Godlike Productions - Discussion Forum
Users Online Now: 1,236 (Who's On?)Visitors Today: 59,312
Pageviews Today: 162,993Threads Today: 117Posts Today: 2,048
02:42 AM


Rate this Thread

Absolute BS Crap Reasonable Nice Amazing
 

Stuxnet: For those of you who don't follow the Full-Disclosure digest, a daily mailing list of computer exploits and theories etc. Take from it w

 
Philippines
Offer Upgrade

User ID: 1003925
Philippines
10/04/2010 10:47 AM
Report Abusive Post
Report Copyright Violation
Stuxnet: For those of you who don't follow the Full-Disclosure digest, a daily mailing list of computer exploits and theories etc. Take from it w
Copy/pasted from the newsletters:
----------------------------------------


Message: 2
Date: Thu, 29 Jul 2010 10:49:25 -0700
From: coderman <[email protected]>
Subject: [Full-disclosure] the real stuxnet authors plz stand up
To: Full Disclosure <[email protected]>
Message-ID:
<[email protected]​>
Content-Type: text/plain; charset=ISO-8859-1

stuxnet is strategic, and misleading. ... red team off roading?

cybercommand grinning ear to ear, revoked sig mitigates for licensed
and vigilant users while Iran and other distrustfuls remain
particularly exposed, what splendifortuitousness! tis easier to seek
forgiveness ...

one of you two of eight snitches knows the details, full-disclosure! [0]



0. "Blowing the Whistle on the Snitch Racket"
[link to cryptome.org]
e.g. Pulling a Lamo, etc.


( in particular, detail sufficient to buttress commentary on
100721305-0305-01. wonder what lucre load that's tagged by wapo, if
they're watching... when does sunshine press pick up that metric? )

------------

------------------------------

Message: 3
Date: Fri, 24 Sep 2010 20:35:44 -0700
From: coderman <[email protected]>
Subject: Re: [Full-disclosure] the real stuxnet authors plz stand up
To: Full Disclosure <[email protected]>
Message-ID:
<[email protected]​>
Content-Type: text/plain; charset=ISO-8859-1

On Thu, Jul 29, 2010 at 10:49 AM, coderman <[email protected]> wrote:
> stuxnet is strategic, and misleading. ... red team off roading?
> ...
> one of you two of eight snitches knows the details, full-disclosure! [0]

h0 h0 h0!

this gift keeps on giving...

no more for me thanks.


e4ffa4d8cb70e97af381aea2232d1064b51ecf9bdcd70824fe4675679d9fb​f93



------------------------------

Message: 4
Date: Fri, 24 Sep 2010 21:00:08 -0700
From: coderman <[email protected]>
Subject: Re: [Full-disclosure] the real stuxnet authors plz stand up
To: Full Disclosure <[email protected]>
Message-ID:
<[email protected]​>
Content-Type: text/plain; charset=ISO-8859-1

natanz focus, not bushehr.

costs and delays to both sites a bonus...

(everyone else, well, you're collateral damage that learned a valuable
lesson, right? :)



------------------------------

Message: 5
Date: Fri, 24 Sep 2010 22:57:35 -0700
From: coderman <[email protected]>
Subject: Re: [Full-disclosure] the real stuxnet authors plz stand up
To: Full Disclosure <[email protected]>
Message-ID:
<[email protected]​>
Content-Type: text/plain; charset=ISO-8859-1

On Thu, Jul 29, 2010 at 10:49 AM, coderman <[email protected]> wrote:
> stuxnet is strategic, and misleading...

misleading because the failures induced in target present as
inefficiencies and mechanical fatigue in centrifuge process; intent is
to cast suspicion and resources on manufacturing and/or assembly of
centrifuge hardware as cursory checks of digital systems (data
presumably acquired from floor) return normative.

good game, sirs!
target spends dollars and weeks/months pursuing errors in physical
supply and installation paths en-route to / on site, all the while the
wear is digitally done; out of sight, out of mind...

