It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Thank you.
Some features of ATS will be disabled while you continue to use an ad-blocker.
Was Stuxnet built to attack Iran's nuclear program?
page: 1share:
Was Stuxnet built to attack Iran's nuclear program?
www.compu terworld.com
(visit the link for the full news article)
IDG News Service - A highly sophisticated computer worm that has spread through Iran, Indonesia and India was built to destroy operations at one target: possibly Iran's Bushehr nuclear reactor.
That's the emerging consensus of security experts who have examined the Stuxnet worm. In recent weeks, they've broken the cryptographic code behind the software and taken a look at how the worm operates in test environments. Researchers studying the worm all agree that Stuxnet was built by a very sophisticated and capable attacker -- possibly a nation state -- and it was designed to destroy someth
All I can say is WOW. This is the first time I have heard of state sponsored espionage using a worm designed for a seemingly single purpose. To
sabotage a nuclear reactor. What kind of implications does this give?
I can only image that the US/Israel is behind this "attack". They are the most vocal about Iranian nuclear ambitions. But could it be the Chinese trying to cast suspicion on the US/Israel, further weakening the US/Israels position on the world stage? I would not put it past them.
I will definitely be interested to see where this story leads...
www.compu terworld.com
(visit the link for the full news article)
I can only image that the US/Israel is behind this "attack". They are the most vocal about Iranian nuclear ambitions. But could it be the Chinese trying to cast suspicion on the US/Israel, further weakening the US/Israels position on the world stage? I would not put it past them.
I will definitely be interested to see where this story leads...
www.compu terworld.com
(visit the link for the full news article)
edit on 21-9-2010 by BomSquad because: Added Israel as a possible source
Originally posted by BomSquad
All I can say is WOW. This is the first time I have heard of state sponsored espionage using a worm designed for a seemingly single purpose. To sabotage a nuclear reactor.
All I can say is WOW... Sensationalist rubbish!!!
Researchers studying the worm all agree that Stuxnet was built by a very sophisticated and capable attacker -- possibly a nation state -- and it was designed to destroy something.
So you take an assumption and turn it into a fact... Why is it, on a site that has a motto "Deny Ignorance" that people show serious signs of exactly that... Ignorance!
What kind of implications does this give?
I can only image that the US/Israel is behind this "attack". They are the most vocal about Iranian nuclear ambitions. But could it be the Chinese trying to cast suspicion on the US/Israel, further weakening the US/Israels position on the world stage? I would not put it past them.
I will definitely be interested to see where this story leads...
Do you have any respect for your own writings? How could you destroy your credibility like this? You just took a theory that this attack was orchestrated by a Nation.... And you automaticly implicate the US and Israel... Simply amazing.. This thread and its OP should be learning material for propagandists..and "how to fail at spreading propaganda"
Maybe your investigating tools are dull...Let me help you.
Experts had first thought that Stuxnet was written to steal industrial secrets -- factory formulas that could be used to build counterfeit products. But Langner found something quite different. The worm actually looks for very specific Siemens settings -- a kind of fingerprint that tells it that it has been installed on a very specific Programmable Logic Controller (PLC) device -- and then it injects its own code into that system.
This specific target may well have been Iran's Bushehr reactor, now under construction, Langner said in a blog posting. Bushehr reportedly experienced delays last year, several months after Stuxnet is thought to have been created, and according to screen shots of the plant posted by UPI, it uses the Windows-based Siemens PLC software targeted by Stuxnet.
All of this is speculation..They assume it was written to "steal industrial secrets".. Then they find specific code that searches for very specific Siemans settings... Have you looked up these settings? Have you looked up how many OTHER systems where these settings would be present? I have to ask... Have you looked up ANY of this?
Peterson believes that Bushehr was possibly the target. "If I had to guess what it was, yes that's a logical target," he said. "But that's just speculation."
Notice how he admitted speculation? I am yet to see where he mentions the US and or Israel and China...
So to summarize... You are assuming that it was USA/Israel or China.. based on --- An assumption that it might be intended for a Nuclear reactor as a target.... Based on an assumption that it was for a "high value" target.. based solely on the complexity of the worm... wow.. The only fact/proof here, is that the worm actually exists.
Langner thinks that it's possible that Bushehr may have been infected through the Russian contractor that is now building the facility, JSC AtomStroyExport. Recently AtomStroyExport had its Web site hacked, and some of its Web pages are still blocked by security vendors because they are known to host malware. This is not an auspicious sign for a company contracted with handling nuclear secrets.
