21 thoughts on “Security Experts: Possible Israeli Cyber Attack Sabotaged Iran’s Bushehr Reactor – Tikun Olam תיקון עולם إصلاح العالم
task-attention.png
Comments are published at the sole discretion of the owner.
 

  1. what do I know

    thats says it all

    why do you publish stuff you dont know

    the issue is so much more complex and comprehensive

    asking few amateurs around isnt going to help you

    hundreds of brilliant brains and millions of combined
    years have worked on something more comprehensive
    then a regular guy like you can understand

    why dont you stay on your regular antisemitic stuff ?

  2. It might be wiser to say that 60% of the known infections were in Iran. This software is only used in conjunction with Siemens PLCs, (system of standard industrial control and sensor modules on a rail programmed for custom control tasks.) There are, obviously far more of these in German and Spanish factories than in Iranian ones. There are also American and Japanese PLCs on the global market.

    It is perplexing if it’s in more than one system if in fact it’s only designed to sabotage a specific installation, and needed to be installed from an infected USB stick as there’s no internet connection. PLCS are very universal tools, and all sorts of different installations use the functional group described for completely different things, so how does the hacker know what he is targeting?

    I’ve spoken to people who think it is actually within the scope of a disgruntled Siemens employee, especially as no-one knows how much time was taken to do this. Half a megabyte of code isn’t a particularly large amount for an application using object-orientated programming languages. You’ll probably find that most of it is there to recognize a particular set of circumstances and comes from some sort of “AI” language, with the C++ bits to effect actions on the Siemens software.

    This kind of controller is often used in moulds for advanced carbonfibre aircraft components, and a sudden change in temperature halfway through can destroy something which took a week to put into the mould and maybe two weeks to cure. This could seriously disrupt production of whatever the part is, especially if the factory had to be shut down while you work out what happened.

    They’re not saying if this attempted to read back information on the curing profiles etc, which could well be technically important intelligence.

    Another way of looking at it is: a way of punishing Siemens for supplying Iranian industry.

    The nuclear plant everyone’s excited about almost certainly uses Russian technology in the critical areas. Although we don’t know if that’s a clone of the German technology.

    Would be pertinent to know if the worm was already there when units shipped from Germany.

    If I was the Germany Security service, I wouldn’t be assuming that this was solely aimed at and to do with, Iran.

    1. If you read all of the articles to which I linked you’d find that the original infection happened through the Russian contractor working on Bushehr whose website is still known to contain malware & embargoed by some tech security companies. That’s probably where the infected USB device originated as well. YOu’d also know that the worm was designed only to infect 2-3 PCs at a time which would tend to limit the infection to the facility it was targeting & not bleed outside so the worm might be detected sooner. You’d also know that the first known instance of the worm goes all the way back to 2009. So the hackers had plenty of time to carry this out before they were detected.

  3. The bizarre point here is that Bushehr is the reactor in Iran which is definitely *not* involved with a supposed Iranian weapons programme. Bushehr is the wrong type of reactor. The potential plant is at Natanz. I doubt that the Iranians really care that Bushehr was delayed.

    1. We really don’t know what installation, or site (or, actually, on the facts, country) this was actually aimed at, and where it just happened to get, presumably by chance with a technician, wittingly or unwittingly, taking his favourite USB stick with him.

      Perhaps someone sold a batch of infected sticks somewhere in Iran (or Germany) and the vast majority of them never met a PC connected to a PLC, so never did anything. We don’t know how narrow or wide the distribution was, because if no PLC, nothing happens.

      Bushehr has been delayed for more than half my lifetime already…

      If the equivalent Rockwell PLCs could also be targeted, there would be a short pause while the Pentagon’s relatively slow thought processes functioned, followed by the most spectacular panic, as these are used across the whole US manufacturing sector as well as many public utlilities.

      General economic damage could be the name of the game.

  4. Here’s a serious hacktavist’s site who has a couple of blurbs about Stuxnet. He makes many of your same points but doesn’t make it out to be of mythical proportions. It could be cover for an embarrassment. Why would they be bragging about it if it was successful?

    http://belowgotham.com/News.htm

    More Details About Stuxnet – (2010-09-14)
    “The fact that Stuxnet uses four previously unidentified vulnerabilities makes the worm a real standout among malware. …Add to this the use of Realtek and JMicron certificates…Stuxnet was undoubtedly created by professionals who’ve got a thorough grasp of antivirus technologies and their weaknesses, as well as information about as yet unknown vulnerabilities and the architecture and hardware of WinCC and PSC7.”
    […]

    Stuxnet Update – (2010-08-07)

    “Both Aurora and Stuxnet leverage unpatched ‘zero-day’ flaws in Microsoft products. But Stuxnet is more technically remarkable than the Google attack, Schouwenberg said. ‘Aurora had a zero-day, but it was a zero-day against IE6,’ he said. ‘Here you have a vulnerability which is effective against every version of Windows since Windows 2000.’

    “To date, Siemens says four of its customers have been infected with the worm. But all those attacks have affected engineering systems, rather than anything on the factory floor”

    “Most infected systems are in Iran, he added, although India, Indonesia and Pakistan are also being hit.”

  5. If Iran is using Microsoft products to run nuclear systems they are too stupid to have a nuke plant. If the US and Israel doesn’t have anyone in there to know what they have, then how can they know about the damage they are speculating to have caused?

    1. Apparently they are using Windows products of some kind as this was at least one of the security flaws through which they infiltrated the Iranian computers.

      Israel likely does have some sort of inside knowledge of Iranian capability. Also, an Iranian deputy defense minister defected some time ago & told Israel about a lot of this stuff.

      1. When using PLCs, it was hard to avoid some form of windows until recently, as the PLC makers only supported the hardware with windows software tools. Alternatives are available, now, but what’s being installed now is probably the fruit of several years work.

        The small number of infections in Iran may reflect the number of Siemens PLC installations there. In continental Europe, the numbers are going to be almost beyond counting.

        What sort of PLC a country uses tends to depend on whose modules the country’s leading electronics distributors are disposed to stock. They all do the same things, but you can’t really mix and match and once you start with Siemens, or Rockwell, you’re generally stuck with them for the life of the project, unless you want to dump all the work you’ve done up to the point you try and change.

        Something that affects Siemens PLCs could damage the whole economy of a global region, an attack on Rockwell ones would damage a different global region.

        Let’s see whether this stays local to Iran over the next year or so.

  6. Why is that “nuclear plant computer screen” in English if it was developed and sold by the Russians to the Iranians? Plus, it is exclusively about water treatment so could be a domestic water treatment plant or even a wastewater plant.

    I call “bogus”!

    BTW, “If Iran is using Microsoft products to run nuclear systems they are too stupid to have a nuke plant.” – US plants make use of Microsoft Windows products although the critical safety functions have the logic burnt into silicon chips. There are fall-back systems that are hardwired (not digitized) that can shut the plant down safely.

    Still, that could drop a lot of generating capacity off the grid even if it remains nuclear-safe.

      1. Of course nuclear power plants are water-cooled and so have several systems to purify water and cleanup waste. I’ve spent years of my professional life designing and building such systems.

        My point is there is NOTHING about that screen shot that is specifically nuclear. Add in that it is English but built by Russians for Farsi-speaking operators and it looks fishy to me.

          1. OK, I’m willing to accept the word of the CSM. They are one of the few MSM I sorta trust.

            So what? I’ll grant that it could be from the Iranian nuclear power plant.

            I should apologize since my original questioning really didn’t affect the issue under discussion one way or another. It was a diversion from the thread and poor manners.

            It is interesting in that the human factors engineering on display is waaay behind current US capabilities.

  7. We need to reevaluate how we use terms like “cyberwarfare” in cases like this. Personally, I’d call it more of a preventive or defense system, with possibly the same purpose as an anti-missile system. Nothing happens until a clear and present danger is discovered, like a threat or launch. The fact that this “cyber defense” is sitting inside an enemy’s camp, is not an “act of cyberwarfare,” and even less so than Muslim zombies or sleeper cells in a Western country, who are not there to defend but to eventually do damage.

    Regardless of the sources of this worm, it was apparently designed to act as a “cyber fuse,” which would shut down the aggressor’s ability to wage war, should that aggressor go too far from internal overheating (i.e. incitement). It is the free world’s way of containing Iran, or other rogue nuclear wannabees.

    The only question that pops up is why this story was publicized outside of military circles. The malware researchers seem proud of their discovery, even posing for pictures, looking smug and proud. “Look at us,” they seem to be saying. But anyone who feels that Western nations need to control and leash pit bulls, the most logical thought is “Look at those jerks!” Nerds may know how to program code, but they’ve never been credited with showing foresight and wisdom. Those jerks have even been working at removing the malware!

    1. Stuff & nonsense. Israel has made the judgement without any proof that Natanz is producing a nuclear weapon. This is not a defensive act. This is an offensive act. We know Israel has nuclear weapons. Is it legitimate then for its enemies to sabotage Dimona? But yr standards yr answer would have to be yes if you are not a hypocrite (which you undoubtedly are). The worm has acted before Iran developed a nuclear weapon. You simply don’t know what you’re talking about. The worm is gone fr. the system is was designed to harm. Still no nuclear weapon, the worm acted & it’s gone. You’re full of c(&p!

  8. Tale about cyber-attacked Busher is contra-juives fiction provocative sleazy dirty lie addressed to understanding stupid fanatical population, produced by Iranian quasi specialists who are traditionally discovers the trace-of-jew as evil finger tape. The real criminal was – if it was – WINDJWS supplying for Nuclear Network control.
    If I were an Iranian Investigating fellow I would interesting in this fact.
    From other side this serenade may be song-to-world for demonstrate that Iranian genius may win even such snaky enemy as jüdische hohamim

Leave a Reply

Your email address will not be published. Required fields are marked *

Share via
Copy link