topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Thursday March 28, 2024, 6:12 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: Was Stuxnet Worm Built to Attack Iran's Nuclear Program?  (Read 9636 times)

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 40,896
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Was Stuxnet Worm Built to Attack Iran's Nuclear Program?
« on: September 21, 2010, 05:13 PM »
Fascinating stuff..

A highly sophisticated computer worm [Stuxnet] that has spread through Iran, Indonesia and India was built to destroy operations at one target: possibly Iran's Bushehr nuclear reactor....
Experts had first thought that Stuxnet was written to steal industrial secrets -- factory formulas that could be used to build counterfeit products. But Langner found something quite different. The worm actually looks for very specific Siemens settings -- a kind of fingerprint that tells it that it has been installed on a very specific Programmable Logic Controller (PLC) device -- and then it injects its own code into that system. Because of the complexity of the attack, the target "must be of extremely high value to the attacker," Langner wrote in his analysis.



from http://slashdot.org/

Deozaan

  • Charter Member
  • Joined in 2006
  • ***
  • Points: 1
  • Posts: 9,747
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: Was Stuxnet Worm Built to Attack Iran's Nuclear Program?
« Reply #1 on: September 21, 2010, 08:56 PM »
Really interesting prospect.

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: Was Stuxnet Worm Built to Attack Iran's Nuclear Program?
« Reply #2 on: September 22, 2010, 03:53 PM »
Yay for having SCADA stuff available over the internet - f'ing brilliant idea >_<
- carpe noctem

Deozaan

  • Charter Member
  • Joined in 2006
  • ***
  • Points: 1
  • Posts: 9,747
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: Was Stuxnet Worm Built to Attack Iran's Nuclear Program?
« Reply #3 on: September 23, 2010, 03:33 AM »
It wouldn't necessarily have to be directly connected to the internet to get infected.

Someone could bring in a USB drive that was infected and connect it to a PC on the intranet which infects it.

I'm making this up as I go along so I'm probably wrong but it makes sense to me.  :D

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: Was Stuxnet Worm Built to Attack Iran's Nuclear Program?
« Reply #4 on: September 23, 2010, 01:53 PM »
True, Deo - but that's also pretty bad - (critical) SCADA systems really shouldn't be accessible from the outside by any means... they should have "air firewalling" :)

Btw, this is a worm, so either the systems *are* directly accessible from the 'net, or it uses other exploits to get into LANs and then start looking.
- carpe noctem

nosh

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 1,441
    • View Profile
    • Donate to Member
Re: Was Stuxnet Worm Built to Attack Iran's Nuclear Program?
« Reply #5 on: September 23, 2010, 03:52 PM »
By messing with Operational Block 35, Stuxnet could easily cause a refinery's centrifuge to malfunction, but it could be used to hit other targets too.

Wonder how many countries currently have some of their nukes pointing to... themselves.

ppass

  • Participant
  • Joined in 2005
  • *
  • default avatar
  • Posts: 87
    • View Profile
    • Donate to Member
Re: Was Stuxnet Worm Built to Attack Iran's Nuclear Program?
« Reply #6 on: November 03, 2010, 05:55 AM »
Excellent webinar last week on the subject:

http://www.norman.co...ebcasts/101374/en-uk


mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 40,896
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Re: Was Stuxnet Worm Built to Attack Iran's Nuclear Program?
« Reply #7 on: January 16, 2011, 02:36 PM »
update in NY times today:

http://www.nytimes.c.../16stuxnet.html?_r=1

"In interviews over the past three months in the United States and Europe, experts who have picked apart the computer worm describe it as far more complex — and ingenious — than anything they had imagined when it began circulating around the world, unexplained, in mid-2009. "

"The worm itself now appears to have included two major components. One was designed to send Iran’s nuclear centrifuges spinning wildly out of control. Another seems right out of the movies: The computer program also secretly recorded what normal operations at the nuclear plant looked like, then played those readings back to plant operators, like a pre-recorded security tape in a bank heist, so that it would appear that everything was operating normally while the centrifuges were actually tearing themselves apart."

from slashdot post here: http://tech.slashdot...srael-Behind-Stuxnet
« Last Edit: January 16, 2011, 02:38 PM by mouser »

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 40,896
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Re: Was Stuxnet Worm Built to Attack Iran's Nuclear Program?
« Reply #8 on: February 17, 2011, 11:09 PM »
Very interesting new article out today:

The key to unraveling the mystery of Stuxnet is understanding the meaning of a seemingly purposeless act by the attackers behind the malware. Stuxnet was first reported on June 17, 2010 by VirusBlokAda, an anti-virus company in Belarus. On June 24, VirusBlokAda noticed that two of the Stuxnet components, Windows drivers named MrxCls.sys and MrxNet.sys, were signed using the digital signature from a certificate issued to Realtek Semiconductor. VirusBlokAda immediately notified Realtek and on July 16, VeriSign revoked the Realtek certificate. The very next day, a new Stuxnet driver named jmidebs.sys appeared, but this one was signed with a certificate from JMicron Technology. This new Stuxnet driver had been compiled on July 14. On July 22, five days after the new driver was first reported, VeriSign revoked the JMicron certificate.

The question I want to explore is why the attackers rolled out a new version of their driver signed with the second certificate. This is a key question because this is the one action that we know the attackers took deliberately after the malware became public. It’s an action that they took at a time when there was a lot of information asymmetry in their favor. They knew exactly what they were up to and the rest of us had no clue.

http://emptywheel.fi...-second-certificate/

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 40,896
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Re: Was Stuxnet Worm Built to Attack Iran's Nuclear Program?
« Reply #9 on: July 16, 2011, 09:35 PM »
New excellent long article on stuxnet:
http://www.wired.com...phered-stuxnet/all/1
"How Digital Detectives Deciphered Stuxnet, the Most Menacing Malware in History"
« Last Edit: July 17, 2011, 08:05 AM by mouser »

tomos

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 11,959
    • View Profile
    • Donate to Member
Re: Was Stuxnet Worm Built to Attack Iran's Nuclear Program?
« Reply #10 on: July 17, 2011, 07:59 AM »
New long article on stuxnet:
http://www.wired.com...phered-stuxnet/all/1
"How Digital Detectives Deciphered Stuxnet, the Most Menacing Malware in History"

great article
-
I have a rebooting computer and one diagnostic tool said it had 'probably' dectected a virus in memory.
Maybe this was my problem all along... :D
Tom