It’s Nothing, Like An Upset Stomach
Tehran, Iran: A computer worm has seized control of Iran’s first nuclear power station, just weeks before the facility was ready to go online; possibly explaining Netanyahu’s reluctance to bomb the facility.
The Bushehr nuclear power plant’s project manager, Mahmoud Jafari, said a team is trying to remove the worms from several infected computers, but those readers who are familiar with the problem know, without uninfected back-up the situation may be hopeless. Really talented hackers could also infect the components, making any new computer hooked up to the system vulnerable immediately, imagination is the only real barrier for a gifted hacker. If the back-up was available, they would have never admitted there was a problem. Jafari reassures us that the Worm:
“has not caused any damage to major systems of the plant,” the IRNA news agency reported.
At least that is what the IRNA news agency is reporting.
The computer worm, termed Stuxnet, has spread to many industries in Iran and if the perpetrators are talented and devious, every time an industrial computer is fired up, the Stuxnet Worm or an ill-bred relative will infect the new computer. Possibly the only way to insure that infection wont reoccur is to completely redo the whole project and junk all the electronic components; otherwise, new generations of worms may continue to appear.
The worm was discovered in July by experts in Germany: it has since infected industrial applications in Iran, Indonesia, India, and the US. It is more than capable of taking over the inner workings of industrial plants. Jafari is confident that the worm will not affect the opening of the plant or bringing it online in October
The plant was built by Russians and is supposed to be internationally supervised; however, the world is concerned that the program will be a ruse for making nuclear weapons. The most immediate potential problem is Iran’s main enrichment facility in Natanz.
Iran denies any desire to have nuclear weapons and maintains that the enrichment facility will only be making fuel for power plants. Yet the world knows that at higher levels of enrichment, the fuel can be used to make nuclear warheads.
The Stuxnet worm is the first cyber infection designed to take over industrial control systems; up until now, worms have only been used to steal or manipulate data. The concept is intriguing, since a nation’s defense systems could be compromised and the country would be extremely vulnerable to attack. If a worm was designed to attack energy supply systems in winter, the country could suffer immeasurably and be extremely vulnerable to attack. If the US is not responsible for initiating the attack against Iran, it will at least serve as a wake up call to be better protected against cyber attacks in the future.
The United States is supposedly tracking the worm and authorizing Homeland Security to build specialized teams that can respond quickly to cyber disasters across the country; however, with the impotence shown by Napoitano in defending the nation’s border and her hap hazard approach to terrorists entering our unprotected borders, it is hard to have faith in the efforts of Homeland Security. Especially if appointments within the agency are as politically inspired as that of Napolitano, using a system of nepotism rather than ability or qualification.
On Saturday, Iran’s semi-official ISNA news agency reported that the malware had spread throughout Iran, but did not name specific sites affected.
Again, the possibilities are only limited by the imagination, those former pimply faced teenage hackers may now be highly paid government employees: the question is, which governments?
UPDATE
Great video on the media coverage of the virus:
Multisource political news, world news, and entertainment news analysis by Newsy.com
A professional horseman for over 50 years, Skook continues to work with horses. Skook has finished an historical novel, Fifty Thousand Years, that traces a mitochondrial line of DNA from 50,000 years ago to the present. The story follows a line of courageous women, from the Ice Ages to the present, as they meet the challenges of survival with grit and creativity. These are not women who whimper of being victims, they meet the challenges of survival as women who use their abilities without excuses or remorse, these women are winners, they are our ancestors.
Fifty Thousand Years is available in paperback and e-book, it is getting great reviews. You can purchase a copy here; Visit me on Facebook.
Twitter: https://twitter.com/Dylantheauthor
I was just hearing that nearby countries are bracing for a strike because of this worm.
I read a NYPost article that said Ahmadinejad wore the exact same clothes for all 6 days he was in NY!
Also he imported spicy food to his room from a local Persian eatery that made “the whole hotel stink like hell.”
