Sunday, September 26, 2010

The second Cyber War?

The first being the country formerly known as the Soviet Union cyber attacks against Estonia (Estonia lost). Is this the second??
From American Thinker September 26, 2010


Has Israel 'attacked' the Iranian nuclear program already?

Ralph Alter

Since at least 2001, speculation in the Western media has focused on the possibility of an Israeli or combined American/Israeli attack on the burgeoning Iranian nuclear program. A report in the Eurasia Review suggests that the attack has already taken place, albeit in cyberspace:

...one of the most sophisticated and powerful computer worms ever developed (is the) Stuxnet malware likely designed to infiltrate Iranian industrial computers which controlled numerous automated processes in factory production cycles. The most likely target according to most experts consulted would be Bushehr nuclear reactor complex, which last year was reported by Israeli media to have been sabotaged and faced extensive production delays. The speculation is that the centrifuges refining uranium for use in the facility may've been undermined by deliberately erroneous commands which may've either destroyed to equipment or corrupted the enrichment process.


The size and scope of the cyber attack suggests that only a sophisticated nation state capable of devoting considerable resources to the effort would be capable of mounting such an effort. Of course the most likely nation to mount such an attack would be Israel. From PC World :

Researchers studying the worm all agree that the Stuxnet was built by a very sophisticated and capable attacker-possibly a nation state-and it was designed to destroy something big...some of the researchers who know Stuxnet best say that it may have been built to sabotage Iran's nukes.


Greg Keizer at Computerworld marvels at the sophistication of the Stuxnet malware:

Once within a network-initially delivered via an infected USB device-Stuxnet used the EoP vulnerabilities to gain administrative access to other PC's, sought out the system running the WinCC and PCS 7 SCADA management programs, hijacked them by exploiting either the print-spooler or MS08-067 bugs, then tried the default Siemens passwords to commandeer the SCADA software.

They could then program the so-called PLC (programmable logic control) software to give the machinery new instructions.

On top of all that, the attack code seemed legitimate because the people behind Stuxnet had stolen at least two signed digital certificates....

So scary, so thorough was the reconnaissance, so complex the job, so sneaky the attack, that (all the experts consulted) believe it couldn't be the work of even an advanced cybercrime gang.


A Virus Bulletin security conference is scheduled in Vancouver, B.C. on September 29, at which experts from the Kaspersky Lab (the security experts consulted for this article) and Microsoft will present papers regarding the Stuxnet worm. Surely the pressure is on the Microsoft team to find a solution to the violation of the operating system provided by them to Siemens and in turn to the Iranian mullahocracy.

In the meantime, the operating computers at Iranian nuclear facilities should continue to appear to have minds other than their own.


Ralph Alter blogs at Right on Target www.rightot.blogspot.com