Forgot your password?
typodupeerror
Security Networking The Internet News

How Investigators Deciphered Stuxnet 131

Posted by Soulskill
from the introductory-cyberwarfare dept.
suraj.sun tips a story at Wired that takes an in-depth look into how security researchers tracked down and worked to understand the infamous Stuxnet worm. The article begins: "It was January 2010, and investigators with the International Atomic Energy Agency had just completed an inspection at the uranium enrichment plant outside Natanz in central Iran, when they realized that something was off within the cascade rooms where thousands of centrifuges were enriching uranium. But when the IAEA later reviewed footage from surveillance cameras installed outside the cascade rooms to monitor Iran's enrichment program, they were stunned as they counted the numbers. The workers had been replacing the units at an incredible rate — later estimates would indicate between 1,000 and 2,000 centrifuges were swapped out over a few months. The question was, why?"
This discussion has been archived. No new comments can be posted.

How Investigators Deciphered Stuxnet

Comments Filter:
  • The part about the differences in loyalties of the Symantec researchers was telling, though.

    "We don't care if this harms something important our country is doing to stop madmen from getting the Fist of God. We have customers to do business with!"

    • by neochubbz (937091) on Monday July 11, 2011 @05:57PM (#36727102) Homepage

      The part about the differences in loyalties of the Symantec researchers was telling, though.

      "We don't care if this harms something important our country is doing to stop madmen from getting the Fist of God. We have customers to do business with!"

      You're looking at this the wrong way; fighting computer viruses is akin to fighting biological viruses, it benefits everyone. Even if stuxnet was being used in some sort of covert fashion, you don't go around using viruses as weapons without having an effective vaccination/cure in place.

      • Re: (Score:2, Insightful)

        by Renraku (518261)

        Considering the virus only infected the outdated type of centrifuge with the firmware that Iran was using...I think it was only benefiting Iran and Symantec's wallet.

      • Re: (Score:3, Insightful)

        Computers can be reformatted and replaced.

        Tel Aviv cannot.

        The groups behind Stuxnet were prioritizing the risks of a surgical anti-nuclear proliferation strike as being worth the potential collateral damage. I think that was a prescient and reasonable decision, especially given Iran's irrationality and their hunger for nuclear weapons.

        • Re: (Score:2, Insightful)

          by Anonymous Coward

          Iran is not going to attack Israel. Even Ahmadinejad in his most insane moments would not attack Israel first. But it would play right into the madman's wet dream if Israel attacked Iran. Then Iran would basically be defending against Israeli aggression.

          This is what Ahmadinejad believes. He believes that the return of the Mahdi will only happen when Iran is attacked by Israel. An attack the other way around would "void the prophecy".

          • by Anonymous Coward

            Iran is not going to attack Israel. Even Ahmadinejad in his most insane moments would not attack Israel first.

            Perhaps, perhaps not. But can you guarantee that everyone who has access to the nukes they are developing, now and in the future, won't? In one of the least stable regions in the entire world? Full of terrorists willing to give their lives and the lives of their children, whose stated goal is the extermination of the Israeli nation?

            Yeah, though not.

            • As somebody from Africa I must say:
              Can you guarantee that everybody who sits in the white house with nuclear launch codes, now and in the future, won't start nuking countries if they refuse to pass laws demanded by US companies ?

              You've had a history of removing democratically elected leaders around the world if those leaders put the development of their own people ahead of corporate profits and replacing them with dictators that would do as you say. In the case of Panama you actually had a CIA agent become

              • You gave the nuclear launch codes to G.W. Bush... TWICE !

                What makes you think we gave him the launch codes? Those were the codes to his luggage....

          • by CPTreese (2114124)

            Really???? Oh thank God! All this time I was thinking that Iran and all the other Arab states still wanted to decimate Israel! It's a good thing that after two attempts of destroying Israel they would only bluster after possessing a nuke. You poor naive man.

        • by Whiteox (919863)

          It would be interesting to hypothesize if Tel Aviv/Israel was nuked, whether Israel would counterattack or expect US to counter-attack on their behalf. After all there's a lot of black gold in those wells.

