Sunday, September 26, 2010

Was Iran Attacked By Stuxnet?

A story hit the Internet yesterday that captured my husband's attention and held it for the afternoon as he did some research into it. Then I read this in my normal daily inbox news updates from various virtual sources. From Pajamas Media and Roger L. Simon, using the original reference:

From Asia Bizz:

The Iranian Ministry has stated that some 30000 industrial computers have been infected by Stuxnet. One of the main operations done by Stuxnet is that it extracts vital information from these systems and then sends it somewhere abroad. Iran has termed this virus as a spy virus, as it is deploying vital data to other countries. On the other hand it is said, a similar attack has been reported from Iran’s latest nuclear power plant facility, but these reports have not yet been confirmed.

Do I have your attention now? What information was extracted from these thousands of industrial Iranian computers and where did it go?

It is obvious that this is a big story and also that the mainstream media would ignore it. It's not celebrity driven or an opportunity for bashing of conservative politicians before the mid-term elections, so frankly, the regular media outlets will miss it. That is another reason this story is an important one.

While Americans sleep and tune out to the world in general - just as we were pre-9/11/01 - the world moves on. While the 24/7 cable news channels obsess over the latest celeb to go to jail or to rehab, while the he said/ no, he said back and forth between political parties continues as we run up to the mid-term elections, while we focus on the lesser issues like celebs testifying before a congressional committee, our foreign policy and national security issues are front and center.

This story, to be honest, felt to be above my pay grade in its specifics and technical mumbo-jumbo. That is why my husband was so helpful. An engineer for the oil drilling business, this story is right up his alley. This kind of cyber attack - and especially since it is of industrial form - is compelling. He doesn't frighten easily and has been in the industry over 35 years. Yesterday afternoon as he was glued in front of his computer doing the research on this story he looked up at one point and said, "This is scary."

My husband, as Simon does, came to the conclusion that in all likelihood, Siemens (the German giant in electronics) is involved. Simons points to the history of the German company in relation to evil regimes and that, too, is an interesting piece of the puzzle.
Initially my husband's interest was tweaked because the cyber attack happens to the PLC through Windows software. Plus it is so easily implemented with a commonly used tool - a thumb drive in a USB port. Siemens designed the Iranian software that has been infected with the malware - not a coincidence, no doubt.

As an Engineer who works with PLC’s all the time he is always looking to protect his PLC’s from doing something dangerous when the SCADA (supervisory control and data acquisition) software, running in Windows, crashes or freezes, and keep the Windows computers protected from the Internet (that’s why Stuxnet is spread on thumb drives) so the SCADA program can’t be controlled remotely. Nobody ever thought of protecting the PLC from malicious software. This is the first time this has happened.

So, the question is - who was working on the Siemens Step 5 PLC software? Was it initiated by Israel, working alone? Or was America involved? It is hard to believe that Israel would initiate this sort of successful attack and the Obama administration would remain silent. It would seem that Obama or his mouthpieces would condemn Israel, as they are prone to do at every opportunity. We think back to the attack from Israel on Iraq as Saddam ramped up his war arsenal and reflect on present day possibilities.

Whomever it was had enough skill to find four (4) undiscovered holes in the Windows code to insert their code malware.

"The implications of Stuxnet are very large, a lot larger than some thought at first," Michael Assante, former security chief for the North American Electric Reliability Corp., told The Christian Science Monitor. (IDG News Service also covered the news.) "Stuxnet is a directed attack. It's the type of threat we've been worried about for a long time. It means we have to move more quickly with our defenses--much more quickly." Read more:

Do I have your attention yet?


Anonymous said...

The Pentagon is probably just envious:P

And you know the attack was really, really bad when the Iranians try to downplay the Israeli aggression. They must have gotten whacked hard.

They will try to save some space by using the rest of their bomb fuel to get the plant up and running, but they are set back many years and their reputation of invincibility severely damaged.

Rorschach said...

Karen, just imagine if that had been directed at the petrochem complex in Baytown. You'd think a nuke had been set off there. I told Congressman Culberson about that a few months back along with the fact that China had required access to all of the source code of every version of windows as well as office and IE as a condition of allowing it's sale in the PRC. They claim they were looking for trapdoors left by the NSA/CIA, but they were really looking for places to put their own. it would take something like that in order to develop the sorts of security holes utilized here.