Stuxnet Struck Five Targets In Iran

Batblue writes "Researchers at Symantec said that the notorious Stuxnet worm targeted five separate organizations, and attacks against those objectives — all with a presence in Iran — started in June 2009, more than a year before independent experts raised the alarm."

Well...

[fuzzyfuzzyfungus]

That makes me feel sooo much better about the value of antivirus software.

Does slashdot's new interface support posting from a Babbage engine running OpenBSD?

Re:

[FooAtWFU]

When users can't tell the difference, bad software drives out the good.

Re:

[golden age villain]

Probably the worm was under the radar back then and was not noticed until it propagated significantly outside of Iran. So the relevant time lag is from that time point till the alarm was rung.

1992 is calling it wants its virus back ..

[doperative]

> That makes me feel sooo much better about the value of antivirus software. Does slashdot's new interface support posting from a Babbage engine running OpenBSD?

1992 is calling, it wants its Windows virus back ...

"Researchers at Symantec said that the notorious Stuxnet worm targeted five separate organizations, and attacks against those objectives — all with a presence in Iran — started in June 2009, more than a year before independent experts raised the alarm."

What experts, none of these peo

Re:

[MikeDirnt69]

OSes in most cases are imune to viruses but not to lame users.

Re:

[__aamnbm3774]

I call bullocks on that post.
Out of the box if your operating system has an open port for a random service, there is a very strong likely-hood you can exploit a buffer overflow somehow.

The problem is that we haven't invented a Language that is immune to exploitation. C/C++ are laughable at security, which most operating systems are written in.

Re:

[Arker]

You first paragraph is great. The second is insane.

Any language which gives the programmer the power to write a good program, also gives the power to write a poor one. A language which was 'immune to exploitation' would be a language which was impossible to write a decent (non-trivial) program in as well. It would be so crippled that nothing of consequence could be done without invoking incredible overhead and redirection costs.

Security is the job of the system architect first, the coder second, the user th

Re:

[__aamnbm3774]

Any language which gives the programmer the power to write a good program, also gives the power to write a poor one. A language which was 'immune to exploitation' would be a language which was impossible to write a decent (non-trivial) program in as well.

I disagree with you immediately. You can modify a binary file with a freaking hex editor and run it again. We should build encryption and check-sums into executables to prevent tampering with. Sure, there will be ways around that, but it's like we aren't even trying.

Java and .Net do a much better job against buffer overflows than C/C++. Hell, in C you can overwrite the entire program using a buffer overflow if you have a lot of time on your hands.

Our compilers/runtimes/languages could get a LOT be

Re:

[Arker]

You can modify a binary file with a freaking hex editor and run it again.

No matter how many times I re-read that it still doesnt make any sense. I mean, what, you just discovered this? Why do you think we have hex-editors in the first place? How else would you expect to be able to modify a binary file? And, assuming the person that is doing the editting understands what they are doing, why wouldnt it run?

Re:

[shentino]

Self modifying code is a questionable programming tactic and many times you will get a segfault if you attempt to write to a program area.

Re:

[__aamnbm3774]

That wasn't my point. It shouldn't even be allowed to happen by the runtime or the operating system. That was my point.

Re:

[Yvanhoe]

On the other hand, there are several languages that forbid the direct manipulation of pointers and make it impossible to have out-of-bounds calls without crashing.

Buffer overflows are really linked to low-level languages (which I include C++ in, which is debattable I agree).

Re:

[Arker]

Thinking that the lack of ability to directly manipulate pointers makes better programs strikes me as very much like thinking that non-removable training-wheels would make better bicycles.

Also I cannot help but laugh when I see people calling C++ a "low level" language. You realise the original "high-level" language was Assembler?

Re:

[Yaur]

in C# you can manipulate pointers and p/invoke to unmanaged code for performance critical bits of your app... these are just not capabilities that are not needed for most problems.

Re:

[__aamnbm3774]

I can't help but laugh when people call C++ a "high level" language.

You realize the original Assembler was released 200 years ago. Definitions change fucknuts.

