background preloader


Stuxnet is a computer worm[1] that was discovered in June 2010. It was designed to attack industrial programmable logic controllers (PLCs). PLCs allow the automation of electromechanical processes such as those used to control machinery on factory assembly lines, amusement rides, or centrifuges for separating nuclear material. Exploiting four zero-day flaws,[2] Stuxnet functions by targeting machines using the Microsoft Windows operating system and networks, then seeking out Siemens Step7 software. Stuxnet reportedly compromised Iranian PLCs, collecting information on industrial systems and causing the fast-spinning centrifuges to tear themselves apart.[3] Stuxnet’s design and architecture are not domain-specific and it could be tailored as a platform for attacking modern SCADA and PLC systems (e.g. in the automobile or power plants), the majority of which reside in Europe, Japan and the US.[4] Stuxnet reportedly ruined almost one-fifth of Iran's nuclear centrifuges.[5] Discovery[edit] Related:  Stuxnet Developers

A Cyberworm that Knows No Boundaries Iran's announcement that a computer worm called Stuxnet had infected computers that controlled one of its nuclear processing facilities marked a signal event in cyber attacks. Although such attacks were known to be theoretically possible, the incident proved that a cyberworm could successfully infiltrate a system and produce physical damage. Furthermore, the sophisticated nature of the worm and the resources that would have been required to design, produce, and implant it strongly suggest a state-sponsored effort. It has become clear that Stuxnet-like worms pose a serious threat even to infrastructure and computer systems that are not connected to the Internet. However, defending against such attacks is an increasingly complex prospect.

FBI intent on sniffing out those who leaked possible US Stuxnet role Federal investigators in the US are tightening the screws on former senior government officials who might have leaked info about the Stuxnet worm, according to The Washington Post. Last June, Attorney General Eric H. Holder Jr. started the inquiry into loose lips. As Naked Security recounts here, the Stuxnet virus was seemingly created by the US, under the regime of President George W. Bush, to target Iran's nuclear facility in Natanz. The US pulled Israel into the cyber-espionage effort, with stunning results. Those results included slowing down and speeding up a centrifuge's delicate parts, which resulted in damage so extreme that, according to The New York Times, debris from a damaged centrifuge was laid across the conference table at the White House's Situation Room to demonstrate the malware's potential power. But the obligingly destructive Stuxnet spun out of control and escaped into the wider world, damaging systems well beyond Iran. The Guardian's Greenwald writes:

Stuxnet was dated 2005, Symantec discovered earlier version 0,5 - Security Affairs Rivers of words have been written on the popular Stuxnet virus, there have been many hypotheses, sometimes contradictory, about its paternity but the only certainty seemed to be the date of its creation, but suddenly the certainty as happen tin he best thriller movies has been called into question. The authors of Stuxnet, the malware that hit Iranian nuclear plant in 2010 interfering with nuclear program of the Government of Teheran, started the operations earlier than previously demonstrated according a new research proposed by Symantec firm. According the study conducted by Symantec there was a predecessor of the final version of the virus, a development version that was spread in 2005 and the was designed to manipulate the nuclear facility’s gas valves. Francis deSouza, Symantec’s president of products and services, commented to Bloomberg: Symantec highlighted the differences of version 0.5 with subsequent instances of Stuxnet: The study states: Pierluigi Paganini

US-Israeli Stuxnet Cyber-attacks against Iran: “Act of War” A group of 20 law and technology experts has unanimously agreed that the Stuxnet worm used against Iran in 2009-2010 was a cyberattack. The US and Israel have long been accused of collaborating on the virus in a bid to damage Iran’s nuclear program. While that accusations against Washington and Tel Aviv have never been confirmed by either government, a NATO Commission has now confirmed it as an “ act of force. ” Last year anonymous government officials came forward to tell The New York Times that researchers at the Idaho National Laboratory, which is overseen by the US Department of Energy, passed technical information to Israel regarding vulnerabilities in cascades and centrifuges at Iran’s Natanz uranium enrichment plant. That information, it is believed, was used to design the Stuxnet worm that set Iran’s nuclear program back an estimated two years. Schmitt told The Washington Times that “ according to the UN charter, the use of force is prohibited, except in self-defense .”

US Air Force designates six cyber tools as weapons "It's very, very hard to compete for resources ... You have to be able to make that case," Lieutenant General John Hyten, vice commander of Air Force Space Command, told a cyber conference in Colorado Springs ( Reuters ). The US is not, however, new to cyber weaponry. Last summer the Air Force posted a Broad Agency Announcement inviting papers “focusing on Cyberspace Warfare Operations.” Now Hyten has introduced a new sense of urgency. Details of the six Air Force cyber tools that are now defined as cyber weapons have, unsurprisingly, not been disclosed.

Cyber warfare threatens efforts to secure cyberspace ABu Dhabi: Cyberwarfare and the rapid development and dissemination of cyber weapons threatens to far outstrip international efforts to secure cyberspace as a domain for all, a regional security conference heard yesterday. “These cyber weapons are all too often used without regard to international law and international norms. There is a real risk that unrestricted offensive cyber operations will poison and corrode wider international relations,” John Basset, Associate Fellow, Cyber Security, Royal United Services Institute, UK told the 18th annual conference of the Emirates Centre for Strategic Studies and Research themed “The Future of Warfare in the 21st Century”. The remarks came on the heels of massive cyber attacks against Israel, reportedly launched on Sunday by the famous hacktivist group Anonymous — the second such wave of attacks on Israeli servers,in response to what the group calls the “Israeli mistreatment of the Palestinians. Article continues below

Protocol The New Cyber Battlefield: Implications under International Law of Armed Conflict The application of international law of armed conflict to cyber-warfare has been under intense discussion recently following the release of Stuxnet, a highly sophisticated computer worm and related malware which was reportedly developed by two technologically advanced countries. The Stuxnet release allegedly ruined centrifuges at Iran’s Natanz uranium enrichment facility. According to Reuters, Iran’s Revolutionary Guards had announced that that country was prepared “to defend itself in case of a ‘cyber war’ which could cause more harm than a physical confrontation.” Cyber-warfare has been characterized as one of the most important military developments in recent history, as it has taken on as a military dimension – it has the capability of collecting intelligence as well as engaging in attack and defense. The difficulty in determining whether a cyber-attack is “an armed attack” lies in the difference between the traditional combatants and venue and those that exist in cyberspace.

How a Secret Cyberwar Program Worked - Graphic How a Secret Cyberwar Program Worked Programmers at the National Security Agency and in the Israeli military created a series of worms to attack the computers that control Iran’s nuclear enrichment center at Natanz. The attacks were repeated for several years, and each time the programs varied to make them difficult to detect. One of the variants escaped from Natanz and became public. In the summer of 2010, a programming error sends the bug onto the laptop of an Iranian scientist. 8. secure the plant. 7. 6. 5. 4. 3. 2. 1.

A Forensic Dissection of Stuxnet - CISAC The Stuxnet computer worm is perhaps the most complicated piece of malicious software ever built - roughly 50 times the size of the typical computer virus. This threat leveraged a huge array of new techniques to spread itself, conceal itself and to attack Iranian nuclear enrichment centrifuges. This talk will provide a detailed dissection of the Stuxnet worm, answering such questions as how it spread, how it evaded detection, what it did once it found its target, and ultimately, how successful it was. About the speaker : Carey Nachenberg is a Fellow and Chief Architect at Symantec corporation, the world's largest computer security provider. As Chief Architect, Mr. Nachenberg drives the technical strategy for all of Symantec’s core security technologies and security content, which in total protect hundreds of millions of customers around the world.