While I was reading Dan Brown's Digital Fortress, a book about the NSA
being held hostage by a cryptographer's code that would allow easy
access to their intelligence, I was saying: this must be going on as I'm
reading this, somewhere. Now we have WikiLeaks, and what's described
below coming out in the open.
Am I imaging that we hadn't been subject to nearly as much gov't/media
fear in the last several months over IIran from all concerned/threatened?
Good posting. And it came from FOX?
Natalia
On 11/30/2010 9:55 AM, Arthur Cordell wrote:
*Subject:*FW: IT Security and Iran Nuclear Weapons
November 26, 2010 | *FoxNews.*com
*Mystery Surrounds Cyber Missile*
*That Crippled Iran's Nuclear Weapons Ambitions*
By Ed Barnes
In the 20th century, this would have been a job for James Bond.
The mission: Infiltrate the highly advanced, securely guarded enemy
headquarters where scientists in the clutches of an evil master are
secretly building a weapon that can destroy the world. Then render
that weapon harmless and escape undetected.
But in the 21st century, Bond doesn't get the call. Instead, the job
is handled by a suave and very sophisticated secret computer worm, a
jumble of code called Stuxnet, which in the last year has not only
crippled Iran's nuclear program but has caused a major rethinking of
computer security around the globe.
Intelligence agencies, computer security companies and the nuclear
industry have been trying to analyze the worm since it was discovered
in June by a Belarus-based company that was doing business in Iran.
And what they've all found, says Sean McGurk, the Homeland Security
Department's acting director of national cyber security and
communications integration, is a "game changer."
The construction of the worm was so advanced, it was "like the arrival
of an F-35 into a World War I battlefield," says Ralph Langner, the
computer expert who was the first to sound the alarm about Stuxnet.
Others have called it the first "weaponized" computer virus.[1] <#_ftn1>
Simply put, Stuxnet is an incredibly advanced, undetectable computer
worm that took years to construct and was designed to jump from
computer to computer until it found the specific, protected control
system that it aimed to destroy: Iran's nuclear enrichment program.
The target was seemingly impenetrable; for security reasons, it lay
several stories underground and was not connected to the World Wide
Web. And that meant Stuxnet had to act as sort of a computer cruise
missile: As it made its passage through a set of unconnected
computers, it had to grow and adapt to security measures and other
changes until it reached one that could bring it into the nuclear
facility.
When it ultimately found its target, it would have to secretly
manipulate it until it was so compromised it ceased normal functions.
And finally, after the job was done, the worm would have to destroy
itself without leaving a trace.
That is what we are learning happened at Iran's nuclear facilities --
both at Natanz, which houses the centrifuge arrays used for processing
uranium into nuclear fuel, and, to a lesser extent, at Bushehr, Iran's
nuclear power plant.
At Natanz, for almost 17 months, Stuxnet quietly worked its way into
the system and targeted a specific component - the frequency
converters made by the German equipment manufacturer Siemens that
regulated the speed of the spinning centrifuges used to create nuclear
fuel. The worm then took control of the speed at which the centrifuges
spun, making them turn so fast in a quick burst that they would be
damaged but not destroyed. And at the same time, the worm masked that
change in speed from being discovered at the centrifuges' control
panel.[2] <#_ftn2>
At Bushehr, meanwhile, a second secret set of codes, which Langner
called "digital warheads," targeted the Russian-built power plant's
massive steam turbine.
Here's how it worked, according to experts who have examined the worm:
--The nuclear facility in Iran runs an "air gap" security system,
meaning it has no connections to the Web, making it secure from
outside penetration. Stuxnet was designed and sent into the area
around Iran's Natanz nuclear power plant - just how may never be known
-- to infect a number of computers on the assumption that someone
working in the plant would take work home on a /flash drive/, acquire
the worm and then bring it back to the plant.
--Once the worm was inside the plant, the next step was to get the
computer system there to trust it and allow it into the system. That
was accomplished because the worm contained a "digital certificate"
stolen from JMicron, a large company in an industrial park in Taiwan.
(When the worm was later discovered it quickly replaced the original
digital certificate with another certificate, also stolen from another
company, Realtek, a few doors down in the same industrial park in Taiwan.)
--Once allowed entry, the worm contained four "Zero Day" elements in
its first target, the Windows 7 operating system that controlled the
overall operation of the plant. Zero Day elements are rare and
extremely valuable vulnerabilities in a computer system that can be
exploited only once. Two of the vulnerabilities were known, but the
other two had never been discovered. Experts say no hacker would waste
Zero Days in that manner.
--After penetrating the Windows 7 operating system, the code then
targeted the "frequency converters" that ran the centrifuges. To do
that it used specifications from the manufacturers of the converters.
One was Vacon, a Finnish Company, and the other Fararo Paya, an
Iranian company. What surprises experts at this step is that the
Iranian company was so secret that not even the IAEA knew about it.
--The worm also knew that the complex control system that ran the
centrifuges was built by Siemens, the German manufacturer, and -
remarkably - how that system worked as well and how to mask its
activities from it.
--Masking itself from the plant's security and other systems, the worm
then ordered the centrifuges to rotate extremely fast, and then to
slow down precipitously. This damaged the converter, the centrifuges
and the bearings, and it corrupted the uranium in the tubes. It also
left Iranian nuclear engineers wondering what was wrong, as computer
checks showed no malfunctions in the operating system.
/
Estimates are that this went on for more than a year, leaving the
Iranian program in chaos. And as it did, the worm grew and adapted
throughout the system. As new worms entered the system, they would
meet and adapt and become increasingly sophisticated./
During this time the worms reported back to two servers that had to be
run by intelligence agencies, one in Denmark and one in Malaysia. The
servers monitored the worms and were shut down once the worm had
infiltrated Natanz. Efforts to find those servers since then have
yielded no results.
