Forgot your password?
typodupeerror
Security IT Idle

Iran Nuclear Agency Not "Thunderstruck" By Virus 91

Posted by samzenpus
from the back-in-black dept.
twoheadedboy writes "Iran may have been hit hard by Stuxnet, but officials have said that reports of a virus infecting its nuclear facilities and forcing computers to play the AC/DC classic 'Thunderstruck' were rubbish. Last month, F-Secure's chief research officer, Mikko Hypponen, was sent an email that appeared to be from a scientist working at the Atomic Energy Organization of Iran (AEOI), claiming nuclear systems had been targeted by cyber attackers. Whilst the chief of the AEOI has come out to deny those claims, the sender of that email still managed to get hold of an official aeoi.org.ir email address. That has left some onlookers baffled about what is going on."
This discussion has been archived. No new comments can be posted.

Iran Nuclear Agency Not "Thunderstruck" By Virus

Comments Filter:
  • Did Mikko Hypponen fall pray to spoofing?
    hehe
  • One or both lied? (Score:5, Insightful)

    by Attila Dimedici (1036002) on Thursday August 02, 2012 @04:00PM (#40860355)
    Why would anyone be "baffled" by what is going on? It is not like it would be unprecedented for the chief of a government agency to outright lie about something like this. On the other hand it would not be unprecedented for the "leaker" to turn out to be lying either.
    • by icebike (68054) *

      Actually, I called this Bogus [slashdot.org] at the time the story broke on SlashDot.

      If the story had a more plausible origin I might have believed it, but to have originated from a top Nuclear Scientist in a paranoid state, who somehow sneaks an email past his keepers is just silly. If such a scientist has that ability, and a desire to embarrass the state they would leak far more devastating information than a childish exploit.

      The email is as likely to have come from someone who actually tried (and perhaps failed) to pl

      • by Aighearach (97333)

        Why would he have to have snuck it by? Perhaps he is supposed to get help from security contractors when there is an emerging computer security threat.

        The whole reason that Stuxnet worked was that Iran was still dependent on Siemens controllers. It is not like they are Russia and they have their own people for all of that. They are a fairly small country, with a weak economy and not much high-tech industry.

    • by radtea (464814) on Thursday August 02, 2012 @04:40PM (#40860921)

      It is not like it would be unprecedented for the chief of a government agency to outright lie about something like this.

      Much like US and Israeli intelligence agencies are lying about the threat of an Iranian bomb, which the Iranians have no intention of building.

      Why do I find this claim plausible? Because the Israelis in particular have been claiming that Iran has been trying to build a bomb for over 20 years, and Iran does not yet have the bomb. That would put the Iranians in Sidney Opera House territory in terms of how late their project is.

      Building nuclear weapons is easy. It only took four years the very first time to design and build both uranium and plutonium bombs from scratch, and it was done by people whose resources were fantastically limited compared to even a moderately wealthy state like modern Iran. Iran has a per capita GDP of about $3600, which is about half of the US at the bottom of the Great Depression and 1/3 of what it was in the early '40's, and what can be bought for those dollars is light-years ahead of what could be had in 1942, so there are no significant economic or technological constraints on Iran today compared to the US 70 years ago.

      But Iran doesn't have a bomb? Why not?

      Iranians aren't stupid or uneducated or technologically backward. Why would it take them more than a few years to replicate a relatively simple piece of technology?

      The most plausible explanation to my mind is that they are not working on building one. If they were, they would have it by now.

      It is perfectly reasonable for an oil-producing country to create a significant civil nuclear program, as the example of Canada shows, so the fact that Iran has oil in no way implies that they don't need nuclear power.

      None of this makes much sense, unless Iran is not working on building a bomb.

      • Iran got an advanced centrifuge design from A.Q. Khan that is extremely difficult to operate in practice. (We also interdicted the supply of some of the advanced machine components it requires.) For some reason, they stuck with it, and eventually got it to work. That's why it's taken them so long to get significant enrichment.

        Now, if they were on a crash program to build a bomb, they could have abandoned it and pursued a simpler earlier Soviet design. So I agree it's not their first priority. Indeed, t

        • by tinkerton (199273)

          If you say "dual program" people will understand something different than if you say "retaining the option". There is pretty much a consensus in US and Israeli intelligence that Iran has not been doing any work on nuclear bombs in the last 10 years. but it's no secret they want that option. Having the option is a deterrent. It does not mean you want to make a bomb. They did bomb related research prior to 2003, but whether there was an actual intent to create a bomb then is very much speculation. Just to ge

        • Meanwhile IV Reich^W^W Israel has had nuclear weapons for decades and routinely "rattles its sword" [guardian.co.uk] at neighbouring countries, occasionally launching some conventional assault on them as well.

