Fartashphoto's Blog

Stuxnet is something of a different beast

Posted in Uncategorized by fartashphoto on December 17, 2010

Damage from the Stuxnet virus has apparently set back the Iranian nuclear program by as much as two years, according to a German security expert talking to the Jerusalem Post. This makes the virus as effective as a military strike—but without loss of life or risk of full-blown war.

This comes amid claims that the virus is continuing to infect Iranian systems and disrupt the Iranian nuclear effort, and the news from IAEA last month that Iran had suspended work at its nuclear production facilities, likely as a result of the virus.

Speaking to the Post, an expert identified only as “Langer” (we believe the Post likely means Stuxnet expert Ralph Langner, but have not had confirmation at the time of writing) said that due to poor Iranian IT security expertise, the only effective way the country would be able to rid itself of the virus would be through discarding all infected machines. He said that, further, centrifuges would need to be replaced at Iran’s Natanz facility, as might a turbine at Bushehr. Centrifuges operating at between 807Hz and 1210Hz were believed to be a specific target of the virus.

Evidence of continued disruption comes from security firms providing solutions to industrial companies to deal with Stuxnet infections. Eric Byres, an expert from SCADA security firm Tofino Security, told the Post that his company’s website was receiving an increasing number of visits from Iranians in recent weeks, suggesting that dealing with Stuxnet and properly securing industrial automation and control systems was still a problem for the Iranians.

The authorship of Stuxnet remains unknown. In Langer’s view, the complexity means that the Israeli and US governments are likely to be the only groups who could have pulled it off. Indeed, the scale of the program is so expansive that he feels that the project may have been too large for any one country, and that the two governments may have collaborated on development.

Read more >>

Stuxnet worm’s rooting deep

Posted in Uncategorized by fartashphoto on November 25, 2010

The enigmatic Stuxnet worm – which previously destroyed thousands of centrifuges used to enrich uranium – is currently attacking Iranian military systems.

According to DebkaFile, the ongoing digital raid is causing damage, disorder and confusion within the ranks of Iran’s armed forces.

For example, during a recent air defense exercise, Iranian security officials identified 6 foreign aircraft that had ostensibly infiltrated the country’s airspace. The aircraft soon dropped off the radar screen, having been “put to flight” by Iranian fighter jets.

Unsurprisingly, military sources later claimed a “misunderstanding” – insisting there had been no actual violation of Iranian airspace.

Rather, they clarified, Iranian fighters had “simulated” an enemy raid which was then appropriately repulsed.

“The foreign intruders had [indeed] shown up on the exercise’s radar screens, but when the fighter jets scrambled to intercept them, they found empty sky, meaning the radar instruments had lied,” a DebkaFile writer explained.

Several years of preparation for the Stuxnet attack

Posted in Uncategorized by fartashphoto on November 23, 2010

The enigmatic Stuxnet worm has reportedly caused thousands of Iranian centrifuges used for the enrichment of uranium to grind to an unceremonious halt.

According to the Associated Press, diplomats currently lack specifics on the exact nature of the “temporary” shutdown.

However, suspicions have thus far focused on Stuxnet – which many experts believe is precisely calibrated to destroy centrifuges by sending them spinning out of control.

“It is obvious that several years of preparation went into the design of this [Stuxnet] attack,” German computer security expert Ralph Langner opined in a recent report quoted by the Jerusalem Post.

“[I would compare it to] the arrival of an F-35 fighter jet on a World War I battlefield… [It is obviously] much superior to anything ever seen before, and to what was assumed possible.”

A September report from the IAEA said an enrichment facility at Natanz houses about 8,800 centrifuges, but only about 3,700 are operating.

The centrifuges are also operating at only 60 percent of capacity and Iran for some reason has removed hundreds of the machines.

Meanwhile North Korea has secretly and quickly built a new, highly sophisticated facility to enrich uranium, according to an American nuclear scientist, raising fears that the North is ramping up its atomic program despite international pressure.

