Good stuxnet article...

FoxNews.com - Mystery Surrounds Cyber Missile That Crippled Iran's Nuclear Weapons Ambitions

An excellent, in-depth article about Stuxnet... I didn't realize that it is estimated to have been screwing up that plant for over a year before it was noticed. That is some pretty awesome coding. Although, at the end, with the deadfoot reference, it simply amazes me that the people who have the kind of capacity to create this kind of technology still find the need to 'stamp' their products with a potential identifier.

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

eansdad

If you wrote it would you rather have your stamp on it and be forever known or not and have some hack lay claim? Not saying I would add my resume and address to it but I'd at least tag it. They claim it has to be from some big time government cyber warfare center....I bet it is some 13 year old kid somewhere in some former USSR country. Nice job either way...

erpadmin

This is one worm we should be glad worked though.

However, I am hoping that we have some CISSPes (or advanced equivalents) that know what they're doing to make sure this type of worm doesn't hit the US (or our allies).

tiersten

eansdad wrote: »

I bet it is some 13 year old kid somewhere in some former USSR country

A 13 year old kid that happens to know how to manipulate specific industrial motor controllers and only when they're configured for a very specific unusual set of parameters that only occurs when you're doing this type of work? Okay...

colemic

eansdad wrote: »

If you wrote it would you rather have your stamp on it and be forever known or not and have some hack lay claim? Not saying I would add my resume and address to it but I'd at least tag it. They claim it has to be from some big time government cyber warfare center....I bet it is some 13 year old kid somewhere in some former USSR country. Nice job either way...

I don't think I would want the fame, knowing what the consequences would be if they found out whowas!

Microsoft estimated it took 10,000 man-days of labor, That's over 5 years of work for just one person. I have no doubt that it was state-sponsored, and they didn't have a 13-year old working on it.\

EDIT: 10,000 labor days would take 38.5 YEARS for one person, not 5. My bad. (10,000x8 hours)/2080)

colemic

erpadmin wrote: »

This is one worm we should be glad worked though.

However, I am hoping that we have some CISSPes (or advanced equivalents) that know what they're doing to make sure this type of worm doesn't hit the US (or our allies).

It infected over 100,000 systems and only attacked one - I sure hope that whoever wrote it is on our side, and stays there.

veritas_libertas

If it wasn't state sponsored and done by a single individual, than someone resurrected Einstein and taught him computer programming skills...

colemic

Close, Einsten would have to teach Eistein programming skills! LOL

slinuxuzer

Great read and an excellent example of cyber warefare, did you guys forget about the code red worm?

I imagine this is going to be a large battle front from now on and if you think goverment agencies didn't have a hand in this your nuts, it just randomly found it's way onto the personal computers of iran's nuclear scientists?

colemic

phoeneous wrote: »

Seriously?

I wondered about that too - but if you were building a cutting-edge system, isolated from the internet, it would be likely (although still a bad idea) to have such a new OS running, especially for powering (through software) advanced technologies. Or maybe they just believed Microsoft when they said it was more secure.

erpadmin

colemic wrote: »

It infected over 100,000 systems and only attacked one - I sure hope that whoever wrote it is on our side, and stays there.

Everyone has a price...and it's not necessarily money. If so much as one of these guys can be bought by a bad guy, we need to be constantly vigilant.

the_Grinch

In past articles I read they pointed out that the delivery system seemed like it was coded by a less able programmer then the worm itself. I'd have to agree definitely state sponsored and this is something law enforcement/intelligence groups have been talking about. Learn the ins and outs of what you want to attack then write a very targeted virus. This will allow it to bypass antivirus and other such defenses.

erpadmin

Well...so much for the script-kiddie theory that I never bought into anyway....

http://www.nytimes.com/2011/01/16/world/middleeast/16stuxnet.html?_r=1&pagewanted=1

TheShadow

erpadmin wrote: »

Well...so much for the script-kiddie theory that I never bought into anyway....

http://www.nytimes.com/2011/01/16/world/middleeast/16stuxnet.html?_r=1&pagewanted=1

Nice catch thank you. A very enlighting article, I downloaded the 62 page PDF also very interesting. I wonder what was on slide page 31, seems strange that it was all black, it was the only one. Hmmm.

Bl8ckr0uter

phoeneous wrote: »

Seriously?

My thoughts exactly. Usually very specialized machines run some sort of highly customized unix/linux or some other system. Windows 7? Very interesting...

erpadmin

While I do believe the CIA/Mossad were involved, the worm still had to get there somehow. Two words for that....

Inside job.

Someone (or some group) had to have planted the worm knowingly in the Iran plants. My guess is they were those scientists who got killed and then the Iranians blamed the Israelis/US for that. The ones who got away is probably sipping a latte in Europe somewhere under a watchful eye.

My fear is that some other group will do the same to us at some point.

Nice that the battle got won, but the war is far from over.

veritas_libertas

Bl8ckr0uter wrote: »

My thoughts exactly. Usually very specialized machines run some sort of highly customized unix/linux or some other system. Windows 7? Very interesting...

Yeah, that blows my mind. What on earth were they thinking?

tiersten

TheShadow wrote: »

I wonder what was on slide page 31, seems strange that it was all black, it was the only one. Hmmm.

It got redacted because it contains sensitive information of some kind. Its happened a few times in the past where somebody didn't quite understand how the document editor worked and they just placed a black square over the information. They then released this file without actually merging the various layers together so anybody who knows how can just remove the black box and read the "redacted" information.

tiersten

erpadmin wrote: »

Inside job.

Someone (or some group) had to have planted the worm knowingly in the Iran plants. My guess is they were those scientists who got killed and then the Iranians blamed the Israelis/US for that. The ones who got away is probably sipping a latte in Europe somewhere under a watchful eye.

Why do you think its an inside job? Stuxnet was extremely virulent and would infect everything but wouldn't actually do anything else except when it found this specific hardware/software combination. It was allegedly designed this way so it'd infect other computers used by the plant staff who would then carry the worm into the plant or into secure computers. It sounds fairly plausible as a mechanism to get into systems without high level insider access.

tiersten

Bl8ckr0uter wrote: »

My thoughts exactly. Usually very specialized machines run some sort of highly customized unix/linux or some other system. Windows 7? Very interesting...

Its a SCADA type system. Why would it need to be very specialized? The heavy lifting is done by the dedicated controller boxes and the Windows box just monitors and alters the parameters as necessary using the controller monitoring software. They won't require any RTOS or anything like that so a readily available commercial OS like Windows isn't that strange of a choice.