On Saturday 04 December 2010 09:02:04 Terry Coles wrote: > On Friday 03 Dec 2010, Tim wrote: > > Came across this article earlier, though some might be interested in > > reading > > > > http://www.foxnews.com/scitech/2010/11/26/secret-agent-crippled-irans-nuc > >le ar-ambitions/ > > > > Quite frightening really. > > Ever since the stuxnet worm was identified, I've been amazed that it > worked; on several levels. I've also come to wonder how much of the story > is true. In the US, many half-way intelligent people seem to consider Fox > News as at best totally biased and at worst an organ of corporate America. > If you start from that standpoint, it's not much of a stretch to wonder if > Fox News is also an organ of the American government. Leaving aside the > conspiracy theories for the moment, what about the facts? > > The first and most verifiable fact is that a worm called stuxnet does exist > and it is apparently fairly sophisticated. Less verifiable is the > statement that it attacks the PLCs that control parts of the Iranian > nuclear fuel programme. > > Also verifiable, (although I have no direct knowledge of this) is that > Siemans PLCs run Windows. I have to say, I was incredibly surprised to > read this when it first emerged a few months ago. Who in their right mind > runs a machinery control program using a desktop operating system? > Apparently Siemens. I've worked with Allan Bradley PLCs in the past > (although I've never programed one) and to the best of of my knowledge they > run a real-time OS as you would expect. At the end of the day, they mainly > use ladder logic, so what do they need things like web browsers and file > managers for? > > When you read the full story, as reported by Fox, things become less > credible. If the Iranians were running the kind of project described in the > article, of course they would have an 'Air Gap'. I never thought that the > Iranians were stupid, but according to the article, they allowed staff to > use USB memory devices, which was apparently the way the worm jumped the > Air Gap. I would have thought that USB ports would have been disabled. Of > course it's entirely possible that this story is true, but who would > dedicate 10,000 man days of work to a project where the largest Risk was > that the Iranians were operating an IT policy that would prevent it getting > off the ground? Maybe someone did. Maybe someone knew that they weren't. > > Then there is the bit about security certificates. Why does a fully > isolated network need to use security certificates designed for online > commerce? If they needed to secure the exchange of data between hosts on a > secure network, then wouldn't they design their own military system. Maybe > they did use commercial security certificates, but it seems a bit pointless > (unless of course the Windows Operating System insisted on it). > > In any case, I was always uncomfortable with the fact that online security > relies on the distribution of these certificates, which could be stolen or > manufactured by a clever enough organisation. Maybe I don't understand > enough about the way in which they work, but to me, any security can be > compromised and a system that is used for the really important things (like > boodles of money) is going to be a target. > > I think the most likely explanation is disaffected Iranian nationals > committing acts of sabotage and all this is a smokescreen to cover their > activities. It looks as if quite a few scientists and others have been > made to 'disappear' (if you can believe Fox), so even if this story is > true, then a number of real or imagined saboteurs have already been > removed. > > Whatever the truth of this story, I suspect that we don't know what it is > yet (and maybe never will).
I think reading between the lines that the stuxnet worm was built by a government agency or multiple governments agency (with or without their leaders knowledge). How it got into the nuclear establishment could be simply a dissatisfied worker\double agent sticking a usb stick in a PC to the stupidity of a worker taking work home and using a home PC. I think there is a fair amount of inside knowledge of the Iranian nuclear setup gone into this attack. While much of the fox report is speculation the fact is the bug got into the Iranian nuclear establishment and was very specific in what it was programed to do and how it interacted with its environment, that alone indicates a high level of knowledge of the environment it had to work in. As Terry says, we may never know the full story, but now somebody has opened that can of worms (stuxnet worm) pardon the pun, I don't think it is the last one we will hear about. Tim -- Next meeting: The Broadway, Bournemouth, Tuesday 2010-12-14 20:00 Meets, Mailing list, IRC, LinkedIn, ... http://dorset.lug.org.uk/ How to Report Bugs Effectively: http://goo.gl/4Xue
