Re: Stuxnet - malware for nuclear power plants

I'm pretty sure it's the Chinese who did it. So Iran can blame it on the US.

Re: Stuxnet - malware for nuclear power plants

this was supposedly written by the u.s. or israeli government to screw with iran.
maybe - who knows.

however, only a complete asshole or a traitor would put critical infrastructure on a public network of any kind or use windows.

also, only a complete asshole would try to fuck with a reactor - if it goes bad the fallout is probably gonna reach you no matter who you are.

i also read that there was a bad incident at the Honywell enrichment plant in the u.s. the other day - possibly because they are hiring monkey's to avoid paying union members.
if that's true then they are assholes too.

Re: Stuxnet - malware for nuclear power plants

i would expect a properly set up nuke plant would be isolated from the public network and locked down.even with physical access it would be near impossible to run foreign code on these critical systems.that is if it wasnt installed/maintained by lowest bidder monkeys!

Re: Stuxnet - malware for nuclear power plants

Which is usually the case in "third world" countries.

Re: Stuxnet - malware for nuclear power plants

agree, they've been up to some nasty malware recently.

Re: Stuxnet - malware for nuclear power plants

the chinese are owners of a number of iranian gas & oil fields - they wont risk that 25year lease.

Re: Stuxnet - malware for nuclear power plants

incidentally, i doubt a usb device could be used,
i know a guy who admin's at a government building hosting financial data.
he tells me all 200 odd pc's have epoxy in the usb ports to stop fuckheads plugging ipods & stuff into the machines.

Re: Stuxnet - malware for nuclear power plants

same at one insurance company branch here cant even use CDs they have to send them to london to be loaded onto the network.

but for on site stuff, working with contractors its a lot of usb stick stuff, camera flashcards onto laptops. shit i even got a virus on my camera flash card for chrissake. usb virus is mostly all the virus we have.

then the laptop get connected to the office network later.

dont forget there is sanctions on iran. dont expect they can have all the software they want.

Re: Stuxnet - malware for nuclear power plants

iran doesnt have torrents?
[sarcasm]

Re: Stuxnet - malware for nuclear power plants

Stuxnet is a very impressive piece of malware
It makes use of 4 previously unknown security holes in Windows, that is so called "0-day" security holes
The virus dates a year back, but was only found this July

I come in contact with software from Siemens that is very similar to this, Siemens builds a modular system
If you are a machine builder you buy the PLC and the PC with the machine interface from Siemens, the ones I come in contact with have both USB and floppy, user accessible...
Siemens also uses some proprietary calls in Windows, why I am not sure but it runs allot of Windows files that are actually branded by Siemens, like the Windows kernel.
Updating these will not work, you need a contract with Siemens so you get tested updates from them, this costs money, and takes time (Especially the 0-day vulnerabilities!)

Some updates can be installed from MS just fine, however most factories would not want to risk it, if you are wrong you will need to do a restore from backups which can be time consuming...

Siemens also uses some databases and things in the background, these have default passwords and if you change them the whole system will fail, Siemens recommendation as a fix for this is to not change the passwords
They are also "secret" so if you do change them Siemens will not tell you what they are supposed to be, so you will need to reinstall from backups...
Of course the Stuxnet people know what this password is (it's the same on all Siemens systems)

The same as true for the Windows accounts and so on, default passwords that Siemens do not recommend you to change

The virus is written is several parts, one part, the coolest of them is loaded to the Siemens PC, then talk directly with the PLC and installs itself on the PLC, it does this without interrupting the normal production, it is a monitor driver if you so will, it monitors calls from the Siemens PC to the PLC, and can modify the data, or just let it pass by (and relay it back to whoever is listening)

Then there is also another part of the virus, just for spreading on Windows PC's, looking for the real Siemens PC in the network
The Virus also sets up a peer to peer network, so it can be updated (This is smart because there is not a single point of attack for the good guys to shut it down, it works just like DHT in the torrent protocol, meaning you can operate even without a tracker, you only need peers that can setup their own swarm...)

