Stuxnet - cyber war is here - it's not your Dad's war anymore

[bretg80]

Our world is changing. We are no longer using bombs to destroy things, but microcode viruses to destroy nuclear plants? Check out this article, it will amaze you.

Stuxnet is the name of the virus. Google it. Some country planted a virus that is capable of destroying a factory or plant by overriding control systems. At least that is what the experts believe this is. They are still trying to figure it out.

I'm sure we'll all be reading more about this in the coming weeks.

http://www.langner.com/en/index.htm

see my post further down that explains more about this

[Razz1]

Your funny!

You can't attack a factory that isn't connected to the internet.


Only an inside spy can use software to crash a system.

[janh]

Indeed very interesting.  It was in some of the major german newspapers yesterday.  Apparently they are pretty far with the reverse engineering and know that it was a multi-level code, that ultimately targeted the Siemens SPS process control sockets and their WinCC server, which we even use in our lab occasionally for heating or valve controls.  Completely without need for external internet connection!
Sounds like the next century will be big fun... Why throw billions out of the window and build new Virginia SSN, CVs etc, when the next war will be fought at a Wall Street computer or the console of a car company for just a couple mio $...

[Retsel]

A bit about it here from the BBC

http://www.bbc.co.uk/news/technology-11388018

[bretg80]

First off, I believe this is probably legit. Second, I believe this is as significant to our generation as the development of the Nuke was during WW2. Third, if we can do it, so can they, so look out.

Our world is changing. If you ever saw the Star Trek episode where they were fighting a war with computers, you realize the significance of this development.

Just wanted to make everyone aware of this new development in our world.

Oh and they speculate that the virus was delivered on a memory stick by the Contractor who services the plant. I'm sure the Contractor had no idea they were spreading the virus as it has propagated to all the locations they support.

This is a very sophisticated attack. I encourage you to read more about it if you are into wargames and military history as we are living it now and we may be playing wargames like this in the future.

[stuman]

Very interesting.

It is only going to get worse and worse.

[bretg80]

I just saw a demo of how this thing works. Very clever. It is a shortcut and a dll. All you have to do is open a directory on a website or a memory stick and it automatically runs, you don't have to touch anything.

Anti-virus was not able to detect it.

[stuman]

ORIGINAL: bretg80

I just saw a demo of how this thing works. Very clever. It is a shortcut and a dll. All you have to do is open a directory on a website or a memory stick and it automatically runs, you don't have to touch anything.

Anti-virus was not able to detect it.

Then how in the world would you be able to detect such a worm before it started its run ?

[USSAmerica]

I'm sure that the AV programs are now updated to detect it.  

[KenchiSulla]

It is possible to NOT use software and manually screw up any plant (nuclear of whatevah) if you know what you are doing... So dont loose any sleep over it....

[KenchiSulla]

Also, in conservative industry (Oil&gas, power plants etc.) there is always a fallback scenario NOT related to software (mechanical safety valves for example)... These plants are thoroughly HAZOPped..

[Pascal_slith]

ORIGINAL: Razz

Your funny!

You can't attack a factory that isn't connected to the internet.


Only an inside spy can use software to crash a system.

The virus appeared before the equipment was installed in many factories. Siemens seems to be the prime target with their control systems.

[Pascal_slith]

ORIGINAL: Cannonfodder

Also, in conservative industry (Oil&gas, power plants etc.) there is always a fallback scenario NOT related to software (mechanical safety valves for example)... These plants are thoroughly HAZOPped..

Like the cap on the oilwell in the Gulf of Mexico......

[KenchiSulla]

ORIGINAL: Pascal

ORIGINAL: Cannonfodder

Also, in conservative industry (Oil&gas, power plants etc.) there is always a fallback scenario NOT related to software (mechanical safety valves for example)... These plants are thoroughly HAZOPped..

Like the cap on the oilwell in the Gulf of Mexico......

Try comparing that rigs safety system to any rig in the north sea (after a certain incident with Piper Alpha back in the 80s). I am really interested in the technical investigation in that particular incident. Something is fishy there it has something to do with saving money...

Still, the incident in the Gulf is small (relatively speaking)...

[KenchiSulla]

ORIGINAL: Pascal

ORIGINAL: Razz

Your funny!

You can't attack a factory that isn't connected to the internet.


Only an inside spy can use software to crash a system.

The virus appeared before the equipment was installed in many factories. Siemens seems to be the prime target with their control systems.

Siemens seems to be the prime target with their control systems.

What Siemens control system?

[bretg80]

From what I've read this virus was meant to target the Natanz nuclear facility in Iran.

Frank Rieger, chief technology officer at Berlin-based security firm GSMK, thinks the more likely target in Iran was a nuclear facility in Natanz. The Bushehr reactor is designed to develop non-weapons-grade atomic energy, while the Natanz facility, a centrifuge plant, is designed to enrich uranium and presents a greater risk for producing nuclear weapons. Rieger backs this claim with a number of seeming coincidences.

