Stuxnet

This forum is for discussions about cyber warfare

Stuxnet

Postby COMEVIL » Sat Sep 25, 2010 9:22 pm

  • 0

User avatar
COMEVIL
Experienced Member
 
Posts: 846
Joined: Mon Jun 15, 2009 11:54 am
Reputation: 36

Postby das » Sun Sep 26, 2010 4:33 pm

Have been following a lot of coverage on this.

ComputerWorld says the complexity of this worm points to a state-backed effort:

Is Stuxnet the 'best' malware ever?, ComputerWorld, 16 September 2010

A more extensive article in Christian Science Monitor:

Stuxnet malware is 'weapon' out to destroy ... Iran's Bushehr nuclear plant?, Christian Science Monitor, 21 September 2010

The analysis from Ralph Langner, the security researcher who has analyzed Stuxnet and advanced this theory, is a very interesting read.

More from Forbes and the BBC:

Theories Mount That Stuxnet Worm Sabotaged Iranian Nuke Facilities, Forbes, 22 September 2010

Stuxnet worm 'targeted high-value Iranian assets', BBC, 23 September 2010

The analysis in WIRED's Threat Level blog doesn't necessarily agree there is proof Iran or the Bushehr plant was the target:

Blockbuster Worm Aimed for Infrastructure, But No Proof Iran Nukes Were Target, WIRED Threat Level, 23 September 2010

This post is a must-read, and includes some of what's unique about Stuxnet. Notable excerpt:

The malware is huge — about half a megabyte of code — and has a number of sophisticated and previously unseen characteristics:

  • It uses four zero-day vulnerabilities (vulnerabilities that haven’t yet been patched by a software vendor and are generally undetected by antivirus programs). One zero-day is used to spread the worm to a machine by a USB stick. A Windows printer-spooler vulnerability is used to propagate the malware from one infected machine to others on a network. The last two help the malware gain administrative privileges on infected machines to feed the system commands.
  • The malware is digitally signed with legitimate certificates stolen from two certificate authorities.
  • The attacker uses a command-and-control server to update the code on infected machines but also uses, in case the command server is taken down, peer-to-peer networking to propagate updates to infected machines.

The malware would have required a team or teams of people with different skills — some with extensive knowledge of the targeted PLC, and others who specialize in vulnerability research to find the zero-day holes, analysts say. The malware would have required extensive testing to ensure it could commandeer a PLC without crashing the system or setting off other alerts of its presence.

Eric Byres, chief technology officer for Byres Security, says the malware isn’t content to just inject a few commands into the PLC but does “massive reworking” of it.

“They’re massively trying to do something different than the processor was designed to do,” says Byres, who has extensive experience maintaining and troubleshooting Siemens control systems. “Every function block takes a fair amount of work to write, and they’re trying to do something quite radically different. And they’re not doing it in a light way. Whoever wrote this was really trying to mess with that PLC. We’re talking man-months, if not years, of coding to make it work the way it did.”


Meanwhile, the Volokh Conspiracy was talking about Stuxnet two months ago...
  • 0

Visit Information Warfare Community Self Synchronization on Facebook, Twitter, and at IWCsync.org!
User avatar
das
Experienced Member
 
Posts: 271
Joined: Tue Apr 07, 2009 1:00 pm
Location: Madison, WI
Reputation: 4

Postby COMEVIL » Sun Sep 26, 2010 7:03 pm

Great links. All very informative and interesting.

