Russian experts flee Iran, escape dragnet for cyber worm smugglers

DEBKAfile ^

[Pride_of_the_Bluegrass]

debkafile's intelligence sources report from Iran that dozens of Russian nuclear engineers, technicians and contractors are hurriedly departing Iran for home since local intelligence authorities began rounding up their compatriots as suspects of planting the Stuxnet malworm into their nuclear program. Among them are the Russian personnel who built Iran's first nuclear reactor at Bushehr which Tehran admits has been damaged by the virus. One of the Russian nuclear staffers, questioned in Moscow Sunday, Oct. 3 by Western sources, confirmed that many of his Russian colleagues had decided to leave with their families after team members were detained for questioning at the beginning of last week. He refused to give his name because he and his colleagues intend to return to Iran if the trouble blows over and the detainees are quickly released after questioning.

[Jimmy Valentine]

I don’t think that Control/Alt/Delete is going to fix this one.

[justa-hairyape]

Believe the virus code gets compiled into the SCAD executable code. So if you do not update the SCAD software and do not recompile the code, you can keep a current clean system clean. Just disconnect it from the local net.

[Joe Boucher]

Man O man,
It sure would be fitting if Iran flipped the switch to turn its russian built nuke plant on and it melted down like Chernobyl.
Tee hee hee.

[Joe Boucher]

In the last day or two there have been rumors that the worm has invaded China.
If it has this ability there is NOTHING to keep it from visiting the U.S. or anyone else using Siemens.

Sooo, has fall finally hit Idaho?

[brivette]

since we have over 40 operational nuclear plants there, it bwould be a disaster.

[netmilsmom]

>>or anyone else using Siemens.<<

I would think that our IT guys would be throwing up firewalls right now.

My DH took his company’s system totally off the net on Friday. He won’t let anyone hook up laptops or bring in USB sticks. It’s work but he is handling the Website himself from ONE laptop. Every bit of company business goes through him and he views everything in DOS before it’s opened.

Email is being handled through phones and an intranet system he set up a while ago.

The difference between us and China is that we know it’s coming.

[kronos77]

Sad if true.
Almost as sad as US support to Saudi Arabia and Pakistan.

[justlurking]

The current Stuxnet is targeted at two specific Siemens PLC modules.

I read an article yesterday that suggests something I find plausible: the target wasn't the Bushehr reactor -- it was their uranium enrichment program. There is apparently some evidence that Stuxnet was programmed to lie in dormancy even after it found the targeted PLC, then act simultaneously.

If one or both of those PLCs were being used in the uranium centrifuges, then it wouldn't be difficult to destroy one, perhaps by spinning them out-of-control.

Or maybe it targeted both. I guess we will never know until we determine where those two PLC's were being used. In any event, it indicates that someone had inside knowledge and access.

[justlurking]

I would think that our IT guys would be throwing up firewalls right now.

Given the likely vector of attack, the best thing that anyone can do is disable the "autoplay" functionality in Windows XP. That's what runs a program automatically when you plug in a USB stick (or even put in a CD/DVD).

There's a PowerToy on Microsoft's website called TweakUI that does exactly that.

[netmilsmom]

WOW!
Thanks, I’m going to pass that along to my husband.

[Myrddin]

Sooo, has fall finally hit Idaho?

That's something I would like to know as well. Last year and this year I was summoned to San Diego at the start of Summer and missed all of the Summer in Idaho. The first trip was June 21, 2009 to Feb 5, 2010. The current trip started July 5, 2010 and continues. I really want to be home, but I have to carve out tasking from the work in San Diego that I can take home. The embedded systems work that provided me 6 years of work at the house in Idaho fell through the cracks when Obama arrived. Summer in San Diego was cold and gray.

[Myrddin]

The worm is infecting the project files of the PLC programming software. It infects every file on a machine when the compiler is executed. I agree that the impact is delayed until the new code is deployed to the PLC devices in use. The delayed execution on the PLCs allows it to get widely deployed before the infected parties are aware. Injecting fear and uncertainty into the the software developers is going to damage their productivity and put deployments of suspect firmware on hold. That alone is damaging. A floor full of damaged equipment from misbehaving PLCs doesn't bode well either.

[Lonesome in Massachussets]

I have absolutely no idea of what's going on, but I can't wait for the worm that tells their TBMs that the GPS coordinates of Tel Aviv are 35°44'N, 51°30'E.

[SunkenCiv]

It's from DEBKA, but regardless, it's kinda funny:

...dozens of Russian nuclear engineers, technicians and contractors are hurriedly departing Iran for home since local intelligence authorities began rounding up their compatriots as suspects of planting the Stuxnet malworm... Among them are the Russian personnel who built Iran's first nuclear reactor at Bushehr which Tehran admits has been damaged by the virus.

They're gettin' out of town ahead of the MOABs.

[kennyboy509]

What “sleeping virus” is waiting to wake and destroy.

whoaaaaaa ha ha!!!!!!!

[Joe Boucher]

I was in L.A. for a week in early summer and it was chilly compared to usual.
I need to get back to Priest Lake.