Fartashphoto's Blog

Stuxnet is something of a different beast

Posted in Uncategorized by fartashphoto on December 17, 2010

Damage from the Stuxnet virus has apparently set back the Iranian nuclear program by as much as two years, according to a German security expert talking to the Jerusalem Post. This makes the virus as effective as a military strike—but without loss of life or risk of full-blown war.

This comes amid claims that the virus is continuing to infect Iranian systems and disrupt the Iranian nuclear effort, and the news from IAEA last month that Iran had suspended work at its nuclear production facilities, likely as a result of the virus.

Speaking to the Post, an expert identified only as “Langer” (we believe the Post likely means Stuxnet expert Ralph Langner, but have not had confirmation at the time of writing) said that due to poor Iranian IT security expertise, the only effective way the country would be able to rid itself of the virus would be through discarding all infected machines. He said that, further, centrifuges would need to be replaced at Iran’s Natanz facility, as might a turbine at Bushehr. Centrifuges operating at between 807Hz and 1210Hz were believed to be a specific target of the virus.

Evidence of continued disruption comes from security firms providing solutions to industrial companies to deal with Stuxnet infections. Eric Byres, an expert from SCADA security firm Tofino Security, told the Post that his company’s website was receiving an increasing number of visits from Iranians in recent weeks, suggesting that dealing with Stuxnet and properly securing industrial automation and control systems was still a problem for the Iranians.

The authorship of Stuxnet remains unknown. In Langer’s view, the complexity means that the Israeli and US governments are likely to be the only groups who could have pulled it off. Indeed, the scale of the program is so expansive that he feels that the project may have been too large for any one country, and that the two governments may have collaborated on development.


Iran violates arms embargo again and again

Posted in Uncategorized by fartashphoto on December 11, 2010

A U.N. committee has investigated two apparent violations of the Iranian arms embargo, the head of the committee told the Security Council Friday.

Tsuneo Nishida, the Japanese ambassador to the United Nations, said both violations occurred in the past three months, CNN reported.

In one case, a country reported finding 13 shipping containers of arms apparently originating in Iran, he said. In another case, a country seized a container of explosives being shipped from Iran to Syria.

The Security Council, in a 2007 resolution, banned the export of arms from Iran. U.S. Ambassador Susan Rice said Nishida’s report shows Iran’s behavior is unchanged.

“Unfortunately, when it comes to Iran’s actions, not much has changed since we last met,” she said. “Iran continues to violate its obligations.”

Gary Samore, President Barack Obama’s top adviser on non-proliferation, said in a speech to the Foundation for the Defense of Democracies that the United States and its allies will ratchet up sanctions if Iran continues on its present course. He said they will “test how high Iran’s pain threshold is.”

“I’m glad to hear that they are having problems with their centrifuge machines,” he told a conference in Washington, referring to the centrifuges used to enrich uranium. “The US and its allies are trying to do everything that we can to ensure that we complicate matters for them.”

“It’s important that we take additional measures,” Mr. Samore said. “That’s a way of correcting any impression that the Iranians might have that just talking for the sake of talking is going to in any way get out of them out of the sanctions noose that is tightening around their throats.”

In a report on Stuxnet issued this week, the US Congressional Research Service said: “States appear to possess a motive to develop Stuxnet because, unlike other forms of malware, the worm is not designed to steal information, but rather to target and disrupt control systems and disable operations.”

There are some experts who believe the main Stuxnet’s target was China and not Iran but the mainstream media likes to turn the attentions to Iran.

Stuxnet worm’s rooting deep

Posted in Uncategorized by fartashphoto on November 25, 2010

The enigmatic Stuxnet worm – which previously destroyed thousands of centrifuges used to enrich uranium – is currently attacking Iranian military systems.

According to DebkaFile, the ongoing digital raid is causing damage, disorder and confusion within the ranks of Iran’s armed forces.

For example, during a recent air defense exercise, Iranian security officials identified 6 foreign aircraft that had ostensibly infiltrated the country’s airspace. The aircraft soon dropped off the radar screen, having been “put to flight” by Iranian fighter jets.

