It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Thank you.
Some features of ATS will be disabled while you continue to use an ad-blocker.
(visit the link for the full news article)
IDG News Service - A highly sophisticated computer worm that has spread through Iran, Indonesia and India was built to destroy operations at one target: possibly Iran's Bushehr nuclear reactor.
That's the emerging consensus of security experts who have examined the Stuxnet worm. In recent weeks, they've broken the cryptographic code behind the software and taken a look at how the worm operates in test environments. Researchers studying the worm all agree that Stuxnet was built by a very sophisticated and capable attacker -- possibly a nation state -- and it was designed to destroy someth
Originally posted by BomSquad
All I can say is WOW. This is the first time I have heard of state sponsored espionage using a worm designed for a seemingly single purpose. To sabotage a nuclear reactor.
Researchers studying the worm all agree that Stuxnet was built by a very sophisticated and capable attacker -- possibly a nation state -- and it was designed to destroy something.
What kind of implications does this give?
I can only image that the US/Israel is behind this "attack". They are the most vocal about Iranian nuclear ambitions. But could it be the Chinese trying to cast suspicion on the US/Israel, further weakening the US/Israels position on the world stage? I would not put it past them.
I will definitely be interested to see where this story leads...
Experts had first thought that Stuxnet was written to steal industrial secrets -- factory formulas that could be used to build counterfeit products. But Langner found something quite different. The worm actually looks for very specific Siemens settings -- a kind of fingerprint that tells it that it has been installed on a very specific Programmable Logic Controller (PLC) device -- and then it injects its own code into that system.
This specific target may well have been Iran's Bushehr reactor, now under construction, Langner said in a blog posting. Bushehr reportedly experienced delays last year, several months after Stuxnet is thought to have been created, and according to screen shots of the plant posted by UPI, it uses the Windows-based Siemens PLC software targeted by Stuxnet.
Peterson believes that Bushehr was possibly the target. "If I had to guess what it was, yes that's a logical target," he said. "But that's just speculation."
Langner thinks that it's possible that Bushehr may have been infected through the Russian contractor that is now building the facility, JSC AtomStroyExport. Recently AtomStroyExport had its Web site hacked, and some of its Web pages are still blocked by security vendors because they are known to host malware. This is not an auspicious sign for a company contracted with handling nuclear secrets.
Originally posted by Mobius1974
Originally posted by BomSquad
All I can say is WOW. This is the first time I have heard of state sponsored espionage using a worm designed for a seemingly single purpose. To sabotage a nuclear reactor.
All I can say is WOW... Sensationalist rubbish!!!
"This is not some hacker sitting in the basement of his parents' house. To me, it seems that the resources needed to stage this attack point to a nation state,"..."It is a very big project, it is very well planned, it is very well funded," he said. "It has an incredible amount of code just to infect those machines."
"It is rare to see an attack using one zero-day exploit," Mikko Hypponen, chief research officer at security firm F-Secure, told BBC News. "Stuxnet used not one, not two, but four." He said cybercriminals and "everyday hackers" valued zero-day exploits and would not "waste" them by bundling so many together.
During the presentation we will also show the code used and give demonstrations on the more malevolent and intriguing parts of the threat, namely the PLC/STL rootkit and the ability to control real-life physical systems. With this threat, the attackers are capable of injecting code into industrial control systems and hiding that code from the designers and operators of the ICS giving the attackers full control over the day-to-day functionality of the physical system under attack.
The 24th Air Force was certified for operation yesterday by the head of the Air Force Base Command, according to a report in the San Antonio Business Journal. The unit stationed at Lackland Air Force Base will begin cyber security operations immediately.
Air Force Cyber Command to go Operational
8/18/2009 - LACKLAND AIR FORCE BASE, Texas (AFNS) -- Air Force officials here activated the newest numbered Air Force and realigned two units under its command in a joint ceremony here Aug. 18.
The 24th Air Force activation under Air Force Space Command is a major milestone in the combination of space and cyberspace operations within one command.
Gen. C. Robert "Bob" Kehler, the commander of Air Force Space Command, presided over the ceremony to activate the numbered Air Force.
Maj. Gen. Richard E. Webber is the first commander of the numbered Air Force dedicated to cyberspace. The 24th Air Force staff will provide combat-ready forces trained and equipped to conduct sustained cyber operations, fully integrated within air and space operations.
After the 24th Air Force was activated, General Webber, presided over two additional events, the redesignation of the Air Force Information Operations Center as the 688th Information Operations Wing and the realignment of the 67th Network Warfare Wing under the 24th Air Force.
The Official Website for the U.S. Air Force
It's the first known malware attack to target power plant and factory floor systems, but the Stuxnet worm also has opened the door to a whole new level of attack that could execute the unthinkable, manipulating and sabotaging power plants and other critical infrastructure systems.
Stuxnet has been under the microscope over the past few days as researchers around the world have picked apart and analyzed the malware's makeup and possible intent. No one knows for sure yet who is behind it -- many point to some nation-state link due to its many layers of expertise and the sophistication of the attack -- nor its specific goal, but most agree that it's a game-changer.
"We've never seen anything like this before," says Liam O Murchu, manager of operations for Symantec Security Response, which has been one of the leading teams of researchers to study the malware. "It infects those PLCs that control real, live machinery, and can have physical affects in the real world. Turning off essential parts of a plant could have drastic affects."
Originally posted by Heyyo_yoyo
I can concur with the assumption however what's to stop an intelligent coder from acquiring a copy of this virus and utilising it against the west?
The Stuxnet worm, which was discovered in June and has infected more than 100,000 computer systems worldwide, is designed to attack the Siemens Simatic WinCC SCADA system. SCADA systems, short for “supervisory control and data acquisition,” are programs installed in pipelines, nuclear plants, utility companies and manufacturing facilities to manage operations. Read More www.wired.com...
Computerworld - A security researcher today revealed yet another way that the Stuxnet worm spreads, a tactic that can re-infect machines that have already been scrubbed of the malware.
The new information came on the heels of admissions by Iranian officials that Stuxnet had infected at least 30,000 of the country's Windows PCs, including some of the machines at the Bushehr nuclear reactor in southwestern Iran.