Malware hits industrial equipment - Page 2

xoxoxoBruce · 09-28-2010, 12:15 AM

Running off half cocked again.

sexobon's "surgical strike was referring to using this dedicated worm/virus to ferret out how much Siemens' equipment they have, and how it's distributed. We already know what type of processes use which Siemens' gear and software.

sexobon · 09-28-2010, 06:42 AM

Exactly.

[T]w, xoB interpreted my post as I intended for it to be understood. When I said "A surgical strike of this nature", I was referring to the virtual attack using the narrow spectrum Stuxnet.

I gather from the following quote that you'd agree we have the ability to benefit from their internal communications "fallout."

Quote:

Originally Posted by tw

...negotiation now made so much more effective since America has restored relations with Russia, Turkey, some Caspian Sea nations, and other 'much more at risk' nations. That also means we have intelligence and covert options due to cooperation both inside and surrounding Iran.

That's why I'm suggesting the primary reason for the attack may have been reconnaissance rather than disruption.

classicman · 09-28-2010, 08:29 AM

But, but but ... what about the Aliens?

tw · 09-28-2010, 11:49 AM

Quote:

Originally Posted by sexobon

That's why I'm suggesting the primary reason for the attack may have been reconnaissance rather than disruption.

Reconnaissance makes more sense. It is harder to detect. Disruption would cause investigations that might discover the malware.

Disruptions must target the few parts that are difficult to obtain or manufacturer. Malware is unlikely to properly target such parts.

Consider how easy it can be accomplished. Take your own computer. The NIC or 'USB to ethernet' adaptor can contain malware that anti-virus software would never detect. Malware could be triggered when needed. Nobody would know it exists before hand. And no anti-virus software would find it before being triggered.

tw · 10-01-2010, 09:08 PM

From the NY Times of 25 Sept 2010:

Quote:

A Silent Attack, but Not a Subtle One
Security specialists contrast Stuxnet with an intrusion discovered in the Greek cellphone network in March 2005. It also displayed a level of skill that only the intelligence agency of some foreign power would have.

From the NY Times of 29 Sept 2010:

Quote:

In a Computer Worm, a Possible Biblical Clue
Deep inside the computer worm that some specialists suspect is aimed at slowing Iran's race for a nuclear weapon lies what could be a fleeting reference to the Book of Esther, the Old Testament tale in which the Jews pre-empt a Persian plot to destroy them. ...

The malicious code has appeared in many countries, notably China, India, Indonesia and Iran. But there are tantalizing hints that Iran's nuclear program was the primary target. Officials in both the United States and Israel have made no secret of the fact that undermining the computer systems that control Iran's huge enrichment plant at Natanz is a high priority. (The Iranians know it, too: They have never let international inspectors into the control room of the plant, the inspectors report, presumably to keep secret what kind of equipment they are using.) ...

The reports on Iran show a fairly steady drop in the number of centrifuges used to enrich uranium at the main Natanz plant. After reaching a peak of 4,920 machines in May 2009, the numbers declined to 3,772 centrifuges this past August, the most recent reporting period. That is a decline of 23 percent ...

Computer experts say the first versions of the worm appeared as early as 2009 and that the sophisticated version contained an internal time stamp from January of this year. ...
There are many reasons to suspect Israel’s involvement in Stuxnet. ...

Mr. Blitzblau noted that the worm hit India, Indonesia and Russia before it hit Iran, though the worm has been found disproportionately in Iranian computers. He also noted that the Stuxnet worm has no code that reports back the results of the infection it creates. Presumably, a good intelligence agency would like to trace its work.

wolf · 10-02-2010, 10:55 PM

it's pretty clear that what's going on here is that Colossus is displeased.

I heard a news radio report today that indicated that most of the transmission was accomplished using infected USB devices. Virus transmission via what we used to call sneakernet. How cool is that?

xoxoxoBruce · 10-02-2010, 11:38 PM

I read that was how it was moved from the Iranian Industrial plant computers that are connected to the net, to the ones that aren't. I didn't state however, who did the moving, or if they knew they were doing it.

tw · 10-03-2010, 01:26 PM

From the Washington Post of 2 Oct 2010:

Quote:

Spy chief says Iran able to fight computer worm
The destructive Stuxnet worm has surprised experts because it is the first one specifically created to take over industrial control systems, like those at power plants, rather than just steal or manipulate data.

Apparently, the reason why it can do this and remain undetected - it also reprograms itself.

Happy Monkey · 10-04-2010, 03:42 PM

It doesn't so much reprogram itself as check for updates from the programmers.

I wonder if it would be possible to send out an "update" with the biggest possible version number and a harmless payload, and let it spread its own antidote.

xoxoxoBruce · 10-04-2010, 05:58 PM

How can it check for updates when it's on a machine isolated from the net?

