#Stuxnet was out of control

June 15, 2013

http://israelmatzav.blogspot.com/2013/06/stuxnet-was-out-of-control-we-had-to.html

How many large-scale cyberattacks have taken place to this day?
“You can count them on one hand, but the pace of attacks is growing. Today there are various kinds of cyberattacks, and criminal organizations are entering this field and offering their services to governments and commercial companies. They have their own forums, their own social networks, and they run their own parallel world. Unfortunately, many countries suffer from these cyberwars.”
You are supposed to help the good guys stop the bad guys. If so, why did you reveal the Stuxnet [The Stuxnet computer worm of 2010, which destroyed several Iranian nuclear centrifuges, was revealed as a joint U.S.-Israeli cyberweapon aimed at specific Iranian nuclear facilities]?
“That virus spun out of control. Although it was intended to stop the progress of Iran’s nuclear program, it also damaged 100,000 computers all over Europe. There was a need to stop it. Cyberwars act like boomerangs. In the real world, when you launch a missile, it hones in on a target and then it is completely destroyed. A virtual missile, however, is not destroyed. The attacking side could intercept it, change a few lines of code, and send it back to whoever launched it in the first place. So it would be advisable for governments not to enter cyberwars because in a boomerang war there are no winners.”
The Stuxnet worm, which allegedly attacked the Natanz plant by altering the frequency at which motors connected to gas centrifuges that separate uranium isotopes turn, formed part of a wave of digital attacks on the country in 2009 and 2010.


Romney slams Obama for lecturing Israel

July 25, 2012

(Carl)The Republican presidential candidate also slammed Obama, alleging without mentioning specifics, that officials in his administration had leaked details of American cyber-attacks on Iran, and for, as he perceived, not succeeding sufficiently at undermining Iranian efforts to develop nuclear weapons.

that explains why Obama is now saying there is a MOLE in the WHITEHOUSE


#Obama discloses #Mossad’s #Stuxnet for electoral reasons.

June 9, 2012

(other) Mossad: “Stuxnet is our Baby” Pres Obama disclosed it for electoral reasons.(TA).Israel’s officials have a message for anyone praising the CIA for its sophisticated cyber attack on Iran: It was our baby. The Stuxnet computer worm, described by David Sanger in The New York Times last week as an invention by the Bush administration, was actually developed by Mossad, according to Israeli officials speaking with Haaretz journalist Yossi Melman on condition of anonymity:

The Israeli officials actually told me a different version. They said that it was Israeli intelligence that began, a few years earlier, a cyberspace campaign to damage and slow down Iran’s nuclear intentions. And only later they managed to convince the USA to consider a joint operation — which, at the time, was unheard of.

The irony of course is that both U.S. and Israeli officials spent years denying knowledge of who carried out the attacks, which reportedly destroyed thousands of Iran’s centrifuges, ever since it became public in 2010. Now that it’s out, it’s time to claim credit! Of course, if you read Sanger’s account, he certainly doesn’t diminish the expertise of Israel’s spies:

Israel’s Unit 8200, a part of its military, had technical expertise that rivaled the N.S.A.’s, and the Israelis had deep intelligence about operations at Natanz that would be vital to making the cyberattack a success.

Regardless, these Israeli officials say Sanger’s account was too generous to the CIA. Amusingly, one of the officials tries to play it cool, in his remark to Melman:
My Israeli sources understand the sensitivity and the timing of the issue and are not going to be dragged into a battle over taking credit. “We know that it is the presidential election season,” one Israeli added, ”and don’t want to spoil the party for President Obama and his officials, who shared in a twisted and manipulated way some of the behind-the-scenes secrets of the success of cyberwar.”
Translation: We don’t need to tell anyone we’re the ones responsible for Stuxnet, but just so you know, we’re responsible for Stuxnet.Read the full story here.

well… um duh


Experts say Iran has ‘neutralized’ Stuxnet virus

February 15, 2012

(Reuters via JPost)Iranian engineers have succeeded in neutralizing and purging the computer virus known as Stuxnet from their country’s nuclear machinery, European and US officials and private experts have told Reuters.
The malicious code, whose precise origin and authorship remain unconfirmed, made its way as early as 2009 into equipment controlling centrifuges Iran is using to enrich uranium, dealing a significant but perhaps temporary setback to Iran’s suspected nuclear weapons work.
Many experts believe that Israel, possibly with assistance from the United States, was responsible for creating and deploying Stuxnet. But no authoritative account of who invented Stuxnet or how it got into Iran’s centrifuge control equipment has surfaced.
US and European officials, who insisted on anonymity when discussing a highly sensitive subject, said their governments’ experts agreed that the Iranians had succeeded in disabling Stuxnet and getting it out of their machinery.


Iran has detected Duqu computer virus

November 14, 2011
TEHRAN (Reuters) – Iran said on Sunday it had detected the Duqu computer virus that experts say is based on Stuxnet, the so-called “cyber-weapon” discovered last year and believed to be aimed at sabotaging the Islamic Republic’s nuclear sites.

The head of Iran’s civil defense organization told the official IRNA news agency that computers at all main sites at risk were being checked and that Iran had developed software to combat the virus.

