the needed knowledge? And if they have that, lets remember the thing had to enter through usb key, so they also had to have funds enough or be in the general area of the thing.
Lets be honest, the damn thing shows a huge amount of knowledge combined with accesability. And in the end, there probably isn't anybody that earns anything out of this except potentially the
Re: (Score:3)
Re: (Score:2)
If you were looking for a job in the NSA/CIA/US military industrial complex, what better resume entry could you have?
Navy Seals. Army sniper. (Mossad|KGB|SAS|...) hitman. Foreign Legion. Personally, I don't consider Iran a terribly hard target.
Of course, you need to remember that that nitwit Mitnick is now considered a "systems security expert" by many. No, really! Nowadays, a genius IQ plus two bucks will get you a decent cup of coffee.
Re: (Score:1)
Re: (Score:2, Informative)
I... am not 'wholly certain' that your assessment is accurate -- although I concur it appears to be the most probable.
While the equipment to refine Uranium is pretty ... restricted, and I've never programmed a centrifuge -- I have programmed SCADA.
As one of the relatively few actual programmers to do so -- there's still a pretty decent community.
It's relatively uncommon, but not impossible to find or recruit such skill. Frankly, exploiting pretty much any SCADA system is... absolutely trivial if you actual
Re: (Score:2)
Keep in mind, this is working backwards by dissecting the virus. The programmers would have to know this information up front to create the virus. I do not see anyone but "governments or their agents" creating this virus. Another explanation is naive.
Has this really ever been in question?
Re: (Score:2)
No, Anonymous Coward, it it not aquestion.
Also not a question is your lack of balls.
Re: (Score:2)
I have access to the resources needed to create and test such a virus and I am not a government agent nor working for one right at the moment. That doesn't mean I know how to develop such a program but I do have access to the tools and hardware needed in this particular case.The PLC/SCADA/HMI operations were not the sophisticated part of Stuxnet it was the delivery, installation, and spoofing the program employed to remain hidden and multiply under certain conditions once it was released into the ecosystem.
Re: (Score:2)
I have access to the resources needed to create and test such a virus and I am not a government agent nor working for one right at the moment. That doesn't mean I know how to develop such a program but I do have access to the tools and hardware needed in this particular case.
Yes, but there has been a *LOT* that has been known about this virus from the initial analysis that pointed directly at a sophisticated government project. From the very nature of the attack in how it did what it did to the unique machines that it did these things, to the strong evidence from the beginning of a "team" development project, very few if any people "in the know" did not believe that there was strong evidence that it was a formal governmental project.
Re: (Score:2)
It was definitely built and deployed by a national intelligence organization. But the actual PLC changes were the easy part. An individual or non-governmental agency with basic control systems experience could have made changes to scramble to bypass the fault threshold without sending an alert to the HMI resulting in centrifuges operating abnormally. However, only a governmental agency could have deployed this virus. The stolen security certificates, utilization of at least 2 0-day Windows vulnerabilities,
Re: (Score:2)
When Iran stops having their weekly "Death to America" rallies so their oh so honest and upfront government can demonize the people of an entire nation for all their problems, real and imagined, I might give a shit about aggressive acts aimed at that them. Iran is one of the most meddlesome countries in the world. Their acknowledged support for terrorist groups across the ME and 3rd party proxies in other places across the world invites aggression against them. Iran has a somewhat complicated government str
Re: (Score:2)
Jihadist engineers working at Siemens, under the false presumption that Siemens power plants would only be employed in Western countries?
Re: (Score:1)
And they didn't say they were. Who's to say that someone with sufficient skill couldn't break into the Iranian government's network and steal the info? There are plenty of examples of people breaking into governmental systems and stealing data.
Re: (Score:2, Interesting)
Whoever it was, is a complete moron, I suspect. This kind of attack can - and will - be used against everybody else in turn. And if you can interfere with the functioning of valves and other HW, then you can also find a way to cause leakage of hazardous materials.
How about a major leak in a bio-warfare lab in the States? Would we like that?
Re: (Score:3)
Yes, because the American government is famous for thinking ahead carefully before it acts.
