Israelis? Or SkyNet?
Stuxnet malware is 'weapon' out to destroy ... Iran's Bushehr nuclear plant?, by Mark Clayton. The Christian Science Monitor, September 21, 2010.
The Stuxnet malware has infiltrated industrial computer systems worldwide. Now, cyber security sleuths say it's a search-and-destroy weapon meant to hit a single target. One expert suggests it may be after Iran's Bushehr nuclear power plant.http://www.langner.com/en/By August, researchers had found something more disturbing: Stuxnet appeared to be able to take control of the automated factory control systems it had infected – and do whatever it was programmed to do with them. That was mischievous and dangerous.
But it gets worse. Since reverse engineering chunks of Stuxnet's massive code, senior US cyber security experts confirm what Mr. Langner, the German researcher, told the Monitor: Stuxnet is essentially a precision, military-grade cyber missile deployed early last year to seek out and destroy one real-world target of high importance – a target still unknown.
"Stuxnet is a 100-percent-directed cyber attack aimed at destroying an industrial process in the physical world," says Langner, who last week became the first to publicly detail Stuxnet's destructive purpose and its authors' malicious intent. "This is not about espionage, as some have said. This is a 100 percent sabotage attack."
This is pretty amazing.
Israelis? Or SkyNet?
"The status quo is not sustainable. All of DoD needs to be placed in a large bag and thoroughly shaken. Bureaucracy and micromanagement kill."
-- Ken White
"With a plan this complex, nothing can go wrong." -- Schmedlap
"We are unlikely to usefully replicate the insights those unencumbered by a military staff college education might actually have." -- William F. Owen
Sounds a lot like a Russian or Chinese programme. IMO it fits their respective doctrines.
Iranian nuclear programme targeted by computer virus, by Maryam Sinaiee and Michael Theodoulou. The National (UAE), September 26. 2010.
TEHRAN // Iran revealed yesterday that a so-called computer worm – which experts say shows unprecedented ingenuity and is unique in its ability to seize control of industrial plants – has infected the personal computers of staff at its first nuclear power plant.
But Tehran said the so-called Stuxnet malicious computer program, which has been described as the world’s first cyber-guided missile, has not damaged operations at the flagship facility in Bushehr, which is due to go online within weeks.A likelier Stuxnet target, they speculate, would be Iran’s far more controversial nuclear facility at Natanz, where spinning centrifuges are producing low-enriched uranium for power plants.
An interesting comment:http://kingsofwar.org.uk/2010/09/kua...ar-facilities/
Which concludes:To conclude then, well, what can we conclude? Not much, at present; we need to keep watching and not assume that the story is over because there are so many loose threads, so many questions to be answered, so much fog where clarity is needed for good judgement to be rendered. Still, I can’t help but think that some watershed has been passed, that Stuxnet of September 2010 will be remembered rather in the way we do the aerial bombings of civilian centres by Zeppelin airships–not as particularly strategically significant at the time but as a harbinger of what is still to come.
davidbfpo
If this gets any curiouser, only my smile is going to be left....
Read more: http://www.businessinsider.com/cyber...#ixzz10sidE8AXWhile security experts know what Stuxnet is designed to do, Conficker is still the reigning mystery of the cyberworld because no one knows why it’s there or what it’s going to do. “Whoever developed it must be thinking that this was an incredible learning exercise,” says Joffe. “They were able to modify their code four times as we reacted defensively each time. They were able to step around us.” Version E of Conficker came out at the beginning of April 2009 and—alarmingly—it remains unbroken a year and a half later. “They raised the bar so high I have no idea what it’s doing,” he says. “It looks like it’s dormant.” But if he were to put himself in the Conficker controller’s shoes, he muses, “I'd be tactically selling off individual machines,” so that customers could choose their targets from a directory of hacked computers. “He could give me your computer, and we would never know it, as a security industry.”
A scrimmage in a Border Station
A canter down some dark defile
Two thousand pounds of education
Drops to a ten-rupee jezail
http://i.imgur.com/IPT1uLH.jpg
Adam,
Thanks for the link to the article. I was not aware that malware caused a plane crash.
