Posted on 11/27/2010 8:26:46 PM PST by SeekAndFind
I know, I know — you already know the basics about Stuxnet. No matter. So do I, yet this is the most gripping news feature I’ve read this week, to the point where I started mentally storyboarding the inevitable Hollywood spy movie that’s going to be made about it before I was halfway through. Starring Michael Cera and Jesse Eisenberg as leaders of an elite team of pasty beta-male hackers, overseeing the cyberwarfare equivalent of the Manhattan Project. Title: “The Nerds Who Saved the World.”
Kidding aside, take five minutes to read it all. Nothing else that I’ve come across better explains how fantastically ingenious Stuxnet is as a precision weapon aimed at disabling Iran’s nuclear program. For instance, tech-dummy that I am, I thought the worm was originally introduced to Iran’s enrichment facility by smuggling it into the plant via a secret agent and injecting it into the system via a flash drive. Not so: Sounds like it was first injected into computers outside the plant that were being accessed by people who worked inside, e.g., some nuclear technician’s laptop or desktop. If the technician carelessly used his own flash drive on the outside computer, he’d inadvertently transfer Stuxnet to it and then carry it into the building with him, thus avoiding the need for someone to physically infiltrate Natanz. So not only did they devise a plan to virtually bomb the facility from the inside, they likely got one of Iran’s own people to unwittingly deliver the payload.
Very clever, but that’s just the beginning:
–Once allowed entry, the worm contained four “Zero Day” elements in its first target, the Windows 7 operating system that controlled the overall operation of the plant. Zero Day elements are rare and extremely valuable vulnerabilities in a computer system that can be exploited only once. Two of the vulnerabilities were known, but the other two had never been discovered. Experts say no hacker would waste Zero Days in that manner.
–After penetrating the Windows 7 operating system, the code then targeted the “frequency converters” that ran the centrifuges. To do that it used specifications from the manufacturers of the converters. One was Vacon, a Finnish Company, and the other Fararo Paya, an Iranian company. What surprises experts at this step is that the Iranian company was so secret that not even the IAEA knew about it.
-The worm also knew that the complex control system that ran the centrifuges was built by Siemens, the German manufacturer, and — remarkably — how that system worked as well and how to mask its activities from it…
“The worm was designed not to destroy the plants but to make them ineffective. By changing the rotation speeds [of the centrifuges], the bearings quickly wear out and the equipment has to be replaced and repaired. The speed changes also impact the quality of the uranium processed in the centrifuges creating technical problems that make the plant ineffective,” he explained.
Thus, not only did the coders need a mind-boggling degree of knowledge about the vulnerabilities in more than one software platform, they needed intelligence on Iran’s program so deep that not even the UN had all the details. On top of all that, the worm was programmed to disguise what it was doing so that the engineers on the premises would think the problem with the centrifuges was in the hardware, not the software. No wonder that paranoia at Iran’s nuclear facilities is now allegedly such that the regime’s counterintelligence agents are making life a “living hell” for the nuclear scientists who work there.
But whodunnit? Microsoft claims that it would have taken 10,000 days of labor to put Stuxnet together, which means a huge group — so huge, in fact, that Fox’s sources speculate it involved an international collaboration between at least the U.S., Russia(!), and Germany, which would have had detailed knowledge about the coding that runs the Siemens machinery that powers the centrifuges at Natanz. The Guardian’s report on Stuxnet claims that the group could have been much smaller, just five to 10 people working for six months. But they’ve also got a reason to think the Germans are involved:
Stuxnet works by exploiting previously unknown security holes in Microsoft’s Windows operating system. It then seeks out a component called Simatic WinCC, manufactured by Siemens, which controls critical factory operations. The malware even uses a stolen cryptographic key belonging to the Taiwanese semiconductor manufacturer RealTek to validate itself in high-security factory systems…
Clulely told that Guardian that Siemens has “astonishingly” advised power plants and manufacturing facilities not to change the default password that allows access to functions, despite it being exploited by Stuxnet and being “public knowledge on the web for years”.