The facility had 2,000 recently completed new centrifuges and the North told it was producing low-enriched uranium meant for a new reactor.

I’m not saying these two incidents are related, but there is a possibility that Iran asked North Korea to boost up because they’ve got production problems after Stuxnet attack. It deserves proper investigations in my opinion.

Did Israel Launch a Cyber Attack Against Iran? If Yes, Is It Legal?

Posted in Uncategorized by fartashphoto on November 20, 2010

Exclusive Report: Evidence of Iran Nuclear Weapons Program May Be Fraudulent

Stuxnet Cyber Worm Spreads

Posted in Uncategorized by fartashphoto on November 20, 2010

The Stuxnet computer worm originally designed to target Iran’s nuclear plants has spread around the world in the past few months, and now U.S. security experts are warning that the worm could be modified to attack industrial control systems around the world.

Stuxnet worm definitively was made to destroy Iran’s centrifuges

Posted in Uncategorized by fartashphoto on November 16, 2010

New research on the Stuxnet worm shows definitively it was made to target the kind of equipment used in uranium enrichment, deepening suspicions its aim is to sabotage Tehran’s suspected nuclear arms program, experts say.

Stuxnet, a malicious computer worm of unknown origin that attacks command modules for industrial equipment, is described by some experts as a first-of-its-kind guided cyber missile.

Thanks to the worm’s sophistication, uncertainty has lingered about its origins and exact aim since German company Siemens first learned in July that the malware was attacking its widely-used industrial control systems.

Some analysts point to unexplained technical problems that have cut the number of working centrifuges in Iran’s uranium enrichment program as evidence that its nuclear ambitions may have suffered sabotage.

New research by cyber security company Symantec contains evidence that apparently supports the enrichment sabotage theory, pointing to tell-tale signs in the way Stxunet’s changes the behavior of equipment known as frequency converter drives.

A frequency converter drive is a power supply that can alter the frequency of the output, which controls the speed of a motor. The higher the frequency, the higher the motor’s speed.

Stuxnet “sabotages” the systems the drives control, a paper posted online by Symantec researcher Eric Chien said.

“We’ve connected a critical piece of the puzzle.”

Ivanka Barzashka, a research associate at the Federation of American Scientists, said in an email that if Symantec’s findings were true they were very significant.

“If Symantec’s analysis is true, then Stuxnet likely aimed to destroy Iran’s gas centrifuges, which could produce enriched uranium for both nuclear fuel and nuclear bombs.”

Leading German cyber expert Ralph Langner, who says he reached the same conclusion independently of Symnatc, agreed that a gas centrifuge was the likely target.

“This finding strongly points to a controller for a module in a gas centrifuge cascade,” he blogged. “One reasonable goal for the attack could be to destroy the centrifuge rotor by vibration, which causes the centrifuge to explode.

Britain needs cyber attack capability

Posted in Uncategorized by fartashphoto on November 10, 2010

Britain should have an offensive ability to launch computer attacks to deter aggressors as part of a growing emphasis on cyber warfare, a British minister said — and potential enemies should know its capabilities were already “considerable.”

Despite broad cuts to government spending, including on defense, cyber security will receive greater funding. Britain announced a 650 million pound ($1.05 billion) program last month, labeling it a key priority.

As computer systems become more vital in the control of essential services, from power grids to banking, computerized attacks are seen as becoming as important a part of nations’ arsenals as conventional or nuclear weaponry.

“We face a variety of threats in the cyber domain,” armed forces minister Nick Harvey told Reuters on Tuesday after giving a speech on cyber policy at London think tank Chatham House.

“In every other domain (of warfare) you have the concept of deterrence and … in the fullness of time we would expect to get into a position where people understood our capabilities.”

He said: “I don’t think other countries who know anything about this are in any doubt that we have considerable capabilities in this field.

“If they have paid any attention to our security and defense review, they will have seen the signs of clear intent to remain well placed in this domain.”

