Stuxnet: The second-greatest story ever told

posted at 6:30 pm on November 27, 2010 by Allahpundit

I know, I know — you already know the basics about Stuxnet. No matter. So do I, yet this is the most gripping news feature I’ve read this week, to the point where I started mentally storyboarding the inevitable Hollywood spy movie that’s going to be made about it before I was halfway through. Starring Michael Cera and Jesse Eisenberg as leaders of an elite team of pasty beta-male hackers, overseeing the cyberwarfare equivalent of the Manhattan Project. Title: “The Nerds Who Saved the World.”

Kidding aside, take five minutes to read it all. Nothing else that I’ve come across better explains how fantastically ingenious Stuxnet is as a precision weapon aimed at disabling Iran’s nuclear program. For instance, tech-dummy that I am, I thought the worm was originally introduced to Iran’s enrichment facility by smuggling it into the plant via a secret agent and injecting it into the system via a flash drive. Not so: Sounds like it was first injected into computers outside the plant that were being accessed by people who worked inside, e.g., some nuclear technician’s laptop or desktop. If the technician carelessly used his own flash drive on the outside computer, he’d inadvertently transfer Stuxnet to it and then carry it into the building with him, thus avoiding the need for someone to physically infiltrate Natanz. So not only did they devise a plan to virtually bomb the facility from the inside, they likely got one of Iran’s own people to unwittingly deliver the payload.

Very clever, but that’s just the beginning:

–Once allowed entry, the worm contained four “Zero Day” elements in its first target, the Windows 7 operating system that controlled the overall operation of the plant. Zero Day elements are rare and extremely valuable vulnerabilities in a computer system that can be exploited only once. Two of the vulnerabilities were known, but the other two had never been discovered. Experts say no hacker would waste Zero Days in that manner.

–After penetrating the Windows 7 operating system, the code then targeted the “frequency converters” that ran the centrifuges. To do that it used specifications from the manufacturers of the converters. One was Vacon, a Finnish Company, and the other Fararo Paya, an Iranian company. What surprises experts at this step is that the Iranian company was so secret that not even the IAEA knew about it.

-The worm also knew that the complex control system that ran the centrifuges was built by Siemens, the German manufacturer, and — remarkably — how that system worked as well and how to mask its activities from it

“The worm was designed not to destroy the plants but to make them ineffective. By changing the rotation speeds [of the centrifuges], the bearings quickly wear out and the equipment has to be replaced and repaired. The speed changes also impact the quality of the uranium processed in the centrifuges creating technical problems that make the plant ineffective,” he explained.

Thus, not only did the coders need a mind-boggling degree of knowledge about the vulnerabilities in more than one software platform, they needed intelligence on Iran’s program so deep that not even the UN had all the details. On top of all that, the worm was programmed to disguise what it was doing so that the engineers on the premises would think the problem with the centrifuges was in the hardware, not the software. No wonder that paranoia at Iran’s nuclear facilities is now allegedly such that the regime’s counterintelligence agents are making life a “living hell” for the nuclear scientists who work there.

But whodunnit? Microsoft claims that it would have taken 10,000 days of labor to put Stuxnet together, which means a huge group — so huge, in fact, that Fox’s sources speculate it involved an international collaboration between at least the U.S., Russia(!), and Germany, which would have had detailed knowledge about the coding that runs the Siemens machinery that powers the centrifuges at Natanz. The Guardian’s report on Stuxnet claims that the group could have been much smaller, just five to 10 people working for six months. But they’ve also got a reason to think the Germans are involved:

Stuxnet works by exploiting previously unknown security holes in Microsoft’s Windows operating system. It then seeks out a component called Simatic WinCC, manufactured by Siemens, which controls critical factory operations. The malware even uses a stolen cryptographic key belonging to the Taiwanese semiconductor manufacturer RealTek to validate itself in high-security factory systems…

Clulely told that Guardian that Siemens has “astonishingly” advised power plants and manufacturing facilities not to change the default password that allows access to functions, despite it being exploited by Stuxnet and being “public knowledge on the web for years”.

