UPDATE: Stuxnet virus attack on Iranian nuclear programme: first strike by computer?
That's just great.
So Bradley Manning leaks a helicopter video to Wikileaks, and he goes on trial for "damaging national security." But a state-sponsored group of hackers writes code that can control infrastructure, and we must assume it will be copied by "terrorists," and what is the response? We may never get to the bottom of it?
^^^^^^^
UPDATE: Iran 'detains western spies' after cyber attack on nuclear plant
AFP describes them as "nuclear spies." "We have always faced the destructive action of these (spy) services and a number of nuclear spies have been arrested," he said."
JPost whistles past the graveyard... (http://www.jpost.com/IranianThreat/News/Article.aspx?id=189934)
Also see a discussion of what might be going on at Winter Patriot blog. Winter himself explains:
End update.
^^^^^^^
The Stuxnet worm has people worried. Threats that were once theoretical have become real because it allows the attacker to take control of critical systems like pumps, motors, alarms and valves in commercial systems.
In the last day or so we learn that Stuxnet has successfully penetrated China, extensively, as well as Iran.
Graham Cluley, an expert on viruses, said the sophisticated code may have been written by an insider at Siemens.
Yesterday we learned who might be the likely culprit: Israel.
Curiously, Langner also said not to worry, because obviously the worm is so specific that it hit its target.
We are not so sure about his conclusion, because now China has reported big problems with Stuxnet. Maybe Stuxnet wasn't finished after all?
Maybe, in light of the new special romance between Israel and China, what seems possibly obvious to us is that Israel maybe just explained to China who is wearing the pants?
We get the point, if that was the point.
Langner says this will lead to copycat activity.
Yes, we can see that part happening, too.
On a Vancouver stage last Thursday, a young Irish computing expert gave a filmed presentation showing how the world could end with the pop of a balloon.
That's just great.
We may never know for sure. The odd thing is that Stuxnet, so far, hasn't actually been proved to have done anything. Stuxnet contains a "switch" believed to target one very specific, tailored Siemens system – but no one knows which one, or what the switch is intended to do.We may never know for sure? That's bullshit. We saw the same thing recently when CNN did a piece on 911 conspiracy theories. Did they examine the theories? No. They went directly to "will this conspiracy theory become like the Kennedy Assassination? Analyzed for generations as an unsolved mystery?" Which of course is a total cop out designed to protect the guilty. See: funny or sad.
Israel has little to gain from denying or confirming anything. It cannot own up to what some see as a monumental act of irresponsibility – the creation of a worm that could attack any sensitive system anywhere in the world. On the other hand, its struggle with Iran is also psychological, and it does it no harm to be thought capable of disarming a nuclear programme without launching a missile.Eating one's cake and having it too then?
So Bradley Manning leaks a helicopter video to Wikileaks, and he goes on trial for "damaging national security." But a state-sponsored group of hackers writes code that can control infrastructure, and we must assume it will be copied by "terrorists," and what is the response? We may never get to the bottom of it?
^^^^^^^
UPDATE: Iran 'detains western spies' after cyber attack on nuclear plant
Iran has detained several "spies" it claims were behind cyber attacks on its nuclear programme. The intelligence minister, Heydar Moslehi, said western "spy services" were behind the complex computer virus that recently infected more than 30,000 computers in industrial sites, including those in the Bushehr nuclear power plant, appearing to confirm the suspicion of computer security experts that a foreign state was responsible. The announcement also suggests that the attack involving the Stuxnet worm virus, which computer experts believe may have been designed to spy on Iran's nuclear facilities rather than destroy them, has caused more alarm in the regime than has so far been acknowledged.
In remarks carried on Iranian state television and the Mehr news service, Moslehi said Iran had discovered the "destructive activities of the arrogance [of the west] in cyberspace", adding that "different ways to confront them have been designed and implemented". "I assure all citizens that the intelligence apparatus currently has complete supervision on cyberspace and will not allow any leak or destruction of our country's nuclear activities. "Iran's intelligence department has found a solution for confronting [the worm] and it will be applied. Our domination of virtual networks has thwarted the activities of enemies in this regard."
Moslehi gave no details of when the arrests had taken place or whether those detained were Iranians or foreign citizens. (more at link)
AFP describes them as "nuclear spies." "We have always faced the destructive action of these (spy) services and a number of nuclear spies have been arrested," he said."
JPost whistles past the graveyard... (http://www.jpost.com/IranianThreat/News/Article.aspx?id=189934)
Also see a discussion of what might be going on at Winter Patriot blog. Winter himself explains:
A computer 'worm' contains the instruction sequence necessary to propogate itself as well as the instruction sequence that does the damage. The first step significant step in defending against such a worm is reverse-engineering -- converting the "machine code" that the computer executes into "assembly code" which lists the instructions being executed.It's all just One Big WTF? at this point.