this game (offensive, methodical, precision targeted high-assurance
malware) is an odd sort of global-actor assasination politik. like
china blasting sats in space, it was bound to happen sooner or later
:P



------------------------------

Message: 6
Date: Fri, 24 Sep 2010 23:30:06 -0700
From: coderman <[email protected]>
Subject: Re: [Full-disclosure] the real stuxnet authors plz stand up
To: Full Disclosure <[email protected]>
Message-ID:
<[email protected]​>
Content-Type: text/plain; charset=ISO-8859-1

On Fri, Sep 24, 2010 at 10:57 PM, coderman <[email protected]> wrote:
> On Thu, Jul 29, 2010 at 10:49 AM, coderman <[email protected]> wrote:
>> stuxnet is strategic, and misleading...
>
> misleading because the failures induced in target present as
> inefficiencies and mechanical fatigue in centrifuge process...

Qom also hit - the fingerprinting mechanism is essentially mapped to
form and function, rather than specific instance. That is to say, the
Qom centrifuge enrichment deployment is sufficiently similar in
devices and software applied (WinCC, 6ES7-417, 6ES7-315-2, etc.) as to
also fall under precision targeting.

yay full disclosure.

0x04



------------------------------

Message: 7
Date: Sat, 25 Sep 2010 00:54:23 -0700
From: coderman <[email protected]>
Subject: Re: [Full-disclosure] the real stuxnet authors plz stand up
To: [email protected]
Cc: Full Disclosure <[email protected]>
Message-ID:
<[email protected]​>
Content-Type: text/plain; charset=ISO-8859-1

On Fri, Sep 24, 2010 at 11:48 PM, Kenneth Voort <[email protected]> wrote:
> Get real...

i did not say bushehr was not impacted; a side effect of the re-use of
same real-time PLC workflow controller there resulted in cluster fuck
and non-operation.

however, the target was centrifuges and in this regard, it worked
perfectly: the only outward signs of interest at natanz and qom while
affected was then un-explained 2x to 4x under-yield from the
cascades... the running total spinning looked nice though - steady
progress! heh

in any case, you confuse me with someone who has something to say.
really EOT this time...



------------------------------

-------------------------------------------------------------​---------

Message: 1
Date: Sat, 25 Sep 2010 06:48:26 +0000
From: "Kenneth Voort" <[email protected]>
Subject: Re: [Full-disclosure] the real stuxnet authors plz stand up
To: "coderman" <[email protected]>,
[email protected], "Full Disclosure"
<[email protected]>
Message-ID:
<415269286-1285397308-cardhu_decombobulator_blackberry.rim.ne​[email protected]>

Content-Type: text/plain

Get real...
Kenneth Voort
[email protected] | 647.987.5381

-Sent from my handheld.

-----Original Message-----
From: coderman <[email protected]>
Sender: [email protected]
Date: Fri, 24 Sep 2010 22:57:35
To: Full Disclosure<[email protected]>
Subject: Re: [Full-disclosure] the real stuxnet authors plz stand up

On Thu, Jul 29, 2010 at 10:49 AM, coderman <[email protected]> wrote:
> stuxnet is strategic, and misleading...

misleading because the failures induced in target present as
inefficiencies and mechanical fatigue in centrifuge process; intent is
to cast suspicion and resources on manufacturing and/or assembly of
centrifuge hardware as cursory checks of digital systems (data
presumably acquired from floor) return normative.

good game, sirs!
target spends dollars and weeks/months pursuing errors in physical
supply and installation paths en-route to / on site, all the while the
wear is digitally done; out of sight, out of mind...

this game (offensive, methodical, precision targeted high-assurance
malware) is an odd sort of global-actor assasination politik. like
china blasting sats in space, it was bound to happen sooner or later
:P

------------------------------

Message: 8
Date: Mon, 4 Oct 2010 12:02:21 +0200
From: huj huj huj <[email protected]>
Subject: Re: [Full-disclosure] the real stuxnet authors plz stand up
To: coderman <[email protected]>
Cc: Full Disclosure <[email protected]>
Message-ID:
<[email protected]​>
Content-Type: text/plain; charset="iso-8859-1"

coderman its puff puff pass.. you smoked the whole thing!