AND, in a mini-Sharia move, some of his security team were near the hotel bar when two women sat down and began to have drinks.
They demanded they leave!!!
NOT IN THE USA!
The ladies refused and the manager tried to calm down the excited Revolutionary Guards.
One lady did not help, she stood up and screamed, “You stoned my sister! You’re murderers!”
LOL!
So the worm has a worm… lol! Looks like someone DID attack Iran’s nuke facilities – 21st century style!
The worm turns!
If he wore the same shirt and suit for six days, it probably wasn’t just the Persian food that was stinking up the hotel.
The news group Newsy provided an excellent video update for this post, check it out. It’s at the end of the article.
Ahmadinejad is the worm!
The Stuxnet virus is a very specific application, written with a specific set of control parameters that by design it looks for. It is also written for a specific model of computerized control module. What this ultimately means is best described with an analogy.
So here we go:
Lets say you have 100 toyota prius, all with the following conditions: each has the hood up, the left door open, the seat belt on the drivers side buckled, and a the trunk lid open. (four operational conditions)
Additionally, all these cars are on a race track going around in a circle at exactly the same speed (cruise control set at 55 mph), each is spaced exactly 10 feet apart and the gas tank on each has exactly the same amount of fuel.
This virus, Stuxnet, is looking for these conditions and these conditions alone. Nothing else will activate the virus, absolutely nothing. If it does not see these conditions it is as if the virus did not exist, it is dormant.
However, when Stuxnet detects these conditions it will infect everyone of the cars.
Stuxnet will then initiate a change to the cruise control and could change every cruise control so that each car is now going only at 35 mph. So everything else remains identically the same. The cars continue to go around the track, same spacing and all the other conditions remain the same.
Detecting the presence of the virus is not that difficult, since any virus checker worth a darn will find it. It can then be easily removed.
Note also that if only one of the cars is infected and it slows down to 35 mph, while all the remaining cars continue to travel at 55 mph that one of two things happen, either there is a huge crash on the race track, or the system will go into a safe mode that will stop every car and thus prevent a huge wreck on the track. If the wreck occurs then it must be determined which car failed to cause the wreck, damages must be corrected and then the system can be restarted. If no wreck occurs, because the system went into safe mode, then the car that failed must be found and that single car repaired and the system could be restarted sooner.
To prevent Stuxnet from infecting the prius cars, the cars could be changed to a nissan. This action alone will prevent Stuxnet from attacking the cars. But this means that you now have to buy 100 nissans and set up the whole system again.
Stuxnet is resident on many, many computers that are never connected to a prius car, therefore, stuxnet has absolutely no impact on those computers other than it will transfer it’s self around in the system and infect computers, eventually there is a chance that one of these computers could be connected to the “100 prius on a race track” system. But the chances are low.
So, considering this above analogy . . . what is the target that Stuxnet is looking for? A system where there are 100’s of prius cars (again the analogy of a prius to a computerized controller).
Being a nuclear engineer, I can with confidence say that the Nuclear Power Plant in Iran was not the target. Simply because the diversity of the plant means that there is no use in the Nuclear Power Plant for such control system.
Where there is such a system is in the Iranian Uranium Enrichment Plant. There are over 4000 identical systems there, each has an associated computerized controller.
The intent of Stuxnet was not, in my humble opinion, to “destroy” the enrichment facility, only to slow it down and reduce the efficiency of the process, delaying the Iranian efforts to achieve enrichment of U235.
However, it is entirely possible that serious damage to the enrichment facility could have occurred by causing a major wreck in all the enrichment devices that comprise a “loop”. This may have occurred a few months ago.
The challenge that Iran faces now, is to change out all the Prius cars to Nissan . . . change the computerized controllers from one model to a different one.
Keep in mind that the full capability of Stuxnet is still being determined . . . it may have the capability to “phone home” and thus “home” will cause it to mutate and then it could also attack the Nissans.
