Stuxnet Worm Infected Industrial Control Systems 167
Sooner Boomer writes "ComputerWorld has an article about the Stuxnet worm, which was apparently designed to steal industrial secrets and disrupt operations at industrial plants, according to Siemens. 'Stuxnet has infected systems in the UK, North America and Korea, however the largest number of infections, by far, have been in Iran. Once installed on a PC, Stuxnet uses Siemens' default passwords to seek out and try to gain access to systems that run the WinCC and PCS 7 programs — so-called PLC (programmable logic controller) programs that are used to manage large-scale industrial systems on factory floors and in military installations and chemical and power plants.' If the worm were to be used to disrupt systems at any of those locations, the results could be devastating."
deserved (Score:4, Insightful)
If they still use default password, they deserve to be hacked and face total havoc.
Industry`s security is still so crappy.
Re:deserved (Score:5, Informative)
If they still use default password,
Having experience with a few of these systems from various vendors I say it would be great to have a choice in the matter. The is a lot of investment in the configuration of a large logic controller and vendors often provide themselves a back door such as a hidden admin password to come in and fix things when the system goes tits up. On top of that they often recommend not changing the default passwords of systems that are hooked directly to process control because the machines themselves are often under lock and key and behind firewalls and thus presumed to be "safe".
We were infected with the Stuxnet worm at our plant, and it spread all around the machines on the business network but never made it to the process control systems. Although it was still disruptive. The firewall was shutdown and the control network isolated for days so they could do a complete virus scan. A little network management and physical security can go a long way. Frankly if any virus gets onto the process machines, default password or not, and not even targeting the software for the control systems there's potential for a real "game over" event.
Re: (Score:2, Informative)
This.
I can confirm the existence of at least one such backdoor. I did tech support for a company that sold cellular connectivity devices through which automation systems could report to a remote server, or be remotely administered.
It was just a Busybox machine with a bunch of services, but we had an insecured telnet (as in, port 23, ALL PLAINTEXT) master login that gave root privileges, and we used it for advanced troubleshooting. It was the same user account for all products across all firmware, and even t
Re: (Score:2)
Industry`s security is still so crappy.
Industry, at least power generation and big factories, is a fairy conservative place. They aren't used to the idea of being "connected" and their way of thinking is still along the lines of physical security.
They are moving fast, though. The company mentioned in the summary is targetted because of their large installed base, not because they are careless - far from it, they are pretty good, but they are up against a large momentum of inertia.
Re: (Score:2)
Easy.
There should be no default password.
Remote access should be refused by default. Make the tech get off his ass to do the initial setup and the problem goes away.
Wow (Score:5, Interesting)
So people not only leave the default password on their industrial controllers, they put them on the same network as Windows PCs... Wow.
Re: (Score:3, Informative)
Re:Wow (Score:5, Interesting)
People are lazy. Why change the password on these machines? You'd have to write it down somewhere because remembering things is tough.
I blame management. With all the chaos around a factory (at least the ones I've worked in), the default password is more reliable than the people who are supposed to know them when they're needed.
Add in the fact that factory workers don't really get paid enough to care about anything, and you have to start wondering why this this kind of attack isn't more common. Hell, we've played Minesweeper on the monitoring terminal of a >$100M production line :)
Re: (Score:2)
Re: (Score:2, Insightful)
Re: (Score:2, Funny)
Mac OS X: http://www.apple.com/downloads/macosx/games/role_strategy/foxminesweeper.html [apple.com]
Debian GNU/Linux: http://packages.debian.org/lenny/xbomb [debian.org]
FreeBSD: ftp://ftp.internat.freebsd.org/pub/FreeBSD/ports/i386/packages-8-current/games/xdemineur-2.1.1_1.tbz [freebsd.org]
Windows Vista: http://windows.microsoft.com/en-US/windows-vista/Learn-about-Windows-games [microsoft.com]
HA!
Re: (Score:2)
Because it'd have severely limited this worm?
Just go ahead and scribble the password in Sharpie over the keypad. Common worms can't use that information (yet).