Read more: http://www.businessinsider.com/cyber...#ixzz10suFktT1Already, malware has caused the loss of life. This August, the Spanish government released its report on Spanair Flight JK5022, which crashed on takeoff from Madrid two years ago. The pilot of the McDonnell Douglas MD 82 took off thinking that the flaps controlling lift were extended when they were, in fact, retracted. The plane ascended briefly before plunging into the ground, killing 154 of its 172 passengers. Trojan viruses spread by infected USB sticks—the dirty needles of the tech world—had stalled the execution of a key safety protocol before the jet took off, which would have shown that the aircraft’s systems were malfunctioning.
http://www.nytimes.com/2010/09/30/wo...st/30worm.htmlDeep inside the computer worm that some specialists suspect is aimed at slowing Iran’s race for a nuclear weapon lies what could be a fleeting reference to the Book of Esther, the Old Testament tale in which the Jews pre-empt a Persian plot to destroy them.
That use of the word “Myrtus” — which can be read as an allusion to Esther — to name a file inside the code is one of several murky clues that have emerged as computer experts try to trace the origin and purpose of the rogue Stuxnet program, which seeks out a specific kind of command module for industrial equipment.
A scrimmage in a Border Station
A canter down some dark defile
Two thousand pounds of education
Drops to a ten-rupee jezail
http://i.imgur.com/IPT1uLH.jpg
A very short article alleging it is the IDF's Cyber Unit 8200:http://www.telegraph.co.uk/news/worl...r-warfare.html
Elsewhere, possibly from another article in the paper, the 'clue':Link:http://www.telegraph.co.uk/news/worl...orm-claim.htmlComputer experts have discovered a biblical reference embedded in the code of the computer worm that has pointed to Israel as the origin of the cyber attack.
The code contains the word "myrtus", which is the Latin biological term for the myrtle tree. The Hebrew word for myrtle, Hadassah, was the birth name of Esther, the Jewish queen of Persia.
Last edited by davidbfpo; 09-30-2010 at 09:35 PM. Reason: Add link and citation
davidbfpo
Erich G. Simmers
www.weaponizedculture.org
Bruce Schneier, a expert on security and cryptography, wrote this October 7th analysis of Stuxnet (also featured at Forbes.com), which summarizes what is known and unknown about the worm including possible clues from the code and alternative explanations to the Bushehr nuclear reactor sabotage hypothesis. Schneier's arguments on issues of technology and security tend to focus on putting threats and vulnerabilities into the most rational/least emotional light, and as such he has consistently downplayed the dangers of cyberwar. Whatever your stance on the threat, it is a measured analysis worth noting:
More at Schneier on Security...Computer security experts are often surprised at which stories get picked up by the mainstream media. Sometimes it makes no sense. Why this particular data breach, vulnerability, or worm and not others? Sometimes it's obvious. In the case of Stuxnet, there's a great story.
As the story goes, the Stuxnet worm was designed and released by a government--the U.S. and Israel are the most common suspects--specifically to attack the Bushehr nuclear power plant in Iran. How could anyone not report that? It combines computer attacks, nuclear power, spy agencies and a country that's a pariah to much of the world. The only problem with the story is that it's almost entirely speculation.
Here's what we do know...
Best,
Erich Simmers
Erich G. Simmers
www.weaponizedculture.org
http://www.openforum.com/idea-hub/to...ss-tom-harnishWhat Stuxnet Means for Small Business
Tom Harnish
Oct 18, 2010 -
When the cyber weapon hit, it rocked the computer industry and aftershocks rattled brains in cyber security centers around the world. This is no plot line from a science fiction novel, someone really designed and built a groundbreaking computer program — a cyber missile. Called Stuxnet, it was designed to hunt and destroy a specific industrial process, maybe even blow something up.