This is truly an impressive piece of benign software on 99.9% of the worlds computers . . . but when it finds it’s target . . . it is devistating.
Opps . . . Clarification of last statement:
This is a truly impressive piece of benign software that IF IT WERE present on 99.9% of the worlds computers would have ZERO negative impact. But when it finds it’s target . . . 100 prius all in a row . . . it is devistating.
Maybe that emphasizes what I am trying to say.
To me it is stupendously “Star Wars” like attack on the Darth Vader of the world. Wow, those guys that built this Stuxnet are some really seriously bad GEEKS!!!
Nan;
“Other countries bracing for an attack by Stuxnet”
Probably NOT from or by Stuxnet as it currently exists in the wild. What the world is bracing for is “Stuxnet” LIKE attacks.
I suspect that out there somewhere in the world is “super geek”, a genius in his/her own right. The Geek/Hacker world is in turmoil over this whole scenario. It is like a entirely new field of hunting has been openned up by this single very, very directed attack. It is the best case of “taking the offense” that I have ever seen. I think the entire computer industry is in somewhat of a state of shock that this has occurred. Because it does create an entirely new “defensive position”.
Looking at the past, such attacks may have already been inacted. Consider the problems that Toyota had last year with the “run away” cars. Where for some unidentified reason Toyota recalled millions of automobiles to replace “mechanical parts” to prevent runaway engines.
If a Stuxnet like virus was in the wild that was directed at Toyota cars, with a computer of specific architecture, it is entirely possible that such a super virus could have infected the software in that cars computer.
Toyota did make a statement concerning the software in their cars . . . something to the effect that the software had been verified to function properly”.
If the Toyota engineers were not looking for a virus, they absolutely would not have found it, if that virus had similar characteristics to Stuxnet. The only reason Stuxnet can be found today is that “one” group in Germany found it. Therefore, only because it “has been” found has a “virus detector” been created that finds it. See what I mean here? Prior to the group in Germany finding Stuxnet, perhaps by accident or simply like finding the “easter egg”, there is now the ability to find and remove it.
If such a piece of software was in the Toyota car computers and the engineers were not looking for the virus they may not have found it. It is possible, and highly likely, that they were looking for such virus. But the virus could also be “self annihilating” . . . it would destroy its self after it had initiated whatever event it was designed to initiate.
Just a bit of thinking about the “what if” scenarios. Maybe we have indeed seen such an attack, we just never realized that it occurred. This is truly a “secret weapon” . . . a weapon that attacks, does damage, and the weapon goes unfound, because it is secret!!!
Skook;
I perhaps am reading between the lines, but there is a little bit of “NOTE OF PANIC” in your original article. I believe that this will be of very little to no impact to the worlds industrial complex. Here is why. The Stuxnet virus has so many “specifics” associated with it, even to the point of being directed at only two different models of Siemens PLC (Programmable Logic Controllers) that it is “self contained”.
Siemens changes it PLC models like the days of the month raised to the power of the year.
So even though Iran might have bought 10,000 of a specific model of PLC, that PLC model is no longer made.
Additionally, the pathway that the virus uses to get into the PLC predicates that the PLC have certain defined logic parameters defined. The Stuxnet virus was very defined to a specific industrial process. This further limits the “motility” of the virus. It will not infect even the specific PLC for which it is designed unless it finds certain specific logic established within that PLC.
So this means that even if a susceptable PLC is found, that unless that PLC has the “weaknesses” defined by Stuxnet, it will not be attacked.
Stuxnet is a virus that can infect only one very, very specific host. It is so specific that for all practical purposes it is “benign” to 99.99999999999999% of the PLCs in the world. But that .00000000000001% that it is contagious to, it is leathal.
Even now Microsoft has corrected all of the entry paths in windows that allowed Stuxnet to get onto Laptop or desktop computers. This is to say, that if “software” on windows computers is maintained “up to date” that Stuxnet can not become resident on the laptop or desktop.
