Does computer worm "stuxnet" attack Iranian Nuclear Program?

[Magda Hassan]

It's not the only electronic warfare the Iranians have been subjected to. Remember how the www cables were cut? All of it illegal. It is a war crime to attack electrical installations and nuclear power facilities.

[Ed Jewett]

Iran cyber attack like a spy novel

2010-09-26 21:29



Berlin - The report about a cyber attack on Iran's nuclear programme by the computer worm Stuxnet reads like a chapter from a modern spy novel.
The sophisticated, complicated computer virus has targeted, of all places, controversial nuclear facilities in Iran, a country that the United States has described as a state sponsor of terrorism.
But Stuxnet is not fiction - rather, it's a worrisome reality.
Security experts have known for months about the vulnerabilities to Stuxnet of computerised control equipment that manage oil pipelines, electric utilities and nuclear plants - particularly software and equipment from Germany's high tech Siemens.
As early as July, Siemens made virus-scanning software available to its clients after learning of the bug, according to The New York Times.

Siemens said the malware appeared designed to extract data from industrial companies using Siemens software, and had been detected during a routine update of its software with a German industrial client.
On Saturday, Iran confirmed that its industrial computer system had become a victim of cyber-terrorism and that numerous computers were infected with Stuxnet. An IT official of Iran's mines and metals ministry told the Mehr news agency that 30 000 computers belonging to industrial units made by Siemens had been infected.
Best malware ever

While officials did not mention Iran's nuclear plants - which include the power plant in Bushehr and the enrichment facility in Natanz - the ISNA news agency reported that the Iranian Atomic Organisation had held a seminar in recent days to improve defences against Stuxnet.
"Stuxnet is the most refined piece of malware ever discovered," said Alan Bently, vice president of the US security firm Lumension.
"The worm is significant because mischief or financial reward wasn't its purpose. It was aimed right at the heart of a critical infrastructure," he said.
Stuxnet was first publicly identified in July, by Belarussian and German security experts, sources and media reports say. It accessed mainly Siemens control equipment by using four critical flaws in Microsoft Windows.
The flaws were identified by German security expert Ralph Langner with a team that identified Siemens as the special target. In early August, Microsoft issued an emergency patch to correct the flaw.

Windows is used by up to 80% of the world's computers.
Langner spoke of the "hacker of the decade." On a blog, he offered possible reasons for an attack aimed at Iran. He claimed the virus was developed by insiders who wanted to sabotage such facilities, and noted it was no accident that Iran has had technical problems with its plants in recent weeks.
Digital warfare

Further alarm was raised when it was discovered that the Bushehr facility was using an un-licensed version of Siemens' special industrial control software.

To make matters worse, it was not properly configured.
"I have never seen anything like that, not even in the smallest cookie plant," an appalled Langner said, after seeing evidence of the violations in a press photo of a Bushehr central control monitor screen that registered a clear systems error.
Frank Rieger of the Chaos Computer Club, a German-based organisation of hackers, proclaimed: "The first strike of digital warfare has been made."

Writing in the Frankfurter Allgemein newspaper, he claimed that Stuxnet had sabotaged Iran's nuclear enrichment programme.
Another expert, author Arne Schoenbohm, says such a scenario is quite possible: "Cyberspace has become the fifth military battlefield, after land, air, water and space."
Not individual hackers

There's little surprise that internet rumours speculate that Israel or the US government was behind the attack. There were charges that the US was testing its newly-organised cyber warfare command at the Pentagon.
Derek Reveron, a professor of national security and expert in information technology at the US Naval War College, refuted such speculation in a broadcast interview on Saturday.
He acknowledged that Stuxnet's sophistication invited such speculation. But he noted that government is way behind the specialised private sphere, upon which it draws for expertise.
He said Stuxnet has spread around the US, to Indonesia, Malaysia, and Pakistan, and has prompted inter-governmental co-operation in defeating it.
"The worst scenario would give hackers the ability to control a system where they could impact regulation... and cause physical destruction of a plant," he told broadcaster Al Jazeera.