I can’t imagine why they’d do that unless Siemens itself is part of this or is under heavy pressure from the German government to cooperate.

Another thing I can’t figure out is why Stuxnet, in Fox’s words, was “designed to allow the Iranian program to continue but never succeed, and never to know why.” In that regard, despite its success in slowing down Iran’s nuclear program, it’s a spectacular failure: The Iranians obviously do know now why the centrifuges are failing, and even though it’ll allegedly take another year to cleanse Stuxnet from their systems, they’ll get there and start rolling again. Which leaves three possibilities: (a) The programmers weren’t quite as brilliant in disguising the worm as they were in developing other aspects of it; (b) the programmers wanted the worm to be uncovered eventually, either for propaganda reasons or because it’s a necessary step towards unleashing some even murkier, more brilliant plot; or (c) the programmers knew the worm would be discovered in time but also knew that it would do all the damage it was capable of before then. If that’s true, then maybe the centrifuges at Natanz are in much worse shape than anyone (except the programmers) knows.

Exit question: Was it worth it? Watch this clip before answering. Smallpox is an impressive weapon too, but there are good reasons why we don’t use it. And I don’t just mean the moral ones.

Breaking on Hot Air

Blowback

Note from Hot Air management: This section is for comments from Hot Air's community of registered readers. Please don't assume that Hot Air management agrees with or otherwise endorses any particular comment just because we let it stand. A reminder: Anyone who fails to comply with our terms of use may lose their posting privilege.

Trackbacks/Pings

Trackback URL

Comments

Comment pages: 1 2

Great piece, AP. But the money point is this one: Iran’s nuclear program has not, in fact, been stopped. If it’s been slowed down, the effect so far is not significant. Iran has enough enriched uranium for 3 warheads, and continues to produce more of it, at a higher pace than the production rate before the earliest point at which Stuxnet could have been introduced. In other words, Stuxnet hasn’t set Iran back from the program’s status before Stuxnet.

Stuxnet has only targeted uranium processing to date. Unless it’s also going to interfere with weaponization — a separate process that doesn’t involve centrifuge cascades — it’s not the best-targeted way to interdict the weapons program. Stuxnet’s perpetrator(s) could very well have additional tricks up the sleeve, but Stuxnet itself, elegant as it is, hasn’t made a difference Iran can’t reasonably get past in 6 months or so.

If Iran is using Siemens controllers at Natanz and Bushehr, that’s interesting. It doesn’t mean Siemens sold Iran the controllers directly, or after 2006 (when the first round of UNSC sanctions was imposed). But it’s worth pulling the strings to find out about. If Siemens sold all the controllers to Iran directly, how many were sold before 2006 versus after? And if the controllers weren’t sold by Siemens directly, who was the middle man?

J.E. Dyer on November 28, 2010 at 12:19 AM

Now they wish they had ponied up the $29.95 and hit the renewal button on the Norton pop up add.

jbinnout on November 27, 2010 at 11:25 PM

I lol’ed.

You-Eh-Vee on November 28, 2010 at 12:28 AM

B

maineconservative on November 28, 2010 at 2:00 AM

#include “stuxnet.h”
#include “nstdio.h”

main
{

const int OBAMA = 0;

function TRON_INTERFACE();
ExecuteOneTermerPresident(OBAMA);
return 0 OBAMA;

}

void function TRON_INTERFACE()
{

fckIranianJihadist();
executeZeroOneTermer (int);
}

Kini on November 27, 2010 at 7:46 PM

Some corrections on the code!

TheAlamos on November 28, 2010 at 2:08 AM

TheAlamos, the Secret Service might pay you a visit to discuss line 10 in your source code.

Chickyraptor on November 28, 2010 at 2:42 AM

Some corrections on the code!

TheAlamos on November 28, 2010 at 2:08 AM

I Work more with hardware than software.
But tuning is always needed.
Thanks!

Kini on November 28, 2010 at 5:56 AM

TheAlamos, the Secret Service might pay you a visit to discuss line 10 in your source code.

