On Friday 03 Dec 2010, Tim wrote:
> Came across this article earlier, though some might be interested in
> reading
>
> http://www.foxnews.com/scitech/2010/11/26/secret-agent-crippled-irans-nucle
> ar-ambitions/
>
> Quite frightening really.
Ever since the stuxnet worm was identified, I've been amazed that it worked;
on several levels. I've also come to wonder how much of the story is true.
In the US, many half-way intelligent people seem to consider Fox News as at
best totally biased and at worst an organ of corporate America. If you start
from that standpoint, it's not much of a stretch to wonder if Fox News is also
an organ of the American government. Leaving aside the conspiracy theories
for the moment, what about the facts?
The first and most verifiable fact is that a worm called stuxnet does exist
and it is apparently fairly sophisticated. Less verifiable is the statement
that it attacks the PLCs that control parts of the Iranian nuclear fuel
programme.
Also verifiable, (although I have no direct knowledge of this) is that Siemans
PLCs run Windows. I have to say, I was incredibly surprised to read this when
it first emerged a few months ago. Who in their right mind runs a machinery
control program using a desktop operating system? Apparently Siemens. I've
worked with Allan Bradley PLCs in the past (although I've never programed one)
and to the best of of my knowledge they run a real-time OS as you would
expect. At the end of the day, they mainly use ladder logic, so what do they
need things like web browsers and file managers for?
When you read the full story, as reported by Fox, things become less credible.
If the Iranians were running the kind of project described in the article, of
course they would have an 'Air Gap'. I never thought that the Iranians were
stupid, but according to the article, they allowed staff to use USB memory
devices, which was apparently the way the worm jumped the Air Gap. I would
have thought that USB ports would have been disabled. Of course it's entirely
possible that this story is true, but who would dedicate 10,000 man days of
work to a project where the largest Risk was that the Iranians were operating
an IT policy that would prevent it getting off the ground? Maybe someone did.
Maybe someone knew that they weren't.
Then there is the bit about security certificates. Why does a fully isolated
network need to use security certificates designed for online commerce? If
they needed to secure the exchange of data between hosts on a secure network,
then wouldn't they design their own military system. Maybe they did use
commercial security certificates, but it seems a bit pointless (unless of
course the Windows Operating System insisted on it).
In any case, I was always uncomfortable with the fact that online security
relies on the distribution of these certificates, which could be stolen or
manufactured by a clever enough organisation. Maybe I don't understand enough
about the way in which they work, but to me, any security can be compromised
and a system that is used for the really important things (like boodles of
money) is going to be a target.
I think the most likely explanation is disaffected Iranian nationals
committing acts of sabotage and all this is a smokescreen to cover their
activities. It looks as if quite a few scientists and others have been made
to 'disappear' (if you can believe Fox), so even if this story is true, then a
number of real or imagined saboteurs have already been removed.
Whatever the truth of this story, I suspect that we don't know what it is yet
(and maybe never will).
--
Terry Coles
64 bit computing with Kubuntu Linux
--
Next meeting: The Broadway, Bournemouth, Tuesday 2010-12-14 20:00
Meets, Mailing list, IRC, LinkedIn, ... http://dorset.lug.org.uk/
How to Report Bugs Effectively: http://goo.gl/4Xue