Re: (Score:2)
Large production systems are often a patchwork of software and hardware components that have access passwords for other components hardcoded who-knows-where.
If you're trying to tell us they're incompetent, we already knew that, because they're using default passwords.
Re:Wow (Score:5, Insightful)
Comment removed (Score:5, Interesting)
Re: (Score:2)
Sadly it also never works.
Sure it works, and in fact does so for a bunch of people. That's why there is truth to security through obscurity, because if someone doesn't know about your system and isn't interested in targeting it, you can keep out all the script kiddies by boilerplating security.
Remember, it isn't necessarily about securing the information absolutely, it's about taking realistic measures to adopt a policy that works and provides an acceptable amount of risk.
Think of a small copy-print shop, for example. Customers mi
Re: (Score:2)
do any industrial controller have online drm? (Score:2)
do any industrial controller / software have online drm systems?
Re: (Score:3, Informative)
yes.
Our CNC uses an on-line DRM.
We have it on its own network behind a proxy server that only allows it to connect to the manufacturer's URL, and at that only to the authentication server address.
Fortunately the manufacturer uses SOAP on port 80, so that makes the filtering easier.
-nB
Re: (Score:2)
Actually, the problem /is/ the OS (Score:2)
The real problem is NOT the OS, since it is pretty obvious this attack has been specifically designed to hit a very small niche target, which means no matter what OS you were running the malware writers would have simply written to that target.
Correct me if I'm wrong, but my understanding is that this worm wasn't hand-carried into the target. That would have been difficult and very risky to the perpetrators. Rather, the worm got to it's target by first spreading through a huge number of vulnerable non-ta
Re: (Score:2)
Becuase it's a pain in the ass to settle, and the PHBs won't put up with things getting in the way of actual work.
Re: (Score:2, Insightful)
Re: (Score:2)
"Probably the network is behind a firewall, so they think they are safe from outsiders. The problem is when insiders have both windows and no clue."
i know too much to post about this... but what do you do when the computers believe they need to 'filter' the truth to it's guardians. thinking they only need good feedback?
thats where im getting stuck well one place anyways.
Re: (Score:3, Insightful)
And they USED Windows as the OS... Brilliant!
Saying that they should airgap the SCADA is obvious- unfortunately, people tend to favor "ease of use" and that airgap is one of the first things that typically tends to get botched in the name of that. So, even if you thought you put it on a standalone, the thing's liable as not to be on the corporate net with all the other machines.
Re: (Score:2)
Management will want statistics out of the scada system. How many widgets processed in the last (hour, day, week, month, etc)?. So there has to be an interface. Perhaps a USB key from the HMI to an employee laptop.
Re: (Score:2)
RS422 to a PC dedicated to that purpose.
It would be hard to infect the machine when it only sends data out on that interface and does not receive data, or only receives 2 byte commands to which it responds with a slew of numbers. Most machines like this have (at least as an option) an interface like this, precisely because they are supposed to be gap'd from the main network.
Re: (Score:3, Insightful)
Often the system IS airgapped... and then they use a USB key to transfer the reports.
That's why USB keys were targeted for infection.
Re: (Score:2)
And that "airgap" means the hardware can't report its state, such as temperature, power issues, time synchronization, automated shutdown procedures among multiple nodes in case of an upstream systems failure, empty materials bins, or usage reports. Having an airgap is like virginity. It's easy to pledge to, but turns out to create other losses.
Re:Wow (Score:5, Informative)
Having worked in that industry, it's very common for them to be on the same network as Windows PCs. As for the default passwords, that's their own fault.
The reason they have to be on the same network as PCs is both:
1) The software to program and monitor PLCs are on Windows (made by Siemens, Rockwell Software, WonderWare, were the big names when I was in the industry 10 years ago), so it makes sense to have them on the same network so they can communicate with the PLC while it's online and see the logic operations in real time.
