Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Siemens: Stuxnet worm hit industrial systems
COMPUTERWORLD ^ | 2010-09-14 | Robert McMillan

Posted on 09/16/2010 11:11:46 AM PDT by cartan

A sophisticated worm designed to steal industrial secrets and disrupt operations has infected at least 14 plants, according to Siemens.

Called Stuxnet, the worm was discovered in July when researchers at VirusBlokAda found it on computers in Iran. It is one of the most sophisticated and unusual pieces of malicious software ever created—the worm leveraged a previously unknown Windows vulnerability (now patched) that allowed it to spread from computer to computer, typically via USB sticks.

The worm, designed to attack Siemens industrial control systems, has not spread widely. However, it has affected a number of Siemens plants, according to company spokesman Simon Wieland. “We detected the virus in the SCADA [supervisory control and data acquisition] systems of 14 plants in operation but without any malfunction of process and production and without any damage,” he said in an e-mail message.

This is worrisome news because according to a new paper on the worm, set to be delivered at this month’s Virus Bulletin conference in Vancouver, Stuxnet could be used to cause a significant amount of damage if it is not properly removed.

Researchers at Symantec have cracked Stuxnet’s cryptographic system, and they say it is the first worm built not only to spy on industrial systems, but also to reprogram them.

Once installed on a PC, Stuxnet uses Siemens’ default passwords to seek out and try to gain access to systems that run the WinCC and PCS 7 programs—so-called PLC (programmable logic controller) programs that are used to manage large-scale industrial systems on factory floors and in military installations and chemical and power plants.

(Excerpt) Read more at computerworld.com ...


TOPICS: Crime/Corruption; Foreign Affairs; Miscellaneous; News/Current Events
KEYWORDS: cyberterrorism; cyberwarfare; stuxnet
I don’t know who did this, but it definitely wasn’t some stupid script kiddie, nor a college student, nor some loner working on it in his spare time. Cyber warfare is real, and getting more and more dangerous.
1 posted on 09/16/2010 11:11:48 AM PDT by cartan
[ Post Reply | Private Reply | View Replies]

To: cartan; rdb3; Calvinist_Dark_Lord; GodGunsandGuts; CyberCowboy777; Salo; Bobsat; JosephW; ...

2 posted on 09/16/2010 11:14:33 AM PDT by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 1 | View Replies]

To: cartan

The punning opportunities here are...rife.


3 posted on 09/16/2010 11:22:24 AM PDT by BelegStrongbow (St. Joseph, patron of fathers, pray for us!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: BelegStrongbow
I am…ripe with anticipation!
4 posted on 09/16/2010 11:27:56 AM PDT by cartan
[ Post Reply | Private Reply | To 3 | View Replies]

To: cartan

It could be a growth industry. Lord knows we need ‘em.


5 posted on 09/16/2010 11:33:30 AM PDT by BelegStrongbow (St. Joseph, patron of fathers, pray for us!)
[ Post Reply | Private Reply | To 4 | View Replies]

To: cartan

First things first... don’t use default passwords.


6 posted on 09/16/2010 11:35:08 AM PDT by glorgau
[ Post Reply | Private Reply | To 1 | View Replies]

To: cartan

Actually, this is a really smart move.

Siemens controllers are used in air conditioners and facility controllers, as well as Generators in power plants.

You could really clobber infrastructure by knocking power plants offline, locking buildings so access would not be possible, and shutting down Air conditioners in data centers.

Any guesses as to what Nation would want to use such a system?

Anyone?


7 posted on 09/16/2010 11:35:36 AM PDT by Mr. Quarterpanel (I am not an actor, but I play one on TV)
[ Post Reply | Private Reply | To 1 | View Replies]

To: cartan

“I don’t know who did this, but it definitely wasn’t some stupid script kiddie, nor a college student, nor some loner working on it in his spare time. Cyber warfare is real, and getting more and more dangerous. “

I would say a very large nation whose name starts with C; would be a good guess.


8 posted on 09/16/2010 11:37:20 AM PDT by HereInTheHeartland (I aspire to a large carbon footprint; just like Al Gore's)
[ Post Reply | Private Reply | To 1 | View Replies]

To: HereInTheHeartland

Yes, C, or perhaps R. Both countries have plenty of smart, technical people, unlike the countries of the peaceful religion.


9 posted on 09/16/2010 11:40:15 AM PDT by cartan
[ Post Reply | Private Reply | To 8 | View Replies]

To: Mr. Quarterpanel

Yeah. This could be a big deal. Twenty years ago I programmed PLCs for industrial and security (i.e. prisons) systems.

PLCs are used everywhere...factories, power plants, refineries, and the list goes on and on and on.


10 posted on 09/16/2010 11:44:35 AM PDT by 6ppc (It's torch and pitchfork time)
[ Post Reply | Private Reply | To 7 | View Replies]

To: glorgau
First things first... don’t use default passwords.

Sheesh, Seimens isn't hiring rocket scientists in it's IT division, is it? This is downright stupid.

11 posted on 09/16/2010 11:45:26 AM PDT by paulcissa (The first requirement of Liberalism is to stand on your head and tell the world they're upside down)
[ Post Reply | Private Reply | To 6 | View Replies]

To: paulcissa

Perhaps the manual was in German.


