Manglemender
Member
Truly fascinating but the source is not entirely surprising.
I wonder what will be the next target and whether a similar attack could be mounted against a Rockwell system?
Nick
O.T. Computer virus in Iran targets PLCs
- Thread starter SD_Scott
- Start date
Truly fascinating but the source is not entirely surprising.
I wonder what will be the next target and whether a similar attack could be mounted against a Rockwell system?
Nick
Already maded
in the Idaho National Laboratoryhttp://graphics8.nytimes.com/packages/pdf/science/NSTB.pdf
Who knows about a next target.
Whether a similar attack could be mounted against a Rockwell system...that's a trivial yes.
Whether a similar attack could be mounted against a Rockwell system...that's a trivial yes.
Paul B
Member
LL and Peter already posted this link, but I wanted to contribute.
Israeli Test on Worm Called Crucial in Iran Nuclear Delay
Published: January 15, 2011
http://www.nytimes.com/2011/01/16/world/middleeast/16stuxnet.html?_r=1&pagewanted=all
UM, if you have been following Stuxnet at all, this article is a MUST READ.
================================
This article has been revised to reflect the following correction:
Correction: January 17, 2011
An earlier version of this story misspelled, at one point, the name of the German company whose computer controller systems were exploited by the Stuxnet computer worm. It is Siemens, not Seimens.
================================
Excerpt 1:
In early 2008 the German company Siemens cooperated with one of the United States’ premier national laboratories, in Idaho, to identify the vulnerabilities of computer controllers that the company sells to operate industrial machinery around the world — and that American intelligence agencies have identified as key equipment in Iran’s enrichment facilities.
Siemens says that program was part of routine efforts to secure its products against cyberattacks. Nonetheless, it gave the Idaho National Laboratory — which is part of the Energy Department, responsible for America’s nuclear arms — the chance to identify well hidden holes in the Siemens systems that were exploited the next year by Stuxnet.
The worm itself now appears to have included two major components. One was designed to send Iran’s nuclear centrifuges spinning wildly out of control. Another seems right out of the movies: The computer program also secretly recorded what normal operations at the nuclear plant looked like, then played those readings back to plant operators, like a prerecorded security tape in a bank heist, so that it would appear that everything was operating normally while the centrifuges were actually tearing themselves apart.
================================
Excerpt 2:
Computers known as controllers run all kinds of industrial machinery. By early 2008, the Department of Homeland Security had teamed up with the Idaho National Laboratory to study a widely used Siemens controller known as P.C.S.-7, for Process Control System 7. Its complex software, called Step 7, can run whole symphonies of industrial instruments, sensors and machines.
The vulnerability of the controller to cyberattack was an open secret. In July 2008, the Idaho lab and Siemens teamed up on a PowerPoint presentation on the controller’s vulnerabilities that was made to a conference in Chicago at Navy Pier, a top tourist attraction.
“Goal is for attacker to gain control,” the July paper said in describing the many kinds of maneuvers that could exploit system holes. The paper was 62 pages long, including pictures of the controllers as they were examined and tested in Idaho.
In a statement on Friday, the Idaho National Laboratory confirmed that it formed a partnership with Siemens but said it was one of many with manufacturers to identify cybervulnerabilities. It argued that the report did not detail specific flaws that attackers could exploit. But it also said it could not comment on the laboratory’s classified missions, leaving unanswered the question of whether it passed what it learned about the Siemens systems to other parts of the nation’s intelligence apparatus.
The presentation at the Chicago conference, which recently disappeared from a Siemens Web site, never discussed specific places where the machines were used.
But Washington knew...
================================
Please see the full article.
,
,
,
manmeetvirdi
Member
New worm STARS
Well it seems that Iran's nuclear program is infected with new worm called STARS !! Lot of interesting news on its way.....
http://tinyurl.com/6k9zwxl
Well it seems that Iran's nuclear program is infected with new worm called STARS !! Lot of interesting news on its way.....
http://tinyurl.com/6k9zwxl
manmeetvirdi
Member
Got infected with Stuxnet
Trend Micro detected it.
Here is what Trend micro has to say about it.
Trend Micro detected it.
