Wednesday, July 20, 2011

Saving Iran's Nukes

How Digital Detectives Deciphered Stuxnet, the Most Menacing Malware in History
and, incidentally, put Iran's nuke program back into high gear

It was here the researchers found an end-date — June 24, 2012. Each time Stuxnet would start to run on a machine, it would check the date on the machine’s internal clock; if it was later than the date in the configuration file, Stuxnet would shut down. Presumably this was the time frame by which Stuxnet was expected to have achieved all of its goals.

The researchers were stunned. It was the first time anyone had seen digital code in the wild being used to physically destroy something in the real world. Hollywood had imagined such a scenario years earlier in a Die Hard flick. Now reality had caught up with fantasy.

“We were expecting something to be espionage, we were expecting something to steal credit card numbers; that’s what we deal with every single day,” Chien recalls. “But we weren’t expecting this.”


It took three weeks to reach a startling conclusion — Stuxnet wasn’t just aimed at attacking a specific type of Siemens controller, it was a precision weapon bent on sabotaging a specific facility.

Embedded in Stuxnet’s code was a dossier detailing the specific technical configuration of the facility it sought. Any system that didn’t match precisely this configuration would go unharmed: Stuxnet would shut itself down and move on to the next system until it found its victim. It was clear to Langner that Stuxnet was the product of a well-resourced government with precise inside knowledge of the target it was seeking.

“I was expecting some dumb DoS type of attack against any Siemens PLC,” Langner later recalled. “So this was absolutely freaking. To see that somebody built such sophisticated piece of malware — using four zero-day vulnerabilities, using two stolen certificates — to attack one single installation? That’s unbelievable.”


Although the exact facility in Stuxnet’s sights wasn’t spelled out, Langner had no doubts. “This is about taking out Bushehr,” he announced to Rosen and Tim one day, referring to a nuclear power plant in Iran that had been scheduled to begin operation in August 2010 but had been delayed. Langner’s colleagues stared at him dumbfounded. They weren’t eager to follow him down a path of state-sponsored cyberwarfare that seemed likely to lead to Israel and the United States, and possibly even Germany, as the suspected aggressors behind Stuxnet.

Frank Rieger, chief technology officer at German security firm GSMK, agreed with Langner’s assertion that Stuxnet was a targeted attack, but thought a different nuclear facility in Iran made more sense as the target. Natanz ... He also noted that in July 2009 — a month after Stuxnet is believed to have been launched — the secret-spilling site WikiLeaks made an intriguing announcement. WikiLeaks said that an anonymous source claimed that a “serious” nuclear incident had recently occurred at Natanz. The site also pointed out that the head of Iran’s Atomic Energy Organization had recently resigned for unknown reasons.  [Full article]

I found this at Eratosthenes; what a thriller(and I am no computer geek).  My immediate sense of all this is that— had I been in a position, and been aware of what these detectives were dong, and the consequences of their success —  I'd have purchased one of them motorcycles .... you'll have to read it.


9 comments:

Anonymous said...

This is what happens when you become a citizen of the world. Obviously these are jobs that Americans won't do.

Casca

Skoonj said...

The computer detectives didn't do anything to lessen the impact of Stuxnet. Iran was already aware they had a problem, and what was causing it. The damage that could be done was done. Iran may not have known details of the attack, but they knew it was a computer virus and it was damaging their centrifuges. They probably had to replace all their centrifuges and computers, and all the pirated software the used.

Rodger the Real King of France said...

Skoonj— I get the feeling you didn't read the entire article. Yes Iran knew they had a problem, but had no idea what it was, how it happened and who was responsible. Had Stuxnet run its course through 2012 Iran would still be in the dark. And nobody would today have access to that piece of coding brilliance to back engineer it into something to use on others. The second they discovered it was aimed at Iran, they should have STFU and quit. But then that's the trouble with geeks; massive egos.

Anonymous said...

The geeks should be put under a jail somewhere . It's treason , but we don't prosecute anyone for that anymore . WTF ? SMIBSID

Kristophr said...
This comment has been removed by the author.
Kristophr said...

Sorry, reading comprehension prob.

Yea, the geeks should have STFU. But unless they are Israeli geeks, treason doesn't apply.

Anonymous said...

You're right Rodger. Social retards the lot of them.

Casca

Anonymous said...

Part of this story is still missing. You can't infect a PLC the way you can a computer. Unless, of course, the PLC was coded to let it happen.

Scooter Trash in Frisco.

Wabano said...

Some love evil because it boost their ego...Pol Pot and Symantec come to mind.

Symantec will have hell to pay when the Aryans
(Iran mean Aryan in Farsi... name that nazi Persians gave themselves)
blow up their nukes on Sunni Muslim and Jewish cities...

Without Symantec, Iran's nuke would still be frozen!

Post a Comment

Just type your name and post as anonymous if you don't have a Blogger profile.