Forgot your password?
typodupeerror
The Military It's funny.  Laugh. Politics Technology

F-Secure Report: Another SCADA Attack in Iran — This Time With AC/DC 253

Posted by timothy
from the either-true-or-a-funny-movie-plot dept.
An anonymous reader writes "F-Secure antivirus company of Finland has reported receiving e-mails from an Iranian nuclear scientist, who says Persian uranium-235 isotope refining efforts have just been hit with yet another cyber strike. (Stuxnet, Duqu and Flamer-Skywiper being the previous iterations of the same Operation Project Olympic attack plan.) Last month, President Obama's staff has admitted to the New York Times that there is a joint Israel-U.S. cybermilitary operation was behind the mishaps Iranians have recently been suffering with their UF6 gas refining centrifuge systems in the Natanz and Fordo plants. This time, the unverified e-mail claims, a new Metasploit-based malware owns Iranian VPNs, causes fault in the nuclear plants' Siemens-based industrial control systems, and randomly starts to play AC/DC's 'Thunderstruck' aloud via the infected computers' speakers."
This discussion has been archived. No new comments can be posted.

F-Secure Report: Another SCADA Attack in Iran — This Time With AC/DC

Comments Filter:
  • by Quakeulf (2650167) on Tuesday July 24, 2012 @10:49AM (#40749619)
    Rock and revolt!
    • by camperslo (704715) on Tuesday July 24, 2012 @11:20AM (#40750085)

      Well there's really nothing to fear until people start getting Rick-rolled

    • by SomePgmr (2021234)
      Noriega compound, Fallujah siege, Iranian computer systems... weaponizing AC/DC must work. ;)
    • by gtall (79522)

      It could have been worse, how about Muskrat Love? That would have been truly diabolical.

  • by sageres (561626) on Tuesday July 24, 2012 @10:50AM (#40749629)

    Sound of the drums
    Beatin' in my heart
    The thunder of guns
    Tore me apart
    You've been - thunderstruck

  • by gestalt_n_pepper (991155) on Tuesday July 24, 2012 @10:52AM (#40749669)

    I would have gone for "Born in the USA"

    • by Muad'Dave (255648) on Tuesday July 24, 2012 @11:02AM (#40749823) Homepage

      I would've gone with Hava Nagila [wikipedia.org].

      • Evergreen!

        Yes, sure, she has a pure, wonderful, beautiful voice, blah blah blah. But that's the point. In my experience, the notes she sings travel hundreds of yards down the corridor and infect everyone's office.

        Play it over and over and over and over and over and ... people will be tearing their hair out. We could call it ... I don't know ... the Streisand Effect?

    • by Bill, Shooter of Bul (629286) on Tuesday July 24, 2012 @11:02AM (#40749831) Journal
      Yeah, but that song is about how bad the USA is at taking care of people, not how awesome it is to live here.
      • Re: (Score:2, Redundant)

        by mounthood (993037)

        You only think that because you're thinking in english rather than the newspeak.

        • by H0p313ss (811249) on Tuesday July 24, 2012 @12:13PM (#40751007)

          You only think that because you're thinking in english rather than the newspeak.

          Interstate running through his front yard and he think's he's got it so good. But ain't that America?

          As a Canadian I found it pretty funny at the time that the song not only charted but became an anthem for (clueless?) patriots.

          • by X0563511 (793323)

            Yea, well, when write a catchy hook saying something (in a non-sarcastic tone) patriotic, you've got no right to bitch and whine when the general public ignores the rest of it.

            That's why you get anti-war songs [wikipedia.org] used as title music for Vietnam War games [wikipedia.org], etc.

            Make your message the hook, not the counterpoint, or you WILL be misunderstood.

            • by drinkypoo (153816) <martin.espinoza@gmail.com> on Tuesday July 24, 2012 @12:32PM (#40751387) Homepage Journal

              That's why you get anti-war songs used as title music for Vietnam War games, etc.

