Israeli government again missed the chance to bomb Bushehr while the reactor was empty. Russians checked the reactor and started reloading uranium rods…. ………… ……. …….. ………… ……….. ….. ……. …… ………………… ……. …….. ………… ……….. ….. ……. …… ………………… ……. …….. ………… ……….. ….. ……. …… ………………… ……. …….. ………… ……….. ….. ……. …… ………
On August 5, I reported on the strong evidence that Iran had become the target of a state-sponsored cyber attack.
At that point it was already understood that the Stuxnet computer worm was almost certainly targeting Iran since that was the location of 60% of the computer systems affected. Moreover, since the worm targets Siemens SCADA (supervisory control and data acquisition) management systems that control energy utilities, and since its design strongly suggested that it had been created for sabotage, it seemed likely that the specific target was Iran’s nuclear program.
A German team of industrial cyber security experts who have analyzed the way the worm operates now claim that it may have been designed to attack the newly operational Bushehr nuclear reactor.
Ralph Langner envisages that the highly sophisticated attack would have required a preparation team that included “intel, covert ops, exploit writers, process engineers, control system engineers, product specialists, military liaison.”
The Christian Science Monitor reports:
Since reverse engineering chunks of Stuxnet’s massive code, senior US cyber security experts confirm what Mr. Langner, the German researcher, told the Monitor: Stuxnet is essentially a precision, military-grade cyber missile deployed early last year to seek out and destroy one real-world target of high importance — a target still unknown.
“Stuxnet is a 100-percent-directed cyber attack aimed at destroying an industrial process in the physical world,” says Langner, who last week became the first to publicly detail Stuxnet’s destructive purpose and its authors’ malicious intent. “This is not about espionage, as some have said. This is a 100 percent sabotage attack.”
On his website, Langner lays out the Stuxnet code he has dissected. He shows step by step how Stuxnet operates as a guided cyber missile. Three top US industrial control system security experts, each of whom has also independently reverse-engineered portions of Stuxnet, confirmed his findings to the Monitor.
“His technical analysis is good,” says a senior US researcher who has analyzed Stuxnet, who asked for anonymity because he is not allowed to speak to the press. “We’re also tearing [Stuxnet] apart and are seeing some of the same things.”
Other experts who have not themselves reverse-engineered Stuxnet but are familiar with the findings of those who have concur with Langner’s analysis.
“What we’re seeing with Stuxnet is the first view of something new that doesn’t need outside guidance by a human – but can still take control of your infrastructure,” says Michael Assante, former chief of industrial control systems cyber security research at the US Department of Energy’s Idaho National Laboratory. “This is the first direct example of weaponized software, highly customized and designed to find a particular target.”
“I’d agree with the classification of this as a weapon,” Jonathan Pollet, CEO of Red Tiger Security and an industrial control system security expert, says in an e-mail.
Langner’s research, outlined on his website Monday, reveals a key step in the Stuxnet attack that other researchers agree illustrates its destructive purpose. That step, which Langner calls “fingerprinting,” qualifies Stuxnet as a targeted weapon, he says.
Langner zeroes in on Stuxnet’s ability to “fingerprint” the computer system it infiltrates to determine whether it is the precise machine the attack-ware is looking to destroy. If not, it leaves the industrial computer alone. It is this digital fingerprinting of the control systems that shows Stuxnet to be not spyware, but rather attackware meant to destroy, Langner says.
Langer speculates that Iran’s Bushehr nuclear power plant may have been the Stuxnet target. He also writes: “The forensics that we are getting will ultimately point clearly to the attacked process — and to the attackers. The attackers must know this. My conclusion is, they don’t care. They don’t fear going to jail.”
If Bushehr was indeed the target, it may have presented itself first and foremost as a target of opportunity. From the point of view of governments with an interest in sabotaging Iran’s nuclear program, Bushehr would not be the most attractive target, but access provided to Russian contractors may have made it the easiest target.
Last September, Reuters reported: “Israel has been developing ‘cyber-war’ capabilities that could disrupt Iranian industrial and military control systems.”
So let’s assume that using Stuxnet, Israel has indeed launched the world’s first precision, military-grade cyber missile. What are the implications?
