Stuxnet: For those of you who don't follow the Full-Disclosure digest, a daily mailing list of computer exploits and theories etc. Take from it w | |
American Mentat User ID: 1062754 United States 10/04/2010 10:50 AM Report Abusive Post Report Copyright Violation | |
Philippines (OP) User ID: 1003925 Philippines 10/04/2010 11:07 AM Report Abusive Post Report Copyright Violation | Re: Stuxnet: For those of you who don't follow the Full-Disclosure digest, a daily mailing list of computer exploits and theories etc. Take from it w Good find OP, five stars and a Quoting: American MentatThanks. I should have noticed it earlier =/ I think it's interesting to note that the poster "coderman" says it is software and not hardware. Has this theory been tested? Either way, the angle on this is very interesting imho. Separate science and government. |
American Mentat User ID: 1062754 United States 10/04/2010 11:29 AM Report Abusive Post Report Copyright Violation | |
Philippines (OP) User ID: 1003925 Philippines 10/04/2010 12:00 PM Report Abusive Post Report Copyright Violation | |
American Mentat User ID: 1059702 United States 10/04/2010 08:17 PM Report Abusive Post Report Copyright Violation | Re: Stuxnet: For those of you who don't follow the Full-Disclosure digest, a daily mailing list of computer exploits and theories etc. Take from it w I hope it makes sense to someone Yes, thank you! Last Edited by Least Servant on 10/04/2010 08:17 PM :romaflag: Not enough to fight, too many to die. |
Anonymous Coward (OP) User ID: 1003925 Philippines 10/04/2010 08:21 PM Report Abusive Post Report Copyright Violation | |
Anonymous Coward User ID: 1081321 United States 10/04/2010 08:25 PM Report Abusive Post Report Copyright Violation | |
American Mentat User ID: 1059702 United States 10/04/2010 08:31 PM Report Abusive Post Report Copyright Violation | Re: Stuxnet: For those of you who don't follow the Full-Disclosure digest, a daily mailing list of computer exploits and theories etc. Take from it w Spywared says 'Stuxnet worm can come back right away after its removal'. Quoting: Anonymous Coward 1081321So can the annoying fake spyware warnings on a computer infected by a rootkit after apparently cleaning the computer... without being privy to the technical context of that statement its hard to make sense of it. :romaflag: Not enough to fight, too many to die. |
Anonymous Coward User ID: 1081321 United States 10/04/2010 08:34 PM Report Abusive Post Report Copyright Violation | |
Anonymous Coward User ID: 1081321 United States 10/04/2010 09:48 PM Report Abusive Post Report Copyright Violation | |
American Mentat User ID: 1059702 United States 10/04/2010 10:11 PM Report Abusive Post Report Copyright Violation | Re: Stuxnet: For those of you who don't follow the Full-Disclosure digest, a daily mailing list of computer exploits and theories etc. Take from it w On other threads, people are finding this article of interest. Have you read it yet? Quoting: Anonymous Coward 1081321If it is a "quantum virus" then we are fooked and talking about it is stoopid unless you are a quantum physicists or an ET. And for the record, IT guys suck at getting maleware off computers. Last Edited by Least Servant on 10/04/2010 10:12 PM :romaflag: Not enough to fight, too many to die. |
Philippines (OP) User ID: 1003659 Philippines 10/04/2010 10:21 PM Report Abusive Post Report Copyright Violation | Re: Stuxnet: For those of you who don't follow the Full-Disclosure digest, a daily mailing list of computer exploits and theories etc. Take from it w Spywared says 'Stuxnet worm can come back right away after its removal'. Quoting: Anonymous Coward 1081321Even if it is a 'worm', the person in this Full-disclosure thread is saying that stuxnet is showing problems to the users, and setting off alarms, but no physical problems are happening to the hardware. At least that's how I read it. Separate science and government. |
bird25 User ID: 1019782 United States 10/04/2010 10:32 PM Report Abusive Post Report Copyright Violation | |
American Mentat User ID: 1059702 United States 10/04/2010 10:35 PM Report Abusive Post Report Copyright Violation | Re: Stuxnet: For those of you who don't follow the Full-Disclosure digest, a daily mailing list of computer exploits and theories etc. Take from it w setting off alarms? Quoting: bird25i just thought of the post a week or two ago with alarms going off all around microsoft`s hq in washington state.. If there is any stuxnet connection to that incident across a bit of downtown Redmond it has to do with the water systems surging due to the accidental activation of a pump at a station. This might have faulted the building sprinkler alarms into thinking they had a water flow through the system and tripped various building alarms. I say this is the plausible explanation because US water and sewer infrastructure uses SCADA controllers that could be vulnerable to this worm. :romaflag: Not enough to fight, too many to die. |
Anonymous Coward User ID: 1095225 Puerto Rico 10/04/2010 10:54 PM Report Abusive Post Report Copyright Violation | |
Anonymous Coward User ID: 1081321 United States 10/04/2010 10:55 PM Report Abusive Post Report Copyright Violation | |
Anonymous Coward User ID: 1087641 United States 10/04/2010 11:04 PM Report Abusive Post Report Copyright Violation | |