“We are in the initial phase of fighting the Duqu virus,” Gholamreza Jalali, was quoted as saying. “The final report which says which organizations the virus has spread to and what its impacts are has not been completed yet.

“All the organizations and centers that could be susceptible to being contaminated are being controlled,” he said.

News of Duqu surfaced in October when security software maker Symantec Corp said it had found a mysterious virus that contained code similar to Stuxnet.

While Stuxnet was aimed at crippling industrial control systems and may have destroyed some of the centrifuges Iran uses to enrich uranium, experts say Duqu appeared designed to gather data to make it easier to launch future cyber attacks.

Symantec said: “Duqu is essentially the precursor to a future Stuxnet-like attack.” Instead of being designed to sabotage an industrial control system, the new virus is designed to gain remote access capabilities, it said in a report issued last month.

Iran said in April it had been targeted by a second computer virus which it identified as “Stars.” It was not immediately clear if Stars and Duqu were related but Jalali described Duqu as the third virus to hit Iran.

Tehran said Stuxnet had not inflicted serious damage before it was detected and blamed the United States and Israel for the virus which appeared to be aimed at crippling the nuclear program they say is aimed at making atomic weapons, a charge Iran denies.

The International Atomic Energy Agency issued a report last week that contained what it called credible evidence pointing to military dimensions to Iran’s atomic activities, fueling demands in Washington and Europe for further sanctions.

Iran dismissed the report as politicized and full of “lousy” and unreliable intelligence work. The speaker of Iran’s parliament said on Sunday the assembly would “review” relations with the U.N. nuclear watchdog.


New variant of Stuxnet discovered

October 19, 2011

(EOZ h/t CHA, Zach) From eWeek:
A new worm targeting industrial control system manufacturers has a strong resemblance to Stuxnet, leading researchers to dub it “Son of Stuxnet”
Symantec researchers have discovered a new worm in the wild that has the potential to attack and cripple industrial control systems, much like Stuxnet did.
The new worm, dubbed Duqu, shares a lot of the code with Stuxnet, leading Symantec researchers to believe it was either created by the same team or by another group with access to the Stuxnet source code, Symantec researchers said in a 46-page whitepaper released Oct. 18. Unlike Stuxnet, which was designed to attack a very specific type of computer system, Duqu does not have appear to have a clear target.
Discovered a little over a year ago, Stuxnet is considered one of the most sophisticated pieces of malware ever developed. It compromised several industrial control systems at Iran’s Natanz nuclear facility. Observers believe Iran’s nuclear program had been set back years by the malware. Despite the fact that researchers around the world have analyzed Stuxnet, the source code is “not out there,” according to Mikko Hypponen, chief research officer of F-Secure, noting that “only the original authors have it.”
“Duqu is essentially the precursor to a future Stuxnet-like attack,” Symantec Security Response researchers wrote on the Symantec Connect blog. The researchers did not speculate on its origins.
Considering the time and resources required to develop tools like this, Lookingglass’ CTO Jason Lewis told eWEEK that a nation state was the likely author.
Duqu’s primary purpose at the moment appears to be intelligence-gathering from industrial control system manufacturers, according to Symantec. …
“The key thing missing here, unlike Stuxnet, is we don’t know what they are looking for,” Symantec said.
At the moment, Duqu only creates a back door on infected systems and connects with a command-and-control server somewhere in India, according to Symantec. The backdoor is open precisely for 36 days, after which the malware self-destructs.
The C&C server appears to not have sent any instructions yet, Symantec said. The short 36 day lifecycle implies there is a specific target, according to Lewis.
According to McAfee’s analysis of the worm, the malware installs drivers and encrypted DLLS that can act as keyloggers on the system to monitor all processes and messages. It also has no mechanism to replicate itself.
McAfee researchers Guilherme Venere and Peter Szor are fairly confident that Duqu was created by the same developers responsible for Stuxnet. They based their conclusions on the fact that both viruses utilize similar encryption keys and techniques, injection code and fraudulent digital certificates which had been issued to companies in Taiwan. The digital certificate keys appear to be real, which also make the programs look legitimate.
I don’t know how difficult it is to modify Stuxnet to do other things, but the description here isn’t making much sense to me. I cannot see the value of using already-known exploits to try to gather new infomation when everyone with any concept of computer security would have already put up defenses against it.
On the other hand, Symantec says that this code uses a new stolen digital certificate from Taiwan that had not been breached before, and that the code seems to have been written in December 2010. A normal hacker is not usually able to steal digital certificates – that requires real-world espionage.


Stuxnet: Anatomy of a Computer Virus

June 19, 2011

I posted this when I wasn’t terribly sober. it is well done and trippy when I’m completely blitzed… but at a closer look… (1) map of Israel without Jerusalem, Judea and Samaria gives away the bias of the director and (2) the video attempts to paint a negative picture of the virus and blames it’s initiators for distribution to terrorist regimes who are mutating the virii. these regimes didn’t need whoever started this to finish this. hackers share things regardless of if the thing had a newsworthy story.

Worm from Patrick Clair h/t challah hu akbar.