PDA

View Full Version : First Malware Weapon: May Already Have Attacked Iran's Nuclear Program?




dannno
09-24-2010, 11:43 AM
http://news.yahoo.com/s/csm/327178


Stuxnet malware is 'weapon' out to destroy ... Iran's Bushehr nuclear plant?

Cyber security experts say they have identified the world's first known cyber super weapon designed specifically to destroy a real-world target – a factory, a refinery, or just maybe a nuclear power plant.

The cyber worm, called Stuxnet, has been the object of intense study since its detection in June. As more has become known about it, alarm about its capabilities and purpose have grown. Some top cyber security experts now say Stuxnet's arrival heralds something blindingly new: a cyber weapon created to cross from the digital realm to the physical world – to destroy something.

At least one expert who has extensively studied the malicious software, or malware, suggests Stuxnet may have already attacked its target – and that it may have been Iran's Bushehr nuclear power plant, which much of the world condemns as a nuclear weapons threat.

The appearance of Stuxnet created a ripple of amazement among computer security experts. Too large, too encrypted, too complex to be immediately understood, it employed amazing new tricks, like taking control of a computer system without the user taking any action or clicking any button other than inserting an infected memory stick. Experts say it took a massive expenditure of time, money, and software engineering talent to identify and exploit such vulnerabilities in industrial control software systems.

Unlike most malware, Stuxnet is not intended to help someone make money or steal proprietary data. Industrial control systems experts now have concluded, after nearly four months spent reverse engineering Stuxnet, that the world faces a new breed of malware that could become a template for attackers wishing to launch digital strikes at physical targets worldwide. Internet link not required.

"Until a few days ago, people did not believe a directed attack like this was possible," Ralph Langner, a German cyber-security researcher, told the Monitor in an interview. He was slated to present his findings at a conference of industrial control system security experts Tuesday in Rockville, Md. "What Stuxnet represents is a future in which people with the funds will be able to buy an attack like this on the black market. This is now a valid concern."

(more at link)

pcosmar
09-24-2010, 11:49 AM
Anyone is an idiot for using Windows for and kind of secure system.
There are just too many flaws to exploit.

dannno
09-24-2010, 12:09 PM
http://www.softsailor.com/wp-content/uploads/2009/02/ubuntu-logo.png

Dr.3D
09-24-2010, 12:11 PM
Anyone is an idiot for using Windows for and kind of secure system.
There are just too many flaws to exploit.

I seriously doubt Windows would even run this program.

pcosmar
09-24-2010, 12:22 PM
I seriously doubt Windows would even run this program.
From Wiki, for quick reference

Stuxnet attacks Windows systems using four zero-day attacks (including the CPLINK vulnerability and a vulnerability used by the Conficker worm) and targets systems using Siemens' WinCC/PCS 7 SCADA sofware. It is initially spread using infected USB flash drives and then uses other exploits to infect other WinCC computers in the network. Once inside the system it uses the default passwords to commandeer the software.[2] Siemens however advises against changing the default passwords because it “could impact plant operations”.[4]


Siemens however advises against changing the default passwords because it “could impact plant operations”
How stupid is that?

Dr.3D
09-24-2010, 12:33 PM
From Wiki, for quick reference


How stupid is that?

Yeah, that is pretty stupid.

One would think they would use something other than a Microsoft product to run sensitive processes. For that matter, they shouldn't even be using anything that resembles an Intel microprocessor.

dannno
09-24-2010, 12:38 PM
Yeah, that is pretty stupid.

One would think they would use something other than a Microsoft product to run sensitive processes. For that matter, they shouldn't even be using anything that resembles an Intel microprocessor.

http://www.da-kolkoz.com/images_blog/amd-girl.jpg

Dr.3D
09-24-2010, 12:42 PM
http://www.da-kolkoz.com/images_blog/amd-girl.jpg

AMD makes a knock off Intel microprocessor.

I'm talking about not even using something resembling those processors.
Motorola makes some mighty fine microprocessors that wouldn't run software designed to run on the Intel type microprocessors.

newbitech
09-24-2010, 12:47 PM
this smells like propaganda.

pcosmar
09-24-2010, 12:50 PM
this smells like propaganda.

When I first heard of it,, it was about a threat to US power plants and grid.

The whole "don't change the default Password" is incredibly stupid.

Backdoor access anyone?

newbitech
09-24-2010, 12:56 PM
When I first heard of it,, it was about a threat to US power plants and grid.

The whole "don't change the default Password" is incredibly stupid.

Backdoor access anyone?

they are saying its spread by USB thumbstick of a russian contractor. This isn't malware, its sabotage. That it has spread around to systems that it is not targeted for shows how incredibly stupid people are about technology. This is nothing more than a self mounting solid state drive attachment. It has probably been copied 1000's of times and I would not be surprised if this is a hoax.

Sabotage and malware are two completely different things.

DaemonTools has been around for a long time.

Kludge
09-26-2010, 10:20 PM
Stuxnet 'Industrial Virus' Hits Iran Hard


One Iranian official, Mahmud Liai of the Ministry of Industry and Mines, was quoted (http://www.nytimes.com/2010/09/26/world/middleeast/26iran.html) as saying that 30,000 Iranian computers had been affected. He added that Stuxnet was “part of the electronic warfare against Iran.”

