Stuxnet 'Industrial Virus' Hits Iran Hard

rated by 0 users
This post has 6 Replies | 0 Followers

Top 10 Contributor
Posts 25,793
Points 1,163,155
Joined: Sep 2007
ForumsAdministrator
News Posted: Sun, Sep 26 2010 3:03 PM
A sophisticated computer virus that targets solely Siemens SCADA, or "supervisory control and data acquisition," systems, has infiltrated systems across the globe, and has hit Iran "very hard." The Stuxnet virus has reportedly struck industrial sites throughout Iran, including its nuclear facilities.

SCADA systems are commonly used to manage oil rigs, power plants, water facilities, and other industrial plants. Stuxnet was first identified this summer, but the Windows vulnerability exploited by the malware was first described in April of 2009. Microsoft confirmed earlier this week that it "overlooked" the vulnerability when it was revealed last year. Two of the four vulnerabilities exploited by the worm were patched in this month's Patch Tuesday.

At the same time, on Saturday, it was reported that the United States knows neither the source nor the purpose of Stuxnet. It should be noted that for some time there has been concern that attackers may one day hack into or attack (via malware) the infrastructure of countries, and the attack on Siemens systems fits right into that mold.

The vulnerability of these Windows-based systems that aren't personal computers, but have the same exploits available has been expressed before as well. Often, these systems, which also include print servers and anything Windows-based, are not protected by antivirus software, and are not regularly patched.

Sean McGurk, director of the National Cybersecurity and Communications Integration Center (NCCIC) said,
"One of our hardest jobs is attribution and intent. We've conducted analysis on the software itself. It's very difficult to say 'This is what it was targeted to do.' "We know that it's not doing anything specifically malicious right now. It would be premature to speculate at this time. "We're not looking for where it came from but trying to prevent the spread."
McGurk added that Siemens is "reaching out to their customer base" to help deal with the infection.

The sophistication of the malware has led to some speculation by security experts that it was created by state-sponsored developers or some sort of state secret service. Based on its state-sponsored hackers or a state secret service. The malware has also been reported in Indonesia, Pakistan, India and more and thus, it is unclear that Iran was a primary target. However, the sheer number of systems in Iran that have been hit by Stuxnet is out-of-bounds with the rest of the infection statistics.


One Iranian official, Mahmud Liai of the Ministry of Industry and Mines, was quoted as saying that 30,000 Iranian computers had been affected. He added that Stuxnet was “part of the electronic warfare against Iran.”

According to German computer security researcher Ralph Langner, who has been analyzing Stuxnet since it was discovered in June, Stuxnet is able to recognize a specific facility's control network and then destroy it. He believes Stuxnet's primary target was the Bushehr nuclear facility in Iran. That plant was built with Russian help, but unspecified problems have delayed its operation.
  • | Post Points: 65
Top 50 Contributor
Posts 3,092
Points 38,110
Joined: Aug 2003
Location: Texas
acarzt replied on Sun, Sep 26 2010 4:46 PM

That's crazy... kinda scary too.

I see the potential for a nuclear meltdown if this were to get out of hand.

  • | Post Points: 20
Top 25 Contributor
Posts 3,771
Points 40,505
Joined: Jan 2010
Location: New York
Inspector replied on Sun, Sep 26 2010 5:16 PM

i can see lots of trouble brewing up from this. Maybe places that depend on a computer system should create their own OS, this way they aren't as easy to target. I can see one of these day a virus will get in to a system and launch a missile somewhere...

  • | Post Points: 5
Top 10 Contributor
Posts 5,053
Points 60,700
Joined: May 2008
Location: U.S.
Moderator
3vi1 replied on Sun, Sep 26 2010 5:38 PM

>> Maybe places that depend on a computer system should create their own OS, this way they aren't as easy to target.

I would not recommend security through obscurity... that's just another path for them to re-implement bugs and holes that have long been worked out of mature operating systems.  If that actually worked, Windows would be "secure" because people don't have access to the source.  Of course, Windows wide array of security holes has allowed hackers to get access to the source (and promptly torrent it) on occasion, so there you get all the downsides and none of the benefit from white-hats.

They need to be using some form of SELinux or BSD (like the U.S. Army and Navy do for critical systems) - something where the code has had a tens of thousands of eyes on it and been proven secure. It has the same benefit of your idea too - preventing the users from accidentally bringing in a home virus and tainting the system.

Juniper and Cisco have made the same move: JunOS has always been based on the FreeBSD kernel, and Cisco's OS-NX is now using the Linux Kernel. These are enterprise routers and firewalls where security is the highest priority.

What part of "Ph'nglui mglw'nafh Cthulhu R'lyeh wgah'nagl fhtagn" don't you understand?

++++++++++++[>++++>+++++++++>+++>+<<<<-]>+++.>++++++++++.-------------.+++.>---.>--.

  • | Post Points: 5
Top 10 Contributor
Posts 8,571
Points 103,110
Joined: Apr 2009
Location: Shenandoah Valley, Virginia
MembershipAdministrator
Moderator
realneil replied on Sun, Sep 26 2010 9:29 PM

"Microsoft confirmed earlier this week that it "overlooked" the vulnerability when it was revealed last year".

WTF???

Dogs are great judges of character, and if your dog doesn't like somebody being around, you shouldn't trust them.

  • | Post Points: 20
Top 10 Contributor
Posts 5,053
Points 60,700
Joined: May 2008
Location: U.S.
Moderator
3vi1 replied on Mon, Sep 27 2010 9:15 AM

They have a history of ignoring reports until an actual exploit exists.

Remember a while back when MS told everyone how horrible Tavis Ormandy was? They were mad at him because he released an exploit so that they couldn't ignore his report.  He included this in the text of the release:

"I would like to point out that if I had reported the MPC::HexToNum() issue without a working exploit, I would have been ignored.

Without access to extremely smart colleagues, I would likely have given up, leaving you vulnerable to attack from those who just want root on your network and do not care about disclosure policies."

So, Microsoft blasted him in words... and continue to prove him right in action.

What part of "Ph'nglui mglw'nafh Cthulhu R'lyeh wgah'nagl fhtagn" don't you understand?

++++++++++++[>++++>+++++++++>+++>+<<<<-]>+++.>++++++++++.-------------.+++.>---.>--.

  • | Post Points: 5
Top 50 Contributor
Posts 2,904
Points 24,545
Joined: Jul 2001
Location: United States, New York
digitaldd replied on Mon, Sep 27 2010 11:07 AM

New headline: Israeli Virus hits Iran hard.

  • | Post Points: 5
Page 1 of 1 (7 items) | RSS