Skip to: [ search ] [ menus ] [ content ] Select style [ Aqua ] [ Citrus ] [ Fire ] [ Orange ] [ show/hide more content ]



Stuxnet: the sequel

Curiouser and curiouser….

Ralph Langner, an industrial control security researcher in Germany, gave a talk on Stuxnet at the Applied Control Solutions’ Industrial Control Cyber Security conference today after publishing details of his code analysis on his Web site last week. Langner speculates that the Stuxnet computer worm might have been created to sabotage a nuclear facility in Iran.

In reading the CNET article by Elinor Mills, I learned for the first time that Stuxnet
spreads by exploiting THREE holes in Windows, only one of which has been patched.
:-)

The high number of Stuxnet infections in Iran and the delayed opening of the Bushehr nuclear plant has led Langner to theorize that the plant was a target. Stuxnet infections are also high in India and Indonesia – more about that later.

I added to my earlier post about Stuxnet just this morning. Just because Stuxnet might offer the potential for “pin-point bombing,” “carpet bombing,” and “dirty bombing” capabilities to terrorists or countries WITHOUT a significant “air capability” does NOT mean that such a worm and its backdoor wouldn’t be very useful to countries with SUBSTANTIAL air capabilities. :-)

I just ran a Netcraft search for “What’s that site running?” on the URL for the Stuxnet posting at Langner’s site, and see that it appears to be running Apache on Linux, much wiser than the initial “.htm” seemed to suggest! 😉

Langner refers to a UPI screenshot of a computer screen at the Bushehr plant that is running the targeted Siemens software.

Langner does not say that he has any evidence to support his speculation (a VERY wise man!), and he does not say what the code is designed to do on the targeted system. Langner mentions in his article that he believes the Stuxnet designer to be a nation state, for several reasons, including insider knowledge of control systems.

The presentation by Langner SHOCKED the attendees of the cybersecurity conference, according to Joe Weiss, the organizer of the event This fact is AMAZING to me and suggests the “sheltered” lives of the attendees. :-) Maybe the presentation awakened a few sleeping administrators. A GOOD thing…!

About the only, possibly connected, comment that I could add to the excellent articles by Langner and Mills would be about the strange breakages of submarine cables that occurred in early 2008. On February 1, 2008, I wrote about a submarine cable that broke off the coast of Egypt that knocked India’s Internet capabilities down to 70-80% of normal on that date.

Well, accidents happen! :-)

Then on February 3, 2008, I wrote about a submarine cable break that occurred 56 km from Dubai, that was the third submarine cable break since January 30.

Hmmmm, geographically isolated cable break accidents in deep water usually don’t happen in “3’s!” :-) (Or “4’s” – see below!)

What a coincidence! 😉

The Wikipedia article notes that there were reports of a TOTAL LOSS of Internet connectivity in Iran, :-) which was rebutted by the Iranian embassy in Abu Dhabi that “everything was fine.” :-) The Wikipedia article about the three breaks also refers to a LATER fiber optic cable break, in February, between Singapore and Jakarta. The Wikipedia article details some conspiracy theories that you can read on your own.

There are comparatively few nations that can do submarine cable repair (or breakage! :-) ) in deep water, where actions are not easily observed. (Note added September 24, 2010: Hmmmm, I wonder what was added….) The list of countries affected is also very interesting.

(Note added September 24, 2010: Stuxnet has made “the big time” with an article on CNN from Financial Times. Based on more technical articles, I can’t say how technically accurate the new article is concerning patches. (Was ONE Windows vulnerability patched or all THREE?) I think that the latest article fails to communicate adequately that Stuxnet is something that is fundamentally different from the thousands of Windows viruses that inhabit our world. The article also does not question the underlying reliance of Stuxnet upon Windows as a platform in such critical industries. If you would like to hear podcast interviews with Symantec’s Eric Chien and TrendMicro’s Paul Ferguson instead, see this article by Larry Magid.)

-Bill at

Cheshire Cat Photo™ – “Your Guide to California’s Wonderland™”

You can view higher-resolution photos (*generally* 7-30 megabytes, compressed) at the Cheshire Cat Photo™ Pro Gallery on Shutterfly™, where you can also order prints and gifts decorated with the photos of your choice from the gallery. The Cheshire Cat Photo Store on Zazzle contains a wide variety of apparel and gifts decorated with our images of California. Framed prints and prints on canvas can be ordered from our galleries on redbubble®. All locations are accessible from here. Be a “Facebook Fan” of Cheshire Cat Photo here! If you don’t see what you want or would be on our email list for updates, send us an email at info@cheshirecatphoto.com.

©2010 William F. Hackett. All Rights Reserved.

No Comments to “Stuxnet: the sequel”

  (RSS feed for these comments)

You must be logged in to post a comment.


InspectorWordpress has prevented 52153 attacks.
Get Adobe Flash player