According to German computer security researcher Ralph Langner, who has been analyzing Stuxnet since it was discovered in June, Stuxnet is able to recognize a specific facility's control network and then destroy it. He believes Stuxnet's primary target was the Bushehr nuclear facility in Iran. That plant was built with Russian help, but unspecified problems have delayed its operation.

http://hothardware.com/News/Stuxnet-Industrial-Virus-Hits-Iran-Hard/

No harm done, it seems, but a scary oversight by people in control of great power.

devil21
09-27-2010, 01:24 AM
this smells like propaganda.

I'm not buying the story. What are the odds of this particular malware actually landing where it was supposed to and attacking Iran's nuclear sites but nothing much else? Worms like this wreak havoc on unprotected home and business computers and spread all over the world fairly quickly. I haven't even gotten a warning from MS or Symantec about it. I can't believe Iran's IT security would be that porous that a Windows worm could penetrate a NUCLEAR SITE and actually cause any damage. From an IT perspective it seems highly unlikely to be true unless it was some sort of inside job. And why would Iran even acknowledge such a thing and/or admit their security isn't very good???

Kludge
09-27-2010, 01:32 AM
Propaganda by who? This paints the US as possible aggressors in this and the Iranians as incompetent/victims of "electronic warfare."

devil21
09-27-2010, 01:38 AM
Propaganda by who? This paints the US as possible aggressors in this and the Iranians as incompetent/victims of "electronic warfare."

As another poster pointed out, it attempts to show the Iranians of being incapable of possessing ANYTHING of a nuclear nature.

Like saying: "If their security is so bad that a Windows worm can damage their reactor sites then maybe someone can make it meltdown and kill us all!!!"

IOW, a change in direction from fearmongering about a nonexistent weapons program to fearmongering that they are too incompetent to have anything nuclear. Nevermind that Russia designed pretty much all of Iran's nuclear program...


ETA: The timing is also interesting considering the Internet Kill Switch legislation lately that I think was introduced in the Senate in JULY. Introducing the notion of this doomsday computer virus that attacks power plants through an "enemy" like Iran serves the purpose of conditioning people to the existence of it as well as being able to further demonize Iran.

:tinfoil time: If the lights go off here in the US there's a ready-made reason called Stuxnet and of course the internet kill switch will be in place to "protect" us from this worm spreading further. It should be noted that this particular worm does not have the ability to replicate itself across the internet. Im going to pack that tidbit of info away for later, just in case.

devil21
09-27-2010, 02:12 AM
I decided to check Symantec's website to see what they had to say about it.

http://www.symantec.com/business/security_response/writeup.jsp?docid=2010-071400-3123-99

This is the "global distribution" of this worm. This alone looks suspect.
http://www.symantec.com/content/en/us/global/images/threat_writeups/2010-071400-3123-99.2.png

Symantec says they've had detection methods in place for this threat since mid JULY. It is to be assumed that all other AV software would have done the same around the same time. This would indicate that these Iranian computers, if truly infected, have no AV software whatsoever nor do they patch their Windows systems, nor do they have any competent IT staff since the removal procedure is exceedingly easy and could be automated very simply at login. If any of these three cases aren't true then this worm would have been neutralized long ago. This story just doesn't stand up to the smell test if you're in the IT field and have experience with this sort of stuff.

More info here in an interesting write-up on this threat from JULY by Symantec:
http://www.symantec.com/connect/blogs/hackers-behind-stuxnet

Live_Free_Or_Die
09-27-2010, 03:11 AM
A computer worm which targets industrial and factory systems is almost certainly the work of a national government agency, security experts told the Guardian


Clulely is wary of reports linking Stuxnet with Israel: "It's very hard to prove 100% who created a piece of malware,

i'll go with that for $1000....

newbitech
09-27-2010, 04:35 AM
Propaganda by who? This paints the US as possible aggressors in this and the Iranians as incompetent/victims of "electronic warfare."

I see this as global propaganda. If I had to guess, I would say its the Russians spreading the emulator and the news of its success.

I don't call this a worm or a virus. It is not spreading on its own, it is being placed. I think all the hits are cover ups. Someone mentioned back door access. I think that is probably the most harmful thing.

I see Iran as a proxy for Russia and maybe China. This is a threat to the US, not a threat to Iran.

This is basically saying, at any point in time, a nuclear facility in the ME can blow up. It would be great cover for anyone that wants to see the fighting in the ME escalate. Sure the US has some motivation for that, but I don't see the US trying to be that sneaky about it.

I still think its a hoax. This crap comes right out of the movie "Hackers". Some crazy virus that is controlling huge super tankers (in this case huge nuclear facility), when the real crime is skimming pennies from bank accounts (in this case, distracting the world from the proxy state that Russia and China are setting up in the ME.)

Really, I don't know what the intentions for this distraction could be, but I really don't think this is American propaganda, of course TPTB in America will spin it, but underneath, I think American's are focusing on the wrong countries. Look at Russia. This "worm" is a probe I believe to see how America reacts to an unstable Iran/ME nuclear situation.

Sure its top news, but I don't think the story is the compromised nuclear facility.