Chickyraptor on November 28, 2010 at 2:42 AM

Doesn’t matter, the compiler downcase’s everything anyway.

Kini on November 28, 2010 at 6:09 AM

Iran’s copies of Win 7 are most likely pirated; they are known to have pirated Win XP long before it was actually released.

Further there are reports that Stuxnet has gone viral (in Iran only – all other countries report their version of Stuxnet remains dormant) and is in their mil radar systems.

Friendly21 on November 28, 2010 at 6:47 AM

Dumb question…but how does anyone know this is all true?
Did some CIA agent or other spy agency confess to it and tell how it really works?
And why would they confess to it? Why not keep Iran guessing?

albill on November 28, 2010 at 7:06 AM

You-Eh-Vee on November 27, 2010 at 10:04 PM

The real question is: “Why does Siemens, or any other company, use Winblows for their SCADA interface?

Is there something inherent in SCADA systems that they MUST be run with Windows?

NO.

Just because the whole world uses the worst OS ever created, does not make it right. Just wait until a US Nuclear plant melts down because of a Windows Worm.

BierManVA on November 28, 2010 at 8:17 AM

Just because the whole world uses the worst OS ever created, does not make it right. Just wait until a US Nuclear plant melts down because of a Windows Worm.

BierManVA on November 28, 2010 at 8:17 AM

Right. Why don’t systems like that use Unix?

MrLynn on November 28, 2010 at 8:36 AM

Just wait until a US Nuclear plant melts down because of a Windows Worm.
BierManVA on November 28, 2010 at 8:17 AM

I think the point was that most PLC Programming Software is designed to only run on Windows, there is no other option.

Furthermore, I don’t think this would have been prevented with any other OS. This, from what I have read so far, was coordinated with a huge amount of inside detail. It didn’t take advantage on a weakness in Windows, it took advantage of leaked information.

From what I understand, Stuxnet targeted Frequency Converters on the centrifuges which essentially take a high speed electrical pulse from a sensor and convert it to an analog or digital signal that the PLC monitors and speeds up or slows down the motor to maintain the target speed.

If Stuxnet manipulated the scaling factor within the Frequency Converter, the PLC and the SCADA system wouldn’t know any different.

If nothing else, this has convinced me that the Iranians aren’t very careful about what they are doing. There should have been multiple levels of redundancy of control on such a critical system.

cntrlfrk on November 28, 2010 at 9:04 AM

the Windows 7 operating system that controlled the overall operation of the plant.

Ya think that might’ve been the first mistake? LOL

ddrintn on November 28, 2010 at 9:39 AM

I suspect the Roskies. I mean, look at the beauty of it. They make a fortune off of Iran selling the hardware and technology knowing full well that it will never work.
In spite of what some may think I doubt the Bears want Iran shooting off nuclear firecrackers any more than the next guy. Remember they tried cozying up with crazies (Huns) once before and look what that got them. (Half of Poland and War)
Besides they have a M.O. for doing just this. I saw some show the other night that pointed out how the Soviets sabotaged the mojo in the atomic technology they were selling their yellow brothers right after Mao said he wasn’t worried about a few million folks getting whacked, toasted, or whatever, in a nuclear war.
They know Israel will get the blame or the credit for any misdeeds while they commiserate with their pissed off customers.
Putin, the guy with the deep eyes, has already tipped us off to their little game in exchange for some type of concession elsewhere. (Like leaving Poland and Czechoslovakia in the lurch over the missile thing)
This would explain President Bush’s failure to act and President Obama sucking up to Iran. The former knew the problem was taken care of and the latter has to make sure he is not suspected of any part in the evil deed.

Ned on November 28, 2010 at 10:42 AM

Iran now has only one answer.
It must deploy the ultimate weapon to frustrate and annoy the Stuxnet worm and get it to quit:
Install Windows Vista.

Dr. Carlo Lombardi on November 28, 2010 at 10:44 AM

Iran now has only one answer.
It must deploy the ultimate weapon to frustrate and annoy the Stuxnet worm and get it to quit:
Install Windows Vista Millennium Edition.

