Results 1 to 20 of 55

Thread: Stuxnet: Target Bushehr?

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. #1
    Council Member bourbon's Avatar
    Join Date
    Jun 2007
    Location
    Boston, MA
    Posts
    903

    Default Stuxnet: Target Bushehr?

    Stuxnet malware is 'weapon' out to destroy ... Iran's Bushehr nuclear plant?, by Mark Clayton. The Christian Science Monitor, September 21, 2010.
    The Stuxnet malware has infiltrated industrial computer systems worldwide. Now, cyber security sleuths say it's a search-and-destroy weapon meant to hit a single target. One expert suggests it may be after Iran's Bushehr nuclear power plant.
    By August, researchers had found something more disturbing: Stuxnet appeared to be able to take control of the automated factory control systems it had infected – and do whatever it was programmed to do with them. That was mischievous and dangerous.

    But it gets worse. Since reverse engineering chunks of Stuxnet's massive code, senior US cyber security experts confirm what Mr. Langner, the German researcher, told the Monitor: Stuxnet is essentially a precision, military-grade cyber missile deployed early last year to seek out and destroy one real-world target of high importance – a target still unknown.

    "Stuxnet is a 100-percent-directed cyber attack aimed at destroying an industrial process in the physical world," says Langner, who last week became the first to publicly detail Stuxnet's destructive purpose and its authors' malicious intent. "This is not about espionage, as some have said. This is a 100 percent sabotage attack."
    http://www.langner.com/en/

    This is pretty amazing.

  2. #2
    Council Member IntelTrooper's Avatar
    Join Date
    May 2009
    Location
    RC-S, Afghanistan
    Posts
    302

    Default

    Israelis? Or SkyNet?
    "The status quo is not sustainable. All of DoD needs to be placed in a large bag and thoroughly shaken. Bureaucracy and micromanagement kill."
    -- Ken White


    "With a plan this complex, nothing can go wrong." -- Schmedlap

    "We are unlikely to usefully replicate the insights those unencumbered by a military staff college education might actually have." -- William F. Owen

  3. #3
    Council Member
    Join Date
    Jul 2009
    Posts
    589

    Default

    Sounds a lot like a Russian or Chinese programme. IMO it fits their respective doctrines.

  4. #4
    Council Member bourbon's Avatar
    Join Date
    Jun 2007
    Location
    Boston, MA
    Posts
    903

    Default

    Iranian nuclear programme targeted by computer virus, by Maryam Sinaiee and Michael Theodoulou. The National (UAE), September 26. 2010.
    TEHRAN // Iran revealed yesterday that a so-called computer worm – which experts say shows unprecedented ingenuity and is unique in its ability to seize control of industrial plants – has infected the personal computers of staff at its first nuclear power plant.

    But Tehran said the so-called Stuxnet malicious computer program, which has been described as the world’s first cyber-guided missile, has not damaged operations at the flagship facility in Bushehr, which is due to go online within weeks.
    A likelier Stuxnet target, they speculate, would be Iran’s far more controversial nuclear facility at Natanz, where spinning centrifuges are producing low-enriched uranium for power plants.

  5. #5
    Council Member davidbfpo's Avatar
    Join Date
    Mar 2006
    Location
    UK
    Posts
    13,356

    Default Kings of War adds

    An interesting comment:http://kingsofwar.org.uk/2010/09/kua...ar-facilities/

    Which concludes:
    To conclude then, well, what can we conclude? Not much, at present; we need to keep watching and not assume that the story is over because there are so many loose threads, so many questions to be answered, so much fog where clarity is needed for good judgement to be rendered. Still, I can’t help but think that some watershed has been passed, that Stuxnet of September 2010 will be remembered rather in the way we do the aerial bombings of civilian centres by Zeppelin airships–not as particularly strategically significant at the time but as a harbinger of what is still to come.
    davidbfpo

  6. #6
    Council Member AdamG's Avatar
    Join Date
    Dec 2005
    Location
    Hiding from the Dreaded Burrito Gang
    Posts
    3,096

    Default

    If this gets any curiouser, only my smile is going to be left....