Here is what Trend micro has to say about it.
manmeetvirdi
Member
[FONT="]Mostly infected file paths are
Step-7
\hOmSave7\s7h0075x\s7hkimdb.dll
\hOmSave7\S7HDPSSX\s7hkimdb.dll
\hOmSave7\S7HK31AX\s7hkimdb.dll
\hOmSave7\S7HDPSSX\s7hkimdb.dll
\XUTILS\listen\S7000001.MDX
\XUTILS\listen\XR000000.MDX
\XUTILS\listen\XR000000.MDX
WinCC
\GraCS\cc_tag.sav
[/FONT]
Step-7
\hOmSave7\s7h0075x\s7hkimdb.dll
\hOmSave7\S7HDPSSX\s7hkimdb.dll
\hOmSave7\S7HK31AX\s7hkimdb.dll
\hOmSave7\S7HDPSSX\s7hkimdb.dll
\XUTILS\listen\S7000001.MDX
\XUTILS\listen\XR000000.MDX
\XUTILS\listen\XR000000.MDX
WinCC
\GraCS\cc_tag.sav
[/FONT]
The program to introduce the Stuxnet virus into the Iranian nuclear-processing centrifuges was called "Olympic Games" by a United States National Security Agency entity that pulled together the top-secret US and Israeli contractors that wrote the program.
Last edited:
SO the CIA puts together a secret entity to try and cause issues with another countries nuclear development and in doing so has now released this code into the wild for all to see and propogate further. The next step in the chain now is further development of the viral code into another strain that will/could affect more than just the target Step7 processors by unknowing more malicious persons.
Yes it is a wake up call to all the automation world that even we have to worry about this problem when developing industrial control networks but would it not have been easier to accidentally drop a M.O.A.B on the site and be done with it rather than develope a virus that will span the globe and take years to fade into history ( at least untill newer more dangerous code is developed ).
Had it not been proved that systems like the ones we all program are capable of being compromised it may have stayed under the radar of the hacking community rather than a "Hey lets see if we can destroy a Nuke Plant for Sh*ts and giggles tonight before I go to sleep".
The copy cat criminals from this point forward are the ones that I am concerned about now.
Yes it is a wake up call to all the automation world that even we have to worry about this problem when developing industrial control networks but would it not have been easier to accidentally drop a M.O.A.B on the site and be done with it rather than develope a virus that will span the globe and take years to fade into history ( at least untill newer more dangerous code is developed ).
Had it not been proved that systems like the ones we all program are capable of being compromised it may have stayed under the radar of the hacking community rather than a "Hey lets see if we can destroy a Nuke Plant for Sh*ts and giggles tonight before I go to sleep".
The copy cat criminals from this point forward are the ones that I am concerned about now.
Over 1000 centrifuges destroyed should classify as a little stronger than just a "try", and you should know that we know that there is no possibility that these centrifuges were being used for peaceful purposes. Possibly many lives were saved, but the extent of the life-saving will, in the end, depend on Iran's decision to keep pushing our tolerance for fools, or not.
Last edited:
Albert LaFrance
Lifetime Supporting Member
Also see this related thread:
http://www.plctalk.net/qanda/showthread.php?t=72146
http://www.plctalk.net/qanda/showthread.php?t=72146
I dont get what makes Iran less suited for nuclear weapons then Pakistan or North Korea.
And also it was very very dangerous to release a PLC virus cours when others see the source code they can manipulate it and make it target something else and more dangerous.
TurpoUrpo
Lifetime Supporting Member
oil for starters.
Also, i dont think there is souces available for stuxnet or flame.
Also, i dont think there is souces available for stuxnet or flame.
Oil is a factor, but the biggest reason is that they don't have them yet, and because of Iran's unstable political structure, could be very dangerous if they do build nuclear weapons.
You can't put the Genie back in the bottle, once it has escaped. You can hold down the cork before it escapes.
Stuxnet really was not supposed to escape into the general population, only go inside and work on the Natanz nuclear-processing plant. But if it did escape, there were provisions to make sure it did not harm any other computers, and they seemed to have worked well.
There is a Senate investigation now to find out just who released this classified secret to the press.
Last edited:
Similar Topics
Has anyone installed Hp laserjet pro 4203 to OMNI 3000 or 6000 via ethernet..Is there a specific Config? I have a problem..Please advise
A project recently went through to replace an old computer that was running Wonderware with a new computer. After a bit of work I was able to get...
I would like to temporarily install AdvancedHMI on the same computer as FactoryTalk View SE. I am waiting for another contractor to finish the FTV...
My customer wants me to set up their industrial computer hmi running factory talk view se client in the following way. They want to use a single...
Hi everyone. Ifix scada is new for me. Please help help me to clarify is it possible to open Ifix scada runtime on dual monitor and how to do? Thanks