Dr. Carlo Lombardi on November 28, 2010 at 10:44 AM

They won’t want to run any computer after that.

Inanemergencydial on November 28, 2010 at 11:16 AM

Great satan what done it!!

If Arabs Persians are so smart, they should invent their own computers, softare and do their own design build.

seven on November 27, 2010 at 9:57 PM

baldilocks on November 28, 2010 at 11:23 AM

There should be a correction to the Fox News article. It wasn’t Windows 7 which was targeted, it was all earlier 32 bit versions of the Windows operating system. Note that Windows 7 is immune, according to Symantec.

unclesmrgol on November 28, 2010 at 11:53 AM

Somebody somewhere knows how Iran got Windows 7 and that person will probably be fired (just to keep the cover-up from being exposed).

simeon on November 27, 2010 at 7:00 PM

Is that a joke? Have you ever used a computer before? Windows isn’t “shipped” to Iran, and it’s not something that can be embargoed. Anyone can get Windows 7 easily and anonymously in one of many legal and illegal ways.

tneloms on November 28, 2010 at 12:49 PM

I have often thought that there was bound to be a “Manhattan Project” going on for cyber-warfare. Looks like there is. I just hope it is our project.

conservnut on November 28, 2010 at 12:55 PM

Bill Gates oughta get a medal for tricking the Iranians into using Windows.

Akzed on November 28, 2010 at 1:07 PM

I have often thought that there was bound to be a “Manhattan Project” going on for cyber-warfare. Looks like there is. I just hope it is our project.

conservnut on November 28, 2010 at 12:55 PM

Many in parallel I suspect. Remember a year or two ago when Israel destroyed the reactor in Syria, during which Syrian AA radar networks seemed blinded? Pretty cheap alternative to stealth.

What Israel can do however many other nations can do. What is Red China’s cyber-warfare team up to?

slickwillie2001 on November 28, 2010 at 1:35 PM

whats even better, is that every dodgy military industrial complex across the globe has to be looking at each piece of kit that is automatic and has to wondering…will this crap work in a battle??

irishguy on November 28, 2010 at 2:01 PM

This Cyber warfare stuff is impressive but scary at the same time. It’s like taking something out of Pandora’s Box. These things can’t be uninvented and could potentially bite us in the butt in the future. Some of these things have the potential to be Cyber versions of nuclear weapons in a way. Will a future adversary show the same restraint with such a weapon as he might otherwise show with nuclear weapons?

I always joked about the Terminator movies and Skynet but it’s getting dangerously close to getting real I’m afraid.

Yakko77 on November 28, 2010 at 2:52 PM

The real question is: “Why does Siemens, or any other company, use Winblows for their SCADA interface?

Is there something inherent in SCADA systems that they MUST be run with Windows?

NO.

Just because the whole world uses the worst OS ever created, does not make it right. Just wait until a US Nuclear plant melts down because of a Windows Worm.

BierManVA on November 28, 2010 at 8:17 AM

Don’t be dense.

No OS is virus proof. In fact, the first worm ever designed was for Unix. The largest nail get’s pounded, so Windows gets the brunt of it. Siemens develops their software around the OS that currently has over 90% of the marketshare.

It’s called common sense.

However, if a government agency, with the brightest programmers on the payroll want to infiltrate an OS, they’ll find a way.

Windows or not.

You-Eh-Vee on November 28, 2010 at 2:58 PM

Just because the whole world uses the worst OS ever created, does not make it right. Just wait until a US Nuclear plant melts down because of a Windows Worm.
BierManVA on November 28, 2010 at 8:17 AM

You do realize SCADA is monitoring system, right?
You can MANUALLY change set-points, alarm levels and such from a SCADA station but SCADA doesn’t actually control how components in a system operate.

The actual processes control occurs in the system components, PLC’s, VFD’s, Sensors, LVTD’s, limit switches and the list can go on and on.

To over simplify this you can think of your TV clicker as a SCADA.
You can turn your TV on/off , adjust the volume, picture size whatever, But your TV clicker doesn’t actually start/stop CBS, ABC, NBC and so on.