    While security experts know what Stuxnet is designed to do, Conficker is still the reigning mystery of the cyberworld because no one knows why it’s there or what it’s going to do. “Whoever developed it must be thinking that this was an incredible learning exercise,” says Joffe. “They were able to modify their code four times as we reacted defensively each time. They were able to step around us.” Version E of Conficker came out at the beginning of April 2009 and—alarmingly—it remains unbroken a year and a half later. “They raised the bar so high I have no idea what it’s doing,” he says. “It looks like it’s dormant.” But if he were to put himself in the Conficker controller’s shoes, he muses, “I'd be tactically selling off individual machines,” so that customers could choose their targets from a directory of hacked computers. “He could give me your computer, and we would never know it, as a security industry.”
    Read more: http://www.businessinsider.com/cyber...#ixzz10sidE8AX
    A scrimmage in a Border Station
    A canter down some dark defile
    Two thousand pounds of education
    Drops to a ten-rupee jezail


    http://i.imgur.com/IPT1uLH.jpg

  7. #7
    Council Member Dayuhan's Avatar
    Join Date
    May 2009
    Location
    Latitude 17° 5' 11N, Longitude 120° 54' 24E, altitude 1499m. Right where I want to be.
    Posts
    3,137

    Default A US/Israeli cyber attack on Iran's nuclear program?

    Interesting NYT article claiming that the Stuxnet worm was aimed specifically at Iranian centrifuges...

    http://www.nytimes.com/2011/01/16/wo...ewanted=1&_r=1

    Behind Dimona’s barbed wire, the experts say, Israel has spun nuclear centrifuges virtually identical to Iran’s at Natanz, where Iranian scientists are struggling to enrich uranium. They say Dimona tested the effectiveness of the Stuxnet computer worm, a destructive program that appears to have wiped out roughly a fifth of Iran’s nuclear centrifuges and helped delay, though not destroy, Tehran’s ability to make its first nuclear arms.

    To check out the worm, you have to know the machines,” said an American expert on nuclear intelligence. “The reason the worm has been effective is that the Israelis tried it out.

    Though American and Israeli officials refuse to talk publicly about what goes on at Dimona, the operations there, as well as related efforts in the United States, are among the newest and strongest clues suggesting that the virus was designed as an American-Israeli project to sabotage the Iranian program."
    Our concern with such attacks has typically been that they would be used against the US: like other swords, this one apparently has two edges.
    Last edited by davidbfpo; 01-16-2011 at 12:20 PM. Reason: Use quote marks rather than italics

  8. #8
    Council Member
    Join Date
    Aug 2010
    Posts
    98

    Default

    Quote Originally Posted by Dayuhan View Post
    Our concern with such attacks has typically been that they would be used against the US: like other swords, this one apparently has two edges.
    Where do you see any evidence of that? Also, if this was some US/Israeli effort, it was damned sloppy in that it was so easily traced. Leaving clues in code it amateur at best, and this thing has been seriously picked apart. Neither of which say good things, although the results are very much worthy of applause. Personally I don't care who did this, I'm just glad they did. We need more like that.

  9. #9
    Council Member
    Join Date
    Mar 2009
    Location
    Florida
    Posts
    44

    Default

    Mikko Hyppönen, Chief Research Officer at F-Secure, offers a good summary of why Stuxnet is unique in terms of malware design and execution: http://www.youtube.com/watch?v=gFzadFI7sco.
    Erich G. Simmers
    www.weaponizedculture.org

  10. #10
    Council Member AdamG's Avatar
    Join Date
    Dec 2005
    Location
    Hiding from the Dreaded Burrito Gang
    Posts
    3,096

    Default

    The Stuxnet software worm repeatedly sought to infect five industrial facilities in Iran over a 10-month period, a new report says, in what could be a clue into how it might have infected the Iranian uranium enrichment complex at Natanz.
    http://www.nytimes.com/2011/02/13/sc..._r=2&src=twrhp
    A scrimmage in a Border Station
    A canter down some dark defile
    Two thousand pounds of education
    Drops to a ten-rupee jezail


    http://i.imgur.com/IPT1uLH.jpg

  11. #11
    Council Member
    Join Date
    Mar 2009
    Location
    Florida
    Posts
    44

    Default

    The actual report can be found here: http://www.symantec.com/connect/ko/b...sier-available.

    It is worth the read. Missing from the news story was that several vendors contributed samples and data on the worm including ESET, F-Secure, Kaspersky Labs, Microsoft, McAfee, and Trend.
    Erich G. Simmers
    www.weaponizedculture.org

  12. #12
    Council Member
    Join Date
    Mar 2009
    Posts
    11,074

    Default Stuxnet: Cyberwar Revolution in Military Affairs

    Stuxnet: Cyberwar Revolution in Military Affairs

    Entry Excerpt:

    Stuxnet: Cyberwar Revolution in Military Affairs
    by Paulo Shakarian

    Download The Full Article: Stuxnet: Cyberwar Revolution in Military Affairs

    On June 17th, 2010, security researchers at a small Belarusian firm known as VirusBlockAda identified malicious software (malware) that infected USB memory sticks. In the months that followed, there was a flurry of activity in the computer security community – revealing that this discovery identified only one component of a new computer worm known as Stuxnet. This software was designed to specifically target industrial equipment. Once it was revealed that the majority of infections were discovered in Iran, along with an unexplained decommissioning of centrifuges at the Iranian fuel enrichment plant (FEP) at Natanz, many in the media speculated that the ultimate goal of Stuxnet was to target Iranian nuclear facilities. In November of 2010, some of these suspicions were validated when Iranian President Mahmoud Ahmadinejad publically acknowledged that a computer worm created problems for a “limited number of our [nuclear] centrifuges.” Reputable experts in the computer security community have already labeled Stuxnet as “unprecedented,” an “evolutionary leap,” and “the type of threat we hope to never see again."