Re:

[robsku]

Perhaps C/C++ is "laughable at security" because as far as languages and security go security is not an issue of low level languages to deal with - unless a low level language (or rather a compiler in this case) has bugs that cause it to compile code that does not do what the language is documented to do with the piece of code in question the language/compiler is secure. Even with high level languages the security is lesser issue and while I can agree that some languages have implemented things in ways tha

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:

[Nerdfest]

... and if it's well written, you 'll probably never know it's there ... even if you go looking for it.

Re:

[Yaur]

that isn't necessarily true. There are lots of bad behaviors associated with viruses and/or rootkits that could be proactively targeted (e.g. SSDT hooking, cross process code injection) I'm sure they are to some extent, but obviously not enough.

Re:Watch for Falling Regime

[nedlohs]

Iranians aren't arabs, so whether something "makes arabs more or less inclined" is irrelevant to them.

Re:

[HornWumpus]

RTFA. Stuxnet was able to report back when if found a controller that matched it's target.

Those idiots didn't even have their systems air gaped.

Further, 5 targets? Iran has only acknowledged and allowed inspections of 1 ultra-centrifuge plant.

5 targets means any air strike just got more complicated. But we are still better off then before.

Just remember, everyone

[wiredog]

"Cyberwar" is just a propaganda term, and doesn't really exist.

Right?

Hey. You over there...

[_0xd0ad]

The first rule of cyber-warfare is:
You do not talk about cyber-warfare.

The second rule of cyber-warfare is:
You do NOT talk about cyber-warfare!

(also, that was GP's point.)

Re:

[nog_lorp]

Lol. Unless the attack was formulated and perpetrated by / at the behest of a government. Like Stux (hint: read HBGary emails for references to Stuxnet)

Re:

[Kwestmt]

Perhaps you should read Richard Clarke's book - "CYBERWAR "- the next threat to national security and what to do about it. Perhaps, enlightenment about what other countries are doing to US will stir your imagination!

Re:

[alien9]

right, war actually exists. Please leave the term cyber alone, that's so 80's.

Re:

[SimonTheSoundMan]

Cloud war? That any better?

Re:

[shentino]

A cyberwar is a real war in that belligerents seeking to secure dominance over the enemy exist.

The only difference is that the interconnectedness of the internet only ensures lots of collateral damage.

I'm sure that if tempers flared up enough, an aggressive sovereignty would have zero qualms about trampling over intervening networks to get their way.

Re:

[oodaloop]

Did Iran suddenly become an Arab country or something?

Stuxnet can't be ignored

[mooboy]

ATTN: Systems Integrators.
Guys, we can’t ignore this one. Stuxnet has taught the whole world what can be done. So it is now orders of magnitude more likely that an attacker could develop a modified version of it or design something similar to it in nature with the potential of doing much more damage than Stuxnet actually caused.

Here’s a worst-case scenario:
We’re now in a situation (unlikely, but potential) where an American systems integrator could connect his laptop to a plant in India,

Re:

[Coldmoon]

"Then we can use appropriate measures to remove it from any systems that didnâ(TM)t detect it. Is this good enough for now? Too extreme? Other ideas?"

You need to block and be able to reset/restore any effected system quickly as well. If you have to clean up afterwords, the deed/damage may already be done. Your idea of virtualization is a good one, but it does not go far enough, in that VMs are not security but simulation with potential for leakage in one form or another.

Also, relying on AVs as your

Re:

[Hijacked Public]

I doubt anyone in the US is vulnerable to the original Stuxnet worm's ultimate payload, not because they've updated their AV, but because there isn't likely anyone using the specific drives in the specific configuration that the payload targets.

On #1 of your list, I don't know of any big controls outfits that haven't been using VMs at least since Ethernet IO came into widespread use. Probably not since VMs that run well on laptops became available. We visit far too many facilities with different configs to

Re:

[djdanlib]

Careful, now.

Microsoft issued a fix for the Windows exploit Stuxnet uses in early August (or sooner). So if you've done Windows Update since then you're protected regardless of antivirus status.