          • It's not hypothesis. Read up on the Sampson Option. Israel has a longstanding policy that if they are attacked with weapons of mass destruction, they will retaliate massively against pretty much all their enemies in the region, regardless of involvement.

            It keeps the fools at bay.

        • by m50d (797211)
          Ah yes, Israel has an excellent record of being anti-nuclear proliferation.
      • by Anonymous Coward

        Not to mention the fact that if you're working for American company you should somehow magically transform your loyality from your native nationality to US is rather ridiculous argument. A company is a just thing that operates within the limits set in the law. Defense and espionage are nation state actions.

        The people mentioned in the article were an Irish, a French and a Japanese among others. I'm working for French company but I as sure as hell don't think what are the French government's advantages in

      • I would take your logic a step further.
        If a major virus hit in Asia tomorrow representing a major threat to any countries it reached - you would want your CDC doing all in their power to assist in finding a prevention/cure while it's still only in those other countries. You would want them to stop it - saving lives there as well as reducing risk to yourself.
        You would certainly want the redcross and doctors without borders and similar organisations doing all in their power to stem the tide before it reached

    • Re: (Score:2, Insightful)

      Madmen? Compared to what?

      Last I checked, the only country claiming credit for Stuxnet was Israel, ie, a country that refuses international inspections of its atomic facilities and "neither confirms nor denies" that it has the bomb (confirming would mean losing US aid that is contingent on not developing these weapons). Israel also has a track record of invading other countries whereas Iran does not.

      Measured by past actions, Israel is a far more dangerous country than Iran. It certainly has nukes, has a powe

      • by rhook (943951)

        Israel also attacked the USS Liberty, which was in international waters, and which also did not attack any of Israel's forces.

        http://en.wikipedia.org/wiki/USS_Liberty_incident [wikipedia.org]

        • by rwven (663186) on Monday July 11, 2011 @06:50PM (#36727624)

          "Both the Israeli and U.S. governments conducted inquiries and issued reports that concluded the attack was a mistake due to Israeli confusion about the identity of the USS Liberty."

          All the whining about how Israel was intentionally trying to sick the ship doesn't make any sense. Considering the efficiency of the Israeli military at getting these sorts of jobs done, there's no way they somehow didn't manage to sink the ship. If they had intended to do it, they would have done it. No question whatsoever.

          The only explanation is that they attempted to destroy it with all due effort, and ceased attempting when they realized that they were attacking a friendly target. Considering they accidentally attacked a column of their own tanks the day before, it's not hard to imagine that they could make another similar mistake, especially given the craziness that was going on during those days.

          • by rhook (943951)

            Visibility of American flag: The official Israeli reports say that the reconnaissance and fighter aircraft pilots, and the torpedo boat captains did not see any flag on Liberty. Official American reports say that the Liberty was flying her American flag before, during and after the attack. The only exception being a brief period in which one flag had been shot down and then replaced with a larger flag that measured approximately 13 ft (4.0 m) long. U.S. Naval Court of Inquiry finding number 2 states: "The calm conditions and slow speed of the ship may well have made the American flag difficult to identify." And finding number 28 states: "Flat, calm conditions and the slow five knot patrol speed of LIBERTY in forenoon when she was being looked over initially may well have produced insufficient wind for steaming colors enough to be seen by pilots".[86] The NSA History Report (page 41) states: "... every official interview of numerous Liberty crewmen gave consistent evidence that indeed the Liberty was flying an American flag—and, further, the weather conditions were ideal to ensure its easy observance and identification."

            The official report is not consistent with what the crew reported. There is also no excuse for attacking an research ship in international waters. The Liberty was, after all, a communications ship.

            On October 2, 2007, The Chicago Tribune published a special report[6] into the attack, containing numerous previously unreported quotes from former military personnel with first-hand knowledge of the incident. Many of these quotes directly contradict the U.S. National Security Agency's position that it never intercepted the communications of the attacking Israeli pilots, claiming that not only did transcripts of those communications exist, but also that it showed the Israelis knew they were attacking an American naval vessel.

            There's just too many unanswered questions about this.