This went on until June of last year, when a Belarusan company working
on the Iranian power plant in Beshehr discovered it in one of its
machines. It quickly put out a notice on a Web network monitored by
computer security experts around the world. Ordinarily these experts
would immediately begin tracing the worm and dissecting it, looking
for clues about its origin and other details.
But that didn't happen, because within minutes all the alert sites
came under attack and were inoperative for 24 hours.
"I had to use e-mail to send notices but I couldn't reach everyone.
Whoever made the worm had a full day to eliminate all traces of the
worm that might lead us them," Eric Byers, a computer security expert
who has examined the Stuxnet. "No hacker could have done that."
Experts, including inspectors from the International Atomic Energy
Agency, say that, despite Iran's claims to the contrary, the worm was
successful in its goal: causing confusion among Iran's nuclear
engineers and disabling their nuclear program.
Because of the secrecy surrounding the Iranian program, no one can be
certain of the full extent of the damage. But sources inside Iran and
elsewhere say that the Iranian centrifuge program has been operating
far below its capacity and that the uranium enrichment program had
"stagnated" during the time the worm penetrated the underground
facility. Only 4,000 of the 9,000 centrifuges Iran was known to have
were put into use. Some suspect that is because of the critical need
to replace ones that were damaged.
And the limited number of those in use dwindled to an estimated 3,700
as problems engulfed their operation. IAEA inspectors say the sabotage
better explains the slowness of the program, which they had earlier
attributed to poor equipment manufacturing and management problems. As
Iranians struggled with the setbacks, they began searching for signs
of sabotage. From inside Iran there have been unconfirmed reports that
the head of the plant was fired shortly after the worm wended its way
into the system and began creating technical problems, and that some
scientists who were suspected of espionage disappeared or were
executed. And counter intelligence agents began monitoring all
communications between scientists at the site, creating a climate of
fear and paranoia.
Iran has adamantly stated that its nuclear program has not been hit by
the bug. But in doing so it has backhandedly confirmed that its
nuclear facilities were compromised. When Hamid Alipour, head of the
nation's Information Technology Company, announced in September that
30,000 Iranian computers had been hit by the worm but the nuclear
facilities were safe, he added that among those hit were the personal
computers of the scientists at the nuclear facilities. Experts say
that Natanz and Bushehr could not have escaped the worm if it was in
their engineers' computers.
"We brought it into our lab to study it and even with precautions it
spread everywhere at incredible speed," Byres said.
"The worm was designed not to destroy the plants but to make them
ineffective. By changing the rotation speeds, the bearings quickly
wear out and the equipment has to be replaced and repaired. The speed
changes also impact the quality of the uranium processed in the
centrifuges creating technical problems that make the plant
ineffective," he explained.
In other words the worm was designed to allow the Iranian program to
continue but never succeed, and never to know why.
One additional impact that can be attributed to the worm, according to
David Albright of the Center for Strategic and International Studies,
is that /"the lives of the scientists working in the facility have
become a living hell because of counter-intelligence agents brought
into the plant" to battle the breach. /Ironically, even after its
discovery, the worm has succeeded in slowing down Iran's reputed
effort to build an atomic weapon. And Langer says that the efforts by
the Iranians to cleanse Stuxnet from their system "will probably take
another year to complete," and during that time the plant will not be
able to function anywhere normally.
But as the extent of the worm's capabilities is being understood, its
genius and complexity has created another perplexing question: Who did it?
Speculation on the worm's origin initially focused on hackers or even
companies trying to disrupt competitors. But as engineers tore apart
the virus they learned not only the depth of the code, its complex
targeting mechanism, (despite infecting more than 100,000 computers it
has only done damage at Natanz,) the enormous amount of work that went
into it---Microsoft estimated that it consumed 10,000 man days of
labor-- and about what the worm knew, the clues narrowed the number of
players that have the capabilities to create it to a handful.
"This is what nation-states build, if their only other option would be
to go to war," Joseph Wouk, an Israeli security expert wrote.
Byers is more certain. "It is a military weapon," he said.
And much of what the worm "knew" could only have come from a
consortium of Western intelligence agencies, experts who have examined
the code now believe.
Originally, all eyes turned toward Israel's intelligence agencies.
Engineers examining the worm found "clues" that hinted at Israel's
involvement. In one case they found the word "Myrtus" embedded in the
code and argued that it was a reference to Esther, the biblical figure
who saved the ancient Jewish state from the Persians. But computer
experts say "Myrtus" is more likely a common reference to "My RTUS,"
or remote terminal units.
Langer argues that no single Western intelligence agency had the
skills to pull this off alone. The most likely answer, he says, is
that a consortium of intelligence agencies worked together to build
the cyber bomb. And he says the most likely confederates are the
United States, because it has the technical skills to make the virus,
Germany, because reverse-engineering Siemen's product would have taken
years without it, and Russia, because of its familiarity with both the
Iranian nuclear plant and Siemen's systems.
There is one clue that was left in the code that may tell us all we
need to know.
Embedded in different section of the code is another common computer
language reference, but this one is misspelled. Instead of saying
"DEADFOOT," a term stolen from pilots meaning a failed engine, this
one reads "DEADFOO7."
Yes, OO7 has returned -- as a computer worm.
Stuxnet. Shaken, not stirred.
_______________________________________________
Futurework mailing list
[email protected]
https://lists.uwaterloo.ca/mailman/listinfo/futurework
_______________________________________________
Futurework mailing list
[email protected]
https://lists.uwaterloo.ca/mailman/listinfo/futurework