Most large enterprises have patch cycles >= 30 days. Integrated systems and vendor-supported systems, 60-90 or more days. Sometimes you even see quarterly patch processes. Yes, the patch came out in August 2010. Antivirus vendors were detecting it in what, July 2010? June 2010? But: The attacks started in June 2009 and we can assume that it took at least a few months to develop Stuxnet (and who knows what else) after the exploit was discovered. That means we're talking about a year and a few

No solution

[should_be_linear]

Doing this kind of shit (and plain terrorist assassinations of physicists) only re-enforces Ahmadinejaad's power in Iran. It is not too difficult for state media there to display US, CIA and Israel as evil entities. So, this stupid "solution" to Iranian A-bomb problem actually made problem almost impossible to solve now.

Re:

[Nerdfest]

They do that whether it is the US/Israel or not.

Re:

[Anonymous Coward]

You're assuming the US, CIA, or Israel did this. Iran has everything to gain while they're "developing" an atomic bomb; if they actually gain one the US will be forced to plant 3 carrier groups off their coast and bomb them into submission, and they know it. Since Stuxnet set their program back allowing them to continue in the "development" phase, and it gives a talking point to the Iranian government to blame the West for their piss poor economy strengthening their oppressive regime, it seems those who h

Re:

[yurtinus]

if they actually gain one the US will be forced to plant 3 carrier groups off their coast and bomb them into submission

Why?

Re:

[oodaloop]

I mean, what does the US or Israel gain by unleashing stuxnet? If they want to stop the program, it would be far better to attack it.

What? It would be better to conduct a military strike on a sovereign nation, than conduct a non-attributable cyber attack? How exactly would that be better?

It's in Israel's and the US's interests for Iran to complete the program

Um, no. With Iran's wacky govt regularly saying things like they want to wipe Israel off the map, and actively supporting a wide range of terrorist groups that have attacked both the US and Israel, it's hardly ideal to let them have a nuke, from the US's perspective.

because then Iran is the evil one with WMDs and the West was forced to act in the name of world peace.

And since when has the US attacked a nuclear nation? Not a smart thing to do. If Iran

Re:

[Artemis3]

For all we know Iran has as many nukes as the US said Iraq had: None. Unless you mean "dirty" bombs, but ANY country with nuclear waste from power plants can have these.

Crafting a virus is ridiculously cheaper than mounting a military action of any sort, even sending a lone stealth plane to drop a single bomb is far more expensive than writing and deploying a virus, not to mention the anonymity involved.

Stuxnet targeted the uranium enrichment machines. They are needed because the 4 decade old power plant in

Re:

[oodaloop]

I won't argue much of what you say, but you seem to be intimating that Iran is NOT making an atomic weapon and are enriching Uranium to 20% for purely peaceful use in power plants. By several estimates I've seen, Iran's several thousand centrifuges can make a few atom bombs' worth in a few years, and it's possible they have one or more by now. I hope you're also aware that said power plants make Plutonium, which can of course be used in atomic weapons. If they're only interested in peaceful purposes, wha

Re:

[ArcherB]

Doing this kind of shit (and plain terrorist assassinations of physicists) only re-enforces Ahmadinejaad's power in Iran. It is not too difficult for state media there to display US, CIA and Israel as evil entities. So, this stupid "solution" to Iranian A-bomb problem actually made problem almost impossible to solve now.

OK, what would you suggest?

Not SCADA, PLCs

[Anonymous Coward]

It didn't actually target SCADA systems (though Siemens does make them) - it targetted their STEP 7 PLC systems. This is worse, it's a lower level control system. Google for Bruce Schneier's writing about Stuxnet for more good info.

They may have hit my Target as well...

[Anonymous Coward]

They tried to charge me 30 bucks for toilet paper, if that don't scream stuxnet worm I don't know what does!

Experts?

[bill_mcgonigle]

In July 2009, Wikileaks posted a notice that said:

Two weeks ago, a source associated with Iranâ(TM)s nuclear program confidentially told WikiLeaks of a serious, recent, nuclear accident at Natanz. Natanz is the primary location of Iranâ(TM)s nuclear enrichment program. WikiLeaks had reason to believe the source was credible, however contact with this source was lost. WikiLeaks would not normally mention such an incident without additional confirmation, however according to Iranian media and the B