With all of these alternative possibilities available... You have choosen to implicate the US/Israel/China in a situation that may or may not be an attack.. Which may or may not be directed at a nuclear plant.... Said nuclear plant may or may not have been infected by this worm... As he stated "Langner thinks that it's possible that Bushehr may have been infected through the Russian contractor that is now building the facility"
Please people... You are turning this into the "National Enquirer" .. Just regurgitating MSM stories without using any form of objective investigating....
www.compu terworld.com
(visit the link for the full news article)
edit on 21-9-2010 by BomSquad because: Added Israel as a possible source
edit on 21-9-2010 by Mobius1974 because: (no reason given)
reply to post by Mobius1974
Let me clarify a few things...
I posted the article while at work, so I did not have much time to elaborate on my thoughts. No excuse, but there it is. Also, I am not "investigating" this story, I am speculating on it. That is something completely different.
I thought from the title of the article, it was pretty clear that this was a speculative article to begin with. After all, "Was Stuxnet built to attack Iran's nuclear program?" is a question, not a declarative statement. I thought that this was pretty clear that it was not conclusive proof, but evidence found that raised some pointed questions. I believe that these questions are worthy of discussion.
In the spirit of the speculative nature of the original article, I asked myself some questions. Who would benefit most from a problem with the Iranian nuclear reactor? Who would benefit most from a false accusation of someone else in regards to this possible attack?
So when I asked myself, "Who would benefit most from a problem with the Iranian nuclear reactor?" the two most likely suspects became the US and Israel. When it comes to the rhetoric coming from both of these countries about the Iranian nuclear ambitions, they are the loudest and most vehement about preventing Iran from acquiring nuclear capabilities. So I ask you, IF this is indeed a state sponsored attack, who else would you credibly suspect? I know that is a big IF, but there it is.
Then I asked myself, "IF this is a state sponsored attack and IF the US or Israel did not sponsor it, who would benefit most from pointing the finger at these two most likely suspects?" Again, a lot of IFs, but not outside the realms of possibility. So when I asked myself this question, my first thought is China. They have an interest in causing suspicion of the US and Israel with the world community. China would benefit most from taking the US down a few pegs, in my opinion.
Also, when an industrial systems security expert says things like "By messing with Operational Block 35, Stuxnet could easily cause a refinery's centrifuge to malfunction, but it could be used to hit other targets, too, The only thing I can say is that it is something designed to go bang," It certainly sounds more serious than industrial espionage.
Again, I ask the question, what are the implications of this (IF it is indeed a state sponsored attack on Iran's nuclear reactor)?
It may only be a "what if" game, but I find these kind of brainstorms lead to constructive discussions on the likelihood on whether these scenarios could come to pass.
Let me clarify a few things...
I posted the article while at work, so I did not have much time to elaborate on my thoughts. No excuse, but there it is. Also, I am not "investigating" this story, I am speculating on it. That is something completely different.
I thought from the title of the article, it was pretty clear that this was a speculative article to begin with. After all, "Was Stuxnet built to attack Iran's nuclear program?" is a question, not a declarative statement. I thought that this was pretty clear that it was not conclusive proof, but evidence found that raised some pointed questions. I believe that these questions are worthy of discussion.
In the spirit of the speculative nature of the original article, I asked myself some questions. Who would benefit most from a problem with the Iranian nuclear reactor? Who would benefit most from a false accusation of someone else in regards to this possible attack?
So when I asked myself, "Who would benefit most from a problem with the Iranian nuclear reactor?" the two most likely suspects became the US and Israel. When it comes to the rhetoric coming from both of these countries about the Iranian nuclear ambitions, they are the loudest and most vehement about preventing Iran from acquiring nuclear capabilities. So I ask you, IF this is indeed a state sponsored attack, who else would you credibly suspect? I know that is a big IF, but there it is.
Then I asked myself, "IF this is a state sponsored attack and IF the US or Israel did not sponsor it, who would benefit most from pointing the finger at these two most likely suspects?" Again, a lot of IFs, but not outside the realms of possibility. So when I asked myself this question, my first thought is China. They have an interest in causing suspicion of the US and Israel with the world community. China would benefit most from taking the US down a few pegs, in my opinion.
Also, when an industrial systems security expert says things like "By messing with Operational Block 35, Stuxnet could easily cause a refinery's centrifuge to malfunction, but it could be used to hit other targets, too, The only thing I can say is that it is something designed to go bang," It certainly sounds more serious than industrial espionage.
