O.T. Computer virus in Iran targets PLCs

Well, that's what the article says. Mentions Siemens.

http://www.bbc.co.uk/news/technology-11388018

Old news. The reporter got it wrong. The Stuxnet Trojan targets SCADA systems.

Technology reporters are notorious for oversimplifying things, or trying to make something more scary than it is. The linked article is one of the poorer ones on detail, and oversimplifies the issue.

The truth is far more interesting than the general-market reporting. The impression that this was a SCADA attack only has been overtaken by events and the discovery of injected code in the controllers themselves.

The ongoing research work on Stuxnet is very interesting stuff. One of the independent German researchers is publishing his work:

http://www.langner.com/en/index.htm

More From Symantec Last Month-Interesting

http://www.symantec.com/connect/blogs/stuxnet-introduces-first-known-rootkit-scada-devices

...from Kens' langner.com link...

Stuxnet Step7 injected into OB35

Code:

UC FC1874
POP
L DW#16#DEADF007
==D
BEC
L DW#16#0
L DW#16#0

Click to expand...

I've just infected our network at work with Stuxnet....perhaps it'll tidy up my CIP sequences for me.....

icky812 said:

Old news. The reporter got it wrong. The Stuxnet Trojan targets SCADA systems.

Click to expand...

The story says it uses SCADA systems to get at the PLC. I would expect a newer story may have details than an older did not have available at the time.

The story of it being of nation-state origin is all over the world now.

Interseting read indeed. Rootkit technology being used for hiding the PLC code !!
Using unlicensed version in Nuclear Plant !!

Does Simatic and winCC runs on Ubuntu?

I'll start by saying that 100% of my experience with nuclear power is with pressurized water power plants. Given that, the components shown in that HMI have absolutely zero resemblance to any power plant I've operated or maintained.

'nuther link that popped up today on Yahoo:

http://news.yahoo.com/s/atlantic/20...demalwarespurstheoriesonnewcyberwarthreat5158

The Stuxnet computer worm spreads through previously unknown holes in Microsoft’s Windows operating system and then looks for a type of software made by Siemens and used to control industrial components, including valves and brakes. Stuxnet can hide itself, wait for certain conditions and give new orders to the components that reverse what they would normally do, the experts said. The commands are so specific that they appear aimed at an industrial sector, but officials do not know which one or what the affected equipment would do.

TurpoUrpo said:

http://www.plctalk.net/qanda/showthread.php?t=58230

Click to expand...

http://www.plctalk.net/qanda/showpost.php?p=392577&postcount=3

This is the tie-back to the other:
http://www.plctalk.net/qanda/showthread.php?t=58259

Whenever we have multiple posts about the same topic I've always appreciated a moderator that would merge the threads. Without moderation, posts that connect the two threads are the next best thing.

And today it hit the New York Times:

http://www.nytimes.com/2010/09/26/world/middleeast/26iran.html?_r=1&hp

http://bits.blogs.nytimes.com/2010/...uterized-industrial-equipment/?ref=middleeast

It's always interesting to read a mass-media report on an industry or technology you know in detail, to see how complex topics are reduced to a sentence or less.

I find this interesting. I think it is easy to infect PC based Scada systems. Windoze is a virus magnet. Infecting the scada systems so that they down code to a PLC is something else. This requires knowledge of which scada system and PLC is being used. Frankly, if Siemens gets a black eye for having easy to infect software then good. I know that Rockwell and Delta Computer Systems can't and wouldn't sell stuff to Iran and it pi$$e$ me off that Siemens would.

However, I don't think this was caused by a state or anything so sinister. It is probably a bunch of black hat hackers that are taking advantage of a situation. If I were to write the worm it would have done nothing until the reactors started and created enough power to damage the core. It is possible to create enough damage so that the reactors are not usable without causing any or little external damage.

I still think this is all media hype and their facts are all wrong. I can only wish that our NSA or CIA was half as smart to do these kinds of things but if they can then I think they blew it by not waiting until the reactors started. If so then what incompetent idiots. Oh yeah the same one that protected us from 9/11. FAIL.

Here's another web article about it.

http://news.yahoo.com/s/ap/20100926/ap_on_hi_te/us_computer_attacks

BBC weighs in today too

http://www.bbc.co.uk/news/world-middle-east-11414483

Damn....the next Christmas puzzle rumbled already