Stuxnet raises virus stakes

Asia Times Online ^ | Martin J Young

[Pride_of_the_Bluegrass]

Industrial control systems made by German company Siemens, which are widely used in Iran, were the targets of the worm, indicating that its creators had advanced knowledge of these types of systems far beyond the scope of a most information technology experts. The code is so specialized that it targets only two models of Siemens programmable logic controllers, the S7 300 and S7 400, and will execute only if it finds very specific parameters within the machine. These controllers are usually associated with the management of oil pipeline systems, electrical power grids, and nuclear power plants

[Lurker]

Still no comment from Siemens. Interesting.

[tutstar]

gnip

[Anti-Bubba182]

"..Over the past week, security companies have been dissecting the malware code in an effort to reveal clues about its creators. Feeding conjecture that is spreading across the Internet and media are obscure biblical references discovered hidden in the code.

The word "Myrtus" offers an ephemeral reference to an Old Testament tale in the Book of Esther, depicting a story about a pre-emptive move by the Jews against a Persian plot to destroy them. The Hebrew word for myrtle, "Hadassah", was the birth name of Esther, a Jewish queen of Persia...."

Either it was Israel or some entity trying to sound like Israel.

[the invisib1e hand]

but they have these ads about how building bullet trains and windmills makes little birdies go “chirp” in the big trees, and how 60,000 Americans are employed by them.

[SC Swamp Fox]

...and those trains can go 220 miles per hour...
< unsaid> if you lay down new, dedicated rails.

[Secret Agent Man]

There’s a reason why that name was allowed to be found in there. Exactly what you state.

[UCANSEE2]

The code is so specialized that it targets only two models of Siemens programmable logic controllers, the S7 300 and S7 400, and will execute only if it finds very specific parameters within the machine.

IF this is true, then it explains why it has affected Iran. There are articles out saying China was affected, but I don't believe it. Especially since they claim millions of PC's were affected, yet the above statement indicates that's not even possible.

[UCANSEE2]

Either it was Israel or some entity trying to sound like Israel.

Or Iran tried to install an 'illegal' copy of the upgrade (to avoid paying the fees), and got screwed by this worm that was on some hacker's PC or thumb drive.

[Chode]

dejavu all over again...

In January 1982, President Ronald Reagan approved a CIA plan to sabotage the economy of the Soviet Union through covert transfers of technology that contained hidden malfunctions, including software that later triggered a huge explosion in a Siberian natural gas pipeline, according to a new memoir by a Reagan White House official.

Thomas C. Reed, a former Air Force secretary who was serving in the National Security Council at the time, describes the episode in "At the Abyss: An Insider's History of the Cold War," to be published next month by Ballantine Books. Reed writes that the pipeline explosion was just one example of "cold-eyed economic warfare" against the Soviet Union that the CIA carried out under Director William J. Casey during the final years of the Cold War.

At the time, the United States was attempting to block Western Europe from importing Soviet natural gas. There were also signs that the Soviets were trying to steal a wide variety of Western technology.

Then, a KGB insider revealed the specific shopping list and the CIA slipped the flawed software to the Soviets in a way they would not

'Programmed to go haywire' "In order to disrupt the Soviet gas supply, its hard currency earnings from the West, and the internal Russian economy, the pipeline software that was to run the pumps, turbines, and valves was programmed to go haywire, after a decent interval, to reset pump speeds and valve settings to produce pressures far beyond those acceptable to pipeline joints and welds," Reed writes.

"The result was the most monumental nonnuclear explosion and fire ever seen from space," he recalls, adding that U.S. satellites picked up the explosion. Reed said in an interview that the blast occurred in the summer of 1982.

"While there were no physical casualties from the pipeline explosion, there was significant damage to the Soviet economy," he writes. "Its ultimate bankruptcy, not a bloody battle or nuclear exchange, is what brought the Cold War to an end. In time the Soviets came to understand that they had been stealing bogus technology, but now what were they to do? By implication, every cell of the Soviet leviathan might be infected. They had no way of knowing which equipment was sound, which was bogus. All was suspect, which was the intended endgame for the entire operation."

Reed said he obtained CIA approval to publish details about the operation. The CIA learned of the full extent of the KGB's pursuit of Western technology in an intelligence operation known as the Farewell Story continues below ↓

read the rest here...http://www.industrialdefender.com/general_downloads/incidents/1982.06_trans_siberian_gas_pipeline_explosion.pdf

dejavu all over again...