            • by unitron (5733)

              There's just too many unanswered questions about this.

              Not to mention entirely too many unquestioned answers.

          • Paragraph 1: The Israeli army was too efficient to fail in an attack.

            Paragraph 2: The Isreali army was not efficient enough to identify friendly targets.

            That's pretty much a summary of your post.. am I the only one seeing the rather major contradiction ?

            Those two paragraphs can't both be true.

            A much more likely scenario is:
            The Israeli army at that stage was so inefficient not only did it repeatedly strike friendly targets - when it did it failed at the attacks.

            • by rwven (663186)

              They most certainly CAN both be true. The US Army is (debatably) the strongest army in the world by a wide margin....and yet we frequently have friendly fire and "wrong target" incidents. You should have thought through your argument a little more....

              And you're a moron if you think Israel has an inefficient military. Research the six day war. They effectively defeated the entire arab world single handedly in six days.

              • This is just like my favorite response to conspiracy theorists. "Isn't it odd how people will attribute to the government the ability to hide great secrets, when they can't even run a post-office efficiently".

                In fact, governmental efficient definitely varies by sector. Intelligence services are notoriously good at keeping secrets, military is notoriously good at killing people, and tax departments are notoriously efficient at collection (they usually the best run departments in any government).
                There is no c

      • Re: (Score:3, Insightful)

        by Sheik Yerbouti (96423)

        You would put the Iranians above the Israelis? The Iranians are self declared anti semites who recently brutally repressed the self expression of their own people and have declared the US and Israel their enemy. The same people that round up jews and shoot them with firing squads? While Israel has been one of the few steadfast and erstwhile US allies in the middle east. Must be nice to be so poorly informed about reality. Here is the reality Israel is surrounded by anti semites that beat and repress their o

        • by EEPROMS (889169) on Monday July 11, 2011 @08:40PM (#36728594)
          You seriously need to go to Israel and see how the local officials and zionists treat their Arab citizens. It's common practice for Zionist officials to re-assign property as being abandoned or derelict if an arab family lives in it so they can move a zionist family into it, even if the arab family have lived there for 30 years and have paperwork to prove ownership of the property. Then you have the local police standing by while zionists stone arabs and break their windows to force them out of their homes. If that isn't ethnic cleansing I don't know what is. People keep saying Israel is a democracy. I say Israel is a democracy for jews and screw everyone else.
        • by Artemis3 (85734) on Monday July 11, 2011 @11:30PM (#36729646)

          No one declares anti-semitism, but anti-zionism.
          Zionism [wikimedia.org] is the political movement to re-establish the Jewish State, contradicting the scriptures about staying away... (Why keep Sabbath then?).

          In any case, the Zionists waged war and won the land by force, then proceed to get rid of locals, who naturally resisted the invasion in any way they could. Lots of slaughtering and struggle in the process; oh yes, the Zionists did started with terrorism when the land was controlled by the UK... Were you not told about King David Hotel bombing [wikimedia.org]?

          The methods the Israeli forces use are simply mass murdering people trapped and sieged in ghettos. Sounds familiar doesn't it? Yes, ethnic cleansing it is; and all sorts of air bombardment and land and even sea warfare against civilians, mostly armed with just rocks and pitiful glorified firecrackers. No NATO bombing, or no fly zones there... Thousands of innocent people die in Gaza, the UN doesn't care, even after Israel destroys UN facilities there.

          Say what you like about Iran, they haven't dropped white phosphor cluster bombs against civilians, Israel has; everyone watched "Cast Lead". Israel once bombed a Nuclear power plant in Irak, but nothing of the sort has occurred to Israel from Irak. And before there were incidents like the Sabra and Shatilla massacre [wikimedia.org], guess who was involved? The current Prime Minister... Reality surpasses intentions.

          Things like executions occur when you let religious extremists in power. It would be the same if you followed your traditions to the letter. Do not forget both religions have the same root, and Christianity as well. And all of them have committed atrocities in the past, and in that very same patch of land even.

          The Islam scripture actually treat Jews (and Christians) with respect, and before the Zionists invaded, local Jews and Christians did live there just like they live in other countries.

