A friend sent me the story below:

Stuxnet malware is 'weapon' out to destroy ... Iran's Bushehr nuclear plant?
The Christian Science Monitor
[url=http://news.yahoo.com/s/csm/327178][/url] http://news.yahoo.com/s/csm/327178

By Mark Clayton Mark Clayton Tue Sep 21, 3:08 pm ET

Cyber security experts say they have identified the world's first known cyber super weapon designed specifically to destroy a real-world target – a factory, a refinery, or just maybe a nuclear power plant.

The cyber worm, called Stuxnet, has been the object of intense study since its detection in June. As more has become known about it, alarm about its capabilities and purpose have grown. Some top cyber security experts now say Stuxnet's arrival heralds something blindingly new: a cyber weapon created to cross from the digital realm to the physical world – to destroy something.

At least one expert who has extensively studied the malicious software, or malware, suggests Stuxnet may have already attacked its target – and that it may have been Iran's Bushehr nuclear power plant, which much of the world condemns as a nuclear weapons threat.
(Follow link for the rest of the story)

Another example, in April 2009, pervasive espionage, penetrating the U.S. electrical grid by cyberspies from China, Russia and other countries was disclosed. The intrusions were not limited to a particular company, region or infrastructure system and the intruders left behind dormant software programs that could be activated to disrupt the systems. ("Electricity Grid in U.S. Penetrated By Spies", by Siobhan Gorman, April 8, 2009, http://online.wsj.com/article/SB123914805204099085.html)

Michael Fitzpatrick, CEO of the information risk management firm NCX Group, was discussing cyber security and said “If man made it, man can break it.” (Curtis Sliwa radio show, August 30, 2009).


A good reason to begin one's preparations using low tech, without any outside utilities or assistance. Anything on top of that is "gravy".

If it requires batteries, recharging, refueling, etc. by means which you don't control or can't create from materials on hand, look for a lower tech option.

The Iranian Nuke plant control computers are most likely running Linux (there is a US trade embargo on Iran, so probably wouldn't be able to get a Windows License ). A most sensible precaution when running a high risk project such as a civilian nuclear plant which foreign powers have been threatening to destroy for some time now.

What is potentially worrying though is the fact that many of the computer system for the US and UK nuclear deterrent (sorry its a word that has gone out of fashion lately since the end of the cold war) such as the Trident Nuclear submarines use Windows 2000.

I think I've got a terminal services window running right now. (only kidding NSA...)

As for the Grid going down in the USA due to a hacking and malicious typing of del *.* in a DOS window using Remote desktop help (the Mongolian sitting in his yurt), its these guys you have to worry about.

http://www.youtube.com/watch?v=q1fFivb5qFs

I thought many of the current server systems were running Linux?

Dunno, my wood pile and root cellar have been offline for a while. The old Fender acoustic too; still kicks out tunes. And the old 1938 .303 still makes an impressive boom, with attendant results.

Yes, grid-connected things may be somewhat vulnerable to mischief or malice or dumb-ass-ery; but that's not news. The grid is a convenience (a significant one); but nobody I know will curl up in a ball and quit living while it's patched up.

Meanwhile, I'm researching the latest, greatest novel (using bloody books, if you can believe it!). Blank verse was invented before electricity; maybe that's a place to start?

I was watching a show one day (I think it was on the Discovery Channel of the History Channel) where they did this. They caused a generator to overload and fry itself. Realtime, with a camera pointed at it so you could watch it cook itself.

Anything that is controlled by a computer can be killed with enough effort.

In my line of work (security systems and fire alarm systems) you generally see that the amount of money and trouble someone is willing to put into protecting something is directly proportional to the value of that which needs protecting.

We do everything from systems with just a single door contact that just dial out over the phone line, up to systems that cover every inch of a building (and I mean EVERY inch) and are monitored via phone line, network, AND long-range radio.

We do our part to keep the bad guys from physically gaining entry into the space, but it's amazing what someone can do with a computer nowadays to mess stuff up.

The story is rather speculative but the code writers of the high targeted Stuxnet malware would most likely have required very specialist knowledge. The main thrust of the story was that the Stuxnet malware was used to target a particular SCADA/PLC network (or even an individual PLC) to cause the destruction of the plant being process controlled by that PLC by recognising a particular process variable or subroutine name. This would have required detailed knowledge of the Programmable Logic Control ladder logic program of the targeted system.

Of course if the Bushehr nuclear plant attack was successful then no doubt it would have made the CNN nightly news.

But looking back at recent high profile news stories of things going bang then the Transocean Mexican Gulf Oil disaster could easily have been the target especially when you consider that the Siemens WinCC Simatic SCADA process control software systems are heavily used by Transocean.

Now there would be a juicy Hollywood conspiracy theory. An Israeli Mossad attempt to destroy an Iranian Nuke plant accidentally results in the worst environmental disaster in US history simply because the process name DEADF007 in a SCADA PLC control system happens to be common to both the Transocean Deepwater Horizon rig and the Iranian Bushehr Nuke plant.

Here's a bit more information from the Financial Times.

http://www.ft.com/cms/s/0/e9d3a662-c740-11df-aeb1-00144feab49a.html

The Stuxnet computer worm spreads through previously unknown holes in Microsoft’s Windows operating system and then looks for a type of software made by Siemens and used to control industrial components, including valves and brakes.

Stuxnet can hide itself, wait for certain conditions and give new orders to the components that reverse what they would normally do, the experts said. The commands are so specific that they appear aimed at an industrial sector, but officials do not know which one or what the affected equipment would do.

This news article could be an interesting psy-ops action to make the Iranians paranoid. Having to constantly check all their computers would slow them down.

-Blast

From what I have gathered the Stuxnet malware.worm had multiple infection vectors to the attempted target system and attempted to use as many Windows vulnerabilities as possible to get to the target system, even the distribution of USB sticks (maybe even planted throughout Afghanistan, Pakistan, Iraq etc i.e. Central Asia) hoping they would make their way into Iran.

This photo is interesting;



This photo apparently shows a windows screen shot of an actual process plant in operation at the Bushehr nuclear plant. No valid Siemens license is in use. Perhaps the rewriting PLC payload of the Stuxnet malware.worm was obstructed i.e. a valid license was required for remote reconfiguration of the PLC target in question. Perhaps the Iranians were already hand coding the PLCs via the PLC interfaces as a work around and this potentially saved the Bushehr nuclear plant from going bang. The published photo could be a two fingers, up yours response to those who initially created the malware.worm. It may have been quickly discovered by the Iranians and quickly reverse engineered to be sent back to potentially create havoc with other process control system that are used heavily around the rest of the world.

Perhaps its the western countries that are currently paranoid especially if the actual PLCs have been rewritten (apparently the recoding of the PLC is difficult to determine from an intial inspection) even though the actual windows Stuxnet malware.worm has been removed from the SCADA Windows based hub computer/controller.

The other worrying issue is that Western nuclear submarines (the main nuclear deterrent) all have a nuclear plant process systems for their main propulsion systems. Hopefully the USN and RN have a strict security policy with regard to USB sticks/cell phones/digital cameras etc getting on board.

OK, count me as confused.
Why would you connect a sensitive computer system to the public internet?
If I was worried about securing it I would simply cut all outside connections.