"That's why governments around the world are coming together."
But experts from Symantec and other security firms believe that individual hackers would never have been able to develop such a sophisticated virus. Given the amount of resources and know-how that would go into developing such malware, there must be a government or at least a state-sponsored private firm behind the attacks, they said.
- SAPA
Read more on: security | internet | siemens | microsoft

http://www.news24.com/SciTech/News/Iran-...k-20100926

This is from "South Africa's premier news source"?! :questionmark:

[Ed Jewett]

It's not the only electronic warfare the Iranians have been subjected to. Remember how the www cables were cut? All of it illegal. It is a war crime to attack electrical installations and nuclear power facilities.

Well, once you've committed one, what's another?

[Magda Hassan]

The 'rational' thought of a psychopath.

[Ed Jewett]

debkafile's Iranian and intelligence sources report that these statements are preparing the ground for Tehran to go beyond condemning the states or intelligence bodies alleged to have sponsored the cyber attack on Iranian infrastructure and military industries and retaliate against them militarily. Iran is acting in the role of victim of unprovoked, full-scale, cyber terror aggression.

"the opponent is left responding to situations which have already changed".

There is no doubt that there is a lot of purposefully-induced mystery as to the source of this cyber-attack (as though it will truly mislead anyone) -- that it is America, no wait, Israel, no wait, America, no wait an indie attack by some rich dude with a small army of elite hackers, no wait, it's Israel...

Hey, guess what? All the same.

Iran has certainly been expecting such an attack (it's been telegraphed for a long time), and in the general sense, I don't see that situations have changed much at all. I don't think of this as an OODA-loop attack... it hasn't been executed with speed, and it hasn't been executed in an atmosphere of pre-instituted confusion. It strikes me as an oblique assault, or a "refusal" of a wing to roll up the front; there is more to come.

[Peter Lemkin]

Just a thought.....for the US/Israel, it would be preferable if a war with Iran were started by Iran....so this may be a way to provoke them to start the fight...but I doubt they'd take the bait...but who knows. I'm sure the computer virus/trojan was also very much meant to just destroy what they have not yet gotten around to bomb, by making control of it impossible or difficult. Tailor made computer viruses - how nice.....first for countries and programs, next for individuals, I'll bet. Just another note....despite the propaganda in the 'West' Iran has one of the most highly educated populations in the world and I believe is listed as having the hightest literacy rate - don't know the specifics on their programmers, but bet they are not far behind world-class. If anyone other than the major powers can figure out how to disarm and counter such a cyber threat, they likely are...but it will take time. It will, of course, likely make them think of retaliation in kind once they identify the culprit. :pcguru:

---The blowback was inevitable and it is now also in German Industries, as well!: [Psssst - Many large industries in the US use Siemens systems, as well......]

Stuxnet worm can re-infect scrubbed PCs
Iran's attempts to eradicate worm could be stymied by new infection vector, says researcher
By Gregg Keizer
September 27, 2010 04:09 PM ET
Computerworld - A security researcher today revealed yet another way that the Stuxnet worm spreads, a tactic that can re-infect machines that have already been scrubbed of the malware.

The new information came on the heels of admissions by Iranian officials that Stuxnet had infected at least 30,000 of the country's Windows PCs, including some of the machines at the Bushehr nuclear reactor in southwestern Iran.

The worm, which has been dubbed the world's most sophisticated malware ever, targets Windows PCs that oversee industrial-control systems, called "SCADA" systems, that in turn manage and monitor machinery in power plants, factories, pipelines and military installations.

Previously, researchers had spotted several propagation methods in Stuxnet that ranged from spreading via infected USB flash drives to migrating between machines using multiple unpatched Windows bugs.