          You say Israel is "surrounded", No s*** Sherlock, Zionists invaded the land and waged war against all its neighbors (defeating them). Thats when a violent future for Israel was sealed; and you have fanatics killing their own leaders [wikimedia.org], when daring to reach peace after decades of bloodshed.

          Zionists don't care about anything and anyone, they want their conquered land clean of Palestinians and anti-zionists and they don't care about the UN or even if the whole world declared war against them, they have the nukes ready [wikimedia.org] should they ever lose.

          "Anti-semitism" is Zionist propaganda against anyone who dares think different.

        • by Matje (183300)

          the trouble with your argument is that it puts the means above the ends. Of course Jews should be respected and be able to live peacefully, just like any other human being. What people, like the GP, are saying is that the means employed by Israel do not respect the right of other human beings. That behaviour is not only morally saddening, it's feeding terrorism.

        • by Whiteox (919863)

          Oh for shit's sake! You are either a really bad troll or have the maturity and understanding of an 8 yr old. Grow up!

          • If he's a troll ignore him. If he's not a troll, post a reasoned rebuttal. Your post is a horrible middle ground, IMO.

        • by m50d (797211)
          Of course Israel's a major US ally, look at what they're getting from the US. As for mistreatment, sure, all regimes in the region are terrible, but that does nothing to excuse Israel.

          So yes, I'm more worried about Israel, because they have nuclear weapons already, and seem more likely to end up in a situation where they have nothing to lose by using them.

      • by Anonymous Coward

        Zero interest in peace? How did the long-standing peace accords with Jordan and Egypt come about?

        Interesting phrasing you used - "no history of invading" - why didn't you say "no history of attacking"? Perhaps because Iran and Israel have been in a shadow war for years - Hezbollah is Iran's chief proxy in the region. It's little wonder that Stuxnet first hit Iran shortly after the Lebanon war of 2006 (which started when Hezbollah crossed into Israel and attacked a patrol, kidnapping several soldiers).

        Isr

      • by couchslug (175151)

        If it doesn't act that way, it will be destroyed.

        Virtue is no defense.

      • by labnet (457441)

        You should have been marked -1Troll not +5Insightful.

        Isreal (a tiny sliver of land) is surrounded on all sides by Arabs (who vastly outnumber them) who are mostly Muslims, who's stated aim is the destruction of Isreal.
        It has been the Arab neighbours that have waged wars against Israel, not the otherway around.
        Palestine refugees only exist because their Arab brothers (Jordan/Egypt etal) refuse to let them resetle, thus they become an antogonstic pawn (PLO etc) against Israel.

      • by tokul (682258)

        Measured by past actions, Israel is a far more dangerous country than Iran.

        Probably. Except for the part where they only want to survive and don't agitate for total extermination of opponent. Don't confuse madmen with bullies. Country run by aggressive theocrats is country run by madmen.

        After WW2 Israelis used their chance and created own country. Arabs lost their chance when they decided not to share and asked for the whole pie instead of accepting fair piece of it.

      • by alantus (882150)

        Madmen? Compared to what?

        Last I checked, the only country claiming credit for Stuxnet was Israel, ie, a country that refuses international inspections of its atomic facilities and "neither confirms nor denies" that it has the bomb (confirming would mean losing US aid that is contingent on not developing these weapons).

        Israel claimed credit for Stuxnet? Do you have any reference for that or are you just speaking out of your ass?
        Israel never signed the Nuclear Non-Proliferation Treaty (NPT), and as such doesn't enjoy the benefits of doing so.
        Iran on the other hand signed and ratified the NPT, so it gets said benefits while at the same time develops its nuclear weapons and lies shamelessly about its true intentions.

        Israel also has a track record of invading other countries whereas Iran does not.

        Measured by past actions, Israel is a far more dangerous country than Iran. It certainly has nukes, has a power mad and oppressive government that regularly ignores basic human rights, is warlike, and shows zero interest in making peace with its neighbours. Infecting 100,000+ computers with a virus and assassinating scientists in order to achieve its foreign policy objectives is exactly the kind of reckless behavior I'd associate with madmen.