The Stuxnet malware appears to have begun infecting systems in January 2009. In July of that year…WikiLeaks posted an announcement saying that an anonymous source had disclosed that a “serious” nuclear incident had recently occurred at Natanz… The site decided to publish the tip after news agencies began reporting that the head of Iran’s atomic energy organization had abruptly resigned for unknown reasons after 12 years on the job.

There’s speculation his resignation may have been due to the controversial 2009 presidential elections in Iran that sparked public protests — the head of the atomic agency had also once been deputy to the losing presidential candidate. But information published by the Federation of American Scientists in the U.S. indicates that something may indeed have occurred to Iran’s nuclear program. Statistics from 2009 show that the number of enriched centrifuges operational in Iran mysteriously declined from about 4,700 to about 3,900 beginning around the time the nuclear incident WikiLeaks mentioned would have occurred.
[Wired]

"Exactly what Stuxnet might command industrial equipment to do still isn’t known. But malware experts say it could have been designed to trigger such Hollywood-style bedlam as overloaded turbines, exploding pipelines and nuclear centrifuges spinning so fast that they break. “The true end goal of Stuxnet is cyber sabotage. It’s a cyber weapon basically,” said Roel Schouwenberg, a senior antivirus researcher at Kaspersky, a security software maker. “But how it exactly manifests in real life, I can’t say.” " [BITS website]

AND NOW THIS IN TODAY's HEADLINES

Iran would consider ending higher level uranium enrichment, the most crucial part of its controversial nuclear activities, if world powers send Tehran nuclear fuel for a medical research reactor, President Mahmoud Ahmadinejad told reporters Friday. [yahoo.com]

It would appear that Stuxnet worked it's magic. This is a powerful new Cyber weapon and we are entering a new age of warfare. This is the real deal guys. I'm a Computer Scientist and I can tell you that what has been accomplished here is the equivalent to the development of Radar during WW2 or decoding the Enigma code or the Japanese Naval code, and may even be the equivalent of the Atomic bomb. It is a significant event in history and it will become very apparent in the coming years. Right now people don't understand what happened, but they will. In effect, some organization may have infected a nuclear processing plant using a sophisticated attack possibly using a memory stick and destroyed the plant from the inside using software, pretty amazing. [&o]

[Nemo121]

It is the natural progression.

I'd also suggest that the idea that plants with manual backups will be able to avoid the sequelae of such attacks is misguided. Humans work at a particular speed and no faster both in terms of cognition and physical action. The people who designed this malware, almost certainly in America, would have no trouble at all getting the sort of military and psychological input to ensure that the cascade of failures that would be engendered would be such that it would overload those attempting to counter the effects and, ideally, use their protocolised re-actions to actually worsen things. Don't forget that once you have a protocol in place it is pretty easy for someone to read the protocols, figure out the time taken for each step and construct overloads or false flags which either paralyse or trigger inappropriate actions.

People don't realise just how easily and quickly humans get overwhelmed in terms of their cognitions.


All in all though this is the future and I, for one, think that if this strike did happen then we should be thankful. It is a lot better than the havoc which would be caused by an Israeli strike into Iran and collateral damage to non-Iranian factories provides a degree of plausible deniability and the ability to blame cybercriminals etc.

Of course there's no significant public proof one way or the other but this is just a much improved version of the software and hardware backdoors no such agency was getting incorporated in the 70s, 80s and 90s. I've always had a suspicion that if the Warsaw Pact had gone to war with the US in the 80s they'd have found a lot of their IT systems would have started doing some very strange things and generating all sorts of confusion.

China's investing quite a lot to get a viable computer industry up and running in order to supply its own governmental needs. I don't think that's a guarantee but it is a lot better than buying stuff in from the US and Europe and scanning it for issues ( as the Soviet UNion did in days past ).

[stuman]

"People don't realise just how easily and quickly humans get overwhelmed in terms of their cognitions. "

I believe that. I seem to get overwhelmed everyday: kids, wife, employees, clients, IRS, vendors, bureaucrats of all types. It's enough to drive a man to drink. [:)]

[Nemo121]

Denial and vodka.... Man's chief coping strategies [:D]

Fortunately for me my policy of:
a) not giving a damn about the small stuff,
b) ignoring whatever is pointless and
c) labelling most things as pointless or "small stuff"

seems to be working quite well.... Well, that and the denial [:D]

[stuman]

ORIGINAL: Nemo121

Denial and vodka.... Man's chief coping strategies [:D]

Fortunately for me my policy of:
a) not giving a damn about the small stuff,
b) ignoring whatever is pointless and
c) labelling most things as pointless or "small stuff"

seems to be working quite well.... Well, that and the denial [:D]

My philosophy exactly !