1. Iran has been served notice that not only its nuclear facilities but its whole industrial infrastructure is vulnerable to attack. As Trevor Butterworth noted: “By demonstrating how Iran could so very easily experience a Chernobyl-like catastrophe, or the entire destruction of its conventional energy grid, the first round of the ‘war’ may have already been won.”
2. The perception that it has both developed capabilities and shown its willingness to engage in cyberwarfare, will serve Israel as a strategic asset even if it never admits to having launched Stuxnet.
3. When it comes to cyberwarfare, Israel ranks as a major global power. It’s own tiny infrastructure makes it much less vulnerable to attack than is the sprawling infrastructure of the United States. It’s highly developed military IT industry means that it not only has great domestic human resources but that Israeli IT specialists, through research and employment, have the best possible access to most of the leading development facilities and vendors around the world.
4. As a cyber arms race takes off, we should not imagine that it will be like other arms races where power resides more in capabilities than in the use of those capabilities. “Whereas nuclear weapons have been used twice in human history, cyber weapons are employed daily and there is therefore an existential need to create some form of regulatory system that allows more than implicit deterrence,” says Robert Fry.
5. If AQ Khan demonstrated the ease with which a nuclear proliferation network can operate, the fact that the raw material upon which cyberwarfare is based is arguably the most easily transferable object on the planet — computer code — means that in certain ways the era of cyberwarfare may prove to be more dangerous than the nuclear era.
6. In the strategic landscape of cyberwarfare the most dangerous player may turn out to be a small but highly developed fortress-state that feels threatened by much of the rest of the world; that neither trusts nor is trusted by any of its allies; that sees its own stability enhanced by regional instability; that has seen its own economic fortunes rise while the global economy suffers; and that views with contempt the notion of an international community.
Paul Woodward says it like a Computer Virii Vs. Iran is a bad thing? Also… Israel is not the only people in the world that want Iran’s Nuclear advancement to move offline. There are myriads of states that fear Iran. I probably shouldn’t be posting this in that this site is beyond bias… but I was amused by the story.
Langner’s analysis also shows, step by step, what happens after Stuxnet finds its target. Once Stuxnet identifies the critical function running on a programmable logic controller, or PLC, made by Siemens, the giant industrial controls company, the malware takes control. One of the last codes Stuxnet sends is an enigmatic “DEADF007.” Then the fireworks begin, although the precise function being overridden is not known, Langner says. It may be that the maximum safety setting for RPMs on a turbine is overridden, or that lubrication is shut off, or some other vital function shut down. Whatever it is, Stuxnet overrides it, Langner’s analysis shows.
“After the original code [on the PLC] is no longer executed, we can expect that something will blow up soon,” Langner writes in his analysis. “Something big.”
For those worried about a future cyber attack that takes control of critical computerized infrastructure – in a nuclear power plant, for instance – Stuxnet is a big, loud warning shot across the bow, especially for the utility industry and government overseers of the US power grid.
“The implications of Stuxnet are very large, a lot larger than some thought at first,” says Mr. Assante, who until recently was security chief for the North American Electric Reliability Corp. “Stuxnet is a directed attack. It’s the type of threat we’ve been worried about for a long time. It means we have to move more quickly with our defenses – much more quickly.”
Has Stuxnet already hit its target?
It might be too late for Stuxnet’s target, Langner says. He suggests it has already been hit – and destroyed or heavily damaged. But Stuxnet reveals no overt clues within its code to what it is after.
A geographical distribution of computers hit by Stuxnet, which Microsoft produced in July, found Iran to be the apparent epicenter of the Stuxnet infections. That suggests that any enemy of Iran with advanced cyber war capability might be involved, Langner says. The US is acknowledged to have that ability, and Israel is also reported to have a formidable offensive cyber-war-fighting capability.
Could Stuxnet’s target be Iran’s Bushehr nuclear power plant, a facility much of the world condemns as a nuclear weapons threat?
Langner is quick to note that his views on Stuxnet’s target is speculation based on suggestive threads he has seen in the media. Still, he suspects that the Bushehr plant may already have been wrecked by Stuxnet. Bushehr’s expected startup in late August has been delayed, he notes, for unknown reasons. (One Iranian official blamed the delay on hot weather.)
But if Stuxnet is so targeted, why did it spread to all those countries? Stuxnet might have been spread by the USB memory sticks used by a Russian contractor while building the Bushehr nuclear plant, Langner offers. The same contractor has jobs in several countries where the attackware has been uncovered.
“This will all eventually come out and Stuxnet’s target will be known,” Langner says. “If Bushehr wasn’t the target and it starts up in a few months, well, I was wrong. But somewhere out there, Stuxnet has found its target. We can be fairly certain of that.”
The international headlines this morning are on the drama of an apparent public row between the Iranian and Russian leaders.
The fuse was lit in a speech by President Ahmadinejad in Kerman. As usual, he focused on the international rather than the domestic front, but this time he had a surprise:
Today it has become very difficult to explain [Russian President Dmitry] Medvedev’s behaviour to our people. Iranians do not understand whether they (the Russians) are our neighbour and friend standing by our side or are after other things.
But non-Western media really noticed the bangs when Moscow, through Presidential advisors, fought back. Foreign Policy specialist Sergei Prikhodko stated:
Any unpredictability, any political extremism, lack of transparency or inconsistency in taking decisions that affect and concern the entire world community is unacceptable for us. It would be good if those who are now speaking in the name of the wise people of Iran … would remember this.
Russia has been playing a balancing game between Tehran and “Western” powers for months. Medvedev was one of the rare leaders who dared to appear in public with Ahmadinejad last summer, and the Russians maintained that projects such as the Bushehr nuclear power plant would be completed.
On the other hand, Medvedev — in contrast to his Foreign Ministry — has publicly signalled since last autumn that further sanctions can be considered if Iran did not shift its position over uranium enrichment. The Russians have delayed shipments and confirmation of contracts over missiles, and Bushehr’s opening date repeatedly slips.
Even last week, the Janus-faced policy of Russia continued. The sharp US response, with the introduction of a sanctions resolution to the UN Security Council, to the Iran-Brazil-Turkey declaration on uranium enrichment came after discussions with Russian Foreign Minister Sergei Lavrov. Yet Moscow restated that Bushehr would come on-line in August, and the US press reported that Russian suppliers would continue to send missile components to Tehran.
So what happened for Ahmadinejad to disrupt the balance with his public statement? The obvious speculation is that Russia has refused to peel away from the sanctions move in the UN, but the truth is we don’t know. It’s unlikely that the warning from the Iran President is going to worry Moscow — what cards of pain can Tehran play against the Russians? — so Ahmadinejad’s statement appears as pique, anger, or even miscalculation.
For its part, the US has kept quiet, which seems the wise move. And China, the other “balancing” power in the UN Security Council, has also said nothing.
no doubt there is a quarrel, but is it good friends having a difference or is the Russian Bear ready to backstab their friend? Let’s analyze what Russia loses by losing Iran. a friendly neighbor… obviously, but more so they would lose the energy reserves in the Black Sea that Tehran has in the past been aggressive about. Certainly Russia has it’s own energy reserves. Perhaps Russia is feeling the pressure to betray and is weighing it’s options. Foreign Minister of Israel felt that Israel’s best bet during the Obama era was to cozy up to Moscow. My guess is Iran is having a tantrum.
or perhaps this is what the big feud was about:
Most of the projectiles in the Syrian, Hizballah and Hamas arsenals are propelled by liquid fuel and therefore take 50 minutes to 1 hour to load and loose at assigned targets. During this time gap, they are vulnerable to air attack. As a bridging device, western intelligence sources believe the joint command in Damascus plans to attack Israel with synchronized missile fire from Iran and Syria during the time Israeli warplanes are hammering, say, Hizballah batteries in Lebanon.
The thinking in Tehran and Damascus is that the Israeli Air Force will find it hard to tackle three or four fronts simultaneously.
Tehran and Damascus are therefore building air shields around their missile bases and launching sites, for which purpose Assad asked Russian President Dmitry Medvedev to speed up the delivery of the advanced Russian Pantsir anti-aircraft missiles when the latter visited Damascus on May.
Medvedev promised to accede to this request.
debkafile’s military sources recall that the same Russian Pantsir missiles were ineffective in preventing the September 2007 air strike, by which Israel destroyed the North Korean plutonium reactor financed by Tehran at Al-Azur in northern Syria.