Siemens has already admitted that 15 plants have been infected worldwide, you can be sure this number is higher
Because the Virus is so well written, that it should not if operating normally affect the normal production of the Siemens systems, remember, it is not there to destroy, like normal Viruses you encounter may behave
It is there to steal data

Siemens system are used today in virtually everything, from small to very large automation systems, like Nuclear powerplants as the article mentions
I however doubt the primary target was a nuclear power plant, it is more likely they where after Weapon scematics or similar things, i.e. I do not think they are looking at remote controlling these systems, they are just trying to steal data

Now as you can understand with the multiple attack vectors (USB sticks, or other systems in the network infected with the dropper part of the Stuxnet virus) it indeed is a serious threat
I actually looked for it at one of our machines at work today, out of curiosity, I did not find anything but then again there are another 20 systems or so in the factory...

Also I'd like to say again I do not think the Nuclear factory was the target
But your logic is flawed Behemot
If the Nuc factory is infected then for sure there is a possible attack vector, be it via USB or an unsecure network
Remember it only takes one unsafe entry point on an otherwise safe network to compromise the whole thing, and most attacks happen from within the company (think employees)

Re: Stuxnet - malware for nuclear power plants

its obvious now that per did it

Re: Stuxnet - malware for nuclear power plants

^ lol agree

Re: Stuxnet - malware for nuclear power plants

What I was saying is that even if the primary systems were infected, they're sepparated from other networks so it's impossible to remotely control the NPP as the article says. But I think any data interchange is minimized in such a factory since when it's working fine, it's better to not repair it, right So there is smaller chance to infect it...

Re: Stuxnet - malware for nuclear power plants

I don't know about other countries but our plants don't have any physical connection from anything related to the equipment to the outside world and wireless isn't permitted for anything.
Even telephones to the outside aren't permitted in the control rooms.

Very little is automatically controlled. - There are humans 'at the switches', not computers.

In that field the most computerized circuits do is set off alarms [faster than a human would notice the problem].
A human then has to take the corrective action.
Computers aren't 'control', they are 'indication'.

Also don't use 'industry standard' PLC's on the primary plant.
Everything is custom built for a specific purpose.

~~

I dunno much about what other countries do except that the Russians are really *&$^ stupid about how their plants work both procedurally and mechanically.
[It's been said that you can track a Russian ship with radiation detector. It might even be true.]

.

Re: Stuxnet - malware for nuclear power plants

"Primary" has a specific meaning in Nuc Power.
It's not a generic term meaning 'important' as it is used everywhere else.
.
Nuc Plants have a "Primary side" [Reactor plant] and a "Secondary side" [Steam plant].

Re: Stuxnet - malware for nuclear power plants

Soviet's didn't have as advanced and precise computer systems as americans so they built much more robust power plants. As the time goes on and systems are better, you can higher the thermal and electrical output of the same equipment. VVER440 goes from 440 all to way to 576 MWe.

As for the primary and secondary, that's what I actually meant. I guess less important systems (which are definitelly neither in primary or secondary) could use some of the Siemens PLC's, but these should not harm the power plant severely.

Re: Stuxnet - malware for nuclear power plants

My point about the Siemens systems is that Stuxnet infects only Siemens WinCC and PCS7 systems
So if the nuclear factory indeed was infected it means they do use one of these industry standard' PLC's for their Nuclear Reactor

Weather this article is true or not is anyones guess, as I said I don't believe the Nuclear Installation would be the target at all, for the reasons said above
You would have much better success if you simply worked at the place to steal whatever data you where after, doing it with a virus seems kind of silly (if the Nuclear Reactors control system has been properly built, which is anyones guess, it IS a Russian system, that much we know)

Re: Stuxnet - malware for nuclear power plants

Which part of "*We* DON'T use computers to control OUR Reactors" didn't you understand?
-
It's a requirement set forth in regulations that I'm not going to find for you because the last time I read them many were still Classified.

VVER440 is a 70's era plant and it's a relatively small plant.
[We had ships with plants that big by then.]
We already had some civilian plants bigger than 576 MW in the 60's.
By the 70's plants between 1,000 & 1,200 MW were quite common here.

Some milestones:
In '72 we brought a 2,440 MW plant online. [4x bigger than VVER440.]
In '75 we brought a 830,000 MW plant online. [1440x bigger.]
In '86 we brought a 11,50*1,253 MW plant online. [19,967x bigger.]
Only the 2,440 MW plant has closed.
The others are still 'making waste'.

And none of them have a computer 'in charge'.
We don't do it that way...

My point is your correlation between a computer and plant output is nonsense.

Allowing a computer to control a Nuc plant is dangerous and STUPID.
I'm not surprised the Russians did it.

.

Re: Stuxnet - malware for nuclear power plants

found an iranian press release.