Or

You can monitor CBS, ABC, NBC (SCADA), but you don’t control the programs (PLC’s, VFD’s, Sensors, LVTD’s) on CBS, ABC, NBC with your clicker.

Got it?

DSchoen on November 28, 2010 at 3:09 PM

hat surprises experts at this step is that the Iranian company was so secret that not even the IAEA knew about it.

Damning with faint praise? Or more snarky than that, even?

Paul_in_NJ on November 28, 2010 at 3:28 PM

I always joked about the Terminator movies and Skynet but it’s getting dangerously close to getting real I’m afraid.

Yakko77 on November 28, 2010 at 2:52 PM

Skynews, Stuxnet.

Hmmmmmmm……..

Squiggy on November 28, 2010 at 5:04 PM

I always joked about the Terminator movies and Skynet but it’s getting dangerously close to getting real I’m afraid.

Yakko77 on November 28, 2010 at 2:52 PM

Skynews, Stuxnet.

Hmmmmmmm……..

Squiggy on November 28, 2010 at 5:04 PM

Ah crap. We’re so dead.

LOL!

Yakko77 on November 28, 2010 at 6:50 PM

Obama Damn It Feels Good To Be a Gangsta (from Office Space)

http://www.youtube.com/watch?v=vm0OtzPU0Zk

ProudPalinFan on November 28, 2010 at 7:08 PM

Maybe it was like the Office Space movie; they just used a floppy into a Macintosh…just sayin’

http://www.youtube.com/watch?v=JBV9WkfZdvw&feature=more_related

ProudPalinFan on November 28, 2010 at 7:18 PM

No OS is virus proof. In fact, the first worm ever designed was for Unix. The largest nail get’s pounded, so Windows gets the brunt of it. Siemens develops their software around the OS that currently has over 90% of the marketshare.

It’s called common sense.

You-Eh-Vee on November 28, 2010 at 2:58 PM

It’s true that Windows flaws are found more quickly largely because more people attack it (although, having seen their programming practices first hand, I can say that’s not the only reason flaws are found more in Windows). However, that’s also a pretty good reason not to use Windows when security is important. If you have a choice of three gates to stand behind for protection, common sense would dictate you not stand behind the one that’s constantly attacked and breached.

I can’t say why Siemens only supports Windows, but I would speculate it’s because that’s what they know and they’re in a position that allows them to dictate the OS to their customers. Windows has over 90% of the market share of client computers only. They’re far behind the curve on server market share. Linux currently dominates that arena.

frost on November 28, 2010 at 10:26 PM

fwiw I am now convinced it was the Israelis (whereas before I was saying probably). Perhaps JE Dyer can comment on this but the out-of-the-box concept of how to get under Iran’s defenses sounds very Israeli to me.

If you look at lists of Israeli inventions, the way they come at problems tends to be unorthodox, and Israeli hi-tech is entrepreneurial and inventive, without much deference to hierarchy. Likewise their military.

The people who created Stuxnet would have to have those characteristics, which I can imagine a bunch of open-source hackers doing, but at the same time it is so coordinated and focused over such a long timeframe, it could only be a government which managed it.

And we already know the Israelis can pull off complicated operations which require a high degree of managerial flexibility and creativity. Entebbe, the response to Munich, the Osirik and Syrian reactor strikes…..

YehuditTX on November 28, 2010 at 10:42 PM

It failed.

Because the Iranian nuke program continues.
And, unless nuked, will nuke others.

De
cap
i
ta
tion
strike
now.

profitsbeard on November 27, 2010 at 6:44 PM

I’ll bet you Obama has threatened Israel like you wouldn’t believe over that. I still think they’ll need to do it despite his threats, but imagine what a bind they are in! They are in serious danger either way.

scotash on November 29, 2010 at 4:13 AM

The cake is a lie

ace tomato on November 29, 2010 at 7:39 AM

Stuxnet works by exploiting previously unknown security holes in Microsoft’s Windows operating system.