And therefore, using a worm as a weapon of war is, in the words of one of my most security-savvy computer-friends, "one of the stupidest things anyone has ever done anywhere". It is, as he put it, "like dropping an atomic bomb, then showering the survivors with leaflets explaining how to build an atomic bomb". He reckons the probability of this worm being revamped and used as an offensive weapon by the Iranians (or terrorists connected with Iran) as 100%. "How could they NOT use it?" he asked. "They're pissed off and they have the code!"
End update.
^^^^^^^
The Stuxnet worm has people worried. Threats that were once theoretical have become real because it allows the attacker to take control of critical systems like pumps, motors, alarms and valves in commercial systems.
It could, technically, make factory boilers explode, destroy gas pipelines or even cause a nuclear plant to malfunction. The virus targets control systems made by German industrial giant Siemens commonly used to manage water supplies, oil rigs, power plants and other industrial facilities.
In the last day or so we learn that Stuxnet has successfully penetrated China, extensively, as well as Iran.
"This malware is specially designed to sabotage plants and damage industrial systems, instead of stealing personal data," an engineer surnamed Wang at antivirus service provider Rising International Software told the Global Times. "Once Stuxnet successfully penetrates factory computers in China, those industries may collapse, which would damage China's national security," he added. Another unnamed expert at Rising International said the attacks had so far infected more than six million individual accounts and nearly 1,000 corporate accounts around the country, the official Xinhua news agency reported.
Graham Cluley, an expert on viruses, said the sophisticated code may have been written by an insider at Siemens.
The worm may have been written by someone with detailed knowledge of Siemens' computer systems, Graham Cluley said on Friday. Speaking to Computer and technology news website, V3, Cluley said the person may possibly be a current or former employee of the German industrial giant whose control systems are widely used to manage industrial facilities such as oil rigs and power plants. ...Another expert on the issue, Mikko Hypponen, chief research officer at F-Secure, told V3 that based on evidence he'd seen, the worm looks like a government attack. "If you look at the level of difficulty and complexity behind Stuxnet, it has to be a government effort," he further explained.Go here for a ten slide technical explanation of how the worm spread.
Yesterday we learned who might be the likely culprit: Israel.
"So let’s assume that using Stuxnet, Israel has indeed launched the world’s first precision, military-grade cyber missile. What are the implications?"We thing the primary implication is that a military attack on Iran has now been foreclosed as a viable option. It can't be justified anymore. Security has already been breached. Furthermore, the Stuxnet worm takes control over the control systems and can even, theoretically, cause an explosion.
"We have never seen anything like this before. It's the most complex piece of malware in the history of computing. What the thing does, is actually it's designed to blow something up, it's as simple as that. The virus is a cyberwar weapon."
Curiously, Langner also said not to worry, because obviously the worm is so specific that it hit its target.
Stuxnet itself is no longer a cause for concern, he said. "Don't worry about Stuxnet any longer," he said. "Obviously it hit its target. It is so specific it won't attack anything else."OK, well, maybe we misunderstand because we are not getting the "obvious" part. Forgive us for being obtuse, but did something large in Iran explode that we failed to notice, like a power plant or something?
We are not so sure about his conclusion, because now China has reported big problems with Stuxnet. Maybe Stuxnet wasn't finished after all?
Maybe, in light of the new special romance between Israel and China, what seems possibly obvious to us is that Israel maybe just explained to China who is wearing the pants?
We get the point, if that was the point.
"Nothing says theocracy like a biblical reference in your terroristic cyber attack." ~ Penny
Langner says this will lead to copycat activity.
But now that it's out there, other people will try to replicate it, he warned. "Everybody will be able to study exactly what Stuxnet does and how it is done," he said. "So we must assume that Stuxnet will now act as a template for any kind of hackers, organized crime, terrorists in order to study how it can be done. "Stuxnet is history," he said. "We need to work on what will come next."
Yes, we can see that part happening, too.
Comments
http://en.wikipedia.org/wiki/Siberian_pipeline_sabotage
http://www.computerworld.com/s/article/9130080/Expert_Hackers_penetrating_industrial_control_systems
I think Kenny's thoughts have mileage.
good link incoming, coming from well before all this happened. noting how jay rockefeller seems so prescient.
veritas
How clever are the Chinese?
- Aangirfan
i certainly hope china does NOT trust israel. i would expect they do not. maybe israel stepped in some doo doo this time?
"But Moslehi said intelligence agents had discovered the "destructive activities of the arrogance (Western powers) in cyberspace, and different ways to confront them have been designed and implemented."