American Mentat User ID: 1059702 United States 10/04/2010 11:20 PM Report Abusive Post Report Copyright Violation | |
Philippines (OP) User ID: 1003659 Philippines 10/05/2010 03:21 AM Report Abusive Post Report Copyright Violation | |
Anonymous Coward User ID: 1051127 United States 10/05/2010 03:46 AM Report Abusive Post Report Copyright Violation | |
ACetic User ID: 1108659 United Kingdom 10/05/2010 04:38 AM Report Abusive Post Report Copyright Violation | |
Philippines (OP) User ID: 1003659 Philippines 10/05/2010 04:53 AM Report Abusive Post Report Copyright Violation | Re: Stuxnet: For those of you who don't follow the Full-Disclosure digest, a daily mailing list of computer exploits and theories etc. Take from it w Pure crap. Quoting: ACeticCare to be specific? [link to seclists.org] Separate science and government. |
American Mentat User ID: 1062754 United States 10/05/2010 10:09 AM Report Abusive Post Report Copyright Violation | |
Anonymous Coward User ID: 1081321 United States 10/05/2010 11:06 AM Report Abusive Post Report Copyright Violation | |
Philippines (OP) User ID: 1003659 Philippines 10/05/2010 10:39 PM Report Abusive Post Report Copyright Violation | Re: Stuxnet: For those of you who don't follow the Full-Disclosure digest, a daily mailing list of computer exploits and theories etc. Take from it w [link to plcforum.uz.ua] I really like the map image of the countries that could be most affected by this malware. Separate science and government. |
8042 User ID: 1143412 United States 10/27/2010 04:12 AM Report Abusive Post Report Copyright Violation | Re: Stuxnet: For those of you who don't follow the Full-Disclosure digest, a daily mailing list of computer exploits and theories etc. Take from it w After mending leak, Iran begins loading fuel into nuclear plant - Washington Post Foreign Service Wednesday, October 27, 2010 TEHRAN - Iran started to fully load fuel into its only nuclear reactor Tuesday, after a leak in the Russian-built reactor's basin delayed the process for months, state media reported. ... Secretary of State Hillary Rodham Clinton said Tuesday that the United States does not object to the reactor, but that it remains concerned about facilities where Iran may be working on nuclear weapons. "Our problem is not with their reactor at Bushehr," she said. "Our problem is with their facilities at places like Natanz and their secret facility at Qom and other places where we believe they are conducting their weapons program."... ===END=== And, What is Iran’s competence in operating centrifuges? - ISIS Reports by David Albright, Paul Brannan and Andrea Stricker - July 26, 2010 A recent article in The Financial Times examines the status of Iran’s gas centrifuge uranium enrichment program and the potential reasons behind Iran’s recent lack of progress in using more centrifuges to enrich uranium at the Fuel Enrichment Plant (FEP) at Natanz. ... Iran’s centrifuges are “only working at 20 percent efficiency.” According to the latest IAEA data from May, however, each machine is achieving two to three times that efficiency, and perhaps even more... ===END=== More could be listed about their attempted bulk purchase of replacement (non-r00ted) devices. |
Philippines (OP) User ID: 1003659 Philippines 10/27/2010 04:23 AM Report Abusive Post Report Copyright Violation | Re: Stuxnet: For those of you who don't follow the Full-Disclosure digest, a daily mailing list of computer exploits and theories etc. Take from it w After mending leak, Iran begins loading fuel into nuclear plant - Washington Post Foreign Service Wednesday, October 27, 2010 Quoting: 8042 1143412TEHRAN - Iran started to fully load fuel into its only nuclear reactor Tuesday, after a leak in the Russian-built reactor's basin delayed the process for months, state media reported. ... Secretary of State Hillary Rodham Clinton said Tuesday that the United States does not object to the reactor, but that it remains concerned about facilities where Iran may be working on nuclear weapons. "Our problem is not with their reactor at Bushehr," she said. "Our problem is with their facilities at places like Natanz and their secret facility at Qom and other places where we believe they are conducting their weapons program."... ===END=== And, What is Iran’s competence in operating centrifuges? - ISIS Reports by David Albright, Paul Brannan and Andrea Stricker - July 26, 2010 A recent article in The Financial Times examines the status of Iran’s gas centrifuge uranium enrichment program and the potential reasons behind Iran’s recent lack of progress in using more centrifuges to enrich uranium at the Fuel Enrichment Plant (FEP) at Natanz. ... Iran’s centrifuges are “only working at 20 percent efficiency.” According to the latest IAEA data from May, however, each machine is achieving two to three times that efficiency, and perhaps even more... ===END=== More could be listed about their attempted bulk purchase of replacement (non-r00ted) devices. There are probably many companies/governments in search of such hardware/devices Separate science and government. |