Unsurprisingly, military sources later claimed a “misunderstanding” – insisting there had been no actual violation of Iranian airspace.

Rather, they clarified, Iranian fighters had “simulated” an enemy raid which was then appropriately repulsed.

“The foreign intruders had [indeed] shown up on the exercise’s radar screens, but when the fighter jets scrambled to intercept them, they found empty sky, meaning the radar instruments had lied,” a DebkaFile writer explained.

Several years of preparation for the Stuxnet attack

Posted in Uncategorized by fartashphoto on November 23, 2010

The enigmatic Stuxnet worm has reportedly caused thousands of Iranian centrifuges used for the enrichment of uranium to grind to an unceremonious halt.

According to the Associated Press, diplomats currently lack specifics on the exact nature of the “temporary” shutdown.

However, suspicions have thus far focused on Stuxnet – which many experts believe is precisely calibrated to destroy centrifuges by sending them spinning out of control.

“It is obvious that several years of preparation went into the design of this [Stuxnet] attack,” German computer security expert Ralph Langner opined in a recent report quoted by the Jerusalem Post.

“[I would compare it to] the arrival of an F-35 fighter jet on a World War I battlefield… [It is obviously] much superior to anything ever seen before, and to what was assumed possible.”

A September report from the IAEA said an enrichment facility at Natanz houses about 8,800 centrifuges, but only about 3,700 are operating.

The centrifuges are also operating at only 60 percent of capacity and Iran for some reason has removed hundreds of the machines.

Meanwhile North Korea has secretly and quickly built a new, highly sophisticated facility to enrich uranium, according to an American nuclear scientist, raising fears that the North is ramping up its atomic program despite international pressure.

The facility had 2,000 recently completed new centrifuges and the North told it was producing low-enriched uranium meant for a new reactor.

I’m not saying these two incidents are related, but there is a possibility that Iran asked North Korea to boost up because they’ve got production problems after Stuxnet attack. It deserves proper investigations in my opinion.

Did Israel Launch a Cyber Attack Against Iran? If Yes, Is It Legal?

Posted in Uncategorized by fartashphoto on November 20, 2010

Exclusive Report: Evidence of Iran Nuclear Weapons Program May Be Fraudulent

Stuxnet Cyber Worm Spreads

Posted in Uncategorized by fartashphoto on November 20, 2010

The Stuxnet computer worm originally designed to target Iran’s nuclear plants has spread around the world in the past few months, and now U.S. security experts are warning that the worm could be modified to attack industrial control systems around the world.

First Cyber Super Weapon

Posted in Uncategorized by fartashphoto on November 19, 2010

The Stuxnet worm, a complicated piece of malware apparently engineered to disrupt Iranian uranium enrichment, could be modified to attack more industries, according to experts speaking to the Senate Homeland Security and Governmental Affairs Committee.

The widespread interconnection of corporate networks and use of SCADA systems means that industrial infrastructure is increasingly vulnerable to software attack. Such control systems are used in virtually every industry—food production, vehicle assembly, chemical manufacturing—and are commonly exposed to insecure networks. This leaves them vulnerable to tampering, such as with Stuxnet, as well as intellectual property theft.

The Stuxnet worm was both complex, using a range of techniques to infect machines and spread through networks, and carefully targeted, with a payload specifically designed to attack Siemens SCADA software. Together, these properties together make it uniquely dangerous. Dean Turner, director of the Global Intelligence Network at Symantec Corp., told the committee that the “implications of Stuxnet are beyond any threat we have seen in the past.”

“The reality is that the current, porous state of our nation’s infrastructure means that it wouldn’t take malware as robust and sophisticated as Stuxnet to cripple many of our critical systems.” The committee continued, “Stuxnet has some 4,000 functions; by comparison, the software that runs the average email server has 2,000 functions. Stuxnet can even update itself automatically.”

Of the 44,000 known cases of Stuxnet infection, 60 percent are in Iran. As many as 1,600 computers in the United States have been infected. Stuxnet targets computers who use the Windows operating system and can do many things. Sean McGurk of the Department of Homeland Security summed up Stuxnet as a dangerous virus that appears invisible.