2) The biggest reason is that PLCs communicate with visualization software that runs on Windows (also made by the same companies as above), that can be viewed from a central location. This allows the production line manager to visually see the operations of the machines in a nicer format than looking at the raw logic bits. The visualization software can display shapes, colors, diagrams, animations, etc of the production line with real-time data about what's happening.
So yes, these PLCs are usually on the same network as Windows PCs. Ideally it's a private network with just the PLCs and the visualization/programming/monitoring PCs, but many places are not that strict about the network separation.
Re: (Score:3, Interesting)
As for the default passwords, that's their own fault.
I remember, back in the day, DEC had an account called FIELD on all the VMS systems they maintained. The DEC support guy would always grumble when we disabled that account, or changed the password. Its more trouble for them, you see.
Re: (Score:2)
This allows the production line manager to visually see the operations of the machines in a nicer format than looking at the raw logic bits. The visualization software can display shapes, colors, diagrams, animations, etc of the production line with real-time data about what's happening.
Sounds like a job for Data Diode. [datadiode.eu] (they aren't the only guys who make such things)
Re: (Score:2)
Even given that goofy situation, they could at least help matters by connecting the visualization machine to the control net (only) and use an IP enabled KVM to connect it to the LAN.
Ideally, there would be gateway software that polls everything, serializes it (over an actual serial connection) to an information server and let the visualization software talk to that. Ideally, the line from the info server's Tx to the gateway's Rx would be cut to make sure the communication can only be one way.
Re: (Score:2)
We got this virus at our plant. All computers were infected except the machines hooked
Re:Wow (Score:4, Interesting)
Once again: Do not -ever- put mission-critical systems on the Internet.
Re: (Score:3, Informative)
Air gap will hopefully stop secrets from getting out (unless... is this thing smart enough to wait for another USB stick, copy its stolen data on to it, and wait to be plugged in to a networked PC to communicate out? That'd be snazzy!) but it won't stop a USB stick. And, since USB is how code and software updates are usually delivered to these devices (not to mention the mouse and keyboard for the PC hook up), you can't just turn USB off either. Hence this [slashdot.org]
Re: (Score:3, Informative)
Once again: Do not -ever- put mission-critical systems on the Internet.
You will never win that game. Google has real time traffic info from traffic signal systems these days. How do you think the information gets through? I used to run a traffic signalling system. There was an indirect internet connection, but security was taken seriously by everybody, both working with the system and in management. I would be much more concerned about a totally airgapped system with poor internal security. Because these days you can't have a 100% air gap.
Re: (Score:2)
On the other, I can see where you're coming from and I suppose the Internet having read-only access could be lived with given other suitable precautions (boot from ROM, etc) to assure access was read-only.
traffic lights need the internet for the cameras (Score:2)
traffic lights need the internet for the red light cameras to send the pic's / video out!
Re: (Score:2)
Red light cameras are a separate enforcement system where I live. They most likely get a contact closure from the signal controller for coordination.
Re: (Score:2)
Re:Wow (Score:5, Informative)
The ability to quickly and easily read values from the PLC remotely (one way only is the key) is paramount to not only the efficiency of running the plant, but sometimes the safety of the plant itself. Sometimes it goes a step further to even be a legal requirement. If a plant is levelled by a huge explosion you don't want to be the one standing in front of congress telling the people that the reason you have no idea what happened is that you didn't log every process value on a computer offsite in realtime.
Air-gaps are like the idiots guide to security. Yeah it helps, but it's impractical and there's so many other ways a competent person can secure a process network from the outside world. If you actually worked in the industry the lengths you see many companies go to will blow you away.
Re: (Score:2)
Air-gaps are like the idiots guide to security. Yeah it helps, but it's impractical and there's so many other ways a competent person can secure a process network from the outside world. If you actually worked in the industry the lengths you see many companies go to will blow you away.
I don't know much about this industry, but based on the article it sounds like the industry would be a lot more secure if there were more 'idiots' around. People always think they're secure until something like this happens. With an airgap, this wouldn't happen.