2010/9/25 coderman <[email protected]>

> On Fri, Sep 24, 2010 at 11:48 PM, Kenneth Voort <[email protected]> wrote:
> > Get real...
>
> i did not say bushehr was not impacted; a side effect of the re-use of
> same real-time PLC workflow controller there resulted in cluster fuck
> and non-operation.
>
> however, the target was centrifuges and in this regard, it worked
> perfectly: the only outward signs of interest at natanz and qom while
> affected was then un-explained 2x to 4x under-yield from the
> cascades... the running total spinning looked nice though - steady
> progress! heh
>
> in any case, you confuse me with someone who has something to say.
> really EOT this time...
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: [link to lists.grok.org.uk]
> Hosted and sponsored by Secunia - [link to secunia.com]
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: [link to lists.grok.org.uk]

------------------------------
Separate science and government.
American Mentat

User ID: 1062754
United States
10/04/2010 10:50 AM
Report Abusive Post
Report Copyright Violation
Re: Stuxnet: For those of you who don't follow the Full-Disclosure digest, a daily mailing list of computer exploits and theories etc. Take from it w
Good find OP, five stars and a pnrqst
:romaflag:
Not enough to fight, too many to die.
Philippines  (OP)

User ID: 1003925
Philippines
10/04/2010 11:07 AM
Report Abusive Post
Report Copyright Violation
Re: Stuxnet: For those of you who don't follow the Full-Disclosure digest, a daily mailing list of computer exploits and theories etc. Take from it w
Good find OP, five stars and a pnrqst
 Quoting: American Mentat


Thanks. I should have noticed it earlier =/

I think it's interesting to note that the poster "coderman" says it is software and not hardware. Has this theory been tested?

Either way, the angle on this is very interesting imho.
Separate science and government.
American Mentat

User ID: 1062754
United States
10/04/2010 11:29 AM
Report Abusive Post
Report Copyright Violation
Re: Stuxnet: For those of you who don't follow the Full-Disclosure digest, a daily mailing list of computer exploits and theories etc. Take from it w
bump
:romaflag:
Not enough to fight, too many to die.
Philippines  (OP)

User ID: 1003925
Philippines
10/04/2010 12:00 PM
Report Abusive Post
Report Copyright Violation
Re: Stuxnet: For those of you who don't follow the Full-Disclosure digest, a daily mailing list of computer exploits and theories etc. Take from it w
bump
 Quoting: American Mentat


I hope it makes sense to someone
Separate science and government.
American Mentat

User ID: 1059702
United States
10/04/2010 08:17 PM
Report Abusive Post
Report Copyright Violation
Re: Stuxnet: For those of you who don't follow the Full-Disclosure digest, a daily mailing list of computer exploits and theories etc. Take from it w
bump


I hope it makes sense to someone
 Quoting: Philippines


Yes, thank you!

Last Edited by Least Servant on 10/04/2010 08:17 PM
:romaflag:
Not enough to fight, too many to die.
Anonymous Coward (OP)
User ID: 1003925
Philippines
10/04/2010 08:21 PM
Report Abusive Post
Report Copyright Violation
Re: Stuxnet: For those of you who don't follow the Full-Disclosure digest, a daily mailing list of computer exploits and theories etc. Take from it w
bump
Anonymous Coward
User ID: 1081321
United States
10/04/2010 08:25 PM
Report Abusive Post
Report Copyright Violation
Re: Stuxnet: For those of you who don't follow the Full-Disclosure digest, a daily mailing list of computer exploits and theories etc. Take from it w
Spywared says 'Stuxnet worm can come back right away after its removal'.
American Mentat