It is also worth mentioning, I sent the original link to my teenage son, who is a bit of a techie and pays attention to all the tech blogs and podcasts. He already knew about it...
  • 0

User avatar
COMEVIL
Experienced Member
 
Posts: 846
Joined: Mon Jun 15, 2009 11:54 am
Reputation: 36

Postby das » Sun Sep 26, 2010 8:45 pm

Indeed. And this story has been evolving over the last couple of days:

Stuxnet worm hits Iran nuclear plant staff computers, BBC, 26 September 2010

US does not know source, purpose of Stuxnet worm: official, AFP 25 September 2010

Iran nuke SCADAs saturated with Stuxnet infection, ComputerWorld, 26 September 2010

Iran is now officially acknowledging the attack, with Mahmoud Liayi, head of the information technology council at the ministry of industries, telling the state-run Iran Daily newspaper, "An electronic war has been launched against Iran". Simultaneously, Iranian state media is now playing up the theory that the US and/or Israel is behind the attack:

US, Israel behind cyber-attack on Iran?, PRESSTV (Iran state media), 25 September 2010

No matter the source or purpose of Stuxnet, Iran is now beginning to paint itself as a victim of the US and Israel with respect to this malware. On the heels of Iran's president claiming that 9/11 was orchestrated by the US government as an excuse to warmonger against Muslims in the Mideast and to preserve the Israeli state, I suppose this is no surprise...
  • 0

Visit Information Warfare Community Self Synchronization on Facebook, Twitter, and at IWCsync.org!
User avatar
das
Experienced Member
 
Posts: 271
Joined: Tue Apr 07, 2009 1:00 pm
Location: Madison, WI
Reputation: 4

Postby das » Mon Sep 27, 2010 12:10 pm

And now the mainstream press is picking up more on this story:

Worm hits computers of staff at Iran nuclear plant, AP, 26 September 2010 (this is linked as the Drudge Report top story today, which will drive further coverage)

Stuxnet: Malware more complex, targeted and dangerous than ever, CNN, 25 September 2010

Stuxnet Worm Is Remarkable for Its Lack of Subtlety, New York Times, 26 September 2010

Iran Fights Malware Attacking Computers, New York Times, 26 September 2010

As this story becomes more "mainstream", it will be interesting to see how Iran positions itself, and what the general reaction is to the possibility that nation-states can wage cyber war that has potential for physical disablement or destruction outside of the bounds of conventional conflict.
  • 0

Visit Information Warfare Community Self Synchronization on Facebook, Twitter, and at IWCsync.org!
User avatar
das
Experienced Member
 
Posts: 271
Joined: Tue Apr 07, 2009 1:00 pm
Location: Madison, WI
Reputation: 4

Postby COMEVIL » Tue Sep 28, 2010 10:32 pm

EXCLUSIVE-Cyber takes centre stage in Israel's war strategy

28 Sep 2010 12:37:52 GMT
Source: Reuters

* Iran's Stuxnet worm has fingers pointing at Israel

* Israelis seen weighing "deniable" tactics against foe

By Dan Williams

JERUSALEM, Sept 28 (Reuters) - Cyber warfare has quietly grown into a central pillar of Israel's strategic planning, with a new military intelligence unit set up to incorporate high-tech hacking tactics, Israeli security sources said on Tuesday.

Israel's pursuit of options for sabotaging the core computers of foes like Iran, along with mechanisms to protect its own sensitive systems, were unveiled last year by the military intelligence chief, Major-General Amos Yadlin.

The government of Prime Minister Benjamin Netanyahu has since set cyber warfare as a national priority, "up there with missile shields and preparing the homefront to withstand a future missile war", a senior source said on condition of anonymity.

Disclosures that a sophisticated computer worm, Stuxnet, was uncovered at the Bushehr atomic reactor and may have burrowed deeper into Iran's nuclear programme prompted foreign experts to suggest the Israelis were responsible. [nLDE68Q1MG]

Israel has declined to comment on any specific operations. Analysts say cyber capabilities offer it a stealthy alternative to the air strikes that it has long been expected to launch against Iran but which would face enormous operational hurdles as well as the risk of triggering regional war. [nLDE5BE29K]

According to security sources, over the last two years the military intelligence branch, which specialises in wiretaps, satellite imaging and other electronic espionage, has set up a dedicated cyber warfare unit staffed by conscripts and officers.

They would not say how much of the unit's work is offensive, but noted that Israeli cyber defences are primarily the responsibility of the domestic intelligence agency Shin Bet.

DENIABILITY

In any event, fending off or inflicting damage to sensitive digital networks are interconnected disciplines. Israeli high-tech firms, world leaders in information security, often employ veterans of military computing units.

Security sources said Israel awoke to the potential of cyber warfare in the late 1990s, when the Shin Bet hacked into a fuel depot to test security measures and then realised the system could be reprogrammed to crash or even cause explosions.

Israel's defence priorities suggest it may be shying away from open confrontation with the Iranians, whose nuclear facilities are distant, numerous, dispersed and well-fortified.

Even were its warplanes to manage a successful sortie, Israel would almost certainly suffer retaliatory Iranian missile salvoes worse than the short-range rocket attacks of Lebanese and Palestinian guerrillas in the 2006 and 2009 wars.

There would be a wider diplomatic reckoning: World powers are in no rush to see another Middle East conflagration, especially while sanctions are still being pursued against an Iranian nuclear programme which Tehran insists is peaceful.

An Israeli security source said Defence Ministry planners were still debating the relative merits of cyber warfare.

"It's deniable, and it's potent, but the damage it delivers is very hard to track and quantify," the source said. "When you send in the jets -- the target is there, and then it's gone." (Editing by Jon Boyle)
  • 0

User avatar
COMEVIL
Experienced Member
 
Posts: 846
Joined: Mon Jun 15, 2009 11:54 am
Reputation: 36

Postby COMEVIL » Thu Sep 30, 2010 9:51 pm

This gets more interesting.

http://www.nytimes.com/2010/09/30/world/middleeast/30worm.html?no_interstitial

Of course, if I was going to plan a cyber attack, I would probably make it look like it came from some other adversary...
  • 0

User avatar
COMEVIL
Experienced Member
 
Posts: 846
Joined: Mon Jun 15, 2009 11:54 am
Reputation: 36

Postby das » Thu Sep 30, 2010 9:57 pm

...and more interesting still:

India as a target:

Did The Stuxnet Worm Kill India?s INSAT-4B Satellite?, Forbes, 29 September 2010

China as a target:

Stuxnet 'cyber superweapon' moves to China, AFP, 30 September 2010

Iran as a target:

Iran nuclear plant hit by two-month delay: official, AFP, 30 September 2010

And some great analysis in Information Dissemination, with thoughts on implications for the Navy:

Six Hundred Kilobytes of War 2.0, Information Dissemination, 30 September 2010
  • 0

Visit Information Warfare Community Self Synchronization on Facebook, Twitter, and at IWCsync.org!
User avatar
das
Experienced Member
 
Posts: 271
Joined: Tue Apr 07, 2009 1:00 pm
Location: Madison, WI
Reputation: 4

Postby deadlymonkey » Fri Oct 01, 2010 1:06 pm

STUXNET is an amazing piece of computer programming, but I haven't seen anywhere that it essentially screwed up its mission.

It propogated too well. IMO a well crafted "cyber smart bomb" should go in, do its damage and ideally never be discovered. This has shown up everywhere, everyone that even had dreams of being a CS researcher is trying to take it apart. Whoever created it blew four 0-day exploits on it, and as far as we know it may not have even accomplished its primary mission.

Overall though it is probably a good thing as maybe this will make US businesses think hard about actually putting some decent cybersecurity into their budgets.
  • 0

deadlymonkey
Registered Member
 
Posts: 20
Joined: Wed Jul 08, 2009 7:33 pm
Location: Columbia, MD
Reputation: 0

Postby das » Fri Oct 01, 2010 1:12 pm

Indeed. It's difficult to determine attribution or intent. Most of what is out there in the press is just speculation. And if you can divine some clues from the software (like the alleged Biblical references), even those could be misdirection.
  • 0

Visit Information Warfare Community Self Synchronization on Facebook, Twitter, and at IWCsync.org!
User avatar
das
Experienced Member
 
Posts: 271
Joined: Tue Apr 07, 2009 1:00 pm
Location: Madison, WI
Reputation: 4

Next

Return to Cyber

Who is online

Users browsing this forum: No registered users and 1 guest

cron