Depending upon Microsoft Windows operational systems for national security…inevitable security holes that unfold layer through layer.

maverick muse on November 29, 2010 at 8:32 AM

It’s definitely scary that technology like this is out there, and almost anyone can get their hands on it.

However, just to play devil’s advocate…

If we have evolved warfare to the point where we use computer worms to silently shut down military industrial facilities, radar arrays, power plants, dams, and transportation grids, then yeah that totally sucks. But isn’t it better than the old fashioned method of destroying those assets — by using convention explosives to blow them up? Weren’t precision guided missles a big improvemnt over carpet bombing entire cities?

Also, this technological advancement benefits primarily the US. The limiting factor on our ability to express our military power is the political will of our population. China, Russia, Iran, NKorea, etc. don’t exactly have that problem. Bombing an Iranian facility would nearly be political suicide for any POTUS, Rep or Dem; however, dropping a stuxnet into their pirated Windows software… no problemo.

bitsy on November 29, 2010 at 10:14 AM

It had to be Israel. Given the current state of education in the U.S., we sure as hell aren’t smart enough to have created STUXNET.

olesparkie on November 29, 2010 at 10:22 AM

People talking about Windows need to probably stop talking. This worm only used Windows as a convenient method of transmission. When one of these Siemens controllers were updated with a new program it was going to be through a Windows based PC or a network running Windows on their servers. Every PLC manufacturer in the world bases their programming software on Windows. But exploiting windows is not the genius of this worm.

This worm actually rewrote the PLC program itself while fooling programmers into believing the program never changed. Or probably more accurately it ran a hidden PLC program while secretly manipulating data files in the PLC to prevent detection. None of this has anything to do with Windows and everything to do with a well coordinated and extremely well informed government. In order for this to work as described they needed copies of the actual PLC programs being used. No computer program can interpret the logic in a PLC program. Only human beings can do that. And once they had that program or programs in hand they could write their destructive code.

Also, its success relied on Iran being stupid. They stuck a fork in an outlet, got shocked, and did it again. Repeatedly. It took an outside cyber security firm to tell them to stop sticking that fork into the outlet.

Iran also failed to adequately protect their equipment. A properly designed control system would have redundant tachometers built into the controls that are used to look for unusual operating conditions and shut down the system when such conditions occur. This concurrent monitoring should not be controlled by a PLC.

NotCoach on November 29, 2010 at 11:16 AM

So award Bill Gates the Noble Peace prize. His junk helped him deserve it by accident.

Siemens bought the Westinghouse stuff in 1997. Intergraph is the Global ERP software povider preferred by most operations. This could be a bug built into the software to prevent knockoffs.

Iran needs to get it’s registries updated first. ROTFLOL.

seven on November 29, 2010 at 11:33 AM

Iran also failed to adequately protect their equipment. A properly designed control system would have redundant tachometers built into the controls that are used to look for unusual operating conditions and shut down the system when such conditions occur. This concurrent monitoring should not be controlled by a PLC.
NotCoach on November 29, 2010 at 11:16 AM

This was something that concerns me as well. I have done work in Food Grade and Pharma plants that sound like they are much better protected than this NUKE Plant.

Iranian engineers aren’t stupid, heck, many of them are educated here in the US

unbelievable.

cntrlfrk on November 29, 2010 at 11:57 AM

cntrlfrk on November 29, 2010 at 11:57 AM

I think they took short cuts in order to speed up the process. But sometimes a short cut just means a quicker path to catastrophe. And your earlier post on the page is spot on. Manipulate the process and data at the source and everything being used to monitor the situation will not see any problems. No need to infect or manipulate their SCADA systems at that point.

I’m guessing you are a controls or process engineer? I am a controls engineer myself in a manufacturing facility.