    In this paper, I argue that this malicious software represents a revolution in military affairs (RMA) in the virtual realm – that is Stuxnet fundamentally changes the nature of cyber warfare. There are four reasons to this claim: (1) Stuxnet represents the first case in which industrial equipment was targeted with a cyber-weapon, (2) there is evidence that the worm was successful in its targeting of such equipment, (3) it represents a significant advance in the development of malicious software, and (4) Stuxnet has shown that several common assumptions about cyber-security are not always valid. In this paper I examine these four points as well as explore the future implications of the Stuxnet RMA.

    Download The Full Article: Stuxnet: Cyberwar Revolution in Military Affairs

    Paulo Shakarian is a Captain in the U.S. Army and a Ph.D. candidate in computer science at the University of Maryland (College Park) and will soon take up a position teaching computer science at the U.S. Military Academy. He holds a BS from the U.S. Military Academy and an MS from the University of Maryland (College Park), both in computer science.

    The views expressed in this article are those of the authors and do not reflect the official policy or position of the United States Military Academy, United States Cyber Command, the Department of the Army, the Department of Defense, or the United States Government.




    --------
    Read the full post and make any comments at the SWJ Blog.
    This forum is a feed only and is closed to user comments.

  13. #13
    Council Member
    Join Date
    Mar 2009
    Posts
    11,074

    Default Stuxnet was Work of U.S. and Israeli Experts

    Stuxnet was Work of U.S. and Israeli Experts

    Entry Excerpt:



    --------
    Read the full post and make any comments at the SWJ Blog.
    This forum is a feed only and is closed to user comments.

  14. #14
    Council Member davidbfpo's Avatar
    Join Date
    Mar 2006
    Location
    UK
    Posts
    13,356

    Default Stuxnet “this has the whiff of 1945. Someone just used a new weapon".

    Not a surprise - there is now a film / documentary on Stuxnet; Zero Days, by Oscar-winning director Alex Gibney and an article, written after a preview of the film, has the sub-title:
    A new documentary on “Stuxnet”, the joint U.S.-Israeli attack on Iran’s nuclear program, reveals it was just a small part of a much bigger cyber operation against the nation’s military and civilian infrastructure under the code name “NITRO ZEUS”.
    As a joint US-Israeli project it had some "issues" as one source claims:
    Our friends in Israel took a weapon that we jointly developed — in part to keep Israel from doing something crazy — and then used it on their own in a way that blew the cover of the operation and could’ve led to war.
    Citing Michael Hayden, ex-CIA & NSA:
    I know no operational details and don’t know what anyone did or didn’t do before someone decided to use the weapon, all right. I do know this: If we go out and do something, most of the rest of the world now thinks that’s a new standard, and it’s something they now feel legitimated to do as well. But the rules of engagement, international norms, treaty standards, they don’t exist right now.
    Link:http://www.buzzfeed.com/jamesball/us...ma#.hb5pVQAmPj

    Merged into the old thread on Stuxnet, with 52 posts and 20k views.
    Last edited by davidbfpo; 02-28-2016 at 09:56 AM. Reason: Thread had 1752 views until merged.
    davidbfpo

  15. #15
    Council Member
    Join Date
    Mar 2009
    Posts
    11,074

    Default Stuxnet “this has the whiff of 1945. Someone just used a new weapon".

    U.S. Had Cyberattack Planned if Iran Nuclear Negotiations Failed

    This is NYT report:
    In the early years of the Obama administration, the United States developed an elaborate plan for a cyberattack on Iran in case the diplomatic effort to limit its nuclear program failed and led to a military conflict, according to a forthcoming documentary film and interviews with military and intelligence officials involved in the effort. The plan, code named Nitro Zeus, was designed to disable Iran’s air defenses, communications systems and key parts of its power grid, and was shelved, at least for the foreseeable future, after the nuclear deal struck between Iran and six other nations last summer was fulfilled.

