Stuxnet Details Revealed

"Intelligence agencies, computer security companies and the nuclear industry have been trying to analyze the worm since it was discovered in June by a Belarus-based company that was doing business in Iran"

Then two paragraphs down :

"Stuxnet is an incredibly advanced, undetectable computer worm that took years to construct........"

Well, if it was undetectable how was it discovered? Typical Faux News hyperbole.

That story is lacking so much in detail that one has to wonder about its intent. Their description makes it sound like Sky-net.

The method of infection and the complexity behind it seems a little farfetched. To have it travel via the internet, take advantage of Windows 7 vulnerabilities, use certificates, and somehow 'jump' from a PC to the PLC network seems like one hell of a lot of effort. If the centrifuge systems were not connected to the internet, then the easiest way to infect such a system would be to put the worm in a code update or to have it installed in the PLC before delivery. Why bother with anything else?

Computers are useless if you don't have some way of transferring data to/from them. Even isolated computers are connected by "sneakernet," and the security of that is limited to that of the laziest, most ignorant or most hurried technician accessing the network, over the course of the system's entire lifetime.

That's why you need some sort of boot-sector pathway in your super-secret undetectable artificially intelligent super-worm. (Finally, a virus with some balls! Previous attempts have been disappointingly lame because the world's computer security has been so lax.)

It's more detail than I had read previously.

I'm not a computer expert, it does sound far fetched, but definitely doable. I threw it up here for members to discuss, debate or shed some light on the likelihood of this scenario..........or more importantly, if anything like this was released in the US.

Not looking for any top secret info, just thoughts.

As I recall, the article doesn't say that interfering with the study of the virus after its discovery was done by the virus itself. That's very risky behavior that occured out in the interconnected wild, with billions of potential investigators to hunt down the perpetrator(s). The article also doesn't say that the original virus was programmed to mutate or exhibited other AI-like behavior.

You just can't put a lot of logic into something that's putatively undetectable. But you can put enough in to give you a back door into a "disconnected" system.

One minor mystery is, if the virus penetrates an isolated network, there's no way for it to "phone home" like it allegedly did. The only way that works is if it "phones home" the way it got in, via the portable medium once it's reconnected to the internet. So, at least one bit needed to change in this undetectable little piece of code, the bit that indicates "target infected."

Once the hacker receives word that the initial penetration is successful, they can release an update that penetrates in the same way. This one can be targeted to the specific vulnerability and presumably made more sophisticated. Also to report its activities (or not) via a new mechanism.

Even Hollywould can't imagine any basement-based hacker having nearly the resources or know-how to pull this off. It's the kind of thing one would expect from the world's most advanced computing nation's intelligence infrastructure. (Clever people, those Chinese. )

They also needed a lot of luck to make it happen. To spend that much time on a worm, and have success based on the idea that nuclear scientists would work at home using flash drives, and that their personal computers would pick up the infection is pretty wild.

Considering Iran's paranoia, whoever wrote and implemented the worm was probably thinking the chance of success was slim. I'm surprised actually, that scientists at the nuke facilities were able to carry flash drives in and out at all. If, in fact that's how it all went down.

You can find the latest news about the worm here : http://www.stuxnet.net/

How many people use Adobe or MS stuff? How many computer programing languages are there? How many extra DLL's exist. What exactly did your compiler actually do? What drives your screen? How do memory and disk drives work with each other? What hard coded software is in or on each computer. There are so many ways an undetectable door and path can be created that trying to find it amoung all of the possible permutations of opportunity could be entirely useless. Especially if it is designed to use any door like the early Lap=Link program.

If you have an early Pentium computer hanging around, it may be of use some day.

The story gets curiouser and curiouser. It seems whoever is behind stuxnet just tried to assassinate two engineers charged with eliminating the worm from Irans controllers:

http://www.theregister.co.uk/2010/12/06/iran_claims_stuxnet_expert_hit_squad_arrests/

I had seen that report too. I can only guess that the worm itself was created outside of Iran, but that there are operatives within the country that are also working to make sure they don't get nuclear capability.

That scenario wouldn't bother me a bit.

There was reference in an earlier article, cited elsewhere in this thread, though I don't remember which comment it was, to a Dr. So-and-So, an academician from an Iranian University, who was their "expert" on getting rid of Stuxnet. He was gunned down in a drive-by shooting (motorcyclist with armed rider on the pillion seat). It was confirmed by on the ground western (whatever that might mean) observers, and intelligence sources were stated to believe it was done by a Sunni Muslim group (if I have that right, Iran is run by the Shiite Muslims) who are in opposition to Iran's current government (I don't know if they, like we in the US, consider that to be Ipso Facto the Ahmedinejad Government, or if they lump anything in the Shiite side of the equation as "the current government"). Iran immediately claimed it was CIA and Mossad, which it could have been, but even some of the Muslim countries said it looked a lot more like the Sunni's than the other two. Of course, since it would suit Mossad and CIA interests to have the Sunni's and the Shiite's, at least within Iran, at each other's throats, no one on our side of the pond argued against that view.