An amazing creation...

007 Returns as STUXNET (http://www.foxnews.com/scitech/2010/11/26/secret-agent-crippled-irans-nuclear-ambitions/#ixzz16taeU2Yr)

Rmpl

http://lwn.net/Gallery/i/Sirtux2.gif
Psst stupid window 7 running the plant.

"The squeaky wheel gets the grease."

But I say: "If you want to be sneaky don't be squeaky."

Referring to how Iran does and causes things that a lot of attraction to themselves.

Wow, this is an amazing story. Why haven't we heard more about this in the news?

Wow, this is an amazing story. Why haven't we heard more about this in the news?

Skynet is covering it's tracks.

There are plenty of available news sources that are covering Stuxnet. The reason it isn't on the MSM is that it's simply to complex to understand and little understanding of its true potential.

I just finished a couple of projects at school that dealt with Stuxnet in depth.

The main take away for the lay person is this: Where hacking and information warfare used to be about the theft of data or attacking networks. Stuxnet focuses on SCADA systems which control industry and vital infrastructure as such it represents a paradigm shift where worms/an attacker can actually kill people without leaving their computer.

While it hasn't happened yet (mostly since we don't know the true potential of the worm) imagine shutting off the cooling pumps in a nuclear reactor? or opening floodgates on a dam? or overpressurizing oil/gas pipelines? or causing trains to derail or traffic management systems to malfunction.

It's no joke and it's not skynet.

One area where I disagree:


Langer argues that no single Western intelligence agency had the skills to pull this off alone. The most likely answer, he says, is that a consortium of intelligence agencies worked together to build the cyber bomb. And he says the most likely confederates are the United States, because it has the technical skills to make the virus, Germany, because reverse-engineering Siemen’s product would have taken years without it, and Russia, because of its familiarity with both the Iranian nuclear plant and Siemen’s systems.

Any number of nations could have pulled this off alone. I'm extremely doubtful you would have found cooperation on this level, especially from the Russians.

It's no joke and it's not skynet.

Well it is sci-fi, like something out of a Gibson novel. I hope this is us, and that we are able to keep up with the Chinese in the area of cyber warfare.

Stuxnet focuses on SCADA systems which control industry and vital infrastructure as such it represents a paradigm shift where worms/an attacker can actually kill people without leaving their computer.
<snip>
Any number of nations could have pulled this off alone. I'm extremely doubtful you would have found cooperation on this level, especially from the Russians.

I agree, cooperation with Russia is doubtful. A USA-IDF tag team not so doubtful. Rather, likely.

IF we were involved, then I give Obama a high-five for doing it. It is gutsy, as it is an act of war... IF, and I say IF, we were invloved, He did good, as did all of cyber-geeks wherever they are now days...

But the SCARY SIDE is that now SCADA has been breeched and provenly sabatoged. Most people do not grasp how widespread SCADA is in our EVERYDAY LIFE, and how we TRUST the SCADA systems with OUR LIVES every second of the day. The nuke plant event like "Chernobyl" is EASY once you are in control via SCADA. Best pray an alert Operator sees it on a MANUAL, non-PLC controlled meter before it is too late... As the control board may not show it...

Truly scary stuff once one realizes how this worm changes EVERYTHING...

Rmpl

America far and away has the most advanced cyberwarfare capabilities, at least for now, the reason you hear more about the Chinese is because they AREN'T as good as we are.

SCADA systems are increasingly vulnerable because they're increasingly networked to the public internet.

Think the SmartGrid is a good idea? Not without huge improvements in network security.

The three main suspects:

1. Israel - already has a demonstrated capability to apply cyber warfare (see bombing of Syrian reactor) to strategic problems. A key date and other messages hidden lines of code in Stuxnet point to Israeli involvement, however it seems unlikely that Israel would be that sloppy - so I'm guessing a red herring.