A scrimmage in a Border Station
A canter down some dark defile
Two thousand pounds of education
Drops to a ten-rupee jezail
http://i.imgur.com/IPT1uLH.jpg
Read more: http://www.foxnews.com/scitech/2010/...#ixzz16YZpEt3PThe target was seemingly impenetrable; for security reasons, it lay several stories underground and was not connected to the World Wide Web. And that meant Stuxnet had to act as sort of a computer cruise missile: As it made its passage through a set of unconnected computers, it had to grow and adapt to security measures and other changes until it reached one that could bring it into the nuclear facility.
When it ultimately found its target, it would have to secretly manipulate it until it was so compromised it ceased normal functions.
And finally, after the job was done, the worm would have to destroy itself without leaving a trace.
That is what we are learning happened at Iran's nuclear facilities -- both at Natanz, which houses the centrifuge arrays used for processing uranium into nuclear fuel, and, to a lesser extent, at Bushehr, Iran's nuclear power plant.
At Natanz, for almost 17 months, Stuxnet quietly worked its way into the system and targeted a specific component -- the frequency converters made by the German equipment manufacturer Siemens that regulated the speed of the spinning centrifuges used to create nuclear fuel. The worm then took control of the speed at which the centrifuges spun, making them turn so fast in a quick burst that they would be damaged but not destroyed. And at the same time, the worm masked that change in speed from being discovered at the centrifuges' control panel.
At Bushehr, meanwhile, a second secret set of codes, which Langner called “digital warheads,” targeted the Russian-built power plant's massive steam turbine.
Here's how it worked, according to experts who have examined the worm:
A scrimmage in a Border Station
A canter down some dark defile
Two thousand pounds of education
Drops to a ten-rupee jezail
http://i.imgur.com/IPT1uLH.jpg
Adam G,
Good catch, well written too. A lot of thought applied to the strategy and tools used.
davidbfpo
If you liked that, you'll positively plotz over this :
Recommended reading music
http://www.youtube.com/watch?v=9LdTe2EbrLk
http://pajamasmedia.com/rogerlsimon/...net-continued/While the media blabs on about (relatively) inconsequential WikiLeaks, real drama plays out on the streets of Teheran where two Iranian nuclear scientists were the targets of assassination attempts – one of them successful.
A scrimmage in a Border Station
A canter down some dark defile
Two thousand pounds of education
Drops to a ten-rupee jezail
http://i.imgur.com/IPT1uLH.jpg
"The status quo is not sustainable. All of DoD needs to be placed in a large bag and thoroughly shaken. Bureaucracy and micromanagement kill."
-- Ken White
"With a plan this complex, nothing can go wrong." -- Schmedlap
"We are unlikely to usefully replicate the insights those unencumbered by a military staff college education might actually have." -- William F. Owen
You'd like to think that, wouldn't you? You've beaten my giant, which means you're exceptionally strong, so you could've put the poison in your own goblet, trusting on your strength to save you, so I can clearly not choose the wine in front of you. But, you've also bested my Spaniard, which means you must have studied, and in studying you must have learned that man is mortal, so you would have put the poison as far from yourself as possible, so I can clearly not choose the wine in front of me. - Vizzini
A scrimmage in a Border Station
A canter down some dark defile
Two thousand pounds of education
Drops to a ten-rupee jezail
http://i.imgur.com/IPT1uLH.jpg
http://www.aolnews.com/nation/articl...warns/19750249(Dec. 7) -- The computer virus Stuxnet, which some experts believe was created specifically to target Iran's nuclear facilities, could also threaten U.S. infrastructure, a senior Department of Homeland Security official says.
"That virus focused on specific software implementations, and those software implementations did exist in some U.S. infrastructure," Greg Schaffer, the department's assistant secretary for cybersecurity and communications, told reporters at a breakfast Monday morning. "So, there was the potential for some U.S. infrastructure.to be impacted at some level."
A scrimmage in a Border Station
A canter down some dark defile
Two thousand pounds of education
Drops to a ten-rupee jezail
http://i.imgur.com/IPT1uLH.jpg
Bookmarks