Anonymous Coward User ID: 1143412 United States 11/21/2010 08:27 PM Report Abusive Post Report Copyright Violation | Re: Stuxnet: For those of you who don't follow the Full-Disclosure digest, a daily mailing list of computer exploits and theories etc. Take from it w [link to www.nytimes.com] Worm Was Perfect for Sabotaging Centrifuges ... The new forensic work narrows the range of targets and deciphers the worm’s plan of attack. Computer analysts say Stuxnet does its damage by making quick changes in the rotational speed of motors, shifting them rapidly up and down. Changing the speed “sabotages the normal operation of the industrial control process,” Eric Chien, a researcher at the computer security company Symantec, wrote in a blog post... a study released Friday by Mr. Chien, Nicolas Falliere and Liam O. Murchu at Symantec, concluded that the program’s real target was to take over frequency converters, a type of power supply that changes its output frequency to control the speed of a motor. The worm’s code was found to attack converters made by two companies, Fararo Paya in Iran and Vacon in Finland. A separate study conducted by the Department of Homeland Security confirmed that finding, a senior government official said in an interview on Thursday. Then, on Wednesday, Mr. Albright and a colleague, Andrea Stricker, released a report saying that when the worm ramped up the frequency of the electrical current supplying the centrifuges, they would spin faster and faster. The worm eventually makes the current hit 1,410 Hertz, or cycles per second — just enough, they reported, to send the centrifuges flying apart. In a spooky flourish, Mr. Albright said in the interview, the worm ends the attack with a command to restore the current to the perfect operating frequency for the centrifuges — which, by that time, would presumably be destroyed. “It’s striking how close it is to the standard value,” he said. The computer analysis, his Wednesday report concluded, “makes a legitimate case that Stuxnet could indeed disrupt or destroy” Iranian centrifuge plants. |
Anonymous Coward User ID: 1001520 United States 11/21/2010 08:32 PM Report Abusive Post Report Copyright Violation | Re: Stuxnet: For those of you who don't follow the Full-Disclosure digest, a daily mailing list of computer exploits and theories etc. Take from it w setting off alarms? Quoting: American Mentati just thought of the post a week or two ago with alarms going off all around microsoft`s hq in washington state.. If there is any stuxnet connection to that incident across a bit of downtown Redmond it has to do with the water systems surging due to the accidental activation of a pump at a station. This might have faulted the building sprinkler alarms into thinking they had a water flow through the system and tripped various building alarms. I say this is the plausible explanation because US water and sewer infrastructure uses SCADA controllers that could be vulnerable to this worm. All use Scada? Oh shit |
Anonymous Coward User ID: 1143412 United States 11/21/2010 09:27 PM Report Abusive Post Report Copyright Violation | Re: Stuxnet: For those of you who don't follow the Full-Disclosure digest, a daily mailing list of computer exploits and theories etc. Take from it w From Wikipedia. This seems to have the most precise description of the RPM modifications to the centrifuge controllers.: Stuxnet requires specific variable-frequency drives (frequency converter drives) on the system. It only attacks systems with variable-frequency drives from two specific vendors: Vacon based in Finland and Fararo Payabased in Iran[22]. It monitors the frequency and only attacks systems that run between 807Hz and 1210Hz which is very high and only used in particular industrial applications. Stuxnet then modifies the output frequency for a short interval of time to 1410Hz and then to 2Hz and then to 1064Hz and thus affects the operation of the connected motors.[23] There are reports that Iran's uranium enrichment facility at the Natanz facility was the target of Stuxnet and the site sustained damage because of it causing a sudden 15% reduction in its production capabilities. There was also a previous report by wikileaks disclosing a "serious nuclear accident" at the site in 2009.[9][42][58][59][60][61] According to statistics published by the Federation of American Scientists (FAS) the number of enriched centrifuges operational in Iran mysteriously declined from about 4,700 to about 3,900 beginning around the time the nuclear incident WikiLeaks mentioned would have occurred.[62] The name is derived from some keywords discovered in the software.[52] The whole Stuxnet code has not yet been decrypted, but among its peculiar capabilities is a fingerprinting technology which allows it to precisely identify the systems it infects. It appears to be looking for a particular system to destroy at a specific time and place. Once it has infected a system it performs a check every 5 seconds to determine if its parameters for launching an attack are met. The worm appears programmed to cause a catastrophic physical failure; early speculation on methods had included overriding turbine RPM limits, shutting down lubrication or cooling systems, or sabotaging the high-speed spinning process of centrifuge arrays at Iran's Natanz nuclear facility;[57][63] in November 2010, according to The New York Times, experts at Symantec found that the worm speeds up rotation rates for the accelerators to the point where they break.[64] The complex code of Stuxnet looks for a very particular type of system and controller, namely frequency converters made by the Iranian company Fararo Paya and the Finnish company Vacon.[64][65][66] |