11-27-2010, 08:40 AM | #1 | ||
General Manager
Join Date: Aug 2001
Location: Kansas City, MO
|
Details about worm that disabled Iran's nuclear program for over a year.......
Sorry if already posted. Thought this was pretty interesting stuff. How long until we have our first worm-triggered war?
FoxNews.com - Mystery Surrounds Cyber Missile That Crippled Iran's Nuclear Weapons Ambitions |
||
11-27-2010, 08:59 AM | #2 |
H.S. Freshman Team
Join Date: Feb 2010
Location: Pistol City
|
Great find. Had heard about the worm but didn't know much about it. Fascinating read.
|
11-27-2010, 09:28 AM | #3 |
Grizzled Veteran
Join Date: Nov 2003
Location: MA
|
The person that finally discovers it posts of it's existence to security bulletin site. That site(and mirrors apparently) are immediately hit with a denial of service for 24 hours as the handler for the worm cleans things up.
I wonder how much of a success it was really considered to be by whoever created it(Israel/US). Sounds like it was designed to run for at least several years undetected. Otherwise they could have just destroyed equipment rather than wearing them down. Really cool stuff. Thanks for the link. |
11-27-2010, 09:54 AM | #4 |
College Prospect
Join Date: Oct 2001
|
The sooner it destroys the less effective it is. By being so subtle it probably cost them a year of time and a lot of materials and confused results. If it tried to crash things to abruptly they probably would have wiped their systems and contained it in shorter time (although it may have done more damage in dollars perhaps).
It seems a tricky area to be entering, just because it is a computer doesn't change the fact it is sabotage, and nations have been known to kill spies and rattle sabers over similar acts in the past during peace time. I'm nervous about agitating yet another insane war in the Middle East. If they do start a war against a potential nuclear power, I hope they do the opposite of recent trends and start off with good intel and a narrow powerful strike at the actual weapons instead of a useless 'shock and awe' broad occupation which turns everyone against us and gives them the time to funnel nukes to terrorists or fire them off in retaliation. |
11-27-2010, 10:01 AM | #5 | |
Grizzled Veteran
Join Date: Nov 2003
Location: MA
|
Quote:
I understand this. I'm curious to what "shorter time" equates to and if it's still less than a year. I wonder what the actual duration they had set for a goal was. Obviously it seems from a purely technical standpoint it was a home run. All the required intel required to even conceptualize this worm, then to write it up, set it free and watch it succeed? Must have been pure ecstasy for the people involved. |
|
11-27-2010, 10:30 AM | #6 | |
College Starter
Join Date: Dec 2006
|
Quote:
Iran does this already by supplying arms & aid to terrorist organizations (obviously Hezbollah tops that list). They are simply attempting to disable the nuclear component of such aid. While I don't think it was the intention to have the worm discovered quickly, I do think this puts the ball squarely into Iran's court to respond (if they so choose to respond) and demonstrate what type of "action" they will engage in beyond rhetoric. To be clear...not to "provoke" such action, but to ensure that Iran is the initiator of any military action. I think it is genius. Based on that level of response, the US/Israel will be completely justified to retaliate in a similar manner and will have the domestic support needed to do so...as well as international support (where it counts anyway). Just to hedge off the silliness...I'm not saying all out war should be provoked, encouraged, or should be entered into by choice...it simply gives the US/Israel the justification to counter attack with full force & without the same kid gloves used in Iraq. In other words...the US/Israel could not be an occupying force in Iran (for logistic & intl relations reasons)...but if Israel gets a few missiles lobbed into its cities now...bombing the crap out of the nuclear facilities in Iran will be much more justifiable, IMHO. |
|
11-27-2010, 01:05 PM | #7 | |
Quarterback
Join Date: Oct 2000
Location: London, England
|
Quote:
Any war with Iran would need to start with simultaneous strikes on all nuclear locations. |
|
11-27-2010, 02:47 PM | #8 |
Head Coach
Join Date: Oct 2000
Location: Green Bay, WI
|
The thing is, from what I was reading, this particular worm is able to change details and still make it look like everything is normal.