Happy Monkey · 10-05-2010, 12:41 PM

The same way it got there in the first place. It doesn't check a home server (that would make it too easy to track back to that home server), it checks any machines it can contact for newer infections, and grabs them. An isolated machine would have to wait for an infected USB drive, or whatever else gave it its initial infection.

classicman · 10-05-2010, 12:55 PM

How does the newer, updated infection get to the "other machines"?

Happy Monkey · 10-05-2010, 01:06 PM

The same way the older, non-updated infection got there. Over the internet, if they're connected; USB drives or other infected media if they're not.

classicman · 10-05-2010, 01:15 PM

I thought they weren't connected to the internet. Wasn't that part of the issue? How are these USB's getting there.
Oh forget it - I'll just wait for the movie to come out.

TheMercenary · 10-05-2010, 01:29 PM

Quote:

Originally Posted by wolf

it's pretty clear that what's going on here is that Colossus is displeased.

I heard a news radio report today that indicated that most of the transmission was accomplished using infected USB devices. Virus transmission via what we used to call sneakernet. How cool is that?

I still don't see what the problem is. I guess it beats a tactical nuke.

09-28-2010, 12:15 AM	#16
xoxoxoBruce The future is unwritten Join Date: Oct 2002 Posts: 71,105	Running off half cocked again. sexobon's "surgical strike was referring to using this dedicated worm/virus to ferret out how much Siemens' equipment they have, and how it's distributed. We already know what type of processes use which Siemens' gear and software. __________________ The descent of man ~ Nixon, Friedman, Reagan, Trump.

09-28-2010, 08:29 AM	#18
classicman barely disguised asshole, keeper of all that is holy. Join Date: Nov 2007 Posts: 23,401	But, but but ... what about the Aliens? __________________ "like strapping a pillow on a bull in a china shop" Bullitt

10-02-2010, 10:55 PM	#21
wolf lobber of scimitars Join Date: Jul 2001 Location: Phila Burbs Posts: 20,774	it's pretty clear that what's going on here is that Colossus is displeased. I heard a news radio report today that indicated that most of the transmission was accomplished using infected USB devices. Virus transmission via what we used to call sneakernet. How cool is that? __________________ wolf eht htiw og "Conspiracies are the norm, not the exception." --G. Edward Griffin The Creature from Jekyll Island High Priestess of the Church of the Whale Penis

10-02-2010, 11:38 PM	#22
xoxoxoBruce The future is unwritten Join Date: Oct 2002 Posts: 71,105	I read that was how it was moved from the Iranian Industrial plant computers that are connected to the net, to the ones that aren't. I didn't state however, who did the moving, or if they knew they were doing it. __________________ The descent of man ~ Nixon, Friedman, Reagan, Trump.

10-04-2010, 03:42 PM	#24
Happy Monkey I think this line's mostly filler. Join Date: Jan 2003 Location: DC Posts: 13,575	It doesn't so much reprogram itself as check for updates from the programmers. I wonder if it would be possible to send out an "update" with the biggest possible version number and a harmless payload, and let it spread its own antidote. __________________ _________________ \|...............\| We live in the nick of times. \| Len 17, Wid 3 \| \|_______________\| [pics]

10-04-2010, 05:58 PM	#25
xoxoxoBruce The future is unwritten Join Date: Oct 2002 Posts: 71,105	How can it check for updates when it's on a machine isolated from the net? __________________ The descent of man ~ Nixon, Friedman, Reagan, Trump.

10-05-2010, 12:41 PM	#26
Happy Monkey I think this line's mostly filler. Join Date: Jan 2003 Location: DC Posts: 13,575	The same way it got there in the first place. It doesn't check a home server (that would make it too easy to track back to that home server), it checks any machines it can contact for newer infections, and grabs them. An isolated machine would have to wait for an infected USB drive, or whatever else gave it its initial infection. __________________ _________________ \|...............\| We live in the nick of times. \| Len 17, Wid 3 \| \|_______________\| [pics]

10-05-2010, 12:55 PM	#27
classicman barely disguised asshole, keeper of all that is holy. Join Date: Nov 2007 Posts: 23,401	How does the newer, updated infection get to the "other machines"? __________________ "like strapping a pillow on a bull in a china shop" Bullitt

10-05-2010, 01:06 PM	#28
Happy Monkey I think this line's mostly filler. Join Date: Jan 2003 Location: DC Posts: 13,575	The same way the older, non-updated infection got there. Over the internet, if they're connected; USB drives or other infected media if they're not. __________________ _________________ \|...............\| We live in the nick of times. \| Len 17, Wid 3 \| \|_______________\| [pics]

10-05-2010, 01:15 PM	#29
classicman barely disguised asshole, keeper of all that is holy. Join Date: Nov 2007 Posts: 23,401	I thought they weren't connected to the internet. Wasn't that part of the issue? How are these USB's getting there. Oh forget it - I'll just wait for the movie to come out. __________________ "like strapping a pillow on a bull in a china shop" Bullitt

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)