Again, I ask the question, what are the implications of this (IF it is indeed a state sponsored attack on Iran's nuclear reactor)?
It may only be a "what if" game, but I find these kind of brainstorms lead to constructive discussions on the likelihood on whether these scenarios could come to pass.
I have found some additional information since I first posted this yesterday..
Stuxnet was a directed attack with insider knowledge expert says
Stuxnet is a directed attack -- 'hack of the century'
stuxnet: targeting the iranian enrichment centrifuges in Natanz?
The War Against Iran Has Already Started
Did Powerful New Cyber Weapon Attack Iran Nuke?
Stuxnet was a directed attack with insider knowledge expert says
Stuxnet is a directed attack -- 'hack of the century'
stuxnet: targeting the iranian enrichment centrifuges in Natanz?
The War Against Iran Has Already Started
Did Powerful New Cyber Weapon Attack Iran Nuke?
edit on 22-9-2010 by BomSquad because: Added last two article links
reply to post by BomSquad
There's also an interesting article in the Christian Science Monitor on this (which has been used as a source for some of the articles you've posted, but I thought it was worth it's own link):
Stuxnet malware is weapon out to destroy Iran's Bushehr nuclear plant
It's a really interesting story, thanks for posting it. I don't understand enough about industrial control systems to add much of value, but I'll be following the thread.
There's also an interesting article in the Christian Science Monitor on this (which has been used as a source for some of the articles you've posted, but I thought it was worth it's own link):
Stuxnet malware is weapon out to destroy Iran's Bushehr nuclear plant
It's a really interesting story, thanks for posting it. I don't understand enough about industrial control systems to add much of value, but I'll be following the thread.
Ya know... when I first read this it wasn't the USofA who came to mind as a possible who-done-it...
but rather Iran or even North Korea...
I say that because a lot of recent cyber attacks has been traced back to NK , no friend of the western world.. and I wouldn't put it pass them to try something like this knowing the US would take the blame...
Now there is a growing resentment amongst Iran's own well educated class...attacks from the MEK on iranian soil are not unheard of...
surely the US would make the top ten who-done-it list, but I'd put them far down the list 9 or even 10 when it comes to prime suspects
but rather Iran or even North Korea...
I say that because a lot of recent cyber attacks has been traced back to NK , no friend of the western world.. and I wouldn't put it pass them to try something like this knowing the US would take the blame...
Now there is a growing resentment amongst Iran's own well educated class...attacks from the MEK on iranian soil are not unheard of...
surely the US would make the top ten who-done-it list, but I'd put them far down the list 9 or even 10 when it comes to prime suspects
Originally posted by Mobius1974
Originally posted by BomSquad
All I can say is WOW. This is the first time I have heard of state sponsored espionage using a worm designed for a seemingly single purpose. To sabotage a nuclear reactor.
All I can say is WOW... Sensationalist rubbish!!!
The US has a long history of doing whatever they need to do to undermine and destroy any threats to American globalism. With the recent deployment of US Cyber Command in the Pentagon, I have no doubt that the American government would start to use such technology to attack rivals in such a politically "acceptable" move.
Great thread.
The BBC is running the story on its front page today
Stuxnet worm 'targeted high-value Iranian assets'
Pentagon cyber warfare programme possibly?
The BBC is running the story on its front page today
Stuxnet worm 'targeted high-value Iranian assets'
Pentagon cyber warfare programme possibly?
reply to post by neformore
I just read this on BBC myself as well. I found this paragraph interesting:
My first thought was US/Israel as well but it's speculation at this point.
I just read this on BBC myself as well. I found this paragraph interesting:
"This is not some hacker sitting in the basement of his parents' house. To me, it seems that the resources needed to stage this attack point to a nation state,"..."It is a very big project, it is very well planned, it is very well funded," he said. "It has an incredible amount of code just to infect those machines."
My first thought was US/Israel as well but it's speculation at this point.
"It is rare to see an attack using one zero-day exploit," Mikko Hypponen, chief research officer at security firm F-Secure, told BBC News. "Stuxnet used not one, not two, but four." He said cybercriminals and "everyday hackers" valued zero-day exploits and would not "waste" them by bundling so many together.
Siemens PLCs are computerized controllers used in almost all modern industrial plants.
If you have say a enrichment plant with 3000 centrifuges making enriched uranium you would have 3000 speed controllers, lube controllers, bearing vibration sensors ECT ECT ECT. since the uranium enrichment centrifuges spin at the speed of sound loss of lube would make a big mess as the centrifuges started coming apart with no warning if the main control-room computer did not get the reading that the lube feed had failed and the bearing were vibrating
A program could be written to find only plants with this type systems controlled by a plant control-room computer.