              Uh no, you get anti-war songs used as title music for the Viet Nam War because that war is almost universally hated, despised, and regretted. When you play a game about that war you know what the outcome is and you know it won't be happy. Irony, it's not just for breakfast any more, but it is for your comment.

            • It seems to me that hook expressed the sentiments of many soldiers in the Vietnam War.
            • by icebike (68054) *

              Make your message the hook, not the counterpoint, or you WILL be misunderstood.

              Had the hook been the main message the song would never have been played. How would that have served any purpose?

              The idea was to get the song on every radio station, and sell records (and make money). It worked.

              Once out there, people listen more closely, and when they do the message won't be misunderstood. That you still see it used today, inappropriately simply indicated people new to the song haven't yet listened to much beyond the hook. These are useful idiots, serving the song writer's purpose.

              Now d

          • by u38cg (607297)
            It seems a common issue. Look at the amount of airplay London Calling is getting on the back of a certain burger-advertising sporting event in East London.
      • Someone probably should have explained this to Reagan as he wanted to use it for his campaign song in 1984. Maybe someone should have looked at the lyrics, and not just the title? Needless to say Springsteen did not allow his song to be used by Reagan.
    • In case you didn't know, it was based 100% on the latest Iron Man appearance in The Avengers. He hacks speakers to play that song in the movie.
      By the way, Persia? Did they do the research for the article in the Bible? Most other sources call it Iran now.
  • disinformation? (Score:5, Insightful)

    by Anonymous Coward on Tuesday July 24, 2012 @10:52AM (#40749679)

    This somehow seems like a disinformation campaign by the iranians. With the refinement Flame/Stuxnet had, it seems a bit too amateurish that all of a sudden the attack methods would become so much more primitive and obvious to the victims (I mean, seriously, playing loud music in the middle of the night?)

    • Given that it is already de-facto-proven-even-for-official-purposes that the US has no qualms about fucking with Iran's computer systems, what would Iran have to gain by some sort of false-flag style thing?

      If there were actually some lingering doubt about the US's willingness, I could see trying to score some points; but there really isn't. The explanations that it was either an attack pulled off by a much less sophisticated actor(hacking isn't totally newb stuff; but the list of people who can make trouble

      • by deKernel (65640)

        There is nothing tangible to gain in the sense that it helps prove one particular country was the source of the attack. What they are doing is causing doubts as to the progress, if any, in their program. Translation: we are talking mind games with analysis as to just where they stand in the development cycle. Plus, the people within the Iranian program can use this to cover their butts if they are running behind or have something worse happen like explosions at plants and such.
        Make no doubt about it, though

    • Re:disinformation? (Score:4, Interesting)

      by vlm (69642) on Tuesday July 24, 2012 @11:24AM (#40750147)

      More likely some poor bastard on the night shift was intentionally and willfully listening to evil mp3s he downloaded from the great satan over livewire, and when he got caught doing air guitar instead of whatever the hell a centrifuge operator does in his spare time, rather than taking the fall for it, commited yet another sin by blaming the CIA.

      The disinfo part is I've worked in industrial plants on networks, and later for decades in companies with airgapped production and IT networks, and the first thing you do after the first infection is airgap IT and everything else you can away from production, then you disassemble production.

      So the scales of upper management weigh:
      1) On one side the ops when they're bored want to check facebook, email, and play angry birds online
      2) On the other side the plant might be destroyed in an explosion that kills us all and the dictator will kill my family as punishment even though I'm already dead.

      Yeah I can see how the local equivalent of mahogany row decided to leave plant equipment accessible. Yeah, totally realistic. Not PR BS at all. Uh huh.

    • by AmiMoJo (196126)

      Well it's hardly a secret or cold war any more, so subtlety is no longer required.

      Eventually Iran will retaliate and then all hell will break loose. Just hope they send viruses and not cruise missiles.

  • by Quiet_Desperation (858215) on Tuesday July 24, 2012 @10:54AM (#40749697)

    What other songs could the virus rock out with?

    "Stranglehold"
    "Eve Of Destruction"
    "Dogs Of War"
    "Born In The USA"
    Pretty much anything off Dark Side Of The Moon

  • by MoogMan (442253) on Tuesday July 24, 2012 @10:54AM (#40749705)

    I hope the malware writers (or the US gov't) have agreed their license fees with the respective record companies, otherwise they'll find themselves in a world of pain!

    • First thing I thought too, lol.

      There's something comforting about it though. Even when employed by the government, hackers are just hackers. :-)

    • No worries. The Men In Black have already paid the industry lawyers a little visit. A courtesy call, if you will.

    • by gmuslera (3436)
      Thats the genious part of the attack. Those infected computers were found playing unlicensed music, the RIAA will sue them overseas. Is a blended attack, not only just hack them, but also take out all their money.
  • Will be amazing the variations of the "Cyberwar, wrong" message from the government in the next months/years, specially every time a hack widespreads or they want to catch even more private information from people of all countries. The key to be the victim in any conflict is dismiss/deny every time you were the attacker.
  • Bullshit (Score:5, Insightful)

    by slb (72208) * on Tuesday July 24, 2012 @10:57AM (#40749751) Homepage
    Yeah, so suddenly the guys who did a lot of work to be undetected will use Metasploit code and disclose their owning of the computers with an AC/DC song .... Methinks someone is not reaching his objectives and found a good scapegoat as an excuse... The alternative of course would be that script kiddies are owning Iran's nuclear researchs lab infrastructure ...
    • by dbIII (701233)
      It's a dirty deed done dirt cheap.
      If they are caught they'll only make it out with a bullet in the back.
    • by zrbyte (1666979)

      Yeah. My bet would be on script kiddies as well. This is just somebody trolling the Iranians. The US and Israel tried to stay undetected for as long as possible and in the mean time do as much damage as they possibly could.

      • no, you see the US is just trying to unleash the RIAA's fury...hey those guys over there are playing your songs without paying! sic em boy!

  • Factual Corrections (Score:5, Interesting)

    by Anonymous Coward on Tuesday July 24, 2012 @11:00AM (#40749799)

    I have a few bones to pick with the summary, of a factual nature. Corrections are in bold, I have not corrected the grammatical errors.

    "F-Secure antivirus company of Finland has reported receiving e-mails from an Iranian nuclear scientist, who says Persian uranium-235 isotope refining efforts have just been hit with yet another cyber strike. (Stuxnet, Duqu and Flamer-Skywiper allegedly being the previous iterations of the same Operation Project Olympic attack plan.) Last month, an anonymous member of President Obama's staff has allegedly admitted to the New York Times that there is a joint Israel-U.S. cybermilitary operation was behind the mishaps Iranians have recently been suffering with their UF6 gas refining centrifuge systems in the Natanz and Fordo plants. This time, the unverified e-mail claims, a new Metasploit-based malware owns iranian VPNs, causes fault in the nuclear plants' Siemens-based industrial control systems, and randomly starts to play AC/DC's 'Thunderstruck' aloud via the infected computers' speakers."

    I'm not saying the Times is wrong, but I don't trust their source completely. I also am not claiming he's wrong, but the press has a very bad habit of really fucking up critical details of technology-related stories. For example, I find it pretty hard to swallow that such an operation would only involve the US and Israel. It's all very convenient, and tidy, and in real life the real story is very rarely wrapped up in such a pretty little package. We certainly need at least an independent confirmation of the source's information.

  • Act of War (Score:2, Insightful)

    by Anonymous Coward

    They are seriously dancing around if this is an act of war. If Iran started hitting the US I suspect these actions would have a different spin. Of course the US is a super power so war with them is on a completely different level than the smaller countries.

  • Pandora's Box (Score:5, Interesting)

    by Anonymous Coward on Tuesday July 24, 2012 @11:01AM (#40749813)

    It's been opened.

