stuxnet virus - pretty amazing

iceberg · Dec 5, 2011

this may be deemed "political" but i hope not. just a very interesting if not LONG read on how a computer virus may be slowing down irans nuke progress.

if political please delete.

http://www.wired.com/threatlevel/2011/07/how-digital-detectives-deciphered-stuxnet/

dreghorn2 · Dec 5, 2011

Thanks for posting that.

joseephuss · Dec 5, 2011

That was a cool story. It is amazing and a little bit scary what can be done out there.

punchnjudy · Dec 5, 2011

Thanks, I read the first page and printed out the rest for future reading. Wouldn't worry about it being political. If it were political, it would be just a few pages with catchy phrases throughout...so the politicans could understand it.

hairic · Dec 5, 2011

http://www.schneier.com/blog/archives/2010/10/stuxnet.html

iceberg · Dec 5, 2011

hairic;4291846 said:
http://www.schneier.com/blog/archives/2010/10/stuxnet.html

more - nice! i must say if we're actually to blame, score one for us.

MonsterD · Dec 5, 2011

I also cannot understand why it was so sloppily distributed for such a highly constructed intrusion. Think about it the independent security companies sniffed it out and broke it down. So if it was successful it did not do much but expose it could be done. If you read the comments on that story there is a centrifuges programmer specialist that said he always programs the PLCs apart from the WindowsCC to react safely if there is a problem and that includes any alarms that would fail or in this case had been masked.

Not sure what to make of it because if we(Govt.) were to launch a cyberweapon I think it would be something more stealth and specific in impetus, not this.

iceberg · Dec 5, 2011

MonsterD;4292040 said:
I also cannot understand why it was so sloppily distributed for such a highly constructed intrusion. Think about it the independent security companies sniffed it out and broke it down. So if it was successful it did not do much but expose it could be done. If you read the comments on that story there is a centrifuges programmer specialist that said he always programs the PLCs apart from the WindowsCC to react safely if there is a problem and that includes any alarms that would fail or in this case had been masked.

Not sure what to make of it because if we(Govt.) were to launch a cyberweapon I think it would be something more stealth and specific in impetus, not this.

no one is claiming ownership. to say it's the US is speculation, nothing more.

the fact it can run for years "under the radar" doing what it has done is phenominal.

if you don't get what happened, sorry. i know i won't ever be able to explain.

dback · Dec 5, 2011

Here are a few interesting blog articles about some of the initial diagnoses of a Stuxnet infection. Mark Russinovich's blog is actually one of the better ones out there for troubleshooting Windows issues. I highly recommend the Sysinternals suite as a part of any Windows troubleshooting toolkit.

Analyzing a Stuxnet Infection with the Sysinternals Tools, Part 1

Analyzing a Stuxnet Infection with the Sysinternals Tools, Part 2

Analyzing a Stuxnet Infection with the Sysinternals Tools, Part 3

MonsterD · Dec 5, 2011

iceberg;4292141 said:
no one is claiming ownership. to say it's the US is speculation, nothing more.

the fact it can run for years "under the radar" doing what it has done is phenominal.

if you don't get what happened, sorry. i know i won't ever be able to explain.

No I am saying it is an open mystery as to anything dealing with it.

Not sure what explaining you need to do. Even if it was for the nuclear plant, it did not do nearly enough to justify that it existed. And like that automation guy said it seems logical to have redundant systems that could not be affected by Stuxnet. Here is a quote that made a lot of sense to me.

"Also range checking etc, of parameters in the PLC would defeat the writing of commands down from WinCC. (By the way WinCC is not Step 7 - they are two entrily different things - the article is factually incorrect). WinCC is the HMI or SCADA and Step 7 is the programming interface use to program S7 PLCs. Also S7 PLCs use LAD, FBD or STL as their programming language - not just STL. I would always program the PLC to be indpendant of the HMI. So if the HMI went down for a brief period then S7 PLC and centrifuge (it is mainly centrifuges that I program) could still run safely. Basic defensive programming techniques that I use all the time in centrifuge programming would have easil;y ensured this virus null and void"

iceberg · Dec 5, 2011

MonsterD;4292238 said:
No I am saying it is an open mystery as to anything dealing with it.

Not sure what explaining you need to do. Even if it was for the nuclear plant, it did not do nearly enough to justify that it existed. And like that automation guy said it seems logical to have redundant systems that could not be affected by Stuxnet.

ok, not real sure what we're arguing about so let's get back to talking about this and i'll admit - i knew nothing of it until a few days ago so i'm still learning.

are you saying it's not as relevant as the articles say?

MonsterD · Dec 5, 2011

iceberg;4292247 said:
ok, not real sure what we're arguing about so let's get back to talking about this and i'll admit - i knew nothing of it until a few days ago so i'm still learning.

are you saying it's not as relevant as the articles say?

I think it is a guess as to what they might have been thinking about, but they released the "cyberweapon" too early or by mistake.

Reality · Dec 5, 2011

The stuxnet virus story was a while back. The most recent story is what the media has been calling "son of stuxnet" which some virus specialists believe was either engineered the the original person who wrote it or someone who got ahold of the code from the original virus. From what I remember, they said the viruses are engineered for a specific target rather than a broad reaching virus.

I posted on another forum long ago that if the US really wanted to damage Iran's nuclear program, it would not be hard. Everyone assumes viruses are spread through the internet but the most efficient method of cyber warfare against a country like Iran would be through modifying/infecting the firmware in the hardware they use.

Iran would be an easy target in fact because of all the sanctions being imposed against them. They are quite likely limited with where they can obtain replacement or new hardware and equipment so all the US would need to do is temporarily confiscate the hardware when it is being shipped to Iran, infect it and then let it go to them. If the viruses are in the firmware of the hardware, anti-virus software and reloads will not get rid of it. At the very least it will make all of their equipment suspect which will cause them to shut everything down for a considerable amount of time.

#reality

SaltwaterServr · Dec 6, 2011

Is this the same one that supposedly made the Iranian uranium centrifuges spin out of control and destroy themselves?

Chocolate Lab · Dec 6, 2011

SaltwaterServr;4292479 said:
Is this the same one that supposedly made the Iranian uranium centrifuges spin out of control and destroy themselves?

That's the one. It probably set them back several years. Amazing, really.

Of course, it only delays (delayed) them for a while.

And reality, did you read the articles?

stuxnet virus - pretty amazing

iceberg

rock music matters

dreghorn2

Original Zoner (he's a good boy!)

joseephuss

Well-Known Member

punchnjudy

Well-Known Member

hairic

Well-Known Member

iceberg

rock music matters

MonsterD

Quota outta absentia

iceberg

rock music matters

dback

Member

MonsterD

Quota outta absentia

iceberg

rock music matters

MonsterD

Quota outta absentia

Reality

SaltwaterServr

Blank Paper Offends Me

Chocolate Lab

Run-loving Dino

Staff online

Members online

Latest posts

Forum statistics