2. United States - certainly has all the advanced know-how, expertise and resources to pull this off however while the worm is complex and masterful, its deployment/application were rather clumsy. Deploying Stuxnet is an overt act of war, it seems unlikely that we would have done this so casually without coordinating its effects with a decisive military strike.

3. China - Stuxnet relies on certificates from JMicron and Realtek (both Taiwanese companies that frequently complain of Chinese hacking) point to their involvement. Iran and China have clashed in cyberspace before (Iran recently tried to attack Baidu) and China might well be playing both ends against the middle or at least want to make it look like the US/Israel are to blame. They also have the muslim Uyghur population which they fear might fall under the influence of theocracies.

2. United States - certainly has all the advanced know-how, expertise and resources to pull this off however while the worm is complex and masterful, its deployment/application were rather clumsy. Deploying Stuxnet is an overt act of war, it seems unlikely that we would have done this so casually without coordinating its effects with a decisive military strike.


Hey, I just gave Obama a high-five, but lets not push it... We are still talking about BHO here... I don't see him doing a military strike on Iran yet.

Rmpl

Hey, I just gave Obama a high-five, but lets not push it... We are still talking about BHO here... I don't see him doing a military strike on Iran yet.

Rmpl

Agreed...I'm just saying it's already an act of war.

Why not get our money's worth if it were us?

If it was the US, I'm deeply, deeply disappointed. They let the genie out of the bottle in a half-assed kind of way.

Even if they did confab on it........ what makes anyone think that anyone they could talk to has any knowledge about it? Governments don't have all the really smart people..... there are 2 or 3 possible ways this got created without Governmental oversight.

"The squeaky wheel gets the grease."

But I say: "If you want to be sneaky don't be squeaky."

Referring to how Iran does and causes things that a lot of attraction to themselves.

Ego's can be a downfall for some and a warning for others. :D

Governments don't have all the really smart people..... there are 2 or 3 possible ways this got created without Governmental oversight.

Not really. There was some speculation that it was organized crime, but if it were why not use it as blackmail? It's not just a question of being smart, you also need a tremendous amount of resources over and above pure money which you also need.

Everyone I know of in the black hat community believes this is a government-run op.

That was a great read, incredibly fascinating stuff. Wonderful to hear they took such a big hit.

But it also makes you think about what could be next. Just because that stuff is fine in the hands of the good guys, but what about when the bad guys are capable of doing the same? Could there come a time when computers are nearly obsolete for running things such as infrastructure and finance due to an ongoing and ever increasing risk of cyber attack?

The consequences to some of our major systems being manipulated in such a way, especially if undetected for similar periods of time, could be astronomical. I know it's unlikely now, but who knows what will be in 10 years or so. Seems like this complex game will only intensify as time goes by, but to what end?

One thing I realized is that looking back over the last year and a half everybody was always wondering why we or the Israelis hadn't attacked Iran yet since everyone was saying they would soon have nukes. This explains the lack of activity if our government knew this was happening.

They were on an isolated network some one most likely broke security protocol with a jump drive. Very sophisticated attack only targeting the speed controllers on the centrifuges and it went undetected for a long time :laugh: Bet it cost them millions in equipment replacement and lost man hours.
Shouldn't have never been controlling the centrifuges with ANY microsoft garbage os in the first place stupid mother ****ers.

YouTube vid of a staged cyber attack that caused a generator to FUBAR:

http://www.youtube.com/results?search_query=staged+cyber+attack&aq=f

Shouldn't have never been controlling the centrifuges with ANY microsoft garbage os in the first place stupid mother ****ers.

All SCADA systems use Windows.

Even still Stuxnet is something of a masterpiece. Most pieces of malware have at most 7 functions/exploits, Stuxnet has about 50, over and above being a rootkit.

All SCADA systems use Windows.


We use Unix.

All SCADA systems use Windows.

Even still Stuxnet is something of a masterpiece. Most pieces of malware have at most 7 functions/exploits, Stuxnet has about 50, over and above being a rootkit.

You can run windows programs in linux. And besides I am sure there is a linux program some were that would do the same thing but better.