So depending on how long it was running, yes, it could have affected any number of things with their enrichment program in terms of how enriched the uranium actually is, etc. It won't halt the program but it could have the effect of setting them back not just the year of actual lost time, but time taken to get back to where they 'should' be. The example I read was a worm like this one altering the Coke formula while still reporting that things are 'normal.' Industrial sabotage, if you will. Interesting stuff. |
11-27-2010, 04:07 PM | #9 | |
n00b
Join Date: Oct 2010
|
Quote:
We have been looking at alot of these worms/malware etc that have been doing this or built to. The real worry is what if someone greated one and breached say one of Gerbers automated manufacturing plants and had it alter the baby food with an added harmful ingredient or just alter the ingredients enough to make the harmlful something like that could be difficult to contain until it was too late. |
|
11-27-2010, 07:05 PM | #10 | |
"Dutch"
Join Date: Oct 2000
Location: Tampa, FL
|
Quote:
Welcome to Network Warfare. |
|
11-27-2010, 07:31 PM | #11 |
n00b
Join Date: Oct 2010
|
|
11-28-2010, 09:29 AM | #12 | |
Grizzled Veteran
Join Date: Nov 2006
Location: Backwoods, SC
|
Quote:
I've now seen this same or very similar proposition 3 times in the past week. Sure you could easily change the mixing percentages along a compound line, but "adding" an otherwise non-present ingredient seems very skeptical to me. Unless the worm is going to convince purchasing to order some chemical not previously used. Given corporate America's non-chalant attitude to everything it would surprise me to see Susie in accounting say, "Weird I never used to order arsenic, but oh well, order away" but at some point this has to be installed in a production line etc. Certainly a conceivable Tom Clancy novel with a select few guys on the inside carrying out the evil worms orders, but a much less likely scenario, IMHO. Now if a simple reformulation could say increase IRON supplementation from .1% to a toxic 35% level, sure I see that as entirely plausible. |
|
11-28-2010, 12:57 PM | #13 |
"Dutch"
Join Date: Oct 2000
Location: Tampa, FL
|
How about something more widespread? Our water supply runs through water treatment plants. The last stages of that treatment is to add chlorine and flouride and then release the water back into general use. What if the computer that regulated the ammount of chlorine and flouride was duped into thinking it wasn't pumping enough chemicals into the water?
I sure hope we have good network security at those sites and god-forbid we use any sort of wireless connections. We need to take a real hard look at that stuff because I can guarantee you that the Chinese, Russians, and plenty of other organized hacks are out there investigating American network vunlerabilities. |
11-28-2010, 02:00 PM | #14 |
Grizzled Veteran
Join Date: Nov 2003
Location: MA
|
It's less about simple network security now than policy and procedure. The servers targeted in Iran did not even have a link to the internet, it was supposedly completely isolated. Instead laptops were infected outside and spread when they walked into the facility and physically plugged in. Even if it was hooked up to the internet an attack like this would bypass all the perimeter security anyways, very hard to defend against unfettered access internally.
Employees, every one top to bottom, needs to be prohibited from using any type of mobile device to connect to both the internal network and everywhere else. That's a tough mandate, only takes one ignorant person to break the rule. That's from the IS level. But there was a lot of intelligence gathering needed in order to pull this off. They had to know the facility inside and out, processes, every exact piece of equipment with very in depth understanding at how they worked, etc. As much or possibly even more time and money needs to be spent on guarding that information as there is on network security. You can have the most advanced worm in the world, guaranteed to silently infect anything, but if you don't know what the target is or how to manipulate it for your goal it's worthless. Last edited by jeff061 : 11-28-2010 at 02:03 PM. |
11-28-2010, 04:56 PM | #15 |
Grizzled Veteran
Join Date: Oct 2000
Location: Seattle
|
Pandora's Box = opened
This kind of shit scares the hell out of me. I would think (hope?) that national security organizations are on top of these kinds of threats enough to protect government infrastructure, but it only takes one idiot (as noted above) to break security. Industrial sabotage seems much more probable. And while I agree that changing (for example) baby formula to include something clearly poisonous like arsenic isn't going to happen, you could certainly muck with the existing ingredients enough to overconcentrate certain items which could lead to (for example) kidney damage. That's fairly unlikely given procedures to test every batch of formula mix, but who's to say that the worm couldn't be written to also override batch testing results. We're in a whole new world of warfare. |
11-28-2010, 05:02 PM | #16 |
Hall Of Famer
Join Date: Oct 2002
Location: Massachusetts
|
If it was industrial sabotage wouldn't it be more likely just to make the stuff taste bad so you switched to a competitor's brand?