12 posted on 09/16/2010 11:48:02 AM PDT by cartan
[ Post Reply | Private Reply | To 11 | View Replies]

To: cartan

There is a lot of weird stuff going on. Citi Bank had huge problems this week and there has been other stuff.


13 posted on 09/16/2010 11:50:40 AM PDT by truthandlife ("Some trust in chariots and some in horses, but we trust in the name of the LORD our God." (Ps 20:7))
[ Post Reply | Private Reply | To 1 | View Replies]

To: cartan

Here’s the lesson that should be learned - Don’t connect a sensitive industrial control system to the Internet.


14 posted on 09/16/2010 11:55:17 AM PDT by SaveTheChief (Obama dithered, America withered.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: cartan
OK. Where to start. First of all WinCC and PCS7 are NOT PLC's. They're software that runs on PC's that compete with real PLC's, and pretty much any decent industrial controls engineer would shun putting control of a critical system on a PC, either for this reason, because of the low reliability of PC's relative to PLC's, or because PC spare parts aren't around in 15-20 years like PLC parts.

Second, I'm not at all convinced you COULD write a virus that would infect a PLC. Their memory architecture, both from a hardware standpoint and the functional allocation of it would mitigate against it.

Thirdly, there would be little reason to even try unless it's an inside job, because the installations are all different. No one outside the project has any way of knowing that Q56.7 (Siemens speak for an output connected to some actuator) is the shear cylinder valve output.

So in short, the story here is that people used hardware and software viewed by the experienced, sensible, and cautious sector of their community as too vulnerable and unreliable for management of critical processes, and ended up getting burned. That's newsworthy?

Real PLC

Virtual PLC (it's virtually as good!)

15 posted on 09/16/2010 7:05:02 PM PDT by Still Thinking (Freedom is NOT a loophole!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Still Thinking
Thanks for the explanations!
Thirdly, there would be little reason to even try unless it's an inside job, because the installations are all different. No one outside the project has any way of knowing that Q56.7 (Siemens speak for an output connected to some actuator) is the shear cylinder valve output.
Yeah, I was wondering about that myself. Perhaps some of them keep the schematics on the same PCs that are running PCS7 ;-). During the Cold War, the commies had no problems getting the schematics for absolutely anything.
So in short, the story here is that people used hardware and software viewed by the experienced, sensible, and cautious sector of their community as too vulnerable and unreliable for management of critical processes, and ended up getting burned. That's newsworthy?
Well, it did enter at least 14 plants, in “the U.K., North America, Korea,” and, mostly, Iran. And it looks like some foreign government is behind this. Even if the sysops were incompetent, it is newsworthy.

Still wondering about the default passwords. How could that happen?

Doktor Fritz Ferdinand von Wonkersleben: Remember, Akhmed, you need to change the passwords.

Akhmed: Stop talking down to me, infidel dog!


16 posted on 09/17/2010 12:25:31 AM PDT by cartan
[ Post Reply | Private Reply | To 15 | View Replies]

To: cartan
Yeah, I was wondering about that myself. Perhaps some of them keep the schematics on the same PCs that are running PCS7 ;-). During the Cold War, the commies had no problems getting the schematics for absolutely anything.

The first is a good point, and the second is for any target of high value to the hacker, as these plants would be in the scenario you describe.

Well, it did enter at least 14 plants, in “the U.K., North America, Korea,” and, mostly, Iran. And it looks like some foreign government is behind this. Even if the sysops were incompetent, it is newsworthy.

Hmmm, true. I guess it IS news after all but the headline should be "Incompetent controls engineers endanger US infrastructure! Immediate corrective action necessary!"

17 posted on 09/17/2010 8:06:01 AM PDT by Still Thinking (Freedom is NOT a loophole!)
[ Post Reply | Private Reply | To 16 | View Replies]

To: Still Thinking

True, hehehe :-)


18 posted on 09/17/2010 8:11:27 AM PDT by cartan
[ Post Reply | Private Reply | To 17 | View Replies]

To: SaveTheChief
Don’t connect a sensitive industrial control system to the Internet.

Why is this not done? I'm not an IT guy, but I can't imagine it not being impossible.

19 posted on 09/17/2010 8:34:25 AM PDT by Senator Pardek
[ Post Reply | Private Reply | To 14 | View Replies]

To: Senator Pardek
Why is this not done? I'm not an IT guy, but I can't imagine it not being impossible.

Typically, remote sites are connected to a primary control center (if at all) through a satellite connection. But some companies choose to install modules that allow connection through an internet gateway. All it takes is the right credentials and anyone can get into the system from any computer.

20 posted on 09/17/2010 9:40:34 AM PDT by SaveTheChief (Obama dithered, America withered.)
[ Post Reply | Private Reply | To 19 | View Replies]

To: SaveTheChief

Again - why?


21 posted on 09/17/2010 10:35:23 AM PDT by Senator Pardek
[ Post Reply | Private Reply | To 20 | View Replies]

To: Senator Pardek
If I understand your question correctly (Maybe I don't)...

They choose the internet gateway for a number of reasons. It is far more cost effective than leasing the satellite equipment and connection. It is also cheaper than hiring additional personnel to man the equipment or even be present at a small facility at all hours of the day.

22 posted on 09/17/2010 10:46:38 AM PDT by SaveTheChief (Obama dithered, America withered.)
[ Post Reply | Private Reply | To 21 | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson