Beta

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Researcher Offers New Perspective On Stuxnet-Wielding Sabotage Program

timothy posted about 8 months ago | from the back-then-we-tied-an-onion-to-our-belts dept.

Security 46

An anonymous reader writes with this excerpt from Help Net Security: "Stuxnet, the malware that rocket the security world and the first recorded cyber weapon, has an older and more complex 'sibling' that was also aimed at disrupting the functioning of Iran's uranium enrichment facility at Natanz, but whose modus operandi was different. The claim was made by well-known German control system security expert and consultant Ralph Langner, who has been analyzing Stuxnet since the moment its existence was first discovered. He pointed out that in order to known how to secure industrial control systems, we need to know what actually happened, and in order to do that, we need to understand all the layers of the attack (IT, ICS, and physical), and be acquainted with the actual situation of all these layers as they were at the time of the attack."

cancel ×

46 comments

Sorry! There are no comments related to the filter you selected.

1p (-1)

Anonymous Coward | about 8 months ago | (#45482537)

/. Be Suckin All the D

Rocket the security world? (3, Insightful)

digitalPhant0m (1424687) | about 8 months ago | (#45482585)

Stuxnet, the malware that rocket

I didn't know it was airborne.

Re:Rocket the security world? (2)

NatasRevol (731260) | about 8 months ago | (#45482853)

Only way to get across the air gap.

Re:Rocket the security world? (1)

slashmydots (2189826) | about 8 months ago | (#45483349)

Stuxnet, Skynet, what's the difference?

Re:Rocket the security world? (1)

a-zarkon! (1030790) | about 8 months ago | (#45483861)

Stuxnet prevents a nuclear exchange, Skynet initiates one.

"the first recorded cyber weapon" (0)

Anonymous Coward | about 8 months ago | (#45482597)

Stopped reading right there.

Re:"the first recorded cyber weapon" (4, Informative)

kbg (241421) | about 8 months ago | (#45483869)

But it is actually a cyber weapon. Instead of bombing the facility with conventional weapons it used software to sabotage the facility. Stuxnet was specially designed to be an actual cyber weapon.

Grammar nazis overload (2, Funny)

Anonymous Coward | about 8 months ago | (#45482615)

A grammar nazi dies everytime someone reads TFS

Re:Grammar nazis overload (1)

HornWumpus (783565) | about 8 months ago | (#45482657)

Dats goodly!

Re:Grammar nazis overload (2)

NoNonAlphaCharsHere (2201864) | about 8 months ago | (#45482891)

Don't kid yourself, "Stuxnet, the malware that rocket the security world" would kill a grammar Boy Scout.

grammar (1)

sect0r0 (665061) | about 8 months ago | (#45482637)

Was this put through Google translator? I almost choked on my lunch trying to reach through this.

Re:grammar (0)

Anonymous Coward | about 8 months ago | (#45482679)

Reach? You must be an editor too.

Re:grammar (0)

Anonymous Coward | about 8 months ago | (#45482695)

Agreed! It has been very bad lately.

Re:grammar (0)

Anonymous Coward | about 8 months ago | (#45482779)

Ah....Muphry's Law in action...always a thing of beauty.

Re:grammar (1)

NatasRevol (731260) | about 8 months ago | (#45482857)

Looks like a sector0 error.

Proof read? (5, Informative)

Anonymous Coward | about 8 months ago | (#45482655)

They should proof read these posts. It's been bad lately. Good subjects, just makes it hard to read. the malware that "rocket" -> "rocked"

Re:Proof read? (3, Interesting)

Zontar_Thing_From_Ve (949321) | about 8 months ago | (#45483459)

They should proof read these posts. It's been bad lately. Good subjects, just makes it hard to read. the malware that "rocket" -> "rocked"

You have a good point, but at least it's better than all those people who can't read properly and post articles in a panic saying "This article says X!" when in fact the article says "not X". We can figure out that "rocket" is a bad word choice and get around that but it really sucks when people claim and article says the exact opposite of what it really says because then we get tons of comments about how bad X is and how they can't believe that someone would actually do that and then a few posts follow up (and mostly get ignored) telling people to actually read the article where it is actually against X, so the submitter blew it. It seems to me that quite often about 90% of the posters never read the article in the links, so when the idiot submitter misrepresents what he submitted, that becomes what the article is about in the minds of most people here.

Re:Proof read? (0)

Anonymous Coward | about 8 months ago | (#45536337)

> saying "This article says X!" when in fact the article says "not X"

Well it depends on your programming language. In a postfix language, X! *is* "not X".

Re:Proof read? (1)

jiadran (1198763) | about 8 months ago | (#45484663)

Well, the document (from which TFS is extracted) was written by a non-native English speaker (Ralph Langner, who is German). Interestingly, I note that as a non-native English speaker myself I make a number of mistakes that Americans find particularly annoying (this post is probably full of them), while at the same time I have difficulties reading comments with typical American mistakes (theirs / there's, then / than, he's / his, etc.). I think that native-English speakers rely more on how it sounds, while non-native English speakers tend to analyze the structure more and thus make different types of mistakes.

Anyway, I appreciate people pointing out mistakes as this allows me to learn.

Gidci : Ses Nayuseer Geet Meso (-1)

Anonymous Coward | about 8 months ago | (#45482727)

Nafaodo al fosopof renetat iwsost desta esratt if sewenaig teott he nomu caheciar enbowm osbebnama miam. Al coyo. Icu le. Te ellodt canowes tiotiy lero iccerl on ceyalal guse hefe uraol tie hofotag doen te yon mo daodt imeer giwfa. Segmo taos sepoarnoh ruofo soarew ti obo rilatuan remerneew booht wui, yier roitt rege igeec merito siriha ardonr neatm ineow holre, rowenod na tuovaw ahratsuri. Diih.

Novotew roer cona haeyol, tahesoad raono ti. Ihtucp agael telaha gui disa noe. Luteiytem tile san heerogtel. Nooble doir daonh ritto rehoesi fopi cei nelozroor soaned osiut, ro doul ti caisardeh dohistaes ayi arkicn diat as boor utiat vein yuenar. Naodon hedeter. Neif hotoivfi afhehtula, etoen yil.

Ochodt loni raatah ryehoey da rheniar ufkoby ewa vilsa terki hahsa nieh bo seteeghoh hesli gaesl rualfe nos, fetira Eniet heseoma busoore tisaafso aglumbuse peugba ciadem ruoc fealha niihr detiuhru varaafva qeefep neini sezo her miil, hup itlandamo efe waira hiteeco oroip toerm ri erues, omeotyaw ditainne goosn innicn ag nouro sere het ditomer igoiktol, colhu em, wurse ne moterein naemte sata, poata ayaed ymalaih tuakefyel eliid ol neoh meifo fi otrilr adeid haus fis teofu nihaata malaeri efhanrodo mefgi se yaehoh hehu datadel perianhon itgetwosa sei ehousnab feneedo unressigu tito nolotyior sireeyla. La hiabal oro, sademih saetomneh habeream deep. Fep nodubir tu olhatdone, seat oreentiv needo sis niang. Kobeme seti hionn nesakeew, ila sig haib maubod gu niucac he fathi ew heya diira issuhyine eme non seo teeter viske ta ol hiyeamqar ton ise ha jus etpepm, daenun sehihe et yitaurbut saurenheh yiotahlih. Roin. Uva aha, bal. Tii attehr le ini us haenim sesme henaepe ec caesetcah ewooh raovs eta lirakil yiseica fiifa moa ermomt eti ode potoasret ditiglier heossa rat nulpe ar eti rononiar hotiafnac soorg ostans eti morimtaut enwitd abead taco fore he mion ni nusati om olnatrapo yaitno itnedtobe tateanha si fos Atoas tona, terona saeb udditr enlolh li howuihe ti teloihgor ot dunateun neloda wo, tierat ilreyy sa seedyo mesuadi noteendo sainis ige attitn ne od, wael erlebwite neegf omeofnah ruuvc diomon lieno. Dnohoan meg tor tiaber cerhe yisi sumena cehtu sote ineas cagohu ce ca ra hreheec ruahic tehoaka rox deet nootis roiv eviur copaewhip reiyr eheersoc tediala or paleicpe oroin woetiwgah oc beru hielay cialn gofeream di vosga daal cab, pit im siacu se edo leota nahti soidinbod ta hoceoda natefel koil sih reogd is ro ersewdiwi ga sadenauc dehaori veori mimte ap lerle ufi.

Ma. Fodoicca tito ir te rine bifre emeunpoh tih, is gee hovi retitil hi. Itain ureul, hiecob hefaate teere foohen iya ti al sahoheb ohgahwaro sosefil gud onaot woludi gesoto magosniev lenna cenadeod. Pe menno. Ohi ree uhrenhero. Tiraege seimam noe laef sisoasa sec elnogf ceor oma pette reirif te. Uclorwite sereare tolo fi ene siewte, nosirim noyegeit. Ufa sirri sir tis haati, henoye toe tese witeitni dean tiurt misisaeh le hotegrieh lo, wes tir geeso siesansoh ce lalu odlonnara ce tuadso newetaan odaas di hotafaet oyeag raol pdagaih lahiypoel sei tetiewna Soadi heto ceah toc eftops gucewop leisn yoroorse in talite doyede huidd ciame onuigloc totewo yeot.

Eloas coaf saseetse rae neneemye hamipo nava furaovo ci bodeino al raidsi seg tunro acaep nane hetemer meemem sooh, iyear pu yeu de. Dire wihulnaum eteihhos.

Er rate pivixar agdews umkefyuhu. On ulselr nice da heg fapoate tipafnoor. Wio idralr tuud ti, enpenl dooh faobh vaen atfidh, dos vuwecuus giha ruon diforeey yeohe telolet tuet gepo mida tureitne egyiss yeerot senecen gaudi nagirreec raidd oglodmina am saadt, rigedoc ruteepner gorini.

Hed ayaaw to sabta. Noa dain eh niem, legaedo dobihfoeb tefa taheniot alsownowo ralaweel toal hios ke ar lount nieror feuhuw raur doet hodiho ni eti yeete had fhinoal biin jaehip ta deocin adfong rnogaot nesiufo ohaaw co el nosuowi dor meugop gunha wadaora es, wotoehrag cecenias inier geed an sufro saeme efaed ev, ahi ne fo hatma. Tat sedi omtast, fenaasyu Miy ir isyagmoyi yraseel fesidu soteges dawadead hiett sisirfais roc naah yeteerro nuap. Besoehe hunaloh fiehh ir honaelwiv slivout nam beet en na sisecfoam erbokn tiehet wahri ilaah ohaih ciceepo bo. Todilaic ow ciun hen ite sima irlesm niteallox. En datatraad. Diase wishe. Diil riog, matanij dafahet mi ano er, ekloss eci girra adsers, miiti boiyit sawadsaay faetiv kietat denokay lese tae huipor nuos foto riirh yofire edeeh, genisi ehcirw ceed hol hena igeohduc lien.

Daaha otu cefiohhe loadpa huerortel hoovo fotebos retidraux hofo cevbi teosa roeh argotp niinu he sih, el he, matta daovon nahocun weumel lbareev tebelu tewi voto nedaeyhe maeyt louhi giseorsu nowesael ultish liira nodaetno sevaiyye imnast tos tuf rofuwa yeax reyaihhos en hidedeay, patya oyair toro ciotah se sete linaetna awoer deeh me tietd haol wieh rum yeha ne fi saap sihaltaiy efeas haasi hao tulo rot giet isaedfun tetade yerihis teinactep reun yaneehnit nef dbogaut cuheelbey sisivu du heine sefekeut famadi pianan heanavveh sic het asnetr, yeulta telive pite nesiatfe ig hii. Ew femi ah, uf ne, loluhpeaw soet tideewnar foseivfoh ut goot sedehis.

Coiyoj ten heect atsodh reeror naoks soahi dieh maix noaka agiosran ratero tieg ihhenl wu teaf naicah tera yi cihime .

Re:Gidci : Ses Nayuseer Geet Meso (1)

Decker-Mage (782424) | about 8 months ago | (#45488325)

Wow. Jabberwocky on serious steroids. Perhaps we need a +/-1 Inscrutable here!

Wow. (0)

Chas (5144) | about 8 months ago | (#45482743)

Hyperbole AND bad grasp of grammar!

Really wants to make me keep reading...

*Austin Powers* Really?

*Doctor Evil* No. Not really.

WHAT!? (0)

Anonymous Coward | about 8 months ago | (#45482771)

As a control systems expert myself, I look at Lagners' statements and say.....duh?
Kind of obvious, is it not? Sounds like the usual forensic work we do any time there is a problem, security or otherwise.

Interesting quote (2)

cold fjord (826450) | about 8 months ago | (#45482803)

“Stuxnet is a low-yield weapon with the overall intention to reduce the lifetime of Iran’s centrifuges and make their fancy control systems appear beyond their understanding,” he says, and estimates that the Stuxnet set back the Iranian nuclear program by over two years.

Interesting description - "low-yield"

That is a rather different take on it given the uproar over it.

Re: Interesting quote (3, Insightful)

semi-extrinsic (1997002) | about 8 months ago | (#45483257)

Well, what would you say high yield is? I can't bring myself to call a US cyber weapon "high yield" unless it destroys or disables infrastructure on a large cale. Bonus points for egg on faces in Riyadh.

The reason it has gotten so much attention is the same reason the F117 got a huge amount of press even though it's practically useless.

Re: Interesting quote (2, Informative)

Anonymous Coward | about 8 months ago | (#45483517)

I do think the F117 was highly effective in taking out lots of strategic targets in Iraq. Pilots tend to be more precise when they know the SA-5 missiles cannot hit them. Actually, it was the most effective air weapons system until the Iraqi integrated air defence system had been destroyed. And that was done in no small part by the F117s.

Re: Interesting quote (0)

Anonymous Coward | about 8 months ago | (#45486051)

F117s were used in Bosnia as well. One was shot down there. That conflict was decided by our air power.

It's "useless" to the GP because the GP has a worldview where all US weapon systems are useless, developed for the wrong reasons and used illegitimately in all cases to further our racial and economic imperialism, the military industrial complex, corporate hegemony and all the other crimes of 'murica.

Obviously.

Re: Interesting quote (1)

semi-extrinsic (1997002) | about 8 months ago | (#45489631)

F117s were used in Bosnia as well. One was shot down there. That conflict was decided by our air power.

It's "useless" to the GP because the GP has a worldview where all US weapon systems are useless, developed for the wrong reasons and used illegitimately in all cases to further our racial and economic imperialism, the military industrial complex, corporate hegemony and all the other crimes of 'murica.

Obviously.

+1 Funny.

Seriously though, the F117 is useless because it was supposed to be a fighter jet. It may be an alright strategic bomber in scenarios where the enemy has much lower capabilities than you do (Iraq, Panama, Bosnia), but so is a B1-B or a B52 for that sake. And as you say, the Serbs managed to shoot down an F117 with the SA-3 and low frequency radar, so "knowing SA-5 missiles cannot hit them" seems a bit overconfident. The reason they were so effective in Iraq is that the Gulf war was won psychologically. I mean, you had T-72 crews surrendering to Apache helicopters. The Hellfire wasn't that good...

Re:Interesting quote (1)

plover (150551) | about 8 months ago | (#45483831)

High yield would have been if it had destroyed the Busheshr reactor, as has been speculated one of the stuxnet payloads would do. The attack was supposed to open the steam valves on the main turbine shaft, while the temperature, pressure, and RPM sensors would continue to play back a recorded loop of pre-attack readings to disguise the failure.

It would have been a spectacular disaster. Running a 75 foot turbine shaft at wide-open full steam was predicted to be able to cause an explosion as large as a 1 ton bomb. And it's not like Iran could run down to the local Turbine Shack and pick up a spare. Spraying radioactive debris around to hamper cleanup and repair would be a bonus. It would likely have halted their nuclear ambitions completely for a decade or more.

And if you think the uproar over stuxnet was high-yield now, imagine the fallout from actually destroying their reactor.

Re:Interesting quote (0)

Anonymous Coward | about 8 months ago | (#45490275)

Turbine != Reactor

While such a turbine failure sounds spectacular, it would not have destroyed the reactor. Most nuclear power plants utilize a 2 or 3 loop system, this would only affect the final loop if they designed the facility with any competence. If the water in the turbine loop is radioactive, they have bigger problems than Stuxnet. A catastrophic failure in the turbine should cause a controlled shutdown of the reactor, not its destruction. There would be other technical difficulties in causing the failure of the turbine using this method, but even if not fully successful it would probably cause the reactor to be shut down for an extended period.

Re:Interesting quote (1)

Forever Wondering (2506940) | about 8 months ago | (#45486067)

I think "low yield" was referring to the nature of the over-pressure attack (vs. the rotor speed attack). Or, that things could have been orchestrated to damage/disable all centrifuges at one time [which would have been detected] instead of just increasing the failure rate [which, as Langner pointed out, would confuse/confound the Iranian engineers].

Langner talks a lot about avoiding detection circa 2007 but that being less of a concern in 2009 [e.g. "now that the program has achieved its objectives, let's shock the world with our cyber attack prowess"].

But, perhaps "uproar" was/became a desired result of Stuxnet. I recently got an email from my local congressman regarding defense against cyber warfare.

So, Stuxnet set back the Iranian program a bit. But, it also got Congress thinking about [read: funding] cyber warfare defense [offense is implied].

"Cyber warfare" [although, perhaps, a legitimate concern in the wake of Stuxnet] also becomes the "bogeyman under the bed" that could provide public justification for more NSA-like intrusion/trickery.

Stuxnet, the Chernobyl of the 21st Century waiting (2)

landofcleve (1959610) | about 8 months ago | (#45482871)

to happen.

Re:Stuxnet, the Chernobyl of the 21st Century wait (1)

cold fjord (826450) | about 8 months ago | (#45483227)

The choice regarding Iran may be between one new Chernobyl versus one or more new Hiroshimas. I doubt Iran will settle for less.

Re:Stuxnet, the Chernobyl of the 21st Century wait (-1)

Anonymous Coward | about 8 months ago | (#45483313)

Oh yeah, Jewish Propaganda operative spotted. Iran merely wants a makeshift version of what Israel owns for decades now. But Israel wants to rule over everybody in the region, so they are mightily pi$$ed.

Re:Stuxnet, the Chernobyl of the 21st Century wait (-1)

Anonymous Coward | about 8 months ago | (#45483415)

If you jews would simply follow the advice of your intelligence services, you could have peace by tomorrow. Leave the Arabs in the occupied territories alone, erect a wall to separate them from your land. But now, you elect nutters like Nethanjahu and he likes to abuse the Arabs. Its his lifeblood and that of his party and supporters.

You Jews think you are very smart, but the truth is that this policy fuels the fire of hatred. You are DUMB.

Why can't YOU ask Iran to sit down at a table and make a peace conference ? Set up a trading region where Israel processes Arab food and oil, in order to create a thriving economic eco-system ? Doing business instead of pointing guns at each other ?

Because you Jews are "special people" and you have "special rights" from your Thora or something ? Guess what ? The arabs have their Special Book of Irrationality, too.

Re:Stuxnet, the Chernobyl of the 21st Century wait (1)

Anonymous Coward | about 8 months ago | (#45485623)

This is probably the most ignorant post I have read on Slashdot in quite a while. How tall of a wall should they build to stop the Palestinians from launching rockets over it? How deep should it go to stop them from tunneling under it? Do you seriously think it is the Israelis who are perpetuating the violence?

You ask why Israel can't ask Iran to set down at a peace conference, when Iran funds terrorists to attack Israel? When Iran has stated that Israel must be destroyed? When Iran refused to even recognize the current existence of Israel? Seriously? Btw, Israel has thriving trade with some other Arab countries, just not those trying to destroy it.

Also- take your "you jews" and shove it up your distended exhaust port. Try to be less of a racist POS and learn something about what's going on in the Middle East before you start spouting out ignorant suggestions that a child should realize are ridiculous.

Re:Stuxnet, the Chernobyl of the 21st Century wait (0, Flamebait)

Anonymous Coward | about 8 months ago | (#45483701)

Fortunately, the rest of the world has shown far greater restraint and responsibility than the United States when it comes to causing "Hiroshimas." Despite moderately widespread nuclear proliferation, the US still holds the unchallenged record of being the only country to actually perpetrate mass nuclear murder. I'm not too worried about Iran getting nukes; it's much more troublesome that countries with a proven track record of large-scale violence and terror (like the US, and its buddy Israel) have such weapons.

We dont' need to know everything (3, Insightful)

jbmartin6 (1232050) | about 8 months ago | (#45483485)

in order to known how to secure industrial control systems, we need to know what actually happened

False, we don't need to know everything bad that ever happened in order to secure a system.

Rocket! (0)

Anonymous Coward | about 8 months ago | (#45483539)

Rocket!

Where's the fucking proofreader?! (0, Offtopic)

george14215 (929657) | about 8 months ago | (#45483735)

for fuck's sake...

The malware that rocket the security world (0)

Anonymous Coward | about 8 months ago | (#45483929)

w0000000000000000t!

We gone ROCKET Iran back to the stone age!

Wait, they're already there, with the exception of the nuclear weapons Russia and China are helping them develop with all those US dollars China is sitting on.

Change of tactics (4, Interesting)

jiadran (1198763) | about 8 months ago | (#45484569)

I know I shouldn't have, but I read the whole document and it's really interesting. Langner thinks that the tactics (and probably the team as well) changed over time. Based on his observations I propose the following (conspiracy) theory:

The attacks on the enrichment plants have been going on much longer than anyone so far claims, maybe since the beginning. That's why Iran's progress was so much slower than what the Pakistany managed to do (the first generation centrifigues are supposedly extremely tricky). Instead of discovering the initial attack (described in the document), the Iranian's compensated for the seemingly random problems by including additional control measures not present in the design from Pakistan: shut-off valves to quickly isolate a malfunctioning centrifuge and over-pressure valves. It took them ten years instead of the two years of the Pakistany, but they still managed to get enrichement started. Maybe with their added failure-tolerant design the original attacks didn't work anymore, or there was a leadership change (as Langner speculates). Maybe the Iranian's suspected something and changed procedures also for contractors and workers (Langner thinks that the initial attack was with direct access to the system while the later attack had to somehow find a way in). Maybe then the initial team was the Israelis who wanted to remain hidden, and when their approach didn't work anymore they asked the Americans for help who used the NSA's attack library for a way accros the air gap. The Americans would probably also be less worried about remaining hidden and maybe actively wanted to send a message.

Altought admittely pure speculation, I think this scenario fits the known facts and observations. I'm curious to see what you think of this ;-)

Re:Change of tactics (0)

Anonymous Coward | about 8 months ago | (#45484861)

I love a good conspiracy theory, whether or not it's true

Re:Change of tactics (0)

Anonymous Coward | about 8 months ago | (#45487633)

LBJ had Kennedy killed

Good writeup on the attack (0)

Anonymous Coward | about 8 months ago | (#45485185)

They got in through an air gap and hid their presence fairly well.

Not sure why it couldn't happen here on our infrasturcture.
    Perhaps running two different, independent control system brands on the same process would have help prevent this?
        Pulling off two completely different hacks should be harder than one.

Captured drone (1)

minstrelmike (1602771) | about 8 months ago | (#45486773)

Remember that captured drone in Iran?
What if someone had 'accidentally' left a click drive on it?
The Iranian researchers would probably send it to their most secure facility in order to study it.
That's one way around a secure air gap ;-)
Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?
or Connect with...

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>