Re: (Score:2)
These plants will eliminate themselves from the map if someone is incompetent. Frankly the kind of process network manager who thinks that the airgap is their ideal solution will often be the one dumbfounded when their plant is taken out by a usb key all because some operator wanted to show his workm
Re: (Score:2)
With an airgap, this wouldn't happen.
First, air gap doesn't mean shit in a wireless world, so let's just stop using that term. I don't know what replaces it, but signals go through air just fine. Second, you can't actually use computer-controlled machining software without a connection of some kind. Further, there are substantial benefits to having the same machine be able to access the machines and the internet. When I worked for Tivoli just post-IBM we had two machines on every desk. One ran Windows and existed solely to provide access to RE
Re:Wow (Score:5, Informative)
Re: (Score:2)
I've seen loads of similar devices (Moxa) on several networks managing the safety systems, HVAC, environmental in tunnels and mines. All with default passwords on the same vlan as several windows machines with internet access and a history of malware. I'm sure there are many others out there. My question though is why go after industrial stuff? Perhaps in the hope they will hit something big and get some ego wank from it. Its not like anyone will benefit financially. It looks like true evilness.
Re: (Score:2)
Re: (Score:3, Interesting)
Re: (Score:3, Insightful)
Re: (Score:2)
I'm not sure that windows is itself the problem. This was a targeted attack - if they could zero-day windows then no-doubt they could zero-day some other OS/browser/etc, or maybe smuggle code in via some other attack vector (somebody gets a job as a janitor and plugs something into a LAN or USB port).
Sure, having your general office network on the same LAN as your PLCs is definitely a way to be exposed.
I think the bigger problem is that in general industry-specific software tends to not be written with sec
Re: (Score:2)
Re:Wow (Score:4, Informative)
Re:Wow (Score:5, Insightful)
One of the most common mistake observed is a super complicated VLAN scheme that link multiple network together under the name of "ease of management" or "security", while in fact the first thing they need to do is to completely seperate the control network with corporate network, and then flatten the control network with air-gap from the corporate network. Also make sure you have zero wireless network access to the control network would be a wise choice not only in security but also improves each component's availability in general.
Again, common sense goes a very long way.
Re:Wow (Score:5, Insightful)
This is manifested in the door security where I work.
We have RFID badge readers.
My boss recently wanted to add one to a lab he controls. When he found out the bill was $10K he balked. We told him it was for the security conduit (intrusion detection conduit, I assume gas charged & detect pressure drop in a leg?).
His response? We don't need the conduit, just run the wire.
Luckily security said F off and use a key lock, we're not installing it without the conduit. But that same attitude is why these machines still have the default passwords.
-nB
Re: (Score:3, Interesting)
Now, is the door more secure or less secure than it would have been if you had run a card lock without the special conduit?
Regular wire for the card lock would have been more vulnerable to sniffing or replay attacks, but that is a vulnerability the RFID cards probably have as well. On the other hand, an old fashioned key lock is vulnerable to extra keys floating around that aren't tied to a specific person so they can't be disabled as people change jobs/etc.
I've seen this problem at work - anybody can poin
Re: (Score:3, Insightful)
That's besides the questions. The question that needs asking is:
The likely answer to that is: "No"
However, if they simply ran the wire as requested by the boss, and something bad happened, would they get the blame? Yes they would, because they installed and approved it.
If you want me t
Re: (Score:2)
Ah, yes - the ultimate reason for perverse levels of risk aversion is perverse levels of accountability for taking reasonable risks and getting it wrong.
I can't blame people for having this attitude when those managing them punish risk-taking.
However, this kind of attitude can really kill a company. Sometimes you just have to take risks. Unfortunately, the attitude has to start at the top...
Re: (Score:2)
I didn't say they shouldn't take risks. But taking a risk like that one, which is essentially just "it'll be easier for one boss" with absolutely no gain in ease of use (easier to just use a key), financial gains (cheaper to just use a key) and a massive risk (something goes wrong, it's not the boss getting the shaft) is just idiotic.
It will never gain you, your department or the company anything other than a pink slip and will taint your resume.