User ID: 1059702
United States
10/04/2010 08:31 PM
Report Abusive Post
Report Copyright Violation
Re: Stuxnet: For those of you who don't follow the Full-Disclosure digest, a daily mailing list of computer exploits and theories etc. Take from it w
Spywared says 'Stuxnet worm can come back right away after its removal'.
 Quoting: Anonymous Coward 1081321


So can the annoying fake spyware warnings on a computer infected by a rootkit after apparently cleaning the computer... without being privy to the technical context of that statement its hard to make sense of it.
:romaflag:
Not enough to fight, too many to die.
Anonymous Coward
User ID: 1081321
United States
10/04/2010 08:34 PM
Report Abusive Post
Report Copyright Violation
Re: Stuxnet: For those of you who don't follow the Full-Disclosure digest, a daily mailing list of computer exploits and theories etc. Take from it w
That was the article title--go to the site and read it yourself.
Anonymous Coward
User ID: 1081321
United States
10/04/2010 09:48 PM
Report Abusive Post
Report Copyright Violation
Re: Stuxnet: For those of you who don't follow the Full-Disclosure digest, a daily mailing list of computer exploits and theories etc. Take from it w
On other threads, people are finding this article of interest. Have you read it yet?
American Mentat

User ID: 1059702
United States
10/04/2010 10:11 PM
Report Abusive Post
Report Copyright Violation
Re: Stuxnet: For those of you who don't follow the Full-Disclosure digest, a daily mailing list of computer exploits and theories etc. Take from it w
On other threads, people are finding this article of interest. Have you read it yet?
 Quoting: Anonymous Coward 1081321


If it is a "quantum virus" then we are fooked and talking about it is stoopid unless you are a quantum physicists or an ET.

And for the record, IT guys suck at getting maleware off computers.

Last Edited by Least Servant on 10/04/2010 10:12 PM
:romaflag:
Not enough to fight, too many to die.
Philippines  (OP)

User ID: 1003659
Philippines
10/04/2010 10:21 PM
Report Abusive Post
Report Copyright Violation
Re: Stuxnet: For those of you who don't follow the Full-Disclosure digest, a daily mailing list of computer exploits and theories etc. Take from it w
Spywared says 'Stuxnet worm can come back right away after its removal'.
 Quoting: Anonymous Coward 1081321


Even if it is a 'worm', the person in this Full-disclosure thread is saying that stuxnet is showing problems to the users, and setting off alarms, but no physical problems are happening to the hardware. At least that's how I read it.
Separate science and government.
bird25

User ID: 1019782
United States
10/04/2010 10:32 PM
Report Abusive Post
Report Copyright Violation
Re: Stuxnet: For those of you who don't follow the Full-Disclosure digest, a daily mailing list of computer exploits and theories etc. Take from it w
setting off alarms?
i just thought of the post a week or two ago with alarms going off all around microsoft`s hq in washington state..
American Mentat

User ID: 1059702
United States
10/04/2010 10:35 PM
Report Abusive Post
Report Copyright Violation
Re: Stuxnet: For those of you who don't follow the Full-Disclosure digest, a daily mailing list of computer exploits and theories etc. Take from it w
setting off alarms?
i just thought of the post a week or two ago with alarms going off all around microsoft`s hq in washington state..
 Quoting: bird25


If there is any stuxnet connection to that incident across a bit of downtown Redmond it has to do with the water systems surging due to the accidental activation of a pump at a station. This might have faulted the building sprinkler alarms into thinking they had a water flow through the system and tripped various building alarms.