“This code can automatically enter a system, steal the formula for the product you are manufacturing, alter the ingredients being mixed in your product and indicate…everything is running as expected.”

Robert Gates rejects military solution for Iranian nuclear

Posted in Uncategorized by fartashphoto on November 17, 2010

The American minister of defense Robert Gates claim that military action against Iran is not effective during an interview .

Stuxnet worm definitively was made to destroy Iran’s centrifuges

Posted in Uncategorized by fartashphoto on November 16, 2010

New research on the Stuxnet worm shows definitively it was made to target the kind of equipment used in uranium enrichment, deepening suspicions its aim is to sabotage Tehran’s suspected nuclear arms program, experts say.

Stuxnet, a malicious computer worm of unknown origin that attacks command modules for industrial equipment, is described by some experts as a first-of-its-kind guided cyber missile.

Thanks to the worm’s sophistication, uncertainty has lingered about its origins and exact aim since German company Siemens first learned in July that the malware was attacking its widely-used industrial control systems.

Some analysts point to unexplained technical problems that have cut the number of working centrifuges in Iran’s uranium enrichment program as evidence that its nuclear ambitions may have suffered sabotage.

New research by cyber security company Symantec contains evidence that apparently supports the enrichment sabotage theory, pointing to tell-tale signs in the way Stxunet’s changes the behavior of equipment known as frequency converter drives.

A frequency converter drive is a power supply that can alter the frequency of the output, which controls the speed of a motor. The higher the frequency, the higher the motor’s speed.

Stuxnet “sabotages” the systems the drives control, a paper posted online by Symantec researcher Eric Chien said.

“We’ve connected a critical piece of the puzzle.”

Ivanka Barzashka, a research associate at the Federation of American Scientists, said in an email that if Symantec’s findings were true they were very significant.

“If Symantec’s analysis is true, then Stuxnet likely aimed to destroy Iran’s gas centrifuges, which could produce enriched uranium for both nuclear fuel and nuclear bombs.”

Leading German cyber expert Ralph Langner, who says he reached the same conclusion independently of Symnatc, agreed that a gas centrifuge was the likely target.

“This finding strongly points to a controller for a module in a gas centrifuge cascade,” he blogged. “One reasonable goal for the attack could be to destroy the centrifuge rotor by vibration, which causes the centrifuge to explode.

Britain needs cyber attack capability

Posted in Uncategorized by fartashphoto on November 10, 2010

Britain should have an offensive ability to launch computer attacks to deter aggressors as part of a growing emphasis on cyber warfare, a British minister said — and potential enemies should know its capabilities were already “considerable.”

Despite broad cuts to government spending, including on defense, cyber security will receive greater funding. Britain announced a 650 million pound ($1.05 billion) program last month, labeling it a key priority.

As computer systems become more vital in the control of essential services, from power grids to banking, computerized attacks are seen as becoming as important a part of nations’ arsenals as conventional or nuclear weaponry.

“We face a variety of threats in the cyber domain,” armed forces minister Nick Harvey told Reuters on Tuesday after giving a speech on cyber policy at London think tank Chatham House.

“In every other domain (of warfare) you have the concept of deterrence and … in the fullness of time we would expect to get into a position where people understood our capabilities.”

He said: “I don’t think other countries who know anything about this are in any doubt that we have considerable capabilities in this field.

“If they have paid any attention to our security and defense review, they will have seen the signs of clear intent to remain well placed in this domain.”

In his speech, Harvey had said the ability to electronically “turn out the lights” of a potential adversary would provide policymakers with wider options than simply a conventional military attack.

Experts say the Stuxnet computer worm identified mostly this year and widely suspected to have been built by a state intelligence agency to attack the Iranian nuclear program — shows the increasing sophistication of cyber weaponry.

The so-called Iranian Cyber Army, a group of hackers with alleged links to Iran’s Revolutionary Guards, is reportedly getting into the botnet business.

The group, which hacked Twitter and Chinese search engine Baidu last year, has been offering its services on the cyber black market by renting access to its botnet, PCWorld reports. Last month, the group took credit for cyber attacking TechCrunch’s European website.