"I assure all citizens that the intelligence apparatus currently has complete supervision on cyberspace and will not allow any leak or destruction of our country's nuclear activities."
I wonder if some of that "complete control" includes throwing out all Windows software from the nuclear facility at the very least
It's pretty easy to understand some of "the arrogance (Western powers)" in the face of this.
Google it, also, I will pursue this further and let you guys know - my problem with my epiphany is this, if they were serious about 'Red Flag OS', with millions of those US dollars they have in a big red sock under their bed, spent on R&D; did they complete the project? If so, why are they vulnerable to a web-based 'Windows' virus?
Mmmm, something's not right with this whole stuxnet picture.
What I do feel is that a lot of otherwise sceptical truthers are of the opinion that somehow Russia and China will be our saviours. Tiananmen Square anyone? Chechnya?
Maybe I just don't get it, I really don't trust anyone on the Government Bus, I don't care whose language the destination itinerary is written in.
veritas
P.S. DOH! Well, in the time it has taken me to scribble this comment: I have found some really deflating info’ already...
http://www.linux.com/archive/articles/146867
http://www.builderau.com.au/blogs/syslog/viewblogpost.htm?p=339270827
http://www.operating-system.org/betriebssystem/_english/bs-redflag.htm
"Today, the Chinese government uses a version of Windows that includes its own custom cryptography software. In Beijing, where many of the workers avoided Red Flag Linux and used a pirated version of Windows instead, the government has taken inventory of pirated software and forked over cut-rate licensing fees to Microsoft."
so i guess they weren't too serious about that red flag. looks like greed won out over prudence.
as for china and russia as potential heroes, i'm not sure that is what the hope is. for myself the hope is that they will not roll over like the US has. we can't have any more big countries in israel's bag. the world can't afford it. it's sort of like rooting for the team that beat your team in the playoffs, and who are now playing the ny yankees.
saladin -- yah i forgot about the aliens! they'll fix everything. ; D
All the published exploits that Stuxnet used have been patched by M$ except one. There are 2 basic problems for the victims to overcome, first is access to the patches for the pc's and the second is updating of the operator panels from the respective manufacturers to immunize them from re-infection.
Since you can't trust either source for these remedies if you are in Iran, you are simply up shit creek.
For that matter, who is to say the patches won't include a new backdoor for future exigent circumstances? Even open source Linux can be poisoned by serruptitious insertion of code that is quite difficult to spot.
But it can be seen. And remedied (should it ever get past a security scan) with complete confidence because nothing is hidden. That is the point.
Dealing with Windows, you are reliant upon known liars and are you unable to check on what they tell you because their code is all hidden. What's the point in that?
And that is not a rhetorical question.
As for using Linux with these products, it isn't quite ready for primetime yet as evidenced from the Siemens site directly.
http://www.automation.siemens.com/WW/forum/guests/PostShow.aspx?PageIndex=1&PostID=178565&Language=en
There are some things you can do without windows if you read through the thread but you still have areas of your development and ongoing operations that will require a windows pc to touch your precious SCADA network.
JG, I do get your point all too well. CodeRed and Nimda viri helped M$ to see the light of subscriber model software markets by ensuring that any PC connected to the Internet would be a dead duck if the owner didn't have access to updates. You need to be in their good graces to keep your machine useful to you. Forever.
Keep sending your money to M$ and everything will be OK. End of Life for Windows 2000 last June means no more patching for that platform and if you use it then you have to buy new software...
Send more money.
Another engineer on the forum says that it will run with Linux but requires a custom programme and there are other suggestions.
However, why choose a systems controller for a nuclear power plant, (which is under threat from aggressive foreign powers) that requires Windows with all its backdoors and susceptibility to virus' and Windows Explorer?
If there are no non-windows control systems available, then design one. The risks are too great. Plus, there's a ready made market out there for one.
So why would you (Siemens) design a critical piece of control system that has these vulnerabilities in the first place?
Paying for ongoing patches is the least of the problem. The problem could well be an awful lot of people getting killed or irradiated. Patches are designed in response to someone somewhere being attacked. They are by nature "after the fact".
A source code audit, as you say, will show up any discrepancies. This can be done before the programme is run, though. Once a discrepancy is found, then it is the engineer's job to track it down. It may be tedious but it can be done and most importantly, it can be done pre-emptively. You don't have to wait for the bomb to go off to find out if there was one lurking there as you do if windows is used.
Windows is a huge ongoing security nightmare. It seems crazy to me to go anywhere near it.
Like current law enforcement strategists they don't really care so much what happens so long as they can see the instant replay and make us feel like it won't happen again.
Undocumented features are not just for criminals after all.
Cryptogate, Seimens and Stuxnet