Big breakthrough in story regarding US, Israel, Iran, and cyber-warfare

[poopgiggle]

http://arstechnica.c...-control-of-it/

In 2011, the US government rolled out its "International Strategy for Cyberspace," which reminded us that "interconnected networks link nations more closely, so an attack on one nation’s networks may have impact far beyond its borders." An in-depth report today from the New York Times confirms the truth of that statement as it finally lays bare the history and development of the Stuxnet virusâ€"and how it accidentally escaped from the Iranian nuclear facility that was its target.
The article is adapted from journalist David Sanger's forthcoming book, Confront and Conceal: Obama’s Secret Wars and Surprising Use of American Power, and it confirms that both the US and Israeli governments developed and deployed Stuxnet. The goal of the worm was to break Iranian nuclear centrifuge equipment by issuing specific commands to the industrial control hardware responsible for their spin rate. By doing so, both governments hoped to set back the Iranian research programâ€"and the US hoped to keep Israel from launching a pre-emptive military attack.
The code was only supposed to work within Iran's Natanz refining facility, which was air-gapped from outside networks and thus difficult to penetrate. But computers and memory cards could be carried between the public Internet and the private Natanz network, and a preliminary bit of "beacon" code was used to map out all the network connections within the plant and report them back to the NSA.

...

But in 2010, Stuxnet escaped Natanz, probably on someone's laptop; once connected to the outside Internet, it did what it was designed not to do: spread in public.

I don't know how big of a deal Stuxnet was to most people, but in the geek community it was a HUGE deal. Everyone pretty much assumed that it was a government-sponsored endeavor, and I don't think anyone is surprised that the US and Israel was behind it.

E: Also I'm totally unsurprised that the US's involvement in Stuxnet was confirmed as we're ramping up to election season.

 

[poopgiggle]

Here's the NYT article: http://www.nytimes.com/2012/06/01/world/middleeast/obama-ordered-wave-of-cyberattacks-against-iran.html?pagewanted=1&_r=1

It's far more in-depth than the Ars summary.

 

[benjamin-benjamin]

very interesting read.. thanks

 

[JSooner]

I remember reading that article. Crazy stuff. If the virus would have just busted the centrifuges they would have figured it out and adapted. Instead it just monkeyed with spin rates causing early failures of parts and effed up the quality of the yellow cake. It also caused the Iranian gov to think there were spies among the scientists. If I remember correctly a few of the scientists were killed because of it all. Pure genius.​
I assume that whole ordeal was why the DoD banned thumb drives.​

 

[poopgiggle]

I assume that whole ordeal was why the DoD banned thumb drives.​

That was a different thing but yeah, thumb drives were banned because of a similar incident.

 

[JSooner]

That was a different thing but yeah, thumb drives were banned because of a similar incident.

It's funny. I transferred to a place that allows them and I have to make a conscious effort to use the dang things. It was so ingrained to just burn stuff to a disk. I don't know how many disks I wasted for just one or two files.

 

[Chambers]

Stuxnet makes a sexy news story but I can tell you that if you worked with PLC's and industrial automation systems you'd be underwhelmed.

I seriously doubt it caused them much heartache at all.

And also not surprised of the source....

 

[poopgiggle]

Stuxnet makes a sexy news story but I can tell you that if you worked with PLC's and industrial automation systems you'd be underwhelmed.

My master's thesis project was a platform for finding vulnerabilities in PLCs and I respectfully disagree with your assessment.

 

[jeffsoward]

My master's thesis project was a platform for finding vulnerabilities in PLCs and I respectfully disagree with your assessment.

Especially when they direct all the gas flow back to the hub like in Live Free or Die Hard.

I've worked with PLC's and automation equipment for some time now, and you can gremlinify them but, to paraphrase Magic Mike, woohoo :crazy:

 

[Chambers]

Well, if it ****ed them up bad I'll just say they are very bad at their jobs and leave it at that!

F-16s are much more effective.

 

[poopgiggle]

Well, if it ****ed them up bad I'll just say they are very bad at their jobs and leave it at that!

It's probably a combination of incompetence and the fact that they were using old, second-hand centrifuges.

 

[jeffsoward]

It's probably a combination of incompetence and the fact that they were using old, second-hand centrifuges.

I'd say you're spot-on. The DPRK sold them for a reason. I can just see some masking tape with a rough translation written on to tell them which buttons to press.

 

[Chambers]

Heheh... good point.

Sound the Halarm!!!

 

[aeropb]

Had no doubt stuxnet was tailored by the US.