The MasterBlog: a cyberattack in Iran?
Subscribe to The MasterBlog in a Reader Subscribe to The MasterBlog by Email

MasterBlogs Headlines

Sunday, September 26, 2010

a cyberattack in Iran?

The Stuxnet Computer Worm and the Iranian Nuclear Program
Summary
A computer worm proliferating in Iran targets automated activity in large industrial facilities. Speculation that the worm represents an effort by a national intelligence agency to attack Iranian nuclear facilities is widespread in the media. The characteristics of the complex worm do in fact suggest a national intelligence agency was involved. If so, the full story is likely to remain shrouded in mystery.
Analysis
A computer virus known as a worm that has been spreading on computers primarily in Iran, India and Indonesia could be a cyberattack on Iranian nuclear facilities, according to widespread media speculation.
Creating such a program, which targets a specific Siemens software system controlling automated activity in large industrial facilities, would have required a large team with experience and actionable intelligence. If a national intelligence agency in fact targeted Iranian nuclear facilities, this would be the first deployment of a cyberweapon reported on in the media. It would also mean that the full details of the operation are not likely ever to be known.
The so-called Stuxnet worm first attracted significant attention when Microsoft announced concerns over the situation in a Sept. 13 security bulletin, though various experts in the information technology community had been analyzing it for at least a few months. The worm is very advanced, required specific intelligence on its target, exploits multiple system vulnerabilities and uses two stolen security certificates, suggesting a typical hacker did not create it.
On a technical level, Stuxnet uses four different vulnerabilities to gain access to Windows systems and USB flash drives, identified independently by antivirus software makers Symantec and Kaspersky Lab. Discovering and exploiting all four vulnerabilities, which in this case are errors in code that allow access to the system or program for unintended purposes, would have required a major effort. Three of them were “zero-day” vulnerabilities, meaning they were unknown before now. A Polish security publication, Hakin9, had discovered the fourth, but Microsoft had failed to fix it. Typically, hackers who discover zero-day vulnerabilities exploit them immediately to avoid pre-emption by software companies, which fix them as soon as they learn of them. In another advanced technique, the worm uses two stolen security certificates from Realtek Semiconductor Corp. to access parts of the Windows operating system.
Stuxnet seems to target a specific Siemens software system, the Simatic WinCC SCADA, operating a unique hardware configuration, according to industrial systems security expert Ralph Langner and Symantec, which both dissected the worm. SCADA stands for “supervisory control and data acquisition systems,” which oversee a number of programmable logic controllers (PLCs), which are used to control individual industrial processes. Stuxnet thus targets individual computers that carry out automated activity in large industrial facilities, but only will activate when it finds the right one. Siemens reported that 14 facilities using its software had already been infected, but nothing had happened. When Stuxnet finds the right configuration of industrial processes run by this software, it supposedly will execute certain files that would disrupt or destroy the system and its equipment. Unlike most sophisticated worms or viruses created by criminal or hacker groups, this worm thus does not involve winning wealth or fame for the creator, but rather aims to disrupt one particular facility, shutting down vital systems that run continuously for a few seconds at a time.
VirusBlokAda, a Minsk-based company, announced the discovery of Stuxnet June 17, 2010, on customers’ computers in Iran. Data from Symantec indicates that most of the targeted and infected computers are in Iran, Indonesia and India. Nearly 60 percent of the infected computers were in Iran. Later research found that at least one version of Stuxnet had been around since June 2009. The proliferation of the worm in Iran indicates that country was the target, but where it started and how it has spread to different countries remains unclear.
Few countries have the kind of technology and industrial base and security agencies geared toward computer security and operations required to devise such a worm, which displays a creativity that few intelligence agencies have demonstrated. This list includes, in no particular order, the United States, India, the United Kingdom, Israel, Russia, Germany, France, China and South Korea.
Media speculation has focused on the United States and Israel, both of which are seeking to disrupt the Iranian nuclear program. Though a conventional war against Iran would be difficult, clandestine attempts at disruption can function as temporarily solutions. Evidence exists of other sabotage attempts in the covert war between the United States and Israel on one side and Iran on the other over Iranian efforts to build a deliverable nuclear weapon.
U.S. President Barack Obama has launched a major diplomatic initiative to involve other countries in stopping Iran’s nuclear activities, so another country might have decided to contribute this creative solution. Whoever developed the worm had very specific intelligence on their target. Targeting a classified Iranian industrial facility would require reliable intelligence assets, likely of a human nature, able to provide the specific parameters for the target. A number of defectors could have provided this information, as could have the plants’ designers or operators. Assuming Siemens systems were actually used, the plans or data needed could have been in Germany, or elsewhere.
Evidence pinpointing who created the worm is not likely to emerge. All that is known for certain is that it targets a particular industrial system using Siemens’ programming. Whether the worm has found its target also remains unclear. It may have done so months ago, meaning now we are just seeing the remnants spread. Assuming the target was a secret facility — which would make this the first cyberweapon reported in the media — the attack might well never be publicized. The Iranians have yet to comment on the worm. They may still be investigating to see where it has spread, working to prevent further damage and trying to identify the culprit. If a government did launch the worm, like any good intelligence operation, no one is likely to take credit for the attack. But no matter who was responsible for the worm, Stuxnet is a display of serious innovation by its designer.