And since Siemens is unlikely to sell say a county like Iran the computer codes to program the main control room computer for Iran they will have to write there own program.
This means finding the codes Siemens uses and putting them on a small number of computers for the programmers to use.
If anyplace along the line any of the computers are connected to the Internet this virus can be transferred to the programing computers.
Then when the finished program is transferred to the plant computer this virus will be there piggybacked on the program.
If the party that created the virus knows what equipment is in the plant (spies or payed off worker)they can tailor the virus to attack just one plant and not really do any harm to any other plants.
A number of counties could be the source US or Israel.
Russia or China could do it if they wanted to sell more equipment to Iran to replace the equipment that would be destroyed. by this virus.
If you have say a enrichment plant with 3000 centrifuges making enriched uranium you would have 3000 speed controllers, lube controllers, bearing vibration sensors ECT ECT ECT. since the uranium enrichment centrifuges spin at the speed of sound loss of lube would make a big mess as the centrifuges started coming apart with no warning if the main control-room computer did not get the reading that the lube feed had failed and the bearing were vibrating
A program could be written to find only plants with this type systems controlled by a plant control-room computer.
And since Siemens is unlikely to sell say a county like Iran the computer codes to program the main control room computer for Iran they will have to write there own program.
This means finding the codes Siemens uses and putting them on a small number of computers for the programmers to use.
If anyplace along the line any of the computers are connected to the Internet this virus can be transferred to the programing computers.
Then when the finished program is transferred to the plant computer this virus will be there piggybacked on the program.
If the party that created the virus knows what equipment is in the plant (spies or payed off worker)they can tailor the virus to attack just one plant and not really do any harm to any other plants.
A number of counties could be the source US or Israel.
Russia or China could do it if they wanted to sell more equipment to Iran to replace the equipment that would be destroyed. by this virus.
And more information...
Last-minute paper: An indepth look into Stuxnet
Curiouser and curiouser...
Malware that can affect the real world and not just the cyber world is a fairly new concept, at least to me. I know the potential has been there for a while, but I have not heard of it being put into practice before now.
Last-minute paper: An indepth look into Stuxnet
During the presentation we will also show the code used and give demonstrations on the more malevolent and intriguing parts of the threat, namely the PLC/STL rootkit and the ability to control real-life physical systems. With this threat, the attackers are capable of injecting code into industrial control systems and hiding that code from the designers and operators of the ICS giving the attackers full control over the day-to-day functionality of the physical system under attack.
Curiouser and curiouser...
Malware that can affect the real world and not just the cyber world is a fairly new concept, at least to me. I know the potential has been there for a while, but I have not heard of it being put into practice before now.
The following are either those who are at least partially responsible for it, or are investigating it from the US perspective:
Cryptological Intelligence Training Goodfellow AFB
__________________________________________
This was written by Michael W. Cheek on Wednesday, January 27, 2010, 13:31.
It seems to me the timing at the very least looks suspicious
MAJOR GENERAL RICHARD E. WEBBER USAF Official Biography
Wikipedia's Air Force Cyber Command (Provisional) Article
My immediate professional opinion based upon more than a decade in the united states air force is this thing may be a multi-national coordinated thing, honestly. This is my opinion.
hope this helps,
ET
Cryptological Intelligence Training Goodfellow AFB
__________________________________________
Air Force Cyber Command to go Operational
This was written by Michael W. Cheek on Wednesday, January 27, 2010, 13:31.
The 24th Air Force was certified for operation yesterday by the head of the Air Force Base Command, according to a report in the San Antonio Business Journal. The unit stationed at Lackland Air Force Base will begin cyber security operations immediately.
Air Force Cyber Command to go Operational
It seems to me the timing at the very least looks suspicious
The Official Website for the U.S. Air Force, 24th Air Force, Cyber Command
8/18/2009 - LACKLAND AIR FORCE BASE, Texas (AFNS) -- Air Force officials here activated the newest numbered Air Force and realigned two units under its command in a joint ceremony here Aug. 18.
The 24th Air Force activation under Air Force Space Command is a major milestone in the combination of space and cyberspace operations within one command.
Gen. C. Robert "Bob" Kehler, the commander of Air Force Space Command, presided over the ceremony to activate the numbered Air Force.