I can’t imagine why they’d do that unless Siemens itself is part of this or is under heavy pressure from the German government to cooperate.
Another thing I can’t figure out is why Stuxnet, in Fox’s words, was “designed to allow the Iranian program to continue but never succeed, and never to know why.” In that regard, despite its success in slowing down Iran’s nuclear program, it’s a spectacular failure: The Iranians obviously do know now why the centrifuges are failing, and even though it’ll allegedly take another year to cleanse Stuxnet from their systems, they’ll get there and start rolling again. Which leaves three possibilities: (a) The programmers weren’t quite as brilliant in disguising the worm as they were in developing other aspects of it; (b) the programmers wanted the worm to be uncovered eventually, either for propaganda reasons or because it’s a necessary step towards unleashing some even murkier, more brilliant plot; or (c) the programmers knew the worm would be discovered in time but also knew that it would do all the damage it was capable of before then. If that’s true, then maybe the centrifuges at Natanz are in much worse shape than anyone (except the programmers) knows.
Exit question: Was it worth it? Watch this clip before answering. Smallpox is an impressive weapon too, but there are good reasons why we don’t use it. And I don’t just mean the moral ones.
GOD BLESS THE MOSSAD!
Pods on wiki-leaks for telling on Israel.
GOD BLESS THE MOSSAD!
Piss on wiki-leaks for telling on Israel.
Microsoft system 7 is crap code.
So, the Iranians should have used UNIX or Linux instead?
How about OpenVMS?
Siemens used Microsoft
Snow Leopard?
None of it matters. muslims have not invented anything in over 1,000 years - being a copy-cat and thinking your important is a silly position.
Must have been Israel that planted this bug. If it had been done by us, why didn’t we give it to North Korea too?
... and the first best story ever told is ... ?
I hope Siemens had a hand in this Search and Destroy as I’m getting a second Siemens hearing aid on the 2nd...
If you go to the Sky News video, you come away with the idea that this technology is aimed at the West and we are so far behind the curve that we have already lost the Cyberwar of the future because we are so far behind.
To the contrary, I believe this shows the world just how far in advance the West is in cyberwarfare—and the glimpse that the mystery hackers allowed the rest of the world to see was specifically meant to demonstrate our lead as a warning.
At least I hope so.
May God bless and protect Israel.
The Greatest Story Ever Told?
I don’t know much about this stuff, but I wonder if the thing could be like certain trojans: you think you’ve gotten rid of them, you wipe the hard drive and reinstall everything, and six months or six weeks later the damn thing is back.
Ah, didn’t know that was a movie. Looked it up. Thanks.
This is a classic rock and a hard place problem. Clamp down tight, kill efficiencies. Don't clamp down and get hit again...
I can’t imagine why they’d do that unless Siemens itself is part of this or is under heavy pressure from the German government to cooperate.
The password in question is the database access password use by the SCADA software. It cannot be changed without a software update apparently. Just bad design, not nefarious pressure. From Siemens' website:
The user login and the password for WinCC are freely definable and have nothing to do with access to the internal database. The internal system authentication from WinCC to the Microsoft SQL database is based on pre-defined access data. This data is not visible for the customer and is used as an internal system mechanism for communication between the WinCC system components and the database. Changing the access data would impede communication between WinCC and the database and is therefore not recommended. Tightening up authentication procedures is being examined.
The other thing about this article that I think is wrong is that the certificate stolen from Realtek would have been used to sign software executables to hide them from Windows and from scanning software by making it look like a legitimate driver or application from Realtek.
I am not a nuclear physicist, but since centrifuge cascades are in series, not parallel, I would think that ALL of the centrifuges would have to work correctly at the same time, requiring very high reliability.
Would you want to reuse centrifuges that had been monkeyed with by Stuxnet in series with known good centrifuges?
It just keeps getting better. Are you feeling lucky, Mahmoud?
That’s all sorts of awesome. Of course, knowing the problem is one thing. Knowing how to fix the problem, quite another.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.