NotCoach on November 29, 2010 at 12:11 PM

Dumb question…but how does anyone know this is all true?
Did some CIA agent or other spy agency confess to it and tell how it really works?
And why would they confess to it? Why not keep Iran guessing?

albill on November 28, 2010 at 7:06 AM

It is not a dumb question. An astonishing amount of highly detailed information is contained in these stories, coupled with the fact that virtually none of it is verifiable by us as readers, or, for that matter, by the reporters who actually wrote the stories. Much as I want to believe it all, some of it seems (at least to me on first blush) to be borderline fanciful. Moreover, the stories reveal none of the key information that would round out the tale . . . there are not even any tiny hints as to who may have pulled this operation off. That is all left up to us to speculate about.

All of this strongly suggests the story was intentionally leaked. One obviously wonders, what would the motivation be for leaking such a story? Boasting rights for whoever put this all together?

That hardly seems possible. Why tell the Iranians this much information about what happened to them?

Or, was it somehow intended to further disrupt their operations? My initial reaction was a bit of disappointment . . . that putting the story out could not serve any purpose more thoroughly than helping the Iranians recover from the attack. Just imagine the internal turmoil that has been unfolding over the past months, within the Iranian security services alone?

Surly, they must have been eating their own trying to figure out who on the inside had tricked them and utterly sabatoged their most important national project! Mind you, these are folks who think is entirely appropriate to publicly stone a woman to death for the commission of adultery! Merely leaving the religion . . . committing apostacy is punishable by death!

From their perspective, this was high treason, and because it is a theocratic regime, they no doubt see it as an intentional crime against Islam.

Is it being leaked now to point out to the Iranian public, especially the technologically educated elites, just how stupid and thugish the Iranian government’s reaction has been? Was it to sow doubt by pointing out the utter stupidity and ineptitude of the Iranian government reaction?

The regime has no doubt desperately and brutally reacted to what they must have been perceiving as an internal enemy — including brutalizing some of their top computer people. Was there perhaps even a humanitarian aspect to leaking the story now . . . to staunch the bloodbath?

Trochilus on November 29, 2010 at 1:57 PM

It’s like that movie with Kevin somebody as the President, stranded at Christmas time at a diner in a showstorm, and the Iraqi president threatening to launch his French-made nukes at the US; the President calls his bluff or basically says ‘go ahead’ – the Iraqis launch, and their nukes are duds – turns out the US and French had been in on it from the beginning, intentionally selling the Iraqi’s dud nukes from the outset, and the President knew it, etc.

“Sure Iran, you go ahead and busy yourself with all of that shiny enriching equipment”, etc. Would explain (potentially) why the official reaction to much of Iran’s blustering and activity has been fairly reserved compared to the “we and/or Israel have to stop them now, or we’re all dead – why aren’t we DOING something?@?!!” reaction many (including myself) have had historically, hehe.

Midas on November 29, 2010 at 4:28 PM

At the time I wrote my comment above (November 29, 2010 at 1:57 PM) I had not come across this story in the Washington Post today.

TEHRAN – A prominent Iranian nuclear scientist was killed Monday and a second was seriously wounded in nearly simultaneous car bomb attacks in the Iranian capital, the semiofficial Fars news agency reported.

The explosions, which took place near Shahid Beheshti University, are the latest in a string of recent assassination attempts in which five doctors and professors have been killed in Tehran.

Iranian authorities blamed agents of Israel and the United States for the killings, saying they want to cause chaos in the country. But leading figures in Iran’s opposition movement accused the government of plotting the attacks in order to spread fear in the capital, where many oppose the regime of President Mahmoud Ahmadinejad.
. . . .

The scientist who was killed was involved in a UN Project in Jordan, a project that also involved Israeli scientists.

. . .
Shahriari also was known for his involvement in a regional, non-nuclear scientific research project – called Synchrotron-light for Experimental Science and Applications in the Middle East, or SESAME – in which Israel also participated. He is the second Iranian scientist involved in that program to be assassinated in Tehran.

The SESAME project is based in Jordan, under the auspices of the United Nations. It includes scientists from several Middle Eastern countries. The involvement of both Iran and Israel makes the project unusual, because Israel is not recognized by Iran and has no ties to the Islamic Republic. Palestinian scientists also participate.

Iranian and foreign scientists say the project has applications in industry, medicine, nanotechnology and other fields unrelated to nuclear power.

