Friday, September 24, 2010

Stuxnet : first cyberwarfare “smart bomb” launched against Iran by CIA/MOSSAD creeps

When first discovered in 2010, the Stuxnet computer worm posed a baffling puzzle. Beyond its unusually high level of sophistication loomed a more troubling mystery: its purpose. Ralph Langner and team helped crack the code that revealed this digital warhead's final target -- and its covert origins. In a fascinating look inside cyber-forensics, he explains how....

4 Satellites lost in Space this it also Stuxnet....???

Stuxnet est un virus informatique qui cible notamment un logiciel du groupe allemand Siemens et permet de prendre le contrôle de certains équipements dans des sites industriels et qui a pu être créé dans le but de viser la centrale nucléaire iranienne de Buchehr, selon des experts informatiques....

Un virus très sophistiqué ne peut pas être l’œuvre d’un pirate informatique isolé, mais d’une organisation, voire d’un Etat, ajoutent les spécialistes qui ont décortiqué le virus....

Stuxnet, recherche dans les ordinateurs qu’il infecte un programme particulier, développé par Siemens et qui contrôle des oléoducs, des centrales électriques et d’autres installations industrielles. Au total 15 clients infectés ont été détectés, a reconnu le groupe allemand, mais “il n’y a eu en aucun cas de conséquences sur leur production”....

Stuxnet cible notamment les systèmes SCADA (Supervisory Control And Data Acquisition), qui sont des outils de télésurveillance et d’acquisition de données présent dans de nombreuses industries. Activé, il pourrait commander alors des valves ou d’autres composants industriels et endommager les installations touchées.

Si lors de sa découverte en juillet dernier, les experts estimaient que Stuxnet avait été crée pour l’espionnage industriel, le décryptage du code source du virus laisse désormais penser qu’il a été conçu pour paralyser et détruire physiquement des installations industrielles.

Le vers qui s’exécute et profite d’une faille sur les simple icones de raccourci windows se propage par l’intermédiaire de dispositifs USB. Une fois inséré dans une machine sous Windows, il se met à la recherche d’un système SCADA et se copie vers tout autre port USB occupé. Il peut rester tapi dans les ordinateurs en attendant d’identifier un système cible.

il est possible que Bushehr ait été infecté par un groupe russe travaillant sur la centrale iranienne JSC Atomstroyexport. Récemment ce dernier avait vu son site Web piraté et certaines de ses pages web sont toujours bloquées par les logiciels de sécurité, car ils sont connus pour héberger des logiciels malveillants.

Siemens a cependant indiqué à l’AFP n’avoir pas fourni son logiciel SCADA pour équiper Buchehr (En même temps Le groupe allemand a fourni tellement de choses aux autorités iraniennes dont des systèmes d’interception des communications électroniques Nokia Lawful Interception Gateway (LIG). Un système parmi d’autres qui pourrait également avoir fait les frais de Stuxnet.

Windows et Siemens ont depuis proposé un correctif, cependant selon plusieurs experts informatiques le problème n’est plus Stuxnet, mais la prochaine génération de virus qui va exploiter les modes de propagations et d’attaques “ouverts” par Stuxnet.

Lire l’analyse que faisait Symantec du virus en juillet dernier ici

A highly sophisticated computer worm that has spread through Iran, Indonesia and India was built to destroy operations at one target: possibly Iran’s Bushehr nuclear reactor.

That’s the emerging consensus of security experts who have examined the Stuxnet worm. In recent weeks, they’ve broken the cryptographic code behind the software and taken a look at how the worm operates in test environments. Researchers studying the worm all agree that Stuxnet was built by a very sophisticated and capable attacker — possibly a nation state — and it was designed to destroy something big.

Though it was first developed more than a year ago, Stuxnet was discovered in July 2010, when a Belarus-based security company discovered the worm on computers belonging to an Iranian client. Since then it has been the subject of ongoing study by security researchers who say they’ve never seen anything like it before. Now, after months of private speculation, some of the researchers who know Stuxnet best say that it may have been built to sabotage Iran’s nukes.