          I wouldn't be surprised if Iran came up with something entirely new in the nuclear energy field and everyone dependent on oil profits wanted to stop them.

      • Re: (Score:3, Insightful)

        by cheesybagel (670288)

        Actually the way that uranium was separated for the Manhattan Project was tremendously inefficient and expensive. Iran has a larger population than the US and dollars depreciate in value due to inflation. This is why they are bothering with centrifuges. Well that and the fact that the technology is not supposed to be particularly hard to implement with a reasonable industrial base. Centrifuge separation is much more efficient than either of the processes used in the US to separate the uranium for its nucle

        • Iran has a larger population than the US...

          Um, no they don't. They do not even have a larger population than the U.S. had at the time of the Manhattan Project.

          • This is one of those times I wish /. had an edit button. Ah well. You probably figured I wrote that bit wrong from the tone used in the rest of the post.

            s/Iran has/Iran does not have/

        • Centrifuge separation is much more efficient than either of the processes used in the US to separate the uranium for its nuclear weapons.

          And yet breeding plutonium would be even more efficient. And logical - if they really wanted to build weapons.

      • by gl4ss (559668)

        It's only logical that Israelis think that under their nuke facilities are huge bomb building factories. After all that's how they would do it.

        Anyhow when it's time to go after Finland?? Finland is building a new nuclear reactor and has all the infrastructure and technical know how to make all the parts needed for da bomb! oh the humanity!

      • by Xest (935314)

        Blah, blah, blah, US, Israel, blah, blah, blah.

        Look, I'm not particularly a fan of the US, but the evidence against Iran is now pretty damning that even the IAEA agrees there's a lot of evidence suggesting a military dimension to Iran's activities. See the IAEA report and get it directly from the horses mouth if you wish:

        http://www.iaea.org/Publications/Documents/Board/2012/gov2012-23.pdf [iaea.org]

        Specifically:

        "40. The Annex to the Director Generalâ(TM)s November 2011 report (GOV/2011/65) provided a detailed ana

        • by radtea (464814)

          The only thing that doesn't make sense is Iran's non-compliance if they're innocent

          As I recall a very similar argument was used not too long ago regarding "weapons of mass destruction" in a country immediately adjacent to Iran. The argument was false then, and it is false now. Nation-states are not rational actors: they obfuscate and sabre-rattle for all kinds of reasons in pursuit of their often-misguided perceptions of their national interest.

          Your quote from the IAEA is a nice bit of bait-and-switch. Iran is generally portrayed as actively pursuing nuclear weapons in a systematic wa

        • by tinkerton (199273)

          Xest, at least you did the work of looking up actual sources. But I don't think you're there yet.

          You could look up the piece the consistence that got so much publicity, the detonation chamber in Parchin.
          It's not mentioned directly in the actual document you linked to but the document has a reference to an earlier document from nov2011 you can find over here
          http://isis-online.org/uploads/isis-reports/documents/IAEA_Iran_8Nov2011.pdf [isis-online.org]
          Read items 44 and 45 under C.6. Initiation of high explosives and associated

    • by K. S. Kyosuke (729550) on Thursday August 02, 2012 @05:20PM (#40861425)

      Why would anyone be "baffled" by what is going on? It is not like it would be unprecedented for the chief of a government agency to outright lie about something like this. On the other hand it would not be unprecedented for the "leaker" to turn out to be lying either.

      Remember that Iran is a country with no homosexuals. This marvelous achievement in the field of biology could hint at similar breakthroughs in other areas of science and engineering including computer security!

    • Why would anyone be "baffled" by what is going on? It is not like it would be unprecedented for the chief of a government agency to outright lie about something like this. On the other hand it would not be unprecedented for the "leaker" to turn out to be lying either.

      Heh, Iraq had Baghdad Bob [youtube.com], maybe Iran now has "Tehran Terry"?

  • by wierd_w (1375923) on Thursday August 02, 2012 @04:02PM (#40860389)

    Seriousy, how many billions of dollars would isreal and the US owe AC/DC and I think capitol records for unauthorized distribution and exhibition?

    • Sic the RIAA after them - they go sue Iran, and bankrupt their nuclear program.

    • by icebike (68054) *

      How did they know it was Tunderstruck ?
      Hell, I didn't even know the song was released inf Farsi .

      [peeks at Google Translate, No, no-can-do].

      • by mjwx (966435)

        How did they know it was Thunderstruck ?
        Hell, I didn't even know the song was released inf Farsi .

        B--0h4p0h7p0h4p0h7p0h4p0h7p0h4p0h7p0h|4p0h7p0h4p0h7p0h4p0h7p0h4p0h7p0h|

        it's a pretty distinctive riff.

    • Seriousy, how many billions of dollars would isreal and the US owe AC/DC and I think capitol records for unauthorized distribution and exhibition?