To get to the Siemens PLC that Stuxnet is directed at . . . a laptop or desktop must be “physically hard wired” to the Siemens PLC. This is done with a “connector cable” that connects the laptop (typically used) to the PLC via USB connectors on the laptop and Siemens PLC. This is normally done by a technician that is programming the PLC. Thus, the technician must connect an infected laptop to a PLC. Then Stuxnet looks at the PLC programming, if the PLC program does not do what Stuxnet is looking for, then Stuxnet does NOTHING. If Stuxnet finds what it is looking for, then it does infect the PLC, hides its self, and makes changes to the PLC control logic that are invisible to the programmer. The technician thinks and sees the indications that he wants . . . but Stuxnet has control and makes changes that the technican does not see or know about. The device that the PLC is controlling, however, is controlled in the way Stuxnet wants, which might destroy the piece of machinery that Stuxnet is controlling.
Consider the vulnerability of the Iranian Enrichment Plant. All though I know nothing about the controls at the plant, IMHO and best judgement, all the PLC’s for that plant would be connected to a network such that they could be monitored or programmed from a central control complex. In such facility, there would be “thousands” of identical PLC’s. Since they are possibly controlled from a central control room then Stuxnet would infect everyone of the PLCs. Stuxnet would control!!!
Once Stuxnet got into the Enrichment Plant Controls the only way to get it out is to rip out the entire control system and harden it to prevent re-invasion of Stuxnet or Stuxnet like viruses.
Again, IMHO, even though this was catastrophic for the Iranian Enrichment Plant . . . it will have little impact on the rest of the world.
Tallgrass, the military or terrorist potential of such complex but yet inexpensive in terms of money and lives is staggering. Hopefully, a new industry is emerging with prophylactic safety measures that can be used to thwart such attacks in the future.
My scenario of attacking power facilities or transmission grids during a winter cold snap could be more devastating than 9/11. We should be developing such weapons and the ability to protect our selves from such attacks. Water systems, sewage systems, refineries are all likely targets.
Stuxnet should be a wake up call that hackers are becoming more sophisticated and the potential for rogue governments and “Well Financed” terror groups of the Islam persuasion is a distinct possibility. I hope I am not being Politically Incorrect in pointing out that nearly all terror is Islamic.
Despite living with a 7th Century outlook, there are a few Muslims with the ability to realize the potential of a Stuxnet clone; especially now, after it has attacked Iran’s enrichment facility. “Peace Be With You.”
There are two distinct possibilities, either it was a random attack or it picked Iran as a specific target with a few collateral attacks to divert attention. I mention this scenario because of Israel’s apathetic concern towards the possibility of Iran building nuclear weapons and the threats that Iran has voiced towards Israel.
EXCLUSIVE-Cyber takes centre stage in Israel’s war strategy
http://www.alertnet.org/thenews/newsdesk/LDE68R0GB.htm
Now We realize the huge potential for Cyber Warfare. So does Israel as Reuters reports.
So far the merits of Cyber Warfare have been speculative, until now…
Now, sometimes it is educational (not always accurate) to read DebkaFile.
DebkaFile is an Israeli propaganda and misinformation site, so 24 hour rule should stretch to 72 hours at least.
Today DebkaFile has a bit about the virus or worm attacking Iran.
The article goes on to claim that Iran blames the West (probably Israel in particular) for the attack.
Then ends with this:
I am terrible when it comes to pronoun referencing.
What I meant when I wrote this:
I was just hearing that nearby countries are bracing for a strike because of this worm.
Was really this:
I was just hearing that nearby countries (Israel, the Saudi’s, Egypt, etc.) are bracing for a RETALIATORY strikes (from Iran) because of this worm.
BTW, I loved your illustration about the cars.
Sorry about the confusion, my fault.
