Comments

• Jose_X

  2011-01-17 04:58:17

  Ah, this makes sense.
  
  The recent strong push towards Linux by Russia might have been because they realized that malware that could shut down their systems were already existent and the closest allies of Microsoft (eg, Americans) would have the advantages.
  
  I think Iran uses Russian technology and the results of the malware attack would have been known to Russia (in time to make their own Linux headlines) before the malware made headlines.

• Jose_X

  2011-01-19 21:27:57

  This has just been released: http://www.nytimes.com/2011/01/16/world/middleeast/16stuxnet.html?_r=1&hp=&pagewanted=all .
  
  The story appears to leverage some Wikileaks material (?) and covers the Stuxnet worm.
  
  Reading over it, it seems to me that Iran likely uses centrifuges (P-1 from Pakistan) from a design going back many years but likely uses at least some modern components to control this system. One modern component would be a "controller" which apparently includes software built by Siemens (P.C.S.-7). This software likely runs on a version of Windows OS ( http://cryptome.org/0003/siemens-pcs7-sec.pdf ?) and had been known for having some security holes. What may perhaps have been a dual Israeli/US effort to create Stuxnet apparently made its way into a shipment of those controllers perhaps after being intercepted on way to Iran.
  
  The story leaves a number of things up in the air but draws a bunch of dots which suggest the above description might be correct. The PCS 7 pdf link to Windows is something I googled quickly trying to find a link to Windows since Stuxnet was known to attack Windows systems. The NYTimes article doesn't mention Windows anywhere, and the PDF only suggests its related to a Microsoft product.

• Jose_X

  2011-01-19 21:33:04

  Anyway, so Russia possibly recently got the extra urge to avoid Windows as a story related to this stuxnet story provided by the NYTimes reinforced in their minds that Windows vulnerabilities is indeed a national vulnerability if important systems in Russia were to be based on Windows. Windows naturally being a system where advantage most likely lies with Americans or at least people outside Russia.

• Dr. Roy Schestowitz

  2011-01-19 21:51:43

  Thanks for accumulating all this valuable information.
  
  Well, 'Windows viruses" can be a reasonable classification given that it now effects a lot more sites and deployments. Stuxnet has variants. Earlier today I found "Special Report: Stuxnet may be the Hiroshima of our time"
  
  

  The issue of righteousness or even strategic validity of a preemptive attack becomes more blurry when the attack is to prevent a possible behavior by another sovereign nation that may or may not pose a direct threat to the preemptively attacking nation.
  
  This, of course, was the question with Saddam Hussein’s supposed weapons of mass destruction, and is likely to be the question with Iran’s nuclear activities.
  
  In these cases, the justifications are more murky. As we all know, the attack on Saddam substantially destabilized the region, drew the United States into an unending war, cost us thousands of lives and billions of dollars, and hasn’t resulted in a net positive benefit to American security.
  
  But that’s because Saddam apparently didn’t have WMDs. If he did, we still don’t know if he’d have actually used them, paraded them around as a point of pride, or simply stockpiled them.

  
  
  It is getting political.

• Jose_X

  2011-01-19 23:02:49

  This is a Siemens documentation for pcs7 in case anyone cares http://www.google.com/url?sa=t&source=web&cd=9&ved=0CEkQFjAI&url=http%3A%2F%2Fwww.automation.siemens.com%2Fw2%2Fefiles%2Fpcs7%2Fpdf%2F76%2Fkg_stpcs7_v61_en.pdf&rct=j&q=Process%20Control%20System%207%20Windows&ei=t1o3TbuyBcGCgAeEmc2mBA&usg=AFQjCNFIHiLRGKsHuhFiYfpvfuuMhWRPQQ&cad=rja
  
  The Windows connection is no secret as I found out by some googling.
  
  This page http://en.wikipedia.org/wiki/Stuxnet covers Stuxnet well but is not updated to include the following from the NYTimes article reference to the wikileaks cables:
  
  > Controllers, and the electrical regulators they run, became a focus of sanctions efforts. The trove of State Department cables made public by WikiLeaks describes urgent efforts in April 2009 to stop a shipment of Siemens controllers, contained in 111 boxes at the port of Dubai, in the United Arab Emirates. They were headed for Iran, one cable said, and were meant to control “uranium enrichment cascades” — the term for groups of spinning centrifuges.

• Dr. Roy Schestowitz

  2011-01-20 05:15:09

  IMHO, they only provide Iran with more reasons to get angry while they pursue the inevitable.

• Dr. Roy Schestowitz

  2011-01-20 19:05:36

  I just waned to add this reference I found several hours ago:
  
  

  There is a growing sentiment among security researchers that the programmers behind the Stuxnet attack may not have been the super-elite cadre of developers that they've been mythologized to be in the media. In fact, some experts say that Stuxnet could well have been far more effective and difficult to detect had the attackers not made a few elementary mistakes.
  
  In a talk at the Black Hat DC conference here Tuesday, Tom Parker, a security consultant, presented a compelling case that Stuxnet may be the product of a collaboration between two disparate groups, perhaps a talented group of programmers that produced most of the code and exploits and a less sophisticated group that may have adapted the tool for its eventual use. Parker analyzed the code in Stuxnet and looked at both the quality of the code itself as well as how well it did what it was designed to do, and found several indications that the code itself is not very well done, but was still highly effective on some levels.

  
  
  We're going to hear a lot more about Stuxnet.