Skip to comments.Stuxnet Clone Found, Possibly Preparing For Power Plant Attacks
Posted on 10/19/2011 3:35:47 AM PDT by edpc
Washington, Oct.19 (ANI): Security researchers have detected a new Trojan, scarily similar to the infamous Stuxnet worm, which could disrupt computers controlling power plants, oil refineries and other critical infrastructure networks.
The Trojan, dubbed "Duqu" by the security firm Symantec, appears, based on its code, to have been written by the same authors as the Stuxnet worm, which last July was used to cripple an Iranian nuclear-fuel processing plant, Fox News reports.
(Excerpt) Read more at in.news.yahoo.com ...
All your Iranian centrifuges are belong to Mossad.
I hazard a guess that while ‘Count Duqu’ collects info on all SCADA, it only actually attacks if it thinks it’s in a power-station in Iran.
Neither link is working for me.
Like the Dutch tulip market crash, the Irish potato blight, the cotton boll crash, etc., economic systems based on and solely dependent on a single commodity eventually crash with devastating results.
No building loses partial power unless it’s a problem within the walls of the school. When power fails at a substation, all power provided by that substation is affected. Only if a building has a generator could it have “partial” power.
My wife has a business that used to be strictly stand-alone. Now it is highly electrified and internet-connected. Take the power or lose connectivity and business stops! Not a fun prospect at all...
Theft of copper comes to mind. It is Detroit.
>>No building loses partial power unless its a problem within the walls of the school.
That is not true. Most schools and commercial/institutional buildings have 3-phase power. It is possible for the utility feed to drop one phase. This will typically cause properly protected 3-phase motors to drop out (kills A/C, fans, etc.), and 1/3 of the lights and power receptacles. That leaves you with 2/3rd of the lights and receptacles, so a lot of things are still operational.
My employer’s generating facility is not a MSOS; seriously doubt many are. That aside, Stuxnet is a concern.
Homogeneity? You would be hard-pressed to find a Microsoft OS on any controlling system in a power plant. Most high-availability (HA) sites like power plants utilize hardened Linux kernels with very specific instruction libraries for only the programs being used on those systems.
And as a note, Windows is not solely the issue with IT security. MS plugged a lot of holes (and ruffled a lot of feathers) with their new OS kernel by prohibiting direct access without user approval (UAC and DEP, for instance). The issues come into play when users errantly click on approve in this dialog box without knowing what the program is going to do.
It is not the prettiest way to do things, but for what it does, the Windows OS is highly functional if not bloated.
Whomever wrote this is incompetent. No where in the article does it say WHERE the virus was found or WHERE it might be used.
A Breakin’ 2 reference at 0630...nice!
What can I say? My head is loaded with useless information.
I work in telecom - and I have warned of security vulnerabilities for years. But, usually the "suits" won't listen.
Supervisory Control And Data Acquisition [SCADA] provides for remote data sensing and also remote supervisory control.
While the actual data sensing can be sent over public networks, such as the Internet, supervisory control should be sent over dedicated private networks [as an example: corporate T-1 lines] or thru the Public Switched Telephone Network [PSTN].
The T-1 lines [and the like] are absolutely secure [as long as no one physically taps into them], use of the public telephone network requires the use of a dial-back modem.
When using a dial-back modem, the remote user uses a computer terminal to call the station where the equipment is located. The dial-back modem at the station receives the call and hangs up. The dial-back modem then calls the pre-programmed telephone number back to the remote computer terminal.
Once the connection is established, a username and password are required by the dial-back modem for authentication. The connection is then allowed to be connected to the server located at the site. Again, a username and password are required.
Once this is accomplished, the reemote user has full control of the equipment at the site. Usually, the format is via Command Line Interface [CLI] - which uses simple text commands in order to control the equipment.
This method is EXTREMELY secure, albeit slow when compared to using the Internet. It also costs the price of a telephone line from EACH site to the PSTN and also a telephine line to the remote computer terminal at the Control Center. In addition, there is the one-time cost of the dial-back modem for each site.
The "suits" generally do not like this because of the cost involved. Lets say you have 100 sites. If the dial-back modems cost $50 apiece, the one-time cost is $5000. And if the telephone lines cost $20 pre month, the monthly recurring cost is $2020 [including the telephone line at the Control Center - or $24240 per year.
It is also much slower than using high-speed public Internet access. But, the security it gives vs. the time difference involved supercedes using the public Internet.
Gratutious ignorant Windows-bashing aside, Stuxnet is a worm - the vulnerability is in the the application, not the OS, so it doesn’t really matter what OS it’s running on.
Stuxnet was designed to specifically target the intricacies of an Iranian power plant based on the intelligence community’s understanding of their operating parameters. Also, given the fact that any operating systems can be infected much the same way our drone fleet was compromised (through human error), you simply cannot stand by your assessment that Windows is the root cause.
Properly implemented, Windows environments are stable. It’s the applications installed on those operating systems that can cause the problems. I’ve been in data center engineering and systems analysis for 15 years, and I can attest that our Windows infrastructure (DNS, DHCP, AD, Exchange, etc.) is among the most stable in our environment.
FWIW, I’m a Linux engineer by trade, so going so far as to say that I am ignorant to this discussion is a stretch. And as a correction, worms are built to specific kernels. Trying to infect a Linux or Mac machine with a Windows worm won’t work, and the converse is also true.
Sorry for the misunderstanding.
I thought it seemed a little out of place, but I wanted to make sure. I’m always up for good conversation, but I always like to reinforce my position.
No problem. I’m an AD/Exchange admin so we could probably have a pretty good converstation, but duty calls and I have some Powershell script that needs written.
I'll bet you're right...
God bless ya, there! I got out of the Windows/AD/Exchange world for infrastructure. Much happier with hardware, personally.
If the motor isn't properly protected w/ a phase monitor it's killed, permanently.
Single phase issues also fry just about everything. Go put a ballast on single phase and see what happens.
That would only affect 208 or 480 ballasts. The vast majority are 120 or 277. Are there even 480 ballasts?