In his speech, Harvey had said the ability to electronically “turn out the lights” of a potential adversary would provide policymakers with wider options than simply a conventional military attack.

Experts say the Stuxnet computer worm identified mostly this year and widely suspected to have been built by a state intelligence agency to attack the Iranian nuclear program — shows the increasing sophistication of cyber weaponry.

The so-called Iranian Cyber Army, a group of hackers with alleged links to Iran’s Revolutionary Guards, is reportedly getting into the botnet business.

The group, which hacked Twitter and Chinese search engine Baidu last year, has been offering its services on the cyber black market by renting access to its botnet, PCWorld reports. Last month, the group took credit for cyber attacking TechCrunch’s European website.

Cyber Army and Stuxnet in a Cyber war

Posted in Uncategorized by fartashphoto on October 22, 2010

Iranian Ministry of Communications announced that they have identified the source of Stuxnet infection in Iran.

Reza Taghipour, the Minister of Communications said in Iranian public television that a number of sources are “foreign experts” that frequented industrial centers and a number of other individuals who “inadvertently” introduced the virus into the country through flash memory sticks.

Some analysts said that the virus which called world’s “first cyber superweapon” by experts was aimed at disrupting Iran’s nuclear facilities.

Following these reports, Iran’s Atomic Agency announced that the launch of the new nuclear power plant in Bushehr has been delayed but denied that the delay was related to the Stuxnet virus. Only a few believe that is true.

There have been reports in the past of other alleged efforts by Israel and the West to undermine the Iranian nuclear project, some of which also targeted Natanz. These efforts included infiltrating the purchasing networks Iran set up to acquire parts and material for the centrifuges at Natanz and selling damaged equipment to the Iranians. The equipment would then be installed on site and sabotage the centrifuges’ work.

Some analysts suggest Iran might like to retaliate with a cyber attack against Israel or the West, although there are question marks over its capability to do so. Iran’s Cyber Army hacked even Twitter more than once and thousands of other websites. They track people through Internet, in Iran some say Maybe the Unit of Cyber Army is out of Iran but Islamic Republic fund them like hiring them to do their deeds perhaps Pro hackers in Russia, Ukraine or Belarus. This is not a fact, though.

Sometimes back the cyber Army attacked to Chinese websites mainly Baidu search engine which is the first search engine in China.

What I mean is no one knows exactly what’s Islamic Regime is capable of doing if they decided to retaliate which I think they already did.

The beginning of a new world

Posted in Uncategorized by fartashphoto on October 9, 2010

The US Deputy Secretary of Defence, William Lynn, was later to describe the incident as one of the biggest compromises of US military networks in its history.

The agent.btz code spread undetected on both classified and unclassified systems, establishing what amounted to a digital beachhead, from which data could be transferred to servers under foreign control,” Lynn wrote in Foreign Affairs.

“It was a network administrator’s worst fear: a rogue program operating silently, poised to deliver operational plans into the hands of an unknown adversary.”

This year, Iranian nuclear technicians became alarmed when another piece of malicious software, a computer worm, attempted to hijack the system that controls the Natanz nuclear plant.

The code, called Stuxnet, was eventually analyzed and declared to be a complex and targeted program that could only have been created by a nation state.

“This malicious program was not designed to steal money, send spam or grab personal data. No. This piece of malware was designed to sabotage plants, to damage industrial systems,” he said. “I am afraid this is the beginning of a new world.”

In 1982, software inserted into the operating system of a trans-Siberian gas pipeline in the Soviet Union caused a massive explosion. It was later claimed the software was written at the behest of the CIA.

In 2007, during a dispute with Russia, Estonian national infrastructure was subject to crippling cyber attacks. Banks, government departments and media were bombarded with requests for access, causing overloaded servers to shut down. During the war in the former Soviet republic of Georgia in 2008, Georgian infrastructure was bombarded with similar attacks.