Erich G. Simmers
www.weaponizedculture.org
Bruce Schneier, a expert on security and cryptography, wrote this October 7th analysis of Stuxnet (also featured at Forbes.com), which summarizes what is known and unknown about the worm including possible clues from the code and alternative explanations to the Bushehr nuclear reactor sabotage hypothesis. Schneier's arguments on issues of technology and security tend to focus on putting threats and vulnerabilities into the most rational/least emotional light, and as such he has consistently downplayed the dangers of cyberwar. Whatever your stance on the threat, it is a measured analysis worth noting:
More at Schneier on Security...Computer security experts are often surprised at which stories get picked up by the mainstream media. Sometimes it makes no sense. Why this particular data breach, vulnerability, or worm and not others? Sometimes it's obvious. In the case of Stuxnet, there's a great story.
As the story goes, the Stuxnet worm was designed and released by a government--the U.S. and Israel are the most common suspects--specifically to attack the Bushehr nuclear power plant in Iran. How could anyone not report that? It combines computer attacks, nuclear power, spy agencies and a country that's a pariah to much of the world. The only problem with the story is that it's almost entirely speculation.
Here's what we do know...
Best,
Erich Simmers
Erich G. Simmers
www.weaponizedculture.org
http://www.openforum.com/idea-hub/to...ss-tom-harnishWhat Stuxnet Means for Small Business
Tom Harnish
Oct 18, 2010 -
When the cyber weapon hit, it rocked the computer industry and aftershocks rattled brains in cyber security centers around the world. This is no plot line from a science fiction novel, someone really designed and built a groundbreaking computer program — a cyber missile. Called Stuxnet, it was designed to hunt and destroy a specific industrial process, maybe even blow something up.
A scrimmage in a Border Station
A canter down some dark defile
Two thousand pounds of education
Drops to a ten-rupee jezail
http://i.imgur.com/IPT1uLH.jpg
Read more: http://www.foxnews.com/scitech/2010/...#ixzz16YZpEt3PThe target was seemingly impenetrable; for security reasons, it lay several stories underground and was not connected to the World Wide Web. And that meant Stuxnet had to act as sort of a computer cruise missile: As it made its passage through a set of unconnected computers, it had to grow and adapt to security measures and other changes until it reached one that could bring it into the nuclear facility.
When it ultimately found its target, it would have to secretly manipulate it until it was so compromised it ceased normal functions.
And finally, after the job was done, the worm would have to destroy itself without leaving a trace.
That is what we are learning happened at Iran's nuclear facilities -- both at Natanz, which houses the centrifuge arrays used for processing uranium into nuclear fuel, and, to a lesser extent, at Bushehr, Iran's nuclear power plant.
At Natanz, for almost 17 months, Stuxnet quietly worked its way into the system and targeted a specific component -- the frequency converters made by the German equipment manufacturer Siemens that regulated the speed of the spinning centrifuges used to create nuclear fuel. The worm then took control of the speed at which the centrifuges spun, making them turn so fast in a quick burst that they would be damaged but not destroyed. And at the same time, the worm masked that change in speed from being discovered at the centrifuges' control panel.
At Bushehr, meanwhile, a second secret set of codes, which Langner called “digital warheads,” targeted the Russian-built power plant's massive steam turbine.
Here's how it worked, according to experts who have examined the worm:
A scrimmage in a Border Station
A canter down some dark defile
Two thousand pounds of education
Drops to a ten-rupee jezail
http://i.imgur.com/IPT1uLH.jpg
Adam G,
Good catch, well written too. A lot of thought applied to the strategy and tools used.
davidbfpo
If you liked that, you'll positively plotz over this :
Recommended reading music
http://www.youtube.com/watch?v=9LdTe2EbrLk
http://pajamasmedia.com/rogerlsimon/...net-continued/While the media blabs on about (relatively) inconsequential WikiLeaks, real drama plays out on the streets of Teheran where two Iranian nuclear scientists were the targets of assassination attempts – one of them successful.
A scrimmage in a Border Station
A canter down some dark defile
Two thousand pounds of education
Drops to a ten-rupee jezail
http://i.imgur.com/IPT1uLH.jpg
Bookmarks