Now, if the boss had said something like "I will sign off on d
Re: (Score:2)
Keys aren't necessarily easier to use - if only one person needs to regularly use them they can be easier.
They aren't always cheaper either - if that key gets lost you're now paying to have the lock picked.
In any case, I'm a big fan of the RIGHT level of security for each situation. That can be a lot, or a little, depending on the circumstances.
Re:Wow (Score:4, Insightful)
Our past experience indicate the IT staff does more damage to the stability of the system than anything else could
Agreed, with all your points. Over the past couple decades of doing control systems, one of the most common questions I get asked by engineering is "how can we best keep IT off our control network?" Funny ... the engineers in charge of these things just seem to intrinsically understand the risks of letting IT staff anywhere near a live process control system. Now, before you IT support people get all testy, I'm not saying that you are, as a group, necessarily incompetent within your legitimate purview. However, as Dirty Harry once said, "A man's got to know his limitations" and it's very disturbing to me how many of you are incapable of recognizing where your involvement is a liability. I've been accused of installing "rogue" systems by IT staff, simply because I recommended that a control system not be placed on a company's regular network. Thing is, a failure on an office network is an inconvenience. A failure on an engineering network can be a disaster. Keep that in mind next time you insist that engineering's systems should be under IT's thumb, and subject to whatever corporate "standards" are in force, regardless of their impact.
Re: (Score:2)
You need some IT people that have a clue about what you are up to so they can help as required as well as a clue as to when to leave you alone. What you'll probably get however is an increasing amount of ignorance on the IT side which will result in them not knowing when to leave you alone, and a disaster or two because they'll think they know what they are doing when they don't.
If you haven't already It's time to get somebody on your te
Re: (Score:2)
As IT staff who've had to deal with the mess, I'm forced to say "you're not telling the whole story". I've been forced, in the past, to negotiate the security requirements to handle access to resources, and too often been told "we can't be bothered to learn how to use the secure tools, we'll just leave it wide open: after all, we have a firewall and a non-disclusure agreement". And then I've been blamed for the open access. Or "we daren't update that system, it's too critical", and then been blamed for the
Re: (Score:2)
So let's not say "IT messes up our systems" any more than we say "vaccines cause autism", shall we?
Let's use this as an example. What you are saying is a true statement in its merit. However, for a high-risk group, i.e. pregnent women, would it not a standard practice for physicians to be extra careful to prescribe any medication to them? Or in fact, ask them to withheld taking any medication unless it is absolutely necessary.
In the same way, security is very important. None of us want to see this kind of security breach happen. Yet our mission would be utter disaster if the system is killed by
Re: (Score:2)
You've missed the obvious - IT staff change things, of course that does things to stability.
Change sometimes hurts but you have to go through it to get improvements.
Ideally the problems all happen in a test environment that is a good model of a production environment, but sometimes things (and IT staff) are not ideal.
I agree with having an air gap, but I have heard of several situations where that has been removed by an ignorant requ
Re: (Score:2)
You've missed the obvious - IT staff change things, of course that does things to stability.
That is the problem. The damage of this "change" is easily a safety and environmental disaster. A license engineer takes an oath to protect the general public in their safety, not the IT system. It is simply paramount to test out the patches on a stand-by test environment before implementing to a live system. A lot of system provider does that now, testing the newly released patches, and then release them to their customers to be implemented after their testing. A blind patch and "fix the problem as t
Re: (Score:2, Informative)
In this particular case it doesn't matter if there's a factory full of IT pros (as, in fact, we do) or not. First of all you can't change the WinCC password. Second of all, if you don't do precisily as Siemens says Siemens raises hands and says "we can't support your non-standard environment".
As my coworker said, Siemens should burn in heck for its sins.
Posting anonymously, just in case.
Re: (Score:3, Informative)
Stop. The more I know the more I want to scream.
Please listen (Score:2)
How about Banking & Finance: The core system is even reachable from Windows networks.
I've been working within the banking industry and having the entire windows network knocked down due to viruses. The only reason there's no major disruption to the core services is that they're usually DB2 and kinda archaic.
Re: (Score:2)
):
Someone needs to report it (Score:2)
Why would you assume most such incidents would be reported?
Insiders will not break their loyalty, and any breach of loyalty are disencouraged, thus the insecure practices lives on until something even more major breaks.
Re: (Score:2)
And people wonder why the NSA and is trying to promote education [nsa.gov].
Of course, it's damned if you do, damned if you don't. Sure, they're a bureaucracy, and therefore inefficient (or whatever you want to call it). If they do nothing, then it's their fault for not doing anything. If they do something, they get ridiculed for doing it wrong (even if it's an improvement).
We all know there is an insane amount of holes in all sorts of industries, yet it hardly appears as what is currently being done is enough. Peop
What the? (Score:4, Interesting)
Who is programming their PLC's? And why aren't they put into 'lock' mode(AKA ROM) when they're put into production machinery so the EEPROM can't be affected? I used to write programs for PLC's(generally Mitsubishi and Siemens), and you always locked the device or update when you were finished, so things like this can't happen.
Re:What the? (Score:5, Informative)
Do you know that when you set a password on a siemens plc, it isn't enforced by the plc itself but by the step 7 programming software?
Use something else (e.g., libnodave) and access is wide open.
Re: (Score:3, Informative)
Yeah it's a common issue with a bunch of different models of PLC's however there is a psychical write lock on the controller that can be engaged. Well that's as long as you're not stupid enough to buy PLC's without it, and that means you're spending an extra $4/unit. In the end it means that you have to either physically pull the PLC, memory card, or controller card to be able to allow writing to the unit.
Re: (Score:2)
Windows Server never trusts the client to do any validation because the client could be running Windows 95, MS-DOS or even OS/2 which aren't even aware of NT security ACL's. If you're logged into a domain, even opening a local folder on your system causes the client to validate the permissions with the domain controller. Windows Server will straight out deny access at the file system level if those permissions are set correctly.
The problem
Re: (Score:2)
Yeah I thought the same thing when setting the "Write Protect" switch on the 3 1/2" floppies that you used for the installation of Windows 95. Even with the switch on, the owner and company name I used for the first installation were written to the disks and were automatically set when the disks were used again. True story...I still have no idea how Microsoft did it.
Re: (Score:2)
Damn-you, skynet! (Score:5, Funny)
Seth
Secure your SCADA, idiots! (Score:2)
Hobby Coders (Score:2)
It is one thing for an isolated programmer to make security errors in a program.
It is entirely another thing when a Siemens or similar puts out code all over the world and they OBVIOUSLY have no serious security review of their code.
If a giant plant or process is taken down by this type of worm or similar, is Siemans going to plead that their EULA protects and indemnifies them from any responsibility for loss by the user of the software?
This gives me the willys.
Full ICS-CERT advisory on Stuxnet (Score:5, Informative)
Re: (Score:2)
Would you like to play a game? (Score:2)
Launch code "hunter2" accepted. Please enter target.
Stupid developers (Score:2)
what about router and other systems that need that (Score:2)
what about routers and other systems that need that pass word just to get the setup / config screen / page?
Re: (Score:2)
Simple.
What GP posted also goes for firmware developers.
And the solution is to make the router not work until its password has been set. No networking, no configuration, no anything except a "Set password" screen, itself only accessible from a computer connected directly to one of the downstream ports.
The problem is that it's better marketing to make stuff, even security sensitive things like routers, work out of the box. Convenience is a bigger boost to the bottom line for the router factory. And of cou
Re: (Score:2)
My understanding is that it's even worse than a default password. It's a back-door account hard coded into the software that the users don't have the option of disabling.
Not about "default passwords. Worse. (Score:5, Interesting)
This has nothing to do with "default passwords". It's worse than that. The Windows-level part of the attack was signed code signed with a Microsoft-issued key. The signing keys involved has been revoked. US-CERT isn't saying who had them.
At the controller level, Siemens has issued a bulletin: [siemens.com] Previously analyzed properties and the behavior of the virus in the software environment of the test system suggest that we are not dealing with the random development of one hacker, but with the product of a team of experts who must have IT expertise as well as specific know-how about industrial controls, their deployment in industrial production processes and corresponding engineering knowledge. ... The behavioral pattern of Stuxnet suggests that the virus is apparently only activated in plants with a specific configuration. It deliberately searches for a certain technical constellation with certain modules and certain program patterns which apply to a specific production process. This pattern can, for example, be localized by one specific data block and two code blocks.
This means that Stuxnet is obviously targeting a specific process or a plant and not a particular brand or process technology and not the majority of industrial applications.
So this is an attack on a specific industrial plant. But whose? Neither Seimens nor US-CERT is saying.
This is cyber-warfare. Someone is trying to sabotage a specific plant somewhere.
Re: (Score:2)
I just about shat my pants.
We got complacent in the last few years. Since there was too much money in viruses, nobody caused mayhem for fun - it was all spam botnets and the like, something the writer could monetize.
This isn't a kid reminiscing about the shits-and-giggles days. I daresay the writers of this virus are hoping to profit in a big way.
This is the stuff of the 'movie virus', where some well-spoken sinister-looking guy goes and shuts down a city for ransom money.
Re:Not about "default passwords. Worse. (Score:5, Interesting)
There are indications that the target may have been the Bushehr nuclear power plant in Iran [langner.com], with the Russian contractor's USB drives being the attack vector into the plant's control systems. (Which are not on the Internet, despite the smug assumptions of so many posters earlier in this comments section.) There's enough information out in the wild now that anyone with access to the target's PLC code could verify the target. Obviously this means the attack targets will be able to prove that the trojan was targeting them, but I doubt they'll be announcing the fact to the world - unless they can trace the attackers and gain political advantage through an announcement.
It seems the evidence currently leans towards a probably Israeli or possibly US cyberwarfare attack on Iran.
Re: (Score:2)
Or hacking email accounts belonging to political dissidents.
Now can we do something about the cespool? (Score:2)
Just a note to the FBI, before you ignore that next spambot virus running around unencumbered, keep in mind it might just be spamming so it will be ignored by law enforcement. The primary objective might be cyberattack.
Re:Suxnet (Score:5, Interesting)
Israel, not American.
Israel has always been an industrial spy on the US and Western Europe, but their big focus is Iran right now, so they test it on the US, UK and Korea but the main focus is Iran.
Wouldn't be surprised to find it in Saudi systems too
Re: (Score:3, Funny)
Obvious American intelligence tool. Why is it in North American plants?
Because Major Carter found the worm, and last night she reformated all American PCs.
She's quite good, you know. I've seen it.
"however the largest number of infections, by far" (Score:2)
"however the largest number of infections, by far, have been in Iran"
Can we even take that statement at face value? Who in Iran is reporting these? Has a "Command and Control" hub for the botnet been captured?
Is the traffic analysis - up in the layer-4 part of the packet - so good that this has been observed in transit?
Disinformation has wheels within wheels, my friends.
seems to be app passwords and not windows ones (Score:2)
seems to be app passwords and not windows ones.
So if the app needs a password just to run or do stuff that needs to be done each day vs stuff that does not need to be done all the time there you go.
Re: (Score:3, Interesting)
At the very least generate a unique default password during install.
The SCADA system where I work require a specific USB key to be plugged in. While I'm not a fan of dongles in general, for critical system they can be worth the pain.
And this is on top of physical separation and a good password scheme. And strong passwords are easy to cerate an remember.
Re: (Score:2)
Because they spend actual money to prevent that. Sure, blacking out the east coast is a problem, but people getting free HBO would be an unmitigated DISASTER.
Re: (Score:2)
I wouldn't hold my breath. This all happened several years after the first warnings that it could happen, after the demos on power meters, and after the malware blew up the Russian pipeline.
That soft thudding you hear is the sound of surgically sharp clues being dulled and broken as they slam against the skulls of managers everywhere and fall ignored to the ground.