We use Unix.

The SCADA itself or the terminals used to program the PLCs?

I guess I was wrong but my understanding was that virtually all SCADA systems are vulnerable to Stuxnet because of this.

The SCADA is run on Sun workstations and a Sun server all running UNIX. We use RTUs not PLCs. We program the RTUs with Windows machines. This is an electrical utility application. Our plants do not use Windows either, at least not for process control though the PLCs are accessed with Windows machines. Windows not suitable for real time control and is far too unstable and vulnerable for process control. From what I have gathered, Stuxnet was written for Natanz and Bushehr. Certainly this method could be adapted for attacks elsewhere. In the last month I have pulled out electromechanical protective relays and replaced them with four microprocessor relays, all connected to a network, all capable of tripping big breakers. In theory you could put an entire county in the dark. Stuxnet is how you would do it. We have a big job to do to secure our infrastructure.

More information...looks like it worked as intended.

http://www.jpost.com/IranianThreat/News/Article.aspx?id=199475

I'm hearing increased noise that the Russians may have been responsible.

I was under the impression that Russia helped build the facility. While that would give them access, at the same time, why stab your partner in the back?

I would think that if Russia didn't want them to get nuclear facilities, they would just stop building them for Iran. . .

I was under the impression that Russia helped build the facility. While that would give them access, at the same time, why stab your partner in the back?

I would think that if Russia didn't want them to get nuclear facilities, they would just stop building them for Iran. . .

You're thinking like an American. Subtlety isn't really our cultural strong point.

It would not be the first time the Russians played both ends against the middle. In fact it's kind of their stock in trade...chess not checkers.

This is especially true when Iran thwarted their ambitions for a pipeline and they had to go through Turkmenistan.

Added to the issue you have an ongoing jihadist war in Chechnya.

I'm not saying for sure that they did it but there is ample motivation.

There are three sides to the guilt triangle: Means, Motive and Opportunity...Russia certainly had all three.

You're thinking like an American. Subtlety isn't really our cultural strong point.

You know what, you are absolutely correct. I have been called an asshole on more than one occasion for being too direct, when some fluff was really needed. I have a hard time with that, haha.

As for them (Russia) having created the Stuxnet, I'm finding that a little hard to believe. I have no doubt that they have brilliant people working for them, but there seems to be a consensus that it was multi-party based. While I'm no expert on the subject, that is what seems to be going around. The Russians might have had a hand in it (who hasn't been thought to be behind it?), but creating it all in house seems like a stretch to me.

America far and away has the most advanced cyberwarfare capabilities, at least for now, the reason you hear more about the Chinese is because they AREN'T as good as we are.

SCADA systems are increasingly vulnerable because they're increasingly networked to the public internet.

Think the SmartGrid is a good idea? Not without huge improvements in network security.

The three main suspects:

1. Israel - already has a demonstrated capability to apply cyber warfare (see bombing of Syrian reactor) to strategic problems. A key date and other messages hidden lines of code in Stuxnet point to Israeli involvement, however it seems unlikely that Israel would be that sloppy - so I'm guessing a red herring.

2. United States - certainly has all the advanced know-how, expertise and resources to pull this off however while the worm is complex and masterful, its deployment/application were rather clumsy. Deploying Stuxnet is an overt act of war, it seems unlikely that we would have done this so casually without coordinating its effects with a decisive military strike.

3. China - Stuxnet relies on certificates from JMicron and Realtek (both Taiwanese companies that frequently complain of Chinese hacking) point to their involvement. Iran and China have clashed in cyberspace before (Iran recently tried to attack Baidu) and China might well be playing both ends against the middle or at least want to make it look like the US/Israel are to blame. They also have the muslim Uyghur population which they fear might fall under the influence of theocracies.

Personally I never thought that the smartgrid was a good idea. As for your second point, while you may be correct, we absolutely could have been so clumsy with its deployment. I like your third point. It is something that does not leap out as a something that is probable, but is absolutely possible.