Anything else would take too long to be commercially effective. Last edited by DaddyTorgo : 11-28-2010 at 05:03 PM. |
11-28-2010, 05:16 PM | #17 |
Head Coach
Join Date: Oct 2000
Location: Colorado
|
Some of you guys make this sound like it's a new thing. Cyber sabotage have been going on for years, both industrial, governmental and international. The scope of this worm is certainly impressive and it underscores the need for us to maintain good IT and physical security practices. We have been working very seriously on NERC CIP for a few years and while we have 25,000-50,000 attacks daily from abroad (mostly from China), they are easily thwarted. But we need to keep the expertise and brains here and not elsewhere.
|
11-28-2010, 05:28 PM | #18 |
Grizzled Veteran
Join Date: Nov 2003
Location: MA
|
What interests me is the merging of human intel and how successfully it was used to carry out such an in depth and customized attack. That's relatively new, at least new to the public.
Cyber sabotage in general usually is just based on DDOS attacks and maybe some type of automated script kiddie kit. I imagine the vast majority of those 25k-50k attacks are just random(not targeted) broadcast hits from zombies. |
11-28-2010, 05:34 PM | #19 | |
Head Coach
Join Date: Oct 2000
Location: Colorado
|
Quote:
That's true but they are getting more sophisticated and any one of them could mask a true attack. We went through an expensive upgrade of our firewalls, not only to handle the volume but to be smarter about it. |
|
11-28-2010, 05:36 PM | #20 | |
Grizzled Veteran
Join Date: Oct 2000
Location: Seattle
|
Quote:
|
|
11-28-2010, 05:42 PM | #21 | |
"Dutch"
Join Date: Oct 2000
Location: Tampa, FL
|
Quote:
I'd argue that restricting personal laptop/thumb drive access to a network IS simple network security that is supposed to be a part of any corporate or govt policy. Last edited by Dutch : 11-28-2010 at 05:43 PM. |
|
12-04-2010, 12:24 PM | #22 |
Hall Of Famer
Join Date: Apr 2002
Location: Back in Houston!
|
Fascinating story. Good catch, MBBF.
SI
__________________
Houston Hippopotami, III.3: 20th Anniversary Thread - All former HT players are encouraged to check it out! Janos: "Only America could produce an imbecile of your caliber!" Freakazoid: "That's because we make lots of things better than other people!" |
01-15-2011, 08:58 PM | #23 |
Grizzled Veteran
Join Date: Nov 2003
Location: MA
|
More information on the design, development and origins of Stuxnet. I really still find this entire store tremendously interesting.
Stuxnet Worm Used Against Iran Was Tested in Israel - NYTimes.com Shockingly they point to Israel and the US with help(perhaps unknowingly) from Britain and Germany. They say Israel actually had a lab setup with centrifuges they tested the malware on. Prior to the development of the worm Israel approached the US for permission and equipment for a military strike which they expected would set the program back by 3 years. It was denied and they went this route instead, which they now feel has set it back 3 years minimum. I wonder how many times countries can get away with an action like this before it is considered an act of war? Or could Iran make that claim now, but it's just not in their best interests. Last edited by jeff061 : 01-15-2011 at 08:59 PM. |
01-16-2011, 10:53 AM | #24 | |
n00b
Join Date: Oct 2010
|
Quote:
Thanks Jeff for link. I also find this very informative and helpful. |
|
01-16-2011, 02:53 PM | #25 | |
Pro Starter
Join Date: Oct 2000
Location: Cary, NC
|
Quote:
The problem with this approach in the U.S. is that we are SUPPOSED to have a safety system that tests and validates, it doesn't just trust that what ingredients go in are what comes out. Quality Control is supposed to be testing all this stuff regularly. Note that several of the food recalls have been detected before folks start getting sick. I had a friend in college who worked for one of the large beverage companies testing the stuff as it came off the assembly line. Something like this MIGHT work (some stuff certainly still gets through), but is just as likely if not more so to be caught before the product ever left the factory.
__________________
-- Greg -- Author of various FOF utilities |
|
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
Thread Tools | |
|
|