Computer Virus Aimed at bring down Iran's Nuclear Power Plan

Geek spoken here
Post Reply
User avatar
GOODave
Posts: 26392
Joined: Sun Oct 15, 2006 6:21 pm

Computer Virus Aimed at bring down Iran's Nuclear Power Plan

Post by GOODave »

I just started hearing about this during my morning constitutional this morning.

According to the article from the Christian Science Monitor, "...Some top cyber security experts now say Stuxnet's arrival heralds something blindingly new: a cyber weapon created to cross from the digital realm to the physical world – to destroy something."
The appearance of Stuxnet created a ripple of amazement among computer security experts. Too large, too encrypted, too complex to be immediately understood, it employed amazing new tricks, like taking control of a computer system without the user taking any action or clicking any button other than inserting an infected memory stick. Experts say it took a massive expenditure of time, money, and software engineering talent to identify and exploit such vulnerabilities in industrial control software systems.
Langner zeroes in on Stuxnet's ability to "fingerprint" the computer system it infiltrates to determine whether it is the precise machine the attack-ware is looking to destroy. If not, it leaves the industrial computer alone. It is this digital fingerprinting of the control systems that shows Stuxnet to be not spyware, but rather attackware meant to destroy, Langner says.

Stuxnet's ability to autonomously and without human assistance discriminate among industrial computer systems is telling. It means, says Langner, that it is looking for one specific place and time to attack one specific factory or power plant in the entire world.

"Stuxnet is the key for a very specific lock – in fact, there is only one lock in the world that it will open," Langner says in an interview. "The whole attack is not at all about stealing data but about manipulation of a specific industrial process at a specific moment in time. This is not generic. It is about destroying that process."
While cool ... it's also creepy and more than a little scary. There are only a few sovereignties that come to mind as capable of putting something like this together...

Thoughts? Guesses? Input?
User avatar
GOODave
Posts: 26392
Joined: Sun Oct 15, 2006 6:21 pm

Re: Computer Virus Aimed at bring down Iran's Nuclear Power Plan

Post by GOODave »

Some additional info from CNN about the Stuxnet malware:
It's an attack that goes straight after the PLC (programmable logic control) software of an industrial machine, which is effectively the brain of the unit. It uses four zero-day exploits in one package, with a zero-day exploit being an undiscovered flaw in a piece of software; it's the time between the hackers finding a hole in the system and when the developers patch it. And in this case there are four of these exploits, meaning that they've already exponentially increased the chances of finding a way into the system in case any of the holes happened to already be plugged.

Once the malware infects the system it can spread to other computers on the local intranet. It is not an internet-based piece of malware; it can spread through indirect internet usage, but that's not how it sets about its business.

Its main course of action is to look for a specific type of machinery, then report back to a central control server located hundreds of miles away, from where the commands will again be relayed off into the maze of servers set up to make tracing near impossible.
Lots more information on CNN if you're interested, including:
This doesn't mean that others won't speculate, and one website that's caught a lot of attention is that of a German IACS security researcher, Ralph Langner, where he says the target may be Iran's Bushehr nuclear facility, which is in a region where a large number of the infected computers are found. He suggests the facility could be infected through the USB drive of a Russian contractor using an "abandoned" drive.
User avatar
GOODave
Posts: 26392
Joined: Sun Oct 15, 2006 6:21 pm

Re: Computer Virus Aimed at bring down Iran's Nuclear Power Plan

Post by GOODave »

Iran is now saying the Stuxnet worm has, indeed, infected their computers at the Bushehr Nuclear plant.

TEHRAN, Iran -- A complex computer worm capable of seizing control of industrial plants has affected the personal computers of staff working at Iran's first nuclear power station weeks before the facility is to go online, the official news agency reported Sunday.

The project manager at the Bushehr nuclear plant, Mahmoud Jafari, said a team is trying to remove the malware from several affected computers, though it "has not caused any damage to major systems of the plant," the IRNA news agency reported.
Post Reply