    The US will not encounter foreign boots on the ground but cyber retaliation... and I promise it could get very ugly. As a former Network Admin, Accelerator Designer, and now Siemens Programmer I can tell you that these viruses can be turned back on us. Much of the world runs on Siemens programming. Oil rigs, chemical mixers, MRI scanners, food prep, power grids, water treatment, and manufacturing assembly of all kinds (right off the top of my head) all run on Siemens hardware/software and we don't have the ability to defend against it.

    However, I am not worried about Iran. It's China who already has their digital boots on the ground.

    • by organgtool (966989) on Tuesday July 24, 2012 @12:15PM (#40751057)

      Much of the world runs on Siemens

      My God! The world is covered in Siemen!

      • by Kyont (145761)

        I've just got to imagine that when the German executives meet with the American sales team, to discuss market penetration of Siemens into new openings, that the American contingent spends most of their energy trying not to giggle.

    • Much of the world runs on Siemens programming.
      This makes me very scared.
      Most of my experience is with Siemens Health Care Solutions. The fact that the world is running on Siemens makes me scared, outside the viruses. Just the POS quality Siemens puts out. I don't know how you people can sleep at night.

  • by jonwil (467024) on Tuesday July 24, 2012 @11:02AM (#40749815)

    Will the RIAA be sending the Iranian government a cease and desist notice for violating its copyright on the song?

  • So close... (Score:2, Redundant)

    by DdJ (10790)

    I weep at the lost opportunity for rickrolling.

  • Federal agents must be going through iranian IP addresses of the Cryptography course on Coursera.

  • > President Obama's staff has admitted to the New York Times that there is a joint Israel-U.S. cybermilitary operation was behind the mishaps Iranians have recently been suffering with their UF6 gas refining centrifuge systems in the Natanz and Fordo plants.

    Remind me, when and where exactly did Obama's staff admit this? Is there anything at all besides one article with unsourced allegations?

    No doubt the U.S. is behind behind this. But I'm getting damned tired of the shoddy journalism. I've seen so many c

  • In five years time, Iran will have the best SCADA cyber security engineers in the world. I bet they will give this full priority. And when they have these skills, they have the skills to attack as well. Then think of what will happen. The US should better be sure that they are able to *destroy* those machines, so Iran cannot use them to test, otherwise... And how about Germany and Italy - are they still delivering systems to Iran? I wouldn't be surprised!

  • If it is true, it's bad news:

    Assuming that the Stuxnet/Flame attackers are trying to avoid being detected and are not announcing their presence with cheap pranks, the report, if true, would mean someone else has broken into Iranian nuclear weapons research systems, and that it's someone so unprofessional and unskilled that they are doing it as a prank.

    Those systems may contain data that nuclear proliferators would love. If they are that insecure, then everything the Iranians have learned could spread rapidl

  • This reminds me of April 1st. I highly doubt anyone using malware to slow down or halt the Iranians nuclear efforts, would do it in a way that makes them clearly realize they're infected with something. That's more of a newbie prank or a troll ("unverified email" should keep this story from being news), than a real attempt to stop anything. The whole reason Stuxnext & Duqu were so successful is because of their ninja-like quietness in the systems.
  • from the RIAA over the money due each time this virus strikes, I mean sheesh, that could amount to a lot of cash right? And the recording industry is hurting what with the trillions of dollars they say they are losing every year to piracy.
    Or maybe thats the idea, they will sic the RIAA on the Iranians and save the US military the effort :P

  • randomly starts to play AC/DC's 'Thunderstruck'

    Doesn't that violate the Geneva Convention's policy against torture?

  • The dude's trying to convince the morality police that he wasn't blasting AC/DC. Remember to plug in the earphones next time!
  • is the R.I.A.A. going to be pissed. Good luck with that lawsuit.

  • What? What?

    I can't believe that we tricked their accountant into installing the virus.

  • The U.S. Government and Isreal Government for illegal performance of copyrighted materal.

You will lose an important disk file.

Working...