I say this is the plausible explanation because US water and sewer infrastructure uses SCADA controllers that could be vulnerable to this worm.
:romaflag:
Not enough to fight, too many to die.
Anonymous Coward
User ID: 1095225
Puerto Rico
10/04/2010 10:54 PM
Report Abusive Post
Report Copyright Violation
Re: Stuxnet: For those of you who don't follow the Full-Disclosure digest, a daily mailing list of computer exploits and theories etc. Take from it w
spock
Anonymous Coward
User ID: 1081321
United States
10/04/2010 10:55 PM
Report Abusive Post
Report Copyright Violation
Re: Stuxnet: For those of you who don't follow the Full-Disclosure digest, a daily mailing list of computer exploits and theories etc. Take from it w
bump
Anonymous Coward
User ID: 1087641
United States
10/04/2010 11:04 PM
Report Abusive Post
Report Copyright Violation
Re: Stuxnet: For those of you who don't follow the Full-Disclosure digest, a daily mailing list of computer exploits and theories etc. Take from it w
whoa....
American Mentat

User ID: 1059702
United States
10/04/2010 11:20 PM
Report Abusive Post
Report Copyright Violation
Re: Stuxnet: For those of you who don't follow the Full-Disclosure digest, a daily mailing list of computer exploits and theories etc. Take from it w
termputin
:romaflag:
Not enough to fight, too many to die.
Philippines  (OP)

User ID: 1003659
Philippines
10/05/2010 03:21 AM
Report Abusive Post
Report Copyright Violation
Re: Stuxnet: For those of you who don't follow the Full-Disclosure digest, a daily mailing list of computer exploits and theories etc. Take from it w
burnit
Separate science and government.
Anonymous Coward
User ID: 1051127
United States
10/05/2010 03:46 AM
Report Abusive Post
Report Copyright Violation
Re: Stuxnet: For those of you who don't follow the Full-Disclosure digest, a daily mailing list of computer exploits and theories etc. Take from it w
also, wonder if the houston shipping lane shut down might be related
ACetic

User ID: 1108659
United Kingdom
10/05/2010 04:38 AM
Report Abusive Post
Report Copyright Violation
Re: Stuxnet: For those of you who don't follow the Full-Disclosure digest, a daily mailing list of computer exploits and theories etc. Take from it w
Pure crap.

bsmeter2
Philippines  (OP)

User ID: 1003659
Philippines
10/05/2010 04:53 AM
Report Abusive Post
Report Copyright Violation
Re: Stuxnet: For those of you who don't follow the Full-Disclosure digest, a daily mailing list of computer exploits and theories etc. Take from it w
Pure crap.

bsmeter2
 Quoting: ACetic


Care to be specific?

[link to seclists.org]
Separate science and government.
American Mentat

User ID: 1062754
United States
10/05/2010 10:09 AM
Report Abusive Post
Report Copyright Violation
Re: Stuxnet: For those of you who don't follow the Full-Disclosure digest, a daily mailing list of computer exploits and theories etc. Take from it w
Pure crap.

bsmeter2


Care to be specific?

[link to seclists.org]
 Quoting: Philippines


He thinks that the main target is something other than Iran.
:romaflag:
Not enough to fight, too many to die.
Anonymous Coward
User ID: 1081321
United States
10/05/2010 11:06 AM
Report Abusive Post
Report Copyright Violation
Re: Stuxnet: For those of you who don't follow the Full-Disclosure digest, a daily mailing list of computer exploits and theories etc. Take from it w
bump Play the game. What IS the ultimate end play?
Philippines  (OP)

User ID: 1003659
Philippines
10/05/2010 10:39 PM
Report Abusive Post
Report Copyright Violation
Re: Stuxnet: For those of you who don't follow the Full-Disclosure digest, a daily mailing list of computer exploits and theories etc. Take from it w
This is a good thread about Stuxnet:

[link to plcforum.uz.ua]

I really like the map image of the countries that could be most affected by this malware.
Separate science and government.
8042
User ID: 1143412
United States
10/27/2010 04:12 AM
Report Abusive Post
Report Copyright Violation
Re: Stuxnet: For those of you who don't follow the Full-Disclosure digest, a daily mailing list of computer exploits and theories etc. Take from it w
After mending leak, Iran begins loading fuel into nuclear plant - Washington Post Foreign Service Wednesday, October 27, 2010

TEHRAN - Iran started to fully load fuel into its only nuclear reactor Tuesday, after a leak in the Russian-built reactor's basin delayed the process for months, state media reported.
...
Secretary of State Hillary Rodham Clinton said Tuesday that the United States does not object to the reactor, but that it remains concerned about facilities where Iran may be working on nuclear weapons.

"Our problem is not with their reactor at Bushehr," she said. "Our problem is with their facilities at places like Natanz and their secret facility at Qom and other places where we believe they are conducting their weapons program."...
===END===

And,

What is Iran’s competence in operating centrifuges? - ISIS Reports by David Albright, Paul Brannan and Andrea Stricker - July 26, 2010

A recent article in The Financial Times examines the status of Iran’s gas centrifuge uranium enrichment program and the potential reasons behind Iran’s recent lack of progress in using more centrifuges to enrich uranium at the Fuel Enrichment Plant (FEP) at Natanz.
...
Iran’s centrifuges are “only working at 20 percent efficiency.” According to the latest IAEA data from May, however, each machine is achieving two to three times that efficiency, and perhaps even more...
===END===


More could be listed about their attempted bulk purchase of replacement (non-r00ted) devices.
Philippines  (OP)

User ID: 1003659
Philippines
10/27/2010 04:23 AM
Report Abusive Post
Report Copyright Violation
Re: Stuxnet: For those of you who don't follow the Full-Disclosure digest, a daily mailing list of computer exploits and theories etc. Take from it w
After mending leak, Iran begins loading fuel into nuclear plant - Washington Post Foreign Service Wednesday, October 27, 2010

TEHRAN - Iran started to fully load fuel into its only nuclear reactor Tuesday, after a leak in the Russian-built reactor's basin delayed the process for months, state media reported.
...
Secretary of State Hillary Rodham Clinton said Tuesday that the United States does not object to the reactor, but that it remains concerned about facilities where Iran may be working on nuclear weapons.

"Our problem is not with their reactor at Bushehr," she said. "Our problem is with their facilities at places like Natanz and their secret facility at Qom and other places where we believe they are conducting their weapons program."...
===END===

And,

What is Iran’s competence in operating centrifuges? - ISIS Reports by David Albright, Paul Brannan and Andrea Stricker - July 26, 2010

A recent article in The Financial Times examines the status of Iran’s gas centrifuge uranium enrichment program and the potential reasons behind Iran’s recent lack of progress in using more centrifuges to enrich uranium at the Fuel Enrichment Plant (FEP) at Natanz.
...
Iran’s centrifuges are “only working at 20 percent efficiency.” According to the latest IAEA data from May, however, each machine is achieving two to three times that efficiency, and perhaps even more...
===END===


More could be listed about their attempted bulk purchase of replacement (non-r00ted) devices.
 Quoting: 8042 1143412


There are probably many companies/governments in search of such hardware/devices
Separate science and government.
Anonymous Coward
User ID: 1143412
United States
11/21/2010 08:27 PM
Report Abusive Post
Report Copyright Violation
Re: Stuxnet: For those of you who don't follow the Full-Disclosure digest, a daily mailing list of computer exploits and theories etc. Take from it w
[link to www.nytimes.com]

Worm Was Perfect for Sabotaging Centrifuges
...
The new forensic work narrows the range of targets and deciphers the worm’s plan of attack. Computer analysts say Stuxnet does its damage by making quick changes in the rotational speed of motors, shifting them rapidly up and down.

Changing the speed “sabotages the normal operation of the industrial control process,” Eric Chien, a researcher at the computer security company Symantec, wrote in a blog post...

a study released Friday by Mr. Chien, Nicolas Falliere and Liam O. Murchu at Symantec, concluded that the program’s real target was to take over frequency converters, a type of power supply that changes its output frequency to control the speed of a motor.