Re: (Score:1)
Whoever it was, is a complete moron, I suspect. This kind of attack can - and will - be used against everybody else in turn. And if you can interfere with the functioning of valves and other HW, then you can also find a way to cause leakage of hazardous materials.
How about a major leak in a bio-warfare lab in the States? Would we like that?
The values are in the centrifuges, not the power plant. The centrifuges are used to refine the uranium. The fact that Stuxnet moved on to interrupt the motors of the centrifuges instead of the values was pretty damn clever considering it only affected two of the models of motors (one of them manufactured in Iran).
Now, can a virus similar to Stuxnet attack the control boards, valves, etc of *any* power plant, refinery, or whatever? Of course it can. That's why the hardcoded usernames & passwords found in
Re: (Score:2)
Mostly. It would start with interesting ideas and strongly developed characters that tell an interesting story of our time. Sadly by the time the final curtain drops in the desert outside of Las Vegas we will all be convinced that the story ran its course long ago and that the untimely appearance of the hand of god himself to trigger a nuclear detonation is the sad work of a creative mind all spent. In short the main problem that it would cause is that the extra 300 pages of padding cannot hide the lack of
Re: (Score:3)
I think the fallacy with this is that the techniques required to do this sort of attack are out there for anybody to discover. No matter what the US or any other country does, somebody will use it eventually. We (presuming it's the US) just have the level of technical know-how and resources to get it done sooner than most other countries. Somebody somewhere will use it against us in 20-30 years whether we use it now or not, so why not use it now and get some benefit from it while we're still the only ones t
Re: (Score:2)
Possibly, some free lancer who used to work for the company that made the specific hardware that was targeted?
I have zero doubt that it was government sponsored, to be honest. But, you're asking a question that has at least one obvious possible answer. Hey, I can go one better with my obvious answer: that free lancer happens to be Jewish and/or a Zionist.
Re: (Score:2)
Re: (Score:1)
Except for the minor detail that there is actual evidence including claims made by Al-Qaeda supporting the statement that they were behind it.
You mean like _this_ minor detail:
http://news.techeye.net/security/obama-administration-admits-the-usa-was-behind-stuxnet
In addition to the fact that every single professional malware analyst has stated that only a nation-state could have created Stuxnet?
jackass.
Re: (Score:2)
No, there is no doubt.
Even tiny nation-states have their own cyber forces now. Heck, even African countries with people living in dung huts have cyber warriors.
They should never have networked the dung huts.
When did it first jump species? (Score:5, Funny)
When did it first jump species from laundry dryers to centrifuges?
Full source code (Score:2)
2. Deharmonize Neptunium Impeller
3. Calibrate Uranium-Rod Driver
4. Set Voltage on Saturn-Class Capacitor
5. Test Jupiter Wave Complier
Not as big a worry now (Score:1)
The Natanz facility that was the target of Stuxnet 0.5 and 1.0 is 300 feet below a mountain. There are normally several elevator shafts, one emergency stairway, and several additional ventilation ducts leading down to where Iran was processing uranium ore from 3.5% (power reactor grade) to 20% (weapons grade). Unfortunately 3 days before the most recent Israeli election, an accident happened at the facility. An explosion large enough to be felt 5km away seems to have occurred at the facility, severely da
Re: (Score:2)
All you have to do to get out is simply dial one of the off planet bases on the stargate and then have a team power down that gate then dial back home to the russian gate.
Re: (Score:1)
Actually the explosion was at Fordow, not Natanz, nobody claimed otherwise, although Iran claimed there was no explosion and the reports were "Western Propaganda". And 20% is not weapons grade, you need to get up to about 90% to be considered weapons-grade.
Re: (Score:2)
As I understand it, 20% is the absolute minimum concentration where it is possible to create a critical mass, and thus a nuclear detonation. I'm guessing that getting an actual detonation at that concentration level requires a ton of advanced warhead design/engineering and boosting techniques, and is still probably pretty low-yield. Probably nobody would actually bother doing it because it's much easier and more reliable to just keep on refining until you get to 90%+ where you can skip a lot of the tricky s
How do you submit Stuxnet to Virustotal? (Score:1)
Surely it is more than just one file
We'll soon see a Stuxnet patent (Score:1)