Last week Ralph Langner, a well-respected expert on industrial systems security, published an analysis of the worm, which targets Siemens software systems, and suggested that it may have been used to sabotage Iran’s Bushehr nuclear reactor. A Siemens expert, Langner simulated a Siemens industrial network and then analyzed the worm’s attack.

Experts had first thought that Stuxnet was written to steal industrial secrets — factory formulas that could be used to build counterfeit products. But Langner found something quite different. The worm actually looks for very specific Siemens settings — a kind of fingerprint that tells it that it has been installed on a very specific Programmable Logic Controller (PLC) device — and then it injects its own code into that system.

Because of the complexity of the attack, the target “must be of extremely high value to the attacker,” Langner wrote in his analysis.

This specific target may well have been Iran’s Bushehr reactor, now under construction, Langner said in a blog posting. Bushehr reportedly experienced delays last year, several months after Stuxnet is thought to have been created, and according to screen shots of the plant posted by UPI, it uses the Windows-based Siemens PLC software targeted by Stuxnet.

Langner thinks that it’s possible that Bushehr may have been infected through the Russian contractor that is now building the facility, JSC AtomStroyExport. Recently AtomStroyExport had its Web site hacked, and some of its Web pages are still blocked by security vendors because they are known to host malware. This is not an auspicious sign for a company contracted with handling nuclear secrets.

What is unique about Stuxnet is that it utilizes a new method of propagation. Specifically, it takes advantage of specially-crafted shortcut files (also known as .lnk files) placed on USB drives to automatically execute malware as soon as the .lnk file is read by the operating system. In other words, simply browsing to the removable media drive using an application that displays shortcut icons (like Windows Explorer) runs the malware without any additional user interaction.

When Stuxnet finally identifies its target, it makes changes to a piece of Siemens code called Organizational Block 35. This Siemens component monitors critical factory operations — things that need a response within 100 milliseconds. By messing with Operational Block 35, Stuxnet could easily cause a refinery’s centrifuge to malfunction, but it could be used to hit other targets too, Byres said.

Whoever created Stuxnet developed four previously unknown zero-day attacks and a peer-to-peer communications system, compromised digital certificates belonging to Realtek Semiconductor and JMicron Technology, and displayed extensive knowledge of industrial systems. This is not something that your run-of-the-mill hacker can pull off. Many security researchers think that it would take the resources of a nation state to accomplish.

Last year, rumors began surfacing that Israel might be contemplating a cyber attack on Iran’s nuclear facilities.

Bushehr is a plausible target, but there could easily be other facilities — refineries, chemical plants or factories that could also make valuable targets, said Scott Borg, CEO of the U.S. Cyber Consequences Unit, a security advisory group. “It’s not obvious that it has to be the nuclear program,” he said. “Iran has other control systems that could be targeted.”

When it was first discovered, 60 percent of the infected Stuxnet computers were located in Iran, according to Symantec.

Now that the Stuxnet attack is public, the industrial control systems industry has come of age in an uncomfortable way. And clearly it will have more things to worry about “The problem is not Stuxnet. Stuxnet is history,” said Langner in an e-mail message. “The problem is the next generation of malware that will follow.”

"How the 'NYT' swallowed the Stuxnet worm"

The Jews were between a rock and a hard place. They screamed that Iran's mythical nuclear program posed an existential threat to Israel. Yet they lacked the ability to attack Iran - and couldn't admit it - and were not able to force the Americans to commit imperial suicide by attacking Iran on behalf of the Jews. Thus, they ran the huge risk that Jews in Israel would believe their lies and decide to leave before being nuked.

Stuxnet was created to remove the mythical threat of Iran. It also provided more Jewish supremacist boosterism - look how smart we are! - and a new mythical high-level cooperation between the United States and Israel. Since the threat is gone, no attack is needed, and the Jews don't have to flee Israel. The chief Jewish supremacist organ, the New York Times, was employed to spread the good news.

As I have pointed out before, the Stuxnet story, with all its holes (described in great detail in the article cited above), isn't even internally consistent. How could a program which allegedly reduced Iranian nuclear fuel production by only 20% suddenly render the 'existential threat' harmless?

Iran doesn't have a nuclear program and Stuxnet didn't stop it. The New York Times is chock full of Jewish violent racist supremacist lies....