In January 1982, President Ronald Reagan approved a CIA plan to sabotage the economy of the Soviet Union through covert transfers of technology that contained hidden malfunctions, including software that later triggered a huge explosion in a Siberian natural gas pipeline, according to a new memoir by a Reagan White House official.

Thomas C. Reed, a former Air Force secretary who was serving in the National Security Council at the time, describes the episode in "At the Abyss: An Insider's History of the Cold War," to be published next month by Ballantine Books. Reed writes that the pipeline explosion was just one example of "cold-eyed economic warfare" against the Soviet Union that the CIA carried out under Director William J. Casey during the final years of the Cold War.

At the time, the United States was attempting to block Western Europe from importing Soviet natural gas. There were also signs that the Soviets were trying to steal a wide variety of Western technology.

Then, a KGB insider revealed the specific shopping list and the CIA slipped the flawed software to the Soviets in a way they would not

'Programmed to go haywire' "In order to disrupt the Soviet gas supply, its hard currency earnings from the West, and the internal Russian economy, the pipeline software that was to run the pumps, turbines, and valves was programmed to go haywire, after a decent interval, to reset pump speeds and valve settings to produce pressures far beyond those acceptable to pipeline joints and welds," Reed writes.

"The result was the most monumental nonnuclear explosion and fire ever seen from space," he recalls, adding that U.S. satellites picked up the explosion. Reed said in an interview that the blast occurred in the summer of 1982.

"While there were no physical casualties from the pipeline explosion, there was significant damage to the Soviet economy," he writes. "Its ultimate bankruptcy, not a bloody battle or nuclear exchange, is what brought the Cold War to an end. In time the Soviets came to understand that they had been stealing bogus technology, but now what were they to do? By implication, every cell of the Soviet leviathan might be infected. They had no way of knowing which equipment was sound, which was bogus. All was suspect, which was the intended endgame for the entire operation."

Reed said he obtained CIA approval to publish details about the operation. The CIA learned of the full extent of the KGB's pursuit of Western technology in an intelligence operation known as the Farewell Story continues below ↓

read the rest here...http://www.industrialdefender.com/general_downloads/incidents/1982.06_trans_siberian_gas_pipeline_explosion.pdf

[Seven plus One]

We use Siemens equipment which works just fine, even though it’s naked to the world. (that’s about to change) This worm seems to have a specific job to do, and looks to be designed to do it thoroughly. Very well targeted. The malice here is well focused.

[23 Everest]

Irans say they have captured the spys?

[23 Everest]

Iranians say they have captured the spys?

[infowarrior]

Irans say they have captured the spys?

So they say... Or, as is more likely, they just settled on some convenient scapegoats, for public consumption...

the infowarrior

[infowarrior]

Still no comment from Siemens. Interesting.

Doesn't surprise me. Whoever did this is good, and I mean D-d good at malware. The kleine fraudmeisters at Siemens are in a no-win situation, which imnsho, only serves them right...

the infowarrior

[gandalftb]

Here ya go, the lowdown on Stuxnet:

http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_stuxnet_dossier.pdf

BTW, Siemens has been out of Iran for 30 years.

[arthurus]

Millions of PCs probably have the thing on board but are unaffected by it because they are not Siemens control programs.

[arthurus]

When the NYT discovered the chicanery of the CIA ops and the similar treatment meted out to the Soviet missile and ABM programs the NYT got highly indignant that Reagan had CHEATED the unsuspecting and trusting Russkies and caused them to bark up numerous wrong trees.

[Chode]

yup, RAT bastards... cheat from somebody else's test, you get what you get

[HangThemHigh]

"There are articles out saying China was affected, but I don't believe it. Especially since they claim millions of PC's were affected, yet the above statement indicates that's not even possible."

My first thought too, but if this is designed to spread to find its intended target, it must at least passively infect non-Siemens computers. No one could reasonably expect a USB drive found on the floor to get directly plugged into the target computer.

And exactly who put that drive there? This requires an inside person. I don't buy the USB attack vector. I suspect China is reporting passive infections that came off the web and not from more thumb drives. The question is why are the passive infections not turning up elsewhere?