Liam O Murchu, manager of operations on Symantec's security response team and one of a handful of researchers who have been analyzing Stuxnet since its public appearance in July, said today he'd found another way that the worm spreads. According to O Murchu, Stuxnet also injects a malicious DLL into every Step 7 project on a compromised PC, ensuring that the worm spreads to other, unaffected PCs whenever an infected Step 7 file is opened.

Step 7 is the Siemens software used to program and configure the German company's industrial control system hardware. When Stuxnet detects Step 7 software, it tries to hijack the program and pass control to outsiders.

"All Step 7 projects [on a compromised computer] are infected by Stuxnet," O Murchu said in an interview today. "Anyone who opens a project infected by Stuxnet is then compromised by the worm."

O Murchu said that the Step 7 propagation vector would insure that already-cleaned PCs would be re-infected if they later opened a malicious Step 7 project folder. "You could imagine the scenario where someone had cleaned the computer of Stuxnet, but before they did that, they backed up the project," he said. "When the project was later restored [to the now-clean] PC, it would be re-infected."

Another possibility, said O Murchu, is that Stuxnet's makers hoped to infect systems at a central SCADA-programming authority, which would then pass along the worm to PCs at several facilities that would use the Step 7 files to configure the local control hardware.

Siemens has admitted that 14 plants, many of them in Germany, were infected with Stuxnet, but it has not provided details on how the worm wriggled into those facilities.

The just-discovered way that Stuxnet spreads means that cleaning up after the worm will be more difficult, O Murchu said.

Earlier, O Murchu and others who have dug into Stuxnet, argued that the malware's complex construction and advanced techniques indicated it was the work of a state-backed group. The Step 7 infection vector is another clue of that, O Murchu said today.

"This is a very remarkable feature," he said. "Step 7 is fairly proprietary software, and whoever created Stuxnet had to know that program very well. It's certainly not something simple."

Over the weekend, Iranian officials acknowledged that Stuxnet had infected tens of thousands of Windows PCs in the country, including some at the Bushehr nuclear reactor.

Other security analysts have speculated that the worm was designed to cripple the Bushehr reactor. Several Western governments, including the U.S., suspect that Iran will reprocess Bushehr's spent fuel to produce weapons-grade plutonium for use in nuclear warheads.

On Sunday, the deputy head of Iran's Atomic Energy Organization said that Stuxnet had not affected Bushehr's control systems, and that experts had taken steps to block the worm from spreading.

[Ed Jewett]

I recall seeing something somewhere that said that the malware had found a home dominantly in Iran, but also in India and Afghanistan. So psychopathology is apparently the operative theme of the new millennium. Yes, of course USrael wants to provoke Iran to attack first, or wants some conflagration to ensue which it can ratchet into something of further benefit, though I am hard pressed to understand why it would purposefully risk a compromise of the Straits of Hormuz, the alienation of other great nations (China comes to mind), a nuclear exchange between anyone at any level (even if just a Chernobyl-like meltdown), and worse ... unless.... well, I have a theory, but not enough facts to build the scaffolding it requires. But there are signs that brushfires are being set in many parts of Eurasia along the Silk Road and the arc of crisis. And I still want to know what the X37B has up its sleeve (I have a theory about that too). But the militarists have gone plum crazy. You know all those old movies...? Dr. Strangelove and that genre? Someone is gonna have to make a new one; reality is making all that old stuff look sophomoric.

[Jan Klimkowski]

In addition to being warfare against a nation state (Iran), using cyberspace, this is also warfare against a multinational.

Step 7 is the Siemens software used to program and configure the German company's industrial control system hardware. When Stuxnet detects Step 7 software, it tries to hijack the program and pass control to outsiders.

"All Step 7 projects [on a compromised computer] are infected by Stuxnet," O Murchu said in an interview today. "Anyone who opens a project infected by Stuxnet is then compromised by the worm."

(snip)

Siemens has admitted that 14 plants, many of them in Germany, were infected with Stuxnet, but it has not provided details on how the worm wriggled into those facilities.

