Stuxnet sample code
The AP is reporting confirmation from Iranian sources that Stuxnet, which I’ve posted about here, has caused extensive damage with the country’s computer and industrial system:
Iranian media reports say the country’s nuclear agency is trying to combat a complex computer worm that has affected industrial sites in Iran and is capable of taking over power plants.
The semi-official ISNA news agency says Iranian nuclear experts met this week to discuss how to remove the malicious computer code, dubbed Stuxnet, which can take over systems that control the inner workings of industrial plants.
Experts in Germany discovered the worm in July. It has since shown up in attacks in Iran, Indonesia, India and the U.S.
Friday’s report said the malware had spread throughout Iran, but did not elaborate. Foreign media reports have speculated the worm was aimed at disrupting Iran’s first nuclear power plant, which is to go online in October.
Until now, western security experts were the only ones reporting on and analyzing Stuxnet. No Iranian sources were willing to speak publicly about it. But the fact that this article quotes “Iranian nuclear experts” confirms that the worm has infected Iran’s nuclear complexes. The only thing left to know is whether the most damaged site was Natanz, the only known plant enriching uranium which might be used in producing a nuclear weapon, as I’ve speculated.
Well, that’s not exactly the only thing left to know. An equally intriguing question is who devised and planted the malware (how they did it would be interesting as well). The Iranians can’t very well blame Israel or the U.S. because to do so would acknowledge the damage Stuxnet has caused.
{ 20 comments… read them below or add one }
How it got in: they emailed it to the weakest point in the Iranian chunk of the internet, some low level educational server maybe, and the little monster replicated until it hit the nuclear sites. It was pretty sloppy, unless that was the intention (to act as a foreshadowing of how future bombing raids will go.)
Strelnikov r u dumb!!!!!! hey this article never talked about stuxnet was already in nuclear systems, it already infected industrial systems and the iranian nuclear agency is fightin up the worm to avoid it infect the nuclear facilities. Strelnikov you must to learn to read man!!! hehe. and i got another point, what a heck means “low level educational server”???????? I guess you are a united states citizen, bcuz thats the dumbest expression i ever heard XD. I got an example of low level education: USA have a lower educational level than Mexico right now XD
Troll.
impossible…those computers at the facility are off the grid
it could only be implanted through jump stick
one of the reasons at security facilities in the states, those handy little devices are banned
It’s also likely that Iran was nowhere close to going online with the reactor on October and they are just circulating this story as an excuse. If Stuxnet was really capable of doing what Iran is suggesting, it would be one hell of a worm, the likes of which the world has not seen before.
Maybe there really is a Microsoft backdoor but they’ve been holding it, or this is he first time it’s been reported on…
RE: “…whether the most damaged site was Natanz, the only known plant enriching uranium which might be used in producing a nuclear weapon…” – R.S.
FROM PAUL WOODWARD, WAR IN CONTEXT, 09/25/10:
ENTIRE ARTICLE – http://warincontext.org/2010/09/25/bush-white-house-security-adviser-israel-likely-source-of-cyber-attack-on-iran/
Iran did NOT confirm any damage, just an infection,
Your lead is wrong.
Gerald
Anthropologist
And you think the infection didn’t cause damage?? What world are you living in?
jEEZE no IT DID NOT.
Just cause something is infected doesn’t mean it did
damage.
Specify the damage it did?
Your assuming something without proofs.
Gerald
Anthropologist
It’s a waste of time arguing with you. Let’s just say that I trust the word of the most distinguished cyber security experts who disagree with you & point to the destruction of hundreds of Iranian centrifuges at Natanz & similar problems with Bushehr. Numerous media sources, intelligence experts & cyber security experts have speculated for a yr. that this damage was caused by precisely the type of weapon identified as Stuxnet. Do you have knowledge or experience that would compare to theirs & if you claim to have can you prove you do? Otherwise, you’re talking garbage.
Don’t waste out time.
According to Microsoft 31,740 machines in the US were infected with Stuxnet. No damage to control systems was reported. https://blogs.technet.com/b/mmpc/archive/2010/08/19/one-week-later-broken-lnks-and-msrt-august.aspx
And you’re arguing that because no damage to control systems was reported in the U.S. that Iran’s security standards are the same as the U.S. & therefore there can’t have been any damage?
You guys making this silly claim have a major problem. Sabotage has been reported repeatedly over the past yr. at Bushehr & Natanz. We know for a fact that massive numbers of centrifuges have failed at Natanz for no known reason other than sabotage. We know Israel and other nations have been attempting to sabotage these plants. Yossi Melman of Haaretz has reported this. He told me so (though he believes it’s more likely the U.S. is behind it). If it walks like a duck & talks like a duck it prob. IS a duck. I also love how people w. no known security background to speak of are willing to represent their own knowledge as superior to that of cyber security experts who spend their entire careers analyzing this stuff & telling us what it means.
I’ve been reading professional publications in the cybersecurity industry closely on this subject for a few weeks now & the consensus is as I’ve reported it. Anyone who attempts to claim that Stuxnet was a juvenile hacker prank w. no known impact or damage is advancing an argument that has no credibility.
First, there is a big differnce between infection and damage with most worms, Stuxnet in particular. If you have been reading about Stuxnet (as I have since the news first broke and I have been covering it in some detail on my blog) then you would know that it is a targeted worm designed to actively damage a very limited type and number of facilities.
Second, I never said that Stuxnet wasn’t targeted at Iraninan facilities. In fact, I have publicly expressed my opinion that it was. I’m just saying that I have not seen, nor is there anything in your report, that would justify that as a claim of fact. Further investigations might (hopefully) show that, until then everyone in the cyber security community is talking about supposition at this point. That is widely reported in the cyber security community.
Lastly, I have not claimed to be a cyber security expert, but my background in process chemistry, my use of process control systems, and my training in computer programing all make me well qualified to understand most of what those experts are saying.
Now, if you have heard specific claims of active damage at Iranian facilities caused (or even reasonably supspected) by Stuxnet, please report that. We need to hear that with as much detail as possible. I would clearly understand a reluctance to name sources, there would certainly be Iranian repercussions.
Stuxnet Maybe the first Non-Proliferation Treaty rootkit
Enforcer.
http://warintel.blogspot.com/2010/09/stuxnet-non-proliferation-treaty.html
Gerald
Anthropologist
Mahmoud Jafari, the plant’s project manager, told Iran’s official news agency, IRNA.
that the worm “has not caused any damage”
G
Gee, quel surprise. And you believe someone who has a vested interest in not telling you the truth?? C’mon. You’re lame & so obvious.
<>
They’ve already put the U.S. on the list of people to blame.
Circular reasoning of the worst sort. Kaspersky quotes this article as source for knowledge that the ‘the worm has been confirmed…’. This article does not provide info on source of information. The AP article certainly doesn’t provide any information about damage, just infection; two entirly different things.
The Iranians would rightfully attempt to conceal precisely the type of information you & I would like to have. But the fact that massive amts of damage have been caused both at Bushehr AND Natanz, & caused in such a way that Stuxnet could easily have been the culprit indicate with a fairly high level of certainty that Stuxnet played a role in this if not the only role. We ain’t never gonna get certainty here unless we find a goldmine of data in some unexpected fashion down the road.
You should acknowledge the vast preponderance of supposition by actual cyber security experts that Stuxnet did REAL damage to Iran’s command & control systems. Here’s another report fr inside Iran indicating Iran hasn’t rid itself of the worm & its impact.
{ 3 trackbacks }