Maj. Gen. Richard E. Webber is the first commander of the numbered Air Force dedicated to cyberspace. The 24th Air Force staff will provide combat-ready forces trained and equipped to conduct sustained cyber operations, fully integrated within air and space operations.
After the 24th Air Force was activated, General Webber, presided over two additional events, the redesignation of the Air Force Information Operations Center as the 688th Information Operations Wing and the realignment of the 67th Network Warfare Wing under the 24th Air Force.
The Official Website for the U.S. Air Force
MAJOR GENERAL RICHARD E. WEBBER USAF Official Biography
Wikipedia's Air Force Cyber Command (Provisional) Article
My immediate professional opinion based upon more than a decade in the united states air force is this thing may be a multi-national coordinated thing, honestly. This is my opinion.
hope this helps,
ET
edit on 23-9-2010 by Esoteric Teacher because: add stuff
why cant the guy speculate?
all the 911 threads and even the official conspiracy theory is technically just an speculation too, since it is not backup by evidences
this is the 2nd thread at least on the same subject ... modders, you have work to do
all the 911 threads and even the official conspiracy theory is technically just an speculation too, since it is not backup by evidences
this is the 2nd thread at least on the same subject ... modders, you have work to do
Found another good article from DarkReading...
Stuxnet Heralds New Generation of Targeted Attacks
Stuxnet Heralds New Generation of Targeted Attacks
It's the first known malware attack to target power plant and factory floor systems, but the Stuxnet worm also has opened the door to a whole new level of attack that could execute the unthinkable, manipulating and sabotaging power plants and other critical infrastructure systems.
Stuxnet has been under the microscope over the past few days as researchers around the world have picked apart and analyzed the malware's makeup and possible intent. No one knows for sure yet who is behind it -- many point to some nation-state link due to its many layers of expertise and the sophistication of the attack -- nor its specific goal, but most agree that it's a game-changer.
"We've never seen anything like this before," says Liam O Murchu, manager of operations for Symantec Security Response, which has been one of the leading teams of researchers to study the malware. "It infects those PLCs that control real, live machinery, and can have physical affects in the real world. Turning off essential parts of a plant could have drastic affects."
edit on 24-9-2010 by BomSquad because: Added paragraphs to the quoted text
reply to post by Esoteric Teacher
Part of me thinks that the military/government sets up these kinds of groups more for the PR than for actually doing something and the group that is actually doing this kind of work is never acknowledged.
I have nothing but my own suspicions to back this up, though....
Part of me thinks that the military/government sets up these kinds of groups more for the PR than for actually doing something and the group that is actually doing this kind of work is never acknowledged.
I have nothing but my own suspicions to back this up, though....
Someone said they thought that this was a c4reation of Isreali intelligence.
I can concur with the assumption however what's to stop an intelligent coder from acquiring a copy of this virus and utilising it against the west?
I fear this is something the U.S. concocted and is what will constitute 911 part 2.
I can concur with the assumption however what's to stop an intelligent coder from acquiring a copy of this virus and utilising it against the west?
I fear this is something the U.S. concocted and is what will constitute 911 part 2.
Originally posted by Heyyo_yoyo
I can concur with the assumption however what's to stop an intelligent coder from acquiring a copy of this virus and utilising it against the west?
Nothing....absolutely nothing. The only thing to do would be to patch the vulnerabilities that Stuxnet exploits, but as far as I know, Microsoft has come up with updates to close only 2 of the 4 exploits so far...
IMHO I think it was set loose to try and cripple all mechanized infrastructure and the vulnerability of Siemens.
www.wired.com...
The Stuxnet worm, which was discovered in June and has infected more than 100,000 computer systems worldwide, is designed to attack the Siemens Simatic WinCC SCADA system. SCADA systems, short for “supervisory control and data acquisition,” are programs installed in pipelines, nuclear plants, utility companies and manufacturing facilities to manage operations. Read More www.wired.com...
www.wired.com...
Just when you thought you heard the worst of this particular malware...it just keeps getting better (worse)!
Stuxnet worm can re-infect scrubbed PCs
Stuxnet worm can re-infect scrubbed PCs
Computerworld - A security researcher today revealed yet another way that the Stuxnet worm spreads, a tactic that can re-infect machines that have already been scrubbed of the malware.
The new information came on the heels of admissions by Iranian officials that Stuxnet had infected at least 30,000 of the country's Windows PCs, including some of the machines at the Bushehr nuclear reactor in southwestern Iran.
edit on 28-9-2010 by BomSquad because: Added paragraphs to quote
edit on 28-9-2010 by BomSquad because: Added external content tags