        Measured by past actions I would say every single country surrounding Israel is way more dangerous.
        Who do you

        • by Whiteox (919863)

          Israel claimed credit for Stuxnet? Do you have any reference for that or are you just speaking out of your ass?

          A comment after the wired article points to a link:
          "(Accuracy of the information has not been confirmed by Israel) In a surprise admission a couple days ago, at the retirement party of the Chief of the Israeli Armed Forces, Gabi Ashkenazi, he celebrated as one of his achievements that Israel was behind the “StuxNet” attack on Iranian nuclear centrifuges and an air attack on a Syrian nuclear reactor. This was published in The Haaretz (http://translate.google.com/tr... as well as later in The Tele

          • by alantus (882150)

            Israel claimed credit for Stuxnet? Do you have any reference for that or are you just speaking out of your ass?

            A comment after the wired article points to a link:
            "(Accuracy of the information has not been confirmed by Israel) In a surprise admission a couple days ago, at the retirement party of the Chief of the Israeli Armed Forces, Gabi Ashkenazi, he celebrated as one of his achievements that Israel was behind the “StuxNet” attack on Iranian nuclear centrifuges and an air attack on a Syrian nuclear reactor. This was published in The Haaretz (http://translate.google.com/tr... as well as later in The Telegraph. "

            So first you say "Israel claimed credit for Stuxnet", then you post a quote of a newspaper talking about a comment in a retirement party that begins with "Accuracy of the information has not been confirmed by Israel".
            At this point it should be obvious even for you that Israel hasn't claimed credit for Stuxnet.

            • by Whiteox (919863)

              That was a quote from a previous post, not mine.
              I only included the content as it first appeared in a Hebrew language newspaper (which I can't read) and then went worldwide. It is circumstantial. As far as I know there has been no official admissions from anyone, but it's a moot point.

    • by steelfood (895457) on Monday July 11, 2011 @07:05PM (#36727782)

      You're a troll.

      You will note that according to TFA, the researchers didn't know it was targeted to sabotage an Iranian nuclear facility until the very end. And by the time anyone realized it was, the cat was out of the bag. Towards the end, it was only a matter of figuring out what specific facility was being targeted.

      It is true these guys were suspicious the entire time that it was a government black ops operation. But that suspicion in and of itself says nothing. It could have been attacking anything, like Russian natural gas pipelines again, for all they knew. What they did know was that it was a virus designed to sabotage a controller used in industrial manufacturing. And as the Russian pipeline incident illustrates, that can have very serious consequences.

      Imagine if someone sabotaged a manufacturing plant used to build commercial planes that would shorten its maintenance cycle or lifespan from the engineered specifications. Or one that sabotaged a vehicle tire manufacturing facility. Or high speed railway brakes. That would have been disastrous.

      What their attitudes told me was that at the very real risk of personal health and safety, they did the entire civilized world a huge service by making their findings public. They revealed to the world the method by which a very real act of industrial sabotage happened, all the while knowing that it could land them dead. They put the duty of warning the entire world of such an attack vector before their own selves.

      Sure, TFA says they were doing it for their customers. But that's a disingenuous way of looking at it. Because the customers who benefit the most from their disclosure are the same ones who manufacture physical equipment that must be within established guidelines, many of which are safety guidelines. And that means we, the people who operate the equipment or rely on such equipment to not fail unexpectedly are the ultimate beneficiaries.

      To me, it puts them among the very few noble and honorable individuals left in the world. You may not care for such attributes in people, but I think there are still a few in the world who do. At the very least, I think most people wouldn't want to live in a world where everyone was petty and underhanded, as you seem to advocate by your comment. And I think they by their actions are greater believers of freedom than you by your weasel words.

      • by Darinbob (1142669)

        It could have been any country A attacking country B as well. Or it could have been company A attacking company B. There was a big cluster in Iran, but that doesn't mean that the target was necessarily Iran; without knowing much about it early in the investigation maybe you could conclude that Iran was where it was first introduced. You also can't conclude that because the target was Iran that the attacker must necessarily be one of the good guys.

        It was a covert op, but as soon as the malware is discover

    • by siddesu (698447)

      Actually, considering what "our country" has done to the region over the past decade it may have been the patriotic decision.

    • Loyalty to whom? No one ever told them to stop. The provenance of Stuxnet can be reasonably inferred, but it's far from certain. For all they knew, they were characterizing a cyberweapon used by a (sometimes) ally that the US would want to know more about.
    • > Fist of God

      I believe in Islam it is referred to as the Cloven Hoof of Allah.

  • There are green lines and empty white everywhere taking up space

  • ...expanding enrichment production because of the influx of tubes was a direct result of this damage...?

    • I wonder if the worm is actually a cover story to explain the influx of tubes so people won't look for expanded production....

    • by Whiteox (919863)

      Now that is insightful!
      Even if StuxNet wasn't found, they would have expanded the production to make up for the losses anyway.
      So maybe that's why those responsible didn't worry too much about the discovery and reverse engineering of it.

  • by bigredradio (631970) on Monday July 11, 2011 @05:39PM (#36726946) Homepage Journal
    There was another good article in Vanity Fair [vanityfair.com]
    • by unitron (5733)

      Although not as "Tom Clancy-ish" as the Wired article, it's also quite interesting (and gets into the possible underlying politics more), and it's quite interesting how Wired makes it sound like Symantic did almost everything and Vanity Fair doesn't do much more than mention them in passing while giving Kaspersky a lot of ink.

    • by Whiteox (919863)

      Top article. Fills in some of the gaps. Good read.

  • Someone superimpose Poyots & the CIA seal on trollface!
  • This is on the front page of wired.com right now:
    http://www.wired.com/threatlevel/2011/07/how-digital-detectives-deciphered-stuxnet/all/1 [wired.com].

    And it's all on 1 page!

  • I do hope (Score:2, Flamebait)

    by TheCarp (96830)

    That some day...justice can be done and the people who wrote stuxnet end up in an Iranian court some day to face charges for this.

    Only fair, if someone released a worm that attacked US or Western European equipment, our governments would demand that the criminals be brought to our justice....I really do hope that we see some turnabout on this play, even if only so I can laugh.

    • by Wyatt Earp (1029)

      So they'll be executed for hampering Iran's nuclear weapon program.

    • by gnick (1211984)

      Yeah, the Iranians would love that. "We don't know who it was, but we suspect either an American or Israeli group. Please send us some Americans and Israelis to punish." What could go wrong?

      Or, suppose it's proved that it was a government effort. "Please send us the staff of the CIA."

      • by TheCarp (96830)

        Sounds good to me, given their track record of sending people off to other countries to be tortured... it wouldn't bother me one bit.

    • by chispito (1870390)
      Yes. Those poor, poor theocrats.
  • by Thagg (9904) <thadbeier@gmail.com> on Monday July 11, 2011 @09:53PM (#36729064) Journal

    In 1993, I was working one Saturday at Pacific Data Images in Sunnyvale. (who later went on to make such classics as "Shrek", but that's another story.) At the time we were one of the leading CG advertising companies in the world.

    Anyway, I wandered into the front lobby, and there was a guy there, the husband of the receptionist, that had this very long roll of paper, maybe 20 feet, with a undulating line drawn along it it. He was searching up and down along the line, for quite some time....well, I couldn't help but ask what it was.

    He said that it was the fourier transform of the power line going into a plant. He and his company were examining the spectrum to see if they could deduce what was going on inside the plant -- if the machines inside the plant would leak substantial information back onto the power line. Anybody with any electrical engineering experience would know that of course this would be true. I said, OK, that's interesting. What do you see in this spectrum?

    And he pointed to a little sinc() shaped (kind of sombrero shaped) area at a particular frequency. And then showed the aliases of that at higher frequencies. He said that these were clearly signatures of many six-pole electrical motors running all at almost exactly the same speed. I looked inquistitive, and he said, "you know, like if you had a bunch of uranium gas centrifuges running." I thought about this for a few minutes....and said, "uhm, OK, but we don't use centrifuges to separate uranium", and he said "no, we don't" and left it at that.

    Soon, he was back to Iraq, using a ground-penetrating radar he developed to look for buried weapons. I never saw him again.

    • by rwade (131726)

      you know, like if you had a bunch of uranium gas centrifuges running.

      I may be dense, but just out of curiosity -- how did you know in 1993 that the US does not use centrifuges to separate uranium?

      • by Thagg (9904)

        I can't say that I knew for certain. I do know for sure that the gaseous diffusion operation at Oak Ridge was still running during that period, and I assumed that there was no need to find another way if you already have a way that works. At about that time there was a scandal about tons of missing uranium deposited along the miles and miles of tubing in the Oak Ridge plants, clearly they were still active then to some extent.

        There are a couple of other uranium separation technologies too, that I don't th

  • by Anonymous Coward

    This article was a great read, it reminded me of my own first-hand experience with a time bomb planted in PLC code.

    The company I was working for at the time manufactured hydraulic presses, the newest one installed at a long time customer included a touch screen control system running WinCE that was front-ending a PLC to control the machine. We had contracted out the development work on the control system and the owner of the company ended up in a billing dispute with the contractor just as the machine was

  • The problem with the story is the happy little song at the end.

    The story attempts to resolve the menace of the Stuxnet worm by suggesting that Iran now knows how to avoid another worm infection.

    The competing conclusion is an exceptional piece of software has been described at the design level.

    The remaining part of the puzzle is: Did the researchers figure out what linker and what compiler was used to build the darn thing? Have they determined the programming language used from the patterns of data and code?

  • What is really apparent from all the reverse engineering is that it made the method a template. That's more dangerous than most think. It also means that industrial installations must now have more in-depth security to prevent invasive devices/software.
    This is not good. Cyberwar is real and dangerous.

  • I'll start by saying this most assuredly was a government job. Either done by the US, Israel or Russia.

    1. There's obviously a spy somewhere. Iran isn't going to make public the intimate details of their reprocessing plants, let alone the exact configuration of their control terminals / PLC controllers and centrifuges. You need hard data for that. Who helped Iran build these plants? Who designed this particular cascade process?

    2. People who have a seriously intimate knowledge of this type of hardware had
    • by plover (150551) *

      #1. There were probably spies involved; or how else would they have gotten the signing keys from the Chinese factories?

      However, the article better answers your question #1 with this paragraph:

      Although this was new in itself — control systems aren’t a traditional hacker target, because there’s no obvious financial gain in hacking them — what Stuxnet did to the Simatic systems wasn’t new. It appeared to be simply stealing configuration and design data from the systems, presumably to allow a competitor to duplicate a factory’s production layout. Stuxnet looked like just another case of industrial espionage.

      So Stuxnet itself was deployed to various targets in Iran, and in the first versions of the payload the virus delivered, every Siemens box it landed on it would send out its configuration back to the perpetrator's servers. There are probably not too many of these Siemens controllers in use in Iran, and a centrifuge pla

      • Thanks! It's not often that I get actual reasoned responses around here. That's interesting about the Bushehr plant...

        Hopefully what will come out of all of this is that people will get paranoid about their SCADA network... I know, crazy talk, but who knows.
  • How Digital Detectives Deciphered Stuxnet, the Most Menacing Malware in History link [wired.com]

    "Months earlier, in June 2009, someone had silently unleashed a sophisticated and destructive digital worm that had been slithering its way through computers in Iran with just one aim"

    Is there some kind of directive in place that doesn't allow for the mention of MIcrosoft Windows and who in their right mind would be using Windows to control hardware? And that entire report coming from the style of bad journalism, ie. a very

  • This is the best page-turner/site scroller article I have ever read... period!
  • Why is it that Iran had thousands of replacement centrifuges? Thousands? Of Replacements?

    • by incense (63332)

      Why is it that Iran had thousands of replacement centrifuges? Thousands? Of Replacements?

      IIRC, retiring about 800 centrifuges a year is expected under normal operation.

The one day you'd sell your soul for something, souls are a glut.

Working...