F-Secure Report: Another SCADA Attack in Iran — This Time With AC/DC 253
An anonymous reader writes "F-Secure antivirus company of Finland has reported receiving e-mails from an Iranian nuclear scientist, who says Persian uranium-235 isotope refining efforts have just been hit with yet another cyber strike. (Stuxnet, Duqu and Flamer-Skywiper being the previous iterations of the same Operation Project Olympic attack plan.) Last month, President Obama's staff has admitted to the New York Times that there is a joint Israel-U.S. cybermilitary operation was behind the mishaps Iranians have recently been suffering with their UF6 gas refining centrifuge systems in the Natanz and Fordo plants. This time, the unverified e-mail claims, a new Metasploit-based malware owns Iranian VPNs, causes fault in the nuclear plants' Siemens-based industrial control systems, and randomly starts to play AC/DC's 'Thunderstruck' aloud via the infected computers' speakers."
Factual Corrections (Score:5, Interesting)
I have a few bones to pick with the summary, of a factual nature. Corrections are in bold, I have not corrected the grammatical errors.
"F-Secure antivirus company of Finland has reported receiving e-mails from an Iranian nuclear scientist, who says Persian uranium-235 isotope refining efforts have just been hit with yet another cyber strike. (Stuxnet, Duqu and Flamer-Skywiper allegedly being the previous iterations of the same Operation Project Olympic attack plan.) Last month, an anonymous member of President Obama's staff has allegedly admitted to the New York Times that there is a joint Israel-U.S. cybermilitary operation was behind the mishaps Iranians have recently been suffering with their UF6 gas refining centrifuge systems in the Natanz and Fordo plants. This time, the unverified e-mail claims, a new Metasploit-based malware owns iranian VPNs, causes fault in the nuclear plants' Siemens-based industrial control systems, and randomly starts to play AC/DC's 'Thunderstruck' aloud via the infected computers' speakers."
I'm not saying the Times is wrong, but I don't trust their source completely. I also am not claiming he's wrong, but the press has a very bad habit of really fucking up critical details of technology-related stories. For example, I find it pretty hard to swallow that such an operation would only involve the US and Israel. It's all very convenient, and tidy, and in real life the real story is very rarely wrapped up in such a pretty little package. We certainly need at least an independent confirmation of the source's information.
Pandora's Box (Score:5, Interesting)
It's been opened.
The US will not encounter foreign boots on the ground but cyber retaliation... and I promise it could get very ugly. As a former Network Admin, Accelerator Designer, and now Siemens Programmer I can tell you that these viruses can be turned back on us. Much of the world runs on Siemens programming. Oil rigs, chemical mixers, MRI scanners, food prep, power grids, water treatment, and manufacturing assembly of all kinds (right off the top of my head) all run on Siemens hardware/software and we don't have the ability to defend against it.
However, I am not worried about Iran. It's China who already has their digital boots on the ground.
Re:disinformation? (Score:4, Interesting)
More likely some poor bastard on the night shift was intentionally and willfully listening to evil mp3s he downloaded from the great satan over livewire, and when he got caught doing air guitar instead of whatever the hell a centrifuge operator does in his spare time, rather than taking the fall for it, commited yet another sin by blaming the CIA.
The disinfo part is I've worked in industrial plants on networks, and later for decades in companies with airgapped production and IT networks, and the first thing you do after the first infection is airgap IT and everything else you can away from production, then you disassemble production.
So the scales of upper management weigh:
1) On one side the ops when they're bored want to check facebook, email, and play angry birds online
2) On the other side the plant might be destroyed in an explosion that kills us all and the dictator will kill my family as punishment even though I'm already dead.
Yeah I can see how the local equivalent of mahogany row decided to leave plant equipment accessible. Yeah, totally realistic. Not PR BS at all. Uh huh.
Re:\m/ ( w ) \m/ (Score:4, Interesting)
You forgot Pakistan and China in that ramble. You also forgot that the states who did sign the treaty and agreed to be bound by it, the same states who benefited from the signing of the treaties, only one is openly hostile towards another nation. Of course India and Pakistan are or was openly hostile to each other but they didn't sign.
Also, international law is not some imposing legal system that strips the sovereignty of nations just because a few states get together and declare something. Imagine if they got together and outlawed the Muslim religions or sodomy by declaration or something.
The states in question by your comment have to agree to be bound by the treaty creating the international law or defeated by force and subjected to the ramifications of it ex postfacto. Should one of these non bound countries become openly hostile against another country or threaten the use of Nuclear or Chemical and/or biological weapons, I'm sure the focus of the world will change a bit. Until then, crying that they aren't being troubled is a bit like saying, why am I being arrested for robbing the bank, banks get robbed all the time and those people don't get caught.