    Link:http://www.nytimes.com/2016/02/17/wo...iled.html?_r=0
    Last edited by davidbfpo; 02-16-2016 at 09:05 PM. Reason: Copied from SWJ Blog

  16. #16
    Council Member
    Join Date
    Jun 2007
    Location
    Southport NC
    Posts
    48

    Default

    Duqu most likely is more of an information gathering virus that saves files on the infected machine for further use later. It is also a keylogger.

    https://infosecisland.com/blogview/1...er-Weapon.html

  17. #17
    Council Member AdamG's Avatar
    Join Date
    Dec 2005
    Location
    Hiding from the Dreaded Burrito Gang
    Posts
    3,096

    Default

    The U.S. and Israel are widely assumed to be responsible for the Stuxnet computer worm that hit Iran’s nuclear facilities. But Moscow has just as good a motive.
    http://the-diplomat.com/2011/12/10/w...ehind-stuxnet/
    A scrimmage in a Border Station
    A canter down some dark defile
    Two thousand pounds of education
    Drops to a ten-rupee jezail


    http://i.imgur.com/IPT1uLH.jpg

  18. #18
    Council Member AdamG's Avatar
    Join Date
    Dec 2005
    Location
    Hiding from the Dreaded Burrito Gang
    Posts
    3,096

    Default

    Iranian nuclear facilities have reportedly been attacked by a “music” virus, turning on lab PCs at night and blasting AC/DC’s “Thunderstruck.”
    http://www.rt.com/news/iran-computer-virus-acdc-940/

    A scrimmage in a Border Station
    A canter down some dark defile
    Two thousand pounds of education
    Drops to a ten-rupee jezail


    http://i.imgur.com/IPT1uLH.jpg

  19. #19
    Council Member
    Join Date
    Mar 2009
    Location
    Florida
    Posts
    44

    Default

    I got a chuckle out of this news item, too, but that article--particularly the title--is crap. Mikko's original blog post is much more informative. There's really two issues. There's a report of some other worm, and the Iranian believes Metasploit is at use. Metasploit is not a virus; it's an exploitation framework. Download it here if you're curious.

    HD Moore, Metasploit's creator, tweeted two responses to articles like this one:

    "definitely a confused individual, Metasploit isn't a worm and doesn't ship with AC/DC's Thunderstruck " (source)
    He also added a bit on how you use the framework to load MP3s:

    "you can do it today (msf> load sounds) & copy mp3" (source)
    If the e-mail to Mikko is truthful and accurate, this strikes me as the act of an amateur--not a state, much less the U.S. Moreover, the fact that there is no effort to be covert makes me think this is a grand middle finger to US and other intelligence agencies. It is as if the perpetrator is saying, "You developed developed malware and cryptographic attacks over the course of years to penetrate computers relevant to the Iranian nuclear program; I did it downloading an app freely available to anyone." They probably even used a commonly available exploit, too. I can't see someone burning a 0-day to blast "Thunderstruck" to some Iranian engineers just for, as the kids say, "the lulz."

    If I had to ‘profile’ the perpetrator, I would suggest a lone male with a grudge or grievance with one or more US intelligence agencies (perhaps a past applicant). If there is a political motive, I would suggest someone affiliated with Anonymous or other like-minded group who might think disrupting Iranian networks would mean disrupting any ongoing US intelligence operation. Either way, the objective in my view is disrupting or discrediting US efforts rather than Iran's nuclear program. That’s pure speculation, but that is the impression I get.
    Last edited by Erich G. Simmers; 07-25-2012 at 06:13 AM. Reason: m0ar l33tness
    Erich G. Simmers
    www.weaponizedculture.org

  20. #20
    Council Member AdamG's Avatar
    Join Date
    Dec 2005
    Location
    Hiding from the Dreaded Burrito Gang
    Posts
    3,096

    Default

    Quote Originally Posted by Erich G. Simmers View Post
    If I had to ‘profile’ the perpetrator, I would suggest a lone male with a grudge or grievance with one or more US intelligence agencies (perhaps a past applicant). If there is a political motive, I would suggest someone affiliated with Anonymous or other like-minded group who might think disrupting Iranian networks would mean disrupting any ongoing US intelligence operation. Either way, the objective in my view is disrupting or discrediting US efforts rather than Iran's nuclear program. That’s pure speculation, but that is the impression I get.
    That'd make a good movie script. Seriously.
    A scrimmage in a Border Station
    A canter down some dark defile
    Two thousand pounds of education
    Drops to a ten-rupee jezail


    http://i.imgur.com/IPT1uLH.jpg

Similar Threads

  1. Snipers Sniping & Countering them
    By DDilegge in forum Trigger Puller
    Replies: 226
    Last Post: 04-30-2019, 08:59 AM
  2. The Roles and Weapons with the Squad
    By Faceman in forum Trigger Puller
    Replies: 977
    Last Post: 05-25-2014, 01:49 AM

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •