Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Security

Water Pump Used To Get $1 Billion Stuxnet Malware Into Iranian Nuclear Facility (securityweek.com) 36

An anonymous reader quotes a report from SecurityWeek.com: A Dutch engineer recruited by the country's intelligence services used a water pump to deploy the now-infamous Stuxnet malware in an Iranian nuclear facility, according to a two-year investigation conducted by Dutch newspaper De Volkskrant. Stuxnet, whose existence came to light in 2010, is widely believed to be the work of the United States and Israel, its goal being to sabotage Iran's nuclear program by compromising industrial control systems (ICS) associated with nuclear centrifuges. The malware, which had worm capabilities, is said to have infected hundreds of thousands of devices and caused physical damage to hundreds of machines.

De Volkskrant's investigation, which involved interviews with dozens of people, found that the AIVD, the general intelligence and security service of the Netherlands, the Dutch equivalent of the CIA, recruited Erik van Sabben, a then 36-year-old Dutch national working at a heavy transport company in Dubai. Van Sabben was allegedly recruited in 2005 -- a couple of years before the Stuxnet malware was triggered -- after American and Israeli intelligence agencies asked their Dutch counterpart for help. However, the Dutch agency reportedly did not inform its country's government and it was not aware of the full extent of the operation. Van Sabben was described as perfect for the job as he had a technical background, he was doing business in Iran and was married to an Iranian woman.

It's believed that the Stuxnet malware was planted on a water pump that the Dutch national installed in the nuclear complex in Natanz, which he had infiltrated. It's unclear if Van Sabben knew exactly what he was doing, but his family said he appeared to have panicked at around the time of the Stuxnet attack. [...] Michael Hayden, who at the time was the chief of the CIA, did agree to talk to De Volkskrant, but could not confirm whether Stuxnet was indeed delivered via water pumps due to it still being classified information. One interesting piece of information that has come to light in De Volkskrant's investigation is that Hayden reportedly told one of the newspaper's sources that it cost between $1 and $2 billion to develop Stuxnet.

This discussion has been archived. No new comments can be posted.

Water Pump Used To Get $1 Billion Stuxnet Malware Into Iranian Nuclear Facility

Comments Filter:
  • by kalpol ( 714519 ) on Thursday January 11, 2024 @04:30PM (#64150915)
    "Van Sabben passed away in the United Arab Emirates two weeks after the Stuxnet attack as a result of a motorcycle accident. "
  • by wakeboarder ( 2695839 ) on Thursday January 11, 2024 @04:36PM (#64150939)
    Make someone else plant the malware for a favor.
  • by systemd-anonymousd ( 6652324 ) on Thursday January 11, 2024 @05:01PM (#64151047)

    Stuxnet began to successfully interfere with the centrifuges, but Mossad was impatient and got greedy, and pushed an update that would make the sabotage happen more frequently. An engineer noticed the malware attempting to update by pure chance, and it led to the *massively expensive* operation being discovered and made worthless. They did manage to get a few nuclear engineers executed by the Iranian government, however, as they were suspected of the sabotage.

    I really recommend Episode 7 of the Malicious Life podcast, which goes into great detail about Stuxet

    • by lsllll ( 830002 )
      What I don't get is how you keep a project like this under wraps and still manage to spend billion $1-$2 on it. That's a good chunk of change. I get it that they probably needed to replicate what was in Natanz/Iran to some extent for test runs and things like that, but still. Some government contracts got super rich because of this.
      • the old adage is $200 hammers aren't for the hammers.

        I had thought this was on relatively standard 'big iron' type equipment, hence the problem when it got out...it became a world wide problem expressly because it was compatible with a wide base of installs. Maybe it's just time inflation but 1-2 billion doesn't seem terribly high for something like this.
        • I can wrap my brain around a $200 hammer as a physical good. Things get expensive once you factor in certifications, machining to tight tolerances, low production volumes, etc.

          But software? You aren't really going to get efficiencies by putting more than a few dozen people on the project. Even if you're paying every single member of that team millions per year and need to build them a bespoke undergroup facility to work in or something, you're still at least an order of magnitude away from a billion. T

      • It's grift

      • by gweihir ( 88907 )

        Definitely several orders of magnitude cheaper. I guess this guy just tried to misrepresent his own worth by overstating the cost of the op.

  • White hat hacking at its finest.
    • Re: (Score:3, Insightful)

      I'm sure he felt very heroic when he died in an "accident" in Dubai two weeks after doing the Mossad's dirty work. But hey, at least Israel is safe from the brownies. Slava Ukraini.
    • by gweihir ( 88907 )

      Nope. This is black. Have you overlooked what _other_ damage it did? Actual white hats are careful in targeting stuff.

      • What other damage did it do? From my reading, Stuxnet was remarkably narrowly targeted and only actually broke things in the Iranian nuclear program.

        I'm personally agnostic on whether it constitutes "white" or "black" hat hacking.

    • Penetrating in secret with the intention to cause damage isn't white hat, even if you believe they're the good guys.

  • key learning separate your different control nets when doing something like this that someone else may be interested in destroying.

    One set to control your super critical nuclear centrifuges and one net to control the water pumps and other required equipment or maybe even separate each set of networks for each different supplier of industrial equipment so something cannot be come in on one piece of less carefully examined/controlled equipment and infect/destroy other components in a more critical area.
    And cl

    • by gweihir ( 88907 )

      The other key learning is that even when something is _this_ critical to a nation, they still screw up hiring the right people for IT security.

  • That sounds like he went and installed a water pump, without them knowing. I am willing to bet it actually means "Went to work there to install a water pump"

  • by rapjr ( 732628 ) on Thursday January 11, 2024 @05:47PM (#64151225)
    Now that the participation of this engineer has been outed will there be repercussions for his wife's family in Iran?
    • Journalists: Destroying peoples lives since they started writing.

      Note to everyone: never, ever, ever trust a journalist. Ever. Never disclose any information. In the end, their only end goal is to destroy and discredit you and the people you love all in the name of âoejournalistic integrity.â

  • by manu0601 ( 2221348 ) on Thursday January 11, 2024 @05:49PM (#64151235)

    Article says

    Ralph Langner, a researcher who conducted an in-depth analysis of Stuxnet after the malware’s existence came to light, noted that “a water pump cannot carry a copy of Stuxnet”.

    Indeed, I wonder how it moved laterally from the water pump. Was it a connected water pump? What fool would grant network access to a water pump in a nuclear facility?

    • hey now, they used a password. l1u2g3g4a5e
    • My guess is automatic monitoring, Have the water pump report flow rate, water temp, and whatever else they want to see. Easiest way to do that is to put it on a network.

      After all, a water pump for a nuclear power plant is nothing like the water pump in your car.
    • The variable frequency drive could controlling the water pump is more likely. Modern ones are quite talkative and on Ethernet networks. The slightly older ones use Modbus.

    • What fool would grant network access to a water pump in a nuclear facility?

      Water pumps in a nuclear facility are more complicated than the one in your turtle tank?

    • by gweihir ( 88907 )

      Well, a water pump cannot, but a networked control unit for a water pump sure as hell can.

  • With a narrative this sensationalistic, I would wait for sources that I've actually heard of and know to be journalistic before buying any of it. Especially with a claim like that he "died in a motorcycle accident two weeks after Stuxnet", whose intended implications are far too on-the-nose for sources this marginal.
  • it cost between $1 and $2 billion to develop Stuxnet

    I call BS on this. You could pay an army of 1,000 software developers $1 million each at that rate. Or a huge team of 100 developers $10 million each. The numbers don't make sense.

Many people are unenthusiastic about their work.

Working...