The worm’s code was found to attack converters made by two companies, Fararo Paya in Iran and Vacon in Finland. A separate study conducted by the Department of Homeland Security confirmed that finding, a senior government official said in an interview on Thursday.

Then, on Wednesday, Mr. Albright and a colleague, Andrea Stricker, released a report saying that when the worm ramped up the frequency of the electrical current supplying the centrifuges, they would spin faster and faster. The worm eventually makes the current hit 1,410 Hertz, or cycles per second — just enough, they reported, to send the centrifuges flying apart.

In a spooky flourish, Mr. Albright said in the interview, the worm ends the attack with a command to restore the current to the perfect operating frequency for the centrifuges — which, by that time, would presumably be destroyed.

“It’s striking how close it is to the standard value,” he said.

The computer analysis, his Wednesday report concluded, “makes a legitimate case that Stuxnet could indeed disrupt or destroy” Iranian centrifuge plants.
Anonymous Coward
User ID: 1001520
United States
11/21/2010 08:32 PM
Report Abusive Post
Report Copyright Violation
Re: Stuxnet: For those of you who don't follow the Full-Disclosure digest, a daily mailing list of computer exploits and theories etc. Take from it w
setting off alarms?
i just thought of the post a week or two ago with alarms going off all around microsoft`s hq in washington state..


If there is any stuxnet connection to that incident across a bit of downtown Redmond it has to do with the water systems surging due to the accidental activation of a pump at a station. This might have faulted the building sprinkler alarms into thinking they had a water flow through the system and tripped various building alarms.

I say this is the plausible explanation because US water and sewer infrastructure uses SCADA controllers that could be vulnerable to this worm.
 Quoting: American Mentat


All use Scada?

Oh shit
Anonymous Coward
User ID: 1143412
United States
11/21/2010 09:27 PM
Report Abusive Post
Report Copyright Violation
Re: Stuxnet: For those of you who don't follow the Full-Disclosure digest, a daily mailing list of computer exploits and theories etc. Take from it w
From Wikipedia. This seems to have the most precise description of the RPM modifications to the centrifuge controllers.:



Stuxnet requires specific variable-frequency drives (frequency converter drives) on the system. It only attacks systems with variable-frequency drives from two specific vendors: Vacon based in Finland and Fararo Payabased in Iran[22]. It monitors the frequency and only attacks systems that run between 807Hz and 1210Hz which is very high and only used in particular industrial applications. Stuxnet then modifies the output frequency for a short interval of time to 1410Hz and then to 2Hz and then to 1064Hz and thus affects the operation of the connected motors.[23]

There are reports that Iran's uranium enrichment facility at the Natanz facility was the target of Stuxnet and the site sustained damage because of it causing a sudden 15% reduction in its production capabilities. There was also a previous report by wikileaks disclosing a "serious nuclear accident" at the site in 2009.[9][42][58][59][60][61] According to statistics published by the Federation of American Scientists (FAS) the number of enriched centrifuges operational in Iran mysteriously declined from about 4,700 to about 3,900 beginning around the time the nuclear incident WikiLeaks mentioned would have occurred.[62]
The name is derived from some keywords discovered in the software.[52] The whole Stuxnet code has not yet been decrypted, but among its peculiar capabilities is a fingerprinting technology which allows it to precisely identify the systems it infects. It appears to be looking for a particular system to destroy at a specific time and place. Once it has infected a system it performs a check every 5 seconds to determine if its parameters for launching an attack are met. The worm appears programmed to cause a catastrophic physical failure; early speculation on methods had included overriding turbine RPM limits, shutting down lubrication or cooling systems, or sabotaging the high-speed spinning process of centrifuge arrays at Iran's Natanz nuclear facility;[57][63] in November 2010, according to The New York Times, experts at Symantec found that the worm speeds up rotation rates for the accelerators to the point where they break.[64] The complex code of Stuxnet looks for a very particular type of system and controller, namely frequency converters made by the Iranian company Fararo Paya and the Finnish company Vacon.[64][65][66]





GLP