Read more: The Stuxnet Computer Worm and the Iranian Nuclear Program | STRATFOR 

Also see:
Iran 'attacked' by computer worm
Iran's nuclear agency trying to combat a virus capable of taking over systems that control power plants, media says.
Last Modified: 25 Sep 2010 15:08 GMT
Foreign media has speculated that the worm is aimed at disrupting the Bushehr nuclear plant [EPA]
Iran's nuclear agency is trying to combat a complex computer worm that has affected industrial sites throughout the country and is capable of taking over the control systems of power plants, Iranian media reports have said.
Experts from the Atomic Energy Organisation of Iran met this week to discuss how to remove the malicious computer code, or worm, the semi-official Isna news agency reported on Friday.
No damage or disruption of nuclear facilities has yet been reported, however.
The computer worm, dubbed Stuxnet, can take over systems that control the inner workings of industrial plants.
Experts in Germany discovered the worm in July, and it has since shown up in a number of attacks - primarily in Iran, Indonesia, India and the US.
'Disrupting Bushehr'
Isna said the malware had spread throughout Iran, but did not name specific sites affected.
Foreign media reports have speculated the worm was aimed at disrupting Iran's first nuclear power plant, which is to go online in October in the southern port city of Bushehr.



















The Russian-built plant will be internationally supervised, but world powers remain concerned that Iran wants to use its civil nuclear power programme as a cover for making weapons.
Iran denies such an aim and says its nuclear work is solely for peaceful purposes.
The destructive Stuxnet worm has surprised experts because it is the first one specifically created to take over industrial control systems, rather than just steal or manipulate data.
Speaking to Al Jazeera, Rik Ferguson, a senior security adviser at the computer security company Trend Micro, described the worm as "very sophisticated".
"It is designed both for information theft, looking for design documents and sending that information back to the controllers, and for disruptive purposes," he said.
"It can issue new commands or change commands used in manufacturing.
"It's difficult to say with any certainty who is behind it. There are multiple theories, and in all honesty, any of of them could be correct."
Western experts have said the worm's sophistication - and the fact that about 60 per cent of computers infected looked to be in Iran - pointed to a government-backed attack.
Washington is also tracking the worm, and the Department of Homeland Security is building specialised teams that can respond quickly to cyber emergencies at industrial facilities across the US.

Share this |
________________________
The MasterBlog

1 comment:

Commented on The MasterBlog

Tags, Categories

news United States Venezuela Finance Money Latin America Oil Current Affairs Middle East Commodities Capitalism Chavez International Relations Israel Gold Economics NT Democracy China Politics Credit Hedge Funds Banks Europe Metals Asia Palestinians Miscellaneous Stocks Dollar Mining ForEx Corruption obama Iran UK Terrorism Africa Demographics Government UN Living Bailout Military Russia Debt Tech Islam Switzerland Philosophy Judaica Science Housing PDVSA Revolution USA War petroleo Scams articles Fed Education France Canada Security Travel central_banks OPEC Castro Nuclear freedom Colombia EU Energy Mining Stocks Diplomacy bonds India drugs Anti-Semitism populism Arabs Brazil Environment Irak Saudi Arabia elections Art Cuba Food Goldman Sachs Syria Afghanistan Hamas Lebanon Silver Trade copper Anti-Israel Egypt Hizbollah Madoff Ponzi Warren Buffett press Aviation BP Euro FARC Gaza Honduras Japan Music SEC Smuggling humor socialism trading Che Guevara Freddie Mac Geneve IMF Spain Turkey currencies violence wikileaks Agriculture Bolívar ETF Restaurants Satire communism computers derivatives Al-Qaida Bubble FT Greece NY PIIGS Republicans Sarkozy Space Sports BRIC CITGO DRC Flotilla Germany Globovision Google Health Inflation Law Libya Mexico Muslim Brotherhood Nazis Pensions Peru Uranium cnbc crime cyberattack fannieMae pakistan stratfor Apollo 11 Autos BBC Bernanke CIA Chile Climate change Congo Democrats EIA Haiti Holocaust IFTTT ISIS Jordan Labor M+A New York OAS Philanthropy Shell South Africa Tufts Ukraine bitly carbon earthquake facebook racism twitter Atom BHP Beijing Business CERN CVG CapitalMarkets Congress Curaçao ECB EPA ETA Ecuador Entebbe Florida Gulf oil spill Harvard Hezbollah Human Rights ICC Kenya L'Oréal Large Hadron Collider MasterBlog Morocco Nobel Panama Paulson RIO SWF Shiites Stats Sunnis Sweden TARP Tunisia UN Watch Uganda VC Water Yen apple berksire hathaway blogs bush elderly hft iPad journalism mavi marmara nationalization psycology sex spy taxes yuan ALCASA ANC Airbus Amazon Ariel Sharon Australia Batista Bettencourt Big Bang Big Mac Bill Gates Bin Laden Blackstone Blogger Boeing COMEX Capriles Charlie Hebdo Clinton Cocoa DSK Desalination Durban EADS Ecopetrol Elkann Entrepreneur FIAT FTSE Fannie Freddie Funds GE Hayek Helicopters Higgs Boson Hitler Huntsman Ice Cream Intel Izarra KKR Keynes Khodorskovsky Krugman LBO LSE Lex Mac Malawi Maps MasterCharts MasterFeeds MasterLiving MasterMetals MasterTech Microsoft Miliband Monarchy Moon Mossad Mugabe NYSE Namibia Nestle OWS OccupyWallStreet Oman PPP Pemex Perry Philippines Post Office Private Equity Property Putin QE Rio de Janeiro Rwanda Sephardim Shimon Peres Stuxnet TMX Tennis UAV UNHRC VALE Volcker WTC WWII Wimbledon World Bank World Cup ZIRP Zapatero airlines babies citibank culture ethics foreclosures happiness history iPhone infrastructure internet jobs kissinger lahde laptops lawyers leadership lithium markets miami microfinance pharmaceuticals real estate religion startup stock exchanges strippers subprime taliban temasek ubs universities weddimg zerohedge

Subscribe via email

Enter your email address:

Delivered by FeedBurner

AddThis

MasterStats