The just-discovered way that Stuxnet spreads means that cleaning up after the worm will be more difficult, O Murchu said.

Earlier, O Murchu and others who have dug into Stuxnet, argued that the malware's complex construction and advanced techniques indicated it was the work of a state-backed group. The Step 7 infection vector is another clue of that, O Murchu said today.

"This is a very remarkable feature," he said. "Step 7 is fairly proprietary software, and whoever created Stuxnet had to know that program very well. It's certainly not something simple."

Siemens must be furious if a major First World intelligence operation (be it DIA, Mossad or whomever) has designed malware which targets Siemens proprietary "industrial control system" software such as "Step 7".

I wonder if the cyber warrriors designed an anti-virus?

Or whether Siemens software is fucked until their own crack programmers come up with one?

State, spook and multinational warfare taking place in cyberspace.

William "noir prophet" Gibson's cybervision is beginning to come to pass.

[Ed Jewett]

State, spook and multinational warfare taking place in cyberspace.

William "noir prophet" Gibson's cybervision is beginning to come to pass.

Thanks for introducing me to Wiliam Gibson.

I repeat my assertion that if the Bilderberg crowd can rent an entire hotel in Sitges, we all ought to be able to get together somewhere ...
http://www.collectivewisdominitiative.org/places.htm

So I'll return the favor and introduce the concepts of GlobalGuerillas...

"Globalization has brought about an age when the only tests used to judge anyone's behavior are:

• Does it make you money or its equivalent? The corollary is that the greater the amount of money acquired, the better the behavior is.
  
• Did you get away with it? This test is merely based on legal enforceability (were you caught in a place that matters) and the degree of punishment (will the punishment negate or exceed the benefit of the behavior). Morality, virtue, ethics, shame, actual legality, etc. aren't considered factors.
  

http://globalguerrillas.typepad.com/glob...round.html

[Peter Lemkin]

In addition to being warfare against a nation state (Iran), using cyberspace, this is also warfare against a multinational.

Step 7 is the Siemens software used to program and configure the German company's industrial control system hardware. When Stuxnet detects Step 7 software, it tries to hijack the program and pass control to outsiders.

"All Step 7 projects [on a compromised computer] are infected by Stuxnet," O Murchu said in an interview today. "Anyone who opens a project infected by Stuxnet is then compromised by the worm."

(snip)

Siemens has admitted that 14 plants, many of them in Germany, were infected with Stuxnet, but it has not provided details on how the worm wriggled into those facilities.

The just-discovered way that Stuxnet spreads means that cleaning up after the worm will be more difficult, O Murchu said.

Earlier, O Murchu and others who have dug into Stuxnet, argued that the malware's complex construction and advanced techniques indicated it was the work of a state-backed group. The Step 7 infection vector is another clue of that, O Murchu said today.

"This is a very remarkable feature," he said. "Step 7 is fairly proprietary software, and whoever created Stuxnet had to know that program very well. It's certainly not something simple."

Siemens must be furious if a major First World intelligence operation (be it DIA, Mossad or whomever) has designed malware which targets Siemens proprietary "industrial control system" software such as "Step 7".

I wonder if the cyber warrriors designed an anti-virus?

Or whether Siemens software is fucked until their own crack programmers come up with one?

State, spook and multinational warfare taking place in cyberspace.

William "noir prophet" Gibson's cybervision is beginning to come to pass.

A rather large company/multinational, at that: Siemens AG is a German engineering conglomerate that is the largest in Europe.[3] Siemens' international headquarters are located in Berlin, Munich and Erlangen, Germany. The company has three main business sectors: Industry, Energy, and Healthcare; with a total of 15 divisions. Worldwide Siemens and its subsidiaries employ approximately 420,800 people in nearly 190 countries and reported global revenue of 76.651 billion euros for the year of 2009. tickyman: