O.T. Computer virus in Iran targets PLCs

[Paul B]

Related thread: http://www.plctalk.net/qanda/showthread.php?t=57361

 

[ojz0r]

It hit the swedish papers today.
Haha fun to read that the journalists have no clue what it does or what it targets, the article only says it targets plants "computer system"

 

[TurpoUrpo]

Frankly, if Siemens gets a black eye for having easy to infect software then good. I know that Rockwell and Delta Computer Systems can't and wouldn't sell stuff to Iran and it pi$$e$ me off that Siemens would.

I dont think it is sold directly by Siemens. There is no reason why those purchases would have not been trough Russia as Russians were helping Iran with reactors.

 

[bara_hence]

Is the complete injected PLC code availible somewhere?

According to Symantec there are several FCs with code that the virus infects the PLCs with I would like to se that code..

 

[Manglemender]

Damn....the next Christmas puzzle rumbled already

Well I only know one person in this country smart enough to have done it. Have you been busy LD?

Nick

 

[Maitomies]

Hi,

here's one of the earliest posts on the subject (nice graphics):

http://www.plctalk.net/qanda/showthread.php?t=56951

Siemens link:

http://support.automation.siemens.com/WW/view/en/43876783

M

 

[RussB]

The news around here is that "only" someone with "lots" of money and a "team" of programmers, or a "government" would be able to write such a "sophisticated" virus. Just another example of how clueless and inept the news media has become. IM(NS)HO

 

[SLC500]

http://www.theglobeandmail.com/news...ns-of-cyber-attack-affect-all/article1727558/

 

[bara_hence]

http://www.symantec.com/connect/blogs/exploring-stuxnet-s-plc-infection-process

There are also more articles on stuxnet on symantecs site.. Pretty interesting stuff but I want to see the plc code..

 

[SLC500]

A virus writing code for a PLC? We could all be out of a job if someone can just code a virus that writes everything we want on purpose.

 

[RussB]

The story shows how reliant Iran seems to be on Western software and equipment from firms such as Microsoft and Siemens, even if it may not always be a licensed user. That reliance on foreign equipment is itself a vulnerability, experts say.

Is this another reference that the developers were using un-licensed software?
--------------------------------------

BUT WHO DID IT?
Asked if it might be the U.S., cybersecurity expert James Lewis at the Centre for Strategic and International Studies in Washington said: “It could be”.
“But how about the Israelis?” he continued. “They’re good. It could be the Brits. They’re good. It could be the Russians or the Chinese for some weird reason.”
U.S. Naval War College’s Reveron said it was possible it could have been done by a group outside a government.
“Symantec estimated that fewer than 10 people working over six months could have written it,” he said, referring to the respected tech security firm that initially tied the worm to an attack on Iran. “When it comes to cyber issues, governments trail behind private industry and nonstate actors.”

Or, it could have been someone attempting to insure that they get paid in full?

 

[harryting]

I'm taking a contrarian view on this one. It does feel like a group, not necessary a government sponsored one, did this. Your typical virus kiddi tend not to spend effort on control system, and judging from the finding so far, a specific control system, together with stolen security certificate and decent knowledge of the PLC/HMI.

The HMI screen capture looks more like some type of refining facility to me...

 

[FrancisL]

You can see what it does to OB35 here
http://www.langner.com/en/index.htm

 

[FrancisL]

The Siemens information on this is even better.
By the way, I don't think this is O.T. at all!
Any Iranians out there?

 

[KalleOlsen]

Stuxnet whitepaper from Symantec:

http://www.symantec.com/business/security_response/whitepapers.jsp

Check "W32 Stuxnet Dossier".

Kalle