      Probably nothing. Iranian copyright law [wikipedia.org] only protects works created in Iran. But it looks like while the US may not stop Iran from getting nukes, it is going to nail them with DMCAs of mass destruction as Iran has recently signaled interest in signing the Berne Convetion (international treaty that "normalizes" copyright law between most nations on the planet).

  • ...and it really DID play a movie of naked girls eating bacon??

    That would be good news.

    • by tnk1 (899206)

      What they don't tell you is that the actual payload of the virus didn't disable any computer systems, per se.

      Much worse, it immediately reduced the capability of all of the employees to being able to use only one hand to type with.

    • by wierd_w (1375923)

      No silly. In true slashdot tradition, it would be Natily Portman dressed only in a crispy bacon bikini, slathering herself in hot grits.

      • by f3rret (1776822)

        No silly. In true slashdot tradition, it would be Natily Portman dressed only in a crispy bacon bikini, slathering herself in hot grits.

        That sounds distinctively unpleasant.

  • by RocketRabbit (830691) on Thursday August 02, 2012 @04:15PM (#40860607)

    Jeez, fool me once, shame on you, fool me twice...

  • So... (Score:5, Funny)

    by wbr1 (2538558) on Thursday August 02, 2012 @04:16PM (#40860625)
    ...The NSA says Hells Bells, Iran is Back in Black, and not Thunderstruck. We just need Big Balls to do more Dirty Deeds. Then we can Shoot to Thrill with T.N.T and Shake Them All Night Long!
  • by amorsen (7485) <benny+slashdot@amorsen.dk> on Thursday August 02, 2012 @04:17PM (#40860633)

    still managed to get hold of an official aeoi.org.ir email address

    That is not particularly difficult. Anyone can send mail under any email address they want.

    There is of course SPF and DomainKeys, but aeoi.org.ir does not resolve for me at all (not even an NS record) so those do not apply.

    • My first thought exactly. If "managed to get hold of ... email address" really means stuffed it into From: header, then this means absolutely nothing.
    • by TheSpoom (715771)

      You know, I'd like to think that F-Secure wouldn't be dumb enough to believe a forged From address... I'd like to think that, but I'd probably bet otherwise.

  • it was "Dirty deeds, done dirt cheap".
  • by ArhcAngel (247594) on Thursday August 02, 2012 @04:26PM (#40860743)
    It wasn't Thunderstruck as first reported but actually Justin Beiber's Baby Baby. Several technicians took their own lives before the speakers could be silenced.
    • by Anonymous Coward
      ..so many funny posts, so few mod points.





      ---
      posting AC because of mod points
  • I rarely ever say this, but I told you so - http://slashdot.org/comments.pl?sid=3001219&cid=40750481 [slashdot.org]
  • They should have forced it to play "Lola".

    I walked to the door
    I fell to the floor
    I got down on my knees
    And I looked at her and she at me
    And that's the way that I want it to be
    I always want it to be that way for my Lola
    Lo Lo Lo Lo Lola...

  • Thunderstruck... (Score:3, Insightful)

    by Trax3001BBS (2368736) on Thursday August 02, 2012 @05:03PM (#40861233) Homepage Journal
    Thunderstruck has been my sound system(s) acid test since it's release.
  • I'm so glad they're using a .org TLD. That means they must be working on a civilian nuclear project. Whew, I'm so relieved!
  • Is if the RIAA is going to sue the Iranians or the authors of the virus or both for copyright infringement?

  • .. that the US and Israel are a couple of war-mongers, who, as soon as
    said Olympics have finished, will wage another agressive imperialistic
    hegemonic war.

  • hold of an official aeoi.org.ir email address."

    huh?

    anyone can do that

    http://en.wikipedia.org/wiki/Email_spoofing [wikipedia.org]

    are you telling me Mikko Hypponen has some trustworthy independent means to verify the email actually came from aeoi.org.ir?

    or are you telling me aeoi.org.ir is using some verification scheme when sending emails to random Western audiences, or that such an infrastructure even exists/ is trustworthy?

    "Last month, F-Secure's chief research officer, Mikko Hypponen, was sent an email that appeared to b

    • by Aighearach (97333)

      You seem to mistake a heavily hedged statement for an unprofessional one. In this I think you are mistaken.

  • If you check this wapo article [washingtonpost.com] . I guess it depends on your interpretation of "hit hard by stuxnet" . In Natanz about 1000 centrifuges were replaced during that time, or 10%, for whatever reason, and the Uranium production during 2010 was not lower.

  • Damn, and all this time I was hoping for a counter-cyber attack to play Aerosmith's Pink [rt.com] on all the Whitehouse's computers.

You have a tendency to feel you are superior to most computers.

Working...