Nan;
Yes, I agree with the possiblity that Stuxnet might be self replicating and self -mutating, thus being adaptable to a defensive action that is initiated againist it. Right now, all the “powers” that be, those guys that do virus evaluation and build defenses for them have said is basically, we have identified it, we have closed all the holes that WE know of that it takes advantage of to infect a host, we know it is dormant and non-damaging on any machine, even the one that it is resident on that is used to program PLCs . . . there is only “two” known versions of Seimens PLC’s that it attacks and that it looks for a very defined set of logic in the PLC’s that it does attack.
There is little doubt that it was meant to attack Iran, and Iran alone. If it has infected a “few” other isolated PLCs then it was pure coincidence that the logic programmed in the PLC was within the parameters of attack for Stuxnet.
Any PLC programmer that is worth a darn will now be very careful about which laptop he uses to interface with Seimens control PLCs.
Keep in mind also, that to initiate “live” or “on the fly” changes to a PLC that is in a circuit that involves the healthy and safety of the general public is a huge NO, NO in the US of A. This would never happen. Chances are the PLC would be replaced during an outage with one that has the new logic in it, then a system test would be required before returning the system to normal operation.
that should humble ARMAGHADINE a bit,now that he found that he can have a disaster on his nuclear plant, for keeping his menacing tone to other powers including USA;
those guys need something like that, when they think,so arrogantly.
Gizmodo has the photos of some of Iran’s weapon’s technology.
Note the “Ritard” thing-y.
And then there’s pseudo-UAV with a bomb attached.
Also there is a kamikaze mini-submarine complete w/ frogman at the wheel and maybe pedals.
Sadly, these are all paraded in front of crazy mullahs and Ahmadinejad as if they are really something.
Add to all this CNN’s photo spread of Iran’s latest weapon: radar-evading flying boats!
No wonder they are as mad as hornets about this computer worm.
They had no weapons against it.
Nan;
IMHO, the fact that Iran “has no weapons” againist illustrates a sad, but personally experienced, characteristic of that region of the world. For some strange and unbeliveable reason, those people seem to think that “no one” in the world is as intelligent as they are. I don’t know if it has to do with the fact that most ex-pats do not speak arabic, or if there truly is some inherent malfunction in the social demographics. Everyone of them that I have ever had any dealings with, and I have spent a considerable amount of time working in the middle east, seem to think that everything they know and understand is a secret, or perhaps that we in the west are just to stupid to understand. What this creates is a huge gap of communications. It typically means that when it comes to something technical, I have had to make what ever I am working on, function correctly without their help. Then when I leave I usually experience a “Shit hits the fan” situation a few weeks later. It is more than just ignorance, it is a profound stupid situation. They just seem to “trust” that we will not screw them up. Maybe it is the “InshaAllah” aspect of life that does it to them . . . heck I don’t know. But I am not in the least surprised that a virus could completely blow them out of the water. In fact, I am convenced that if our MSM had not told them the virus existed, they would have never found it.
@ilovebees – I agree with you. The only thing bullies understand is power. I would much rather the terrorist-sponsoring countries fear the USA, rather than having them “like” us.
http://www.debka.com/article/9048/
anticsrocks: hi, THEY are very dangerous now, BECAUSE they make false claims on who did it,
and of course they accuse ISRAEL and THE USA, and they are menacing without proof.
it look scary in there for starting a new war,
can you imagine another warzone like they are fighting now with the ROE to protect civilians,
who most likly work for the ennemies for cash .
bye
Yeah, those bogus ROE are endangering and in some cases costing the lives of our brave men and women in the military. My Dad is a WWII vet, he was in the initial invasion of Okinawa and saw heavy action. I asked him what his ROE were in the South Pacific in WWII. He said they were told that if it moved, kill it. I like those ROE’s.
Imagine how much quicker things would have gone in Afghanistan and Iraq had the military been allowed to actually WIN the damn wars.