In January, another scientist involved in the SESAME project, Massoud Ali-Mohammadi, was killed in Tehran when a bomb attached to a motorcycle exploded in front of his house.
. . . .

The story makes no mention of, or possible connection to Stuxnet, but it makes you wonder if perhaps some security service black op was not behind the two obviously connected attacks, and perhaps the earlier onse as well, possibly based on a theory that these scientists were connected to the cyber attack.

Trochilus on November 29, 2010 at 6:09 PM

I find it an amazing coincidence that the US Military instituted a complete ban on the use of flash drives at approximately six months before Stuxnet was released into the wild… almost as if they new it was coming.

The reports at the time claimed an attack by a mysterious worm that was spreading through computer systems, but there were never any specifics.

http://www.wired.com/dangerroom/2008/11/army-bans-usb-d/

roryslife on November 30, 2010 at 1:42 AM

I’m guessing you are a controls or process engineer? I am a controls engineer myself in a manufacturing facility.
NotCoach on November 29, 2010 at 12:11 PM

Controls. Mainly A-B stuff now, but have worked with many other systems .

When I came to the company I am at now, I fought tooth and nail to pull ‘controls’ networks off of the main office network. They decided the price was too high and I was shot down. Now, like clockwork, some idiot will plug in something in an office and take the network down, leaving the SCADA system flying blind while hopefully the PLC keeps the plant humming along until the problem is resolved.

I’m still amazed they didn’t have some sort of redundant speed measurement possibly hardwired so that it couldn’t be compromised.

Oh well. Couldn’t happen to a better country. :0)

I know at least some of our nuke plants are light years ahead of these guys when it comes to control protection. Still doesn’t mean a similar type bug more generically designed wouldn’t wreak havoc in facilities all over the U.S. (including mine)

cntrlfrk on November 30, 2010 at 9:06 AM

cntrlfrk on November 30, 2010 at 9:06 AM

I avoid A-B like the plague because of their price and proprietary nature. But at the same time the shop I work in is small and only one PLC is networked and that is very recent. I am also the only programmer. I do all programming and troubleshooting on all our systems, including HMIs, safety controllers and any controls networking.

I am currently trying to push data acquisition in order to improve efficiencies. Management doesn’t get the concept so it’s slow work. But I use an open source system, Modbus TCP. And I will be sharing the company’s network. However, if things like Stuxnet start becoming more common place I will have to rethink things. One saving grace though is that I don’t use A-B. If anyone wants to mount a real attack on industrial controls in North America A-B is what they will go after.

NotCoach on November 30, 2010 at 11:18 AM

NotCoach on November 30, 2010 at 11:18 AM

We have about 30 PLC’s with about 20 SCADA PC’s. Myself and another do all original installations and programming with 4 shift-working maintenance personnel that keep things running when we are not there.

Yes, A-B can get a proprietary chokehold on you. I believe we pay about $20k per year just for support and software updates.

Historical Data Collection is a very powerful tool. Many don’t see it’s usefullness until they realize they can’t live without it. :o)

cntrlfrk on November 30, 2010 at 12:33 PM

Ref
Yakko77 on November 28, 2010 at 2:52 PM

” … It’s like taking something out of Pandora’s Box. These things can’t be uninvented and could potentially bite us in the butt in the future. Some of these things have the potential to be Cyber versions of nuclear weapons in a way … ”
=================================

A thought: where are most PC’s manufactured now? Probably China. OK, second step: who holds most of our debt? China. Who here wants to bet that if we default on our bonds to China, they’ll unleash “something” that will kill every PC and every server they’ve sold to us?

Or, going a little broader, what if the US tries to take military action against China or its protected surrogate, North Korea? What military equipment uses micro-circuitry made in China? Do you suppose it’s possible that if “certain special coordinates” are entered into targeting systems, our weapons will fail?

Maybe my fears are totally unfounded. But– what if they’re not?

A_Nonny_Mouse on December 1, 2010 at 1:02 PM

Comment pages: 1 2