http://www.wired.com/threatlevel/2011/07/how-digital-detectives-deciphered-stuxnet/all/1


It was January 2010, and investigators with the International Atomic Energy Agency had just completed an inspection at the uranium enrichment plant outside Natanz in central Iran, when they realized that something was off within the cascade rooms where thousands of centrifuges were enriching uranium.

Read more.. (http://www.wired.com/threatlevel/2011/07/how-digital-detectives-deciphered-stuxnet/all/1)

This must be one of the most interesting reads since The Cuckoo's Egg and will probably make a great book!





.

Nice article, cheers.

Very good article

I'm amazed interest has been so slow judging by the few comments.

Maybe I should have used a different heading with words like Windows, Security etc in it. The pitchfork crowd loves those.

Just wanna add appreciate the article for it's technical nature and leave the other OS flaming out of it.

Bookmarked for a later read.

Here's my take, windows flaming aside: Don't plug essential hardware into the internet. hardware. Don't allow removable media in essential hardware. And somewhat less importantly, use a security focused OS when security matters.

Halfway through the article I have to say it's the nicest ad an antivirus company has come up with so far. The novel-like descriptions and dialogues are a bit over the top though.

Fascinating.

I wonder what those last two files do, the ones that haven't been decrypted yet. You don't suppose that they are the "Help-About" page?

Well written, but the consequences are scary as heck...


404

Fascinating.

I wonder what those last two files do, the ones that haven't been decrypted yet. You don't suppose that they are the "Help-About" page?
the license file and the change log ?

Here's my take, windows flaming aside: Don't plug essential hardware into the internet. Don't allow removable media in essential hardware.

Well, in this particular case, the essential hardware wasn't connected to the internet, and the malware was designed to travel over local network links or usb sticks. Even highly secured systems will sooner or later need to have a software update or a patch installed; you can't really avoid local links and removable media. The security there id in the procedures you have in place to ensure you know what gets installed.

This must be one of the most interesting reads since The Cuckoo's Egg and will probably make a great book!

Indeed, a fascinating read, and reminiscent of Cuckoo's Egg.

Halfway through the article I have to say it's the nicest ad an antivirus company has come up with so far. The novel-like descriptions and dialogues are a bit over the top though.

I have to disagree,there are many more players involved than just a antivirus company and even if it was just a antivirus company it would still be a good read.

I have to disagree,there are many more players involved than just a antivirus company and even if it was just a antivirus company it would still be a good read.
yep. especially since all the big AV vendors gave the assembly a pass, simply becase it was signed, seemingly by realtek semiconductor.

yep. especially since all the big AV vendors gave the assembly a pass, simply becase it was signed, seemingly by realtek semiconductor.

That's probably the only bit of code I understood because back in the day when I was a spring chicken assembly was the bees knees and the only language I know how to code in (also did Basic & some Pascal back in the day). I absolutely love assembly but it's usage is limited these days in a desktop environment.

Great read. I was very fascinated by the Stuxnet headlines when it all first happened. It was a perfect example of outstanding footprinting. The creators understood their target, and exactly how to exploit it. Not to condone illegal behavior, but credit where credit is due, the creators did their homework.

Fascinating! Thanks mips for posting this.

Fascinating! Thanks mips for posting this.

My pleasure, glad you enjoyed it.

Someone has to use the known reality of Stuxnet as the basis for a great movie.

This is one of the coolest reads I've had in a long time. I was literally sitting on the edge of my seat the whole time. Thanks for posting.

Agreed. Great read, hackers are destructive and can be a pest, but their creations are just scary and in a way, impressive.

As an interest question only; how do you test a virus without your pc going BOOM? Just curious. :)

Agreed. Great read, hackers are destructive and can be a pest, but their creations are just scary and in a way, impressive.

As an interest question only; how do you test a virus without your pc going BOOM? Just curious. :)

In the linked document you would have read about the room that Symantec have which is isolated. No internet, no connection to any computers outside of the room, no removable media allowed in or out of the room.

They would have various isolated systems in that room that they would infect & test.

I agree with Handy, this would probably make a great movie if done right.
Amazing read.

Great article

I agree with Handy, this would probably make a great movie if done right.
Amazing read.

In order to translate to cinema, first someone has to rewrite stuxnet in Visual Basic.

I'd already heard about most of this a long time ago, but it was nice to have someone connect all the dots. Great read. Quite scary though.

Excellent article. It's amazing how much we're not being told about Stuxnet to prevent people from getting ideas. It would be scary if a public utility was targetted by a similar virus, or if Stuxnet's payload was changed.

Excellent article. It's amazing how much we're not being told about Stuxnet to prevent people from getting ideas. It would be scary if a public utility was targetted by a similar virus, or if Stuxnet's payload was changed.

Well, guess what? There are people that aren't following what you've gone through. Guess what? we're small and personal.

In order to translate to cinema, first someone has to rewrite stuxnet in Visual Basic.

It's just not fun if there's no graphical user interface interface.

In the linked document you would have read about the room that Symantec have which is isolated. No internet, no connection to any computers outside of the room, no removable media allowed in or out of the room.

They would have various isolated systems in that room that they would infect & test.

I meant the hackers themselves...

It's just not fun if there's no graphical user interface interface.
Ikr.

How is it "the most menacing malware in history"? It was a highly targeted attack on a very specific SCADA system? The attack vector was sneakernet, and not only did it only attack a very specific SCADA setup from one particular vendor, it even went to certain lengths to make sure that it didn't cause any damage to any other similar systems except the intended target.

Stuxnet is an interesting event, but not because it presented any threat to anyone other than the intended target.

The question I took from it was how many other variants of it are there (if any), what are they targeting and where did it come from? So I agree their description is a bit over the top for this version, but how many more are there?

How is it "the most menacing malware in history"? It was a highly targeted attack on a very specific SCADA system? The attack vector was sneakernet, and not only did it only attack a very specific SCADA setup from one particular vendor, it even went to certain lengths to make sure that it didn't cause any damage to any other similar systems except the intended target.

Stuxnet is an interesting event, but not because it presented any threat to anyone other than the intended target.

I don't think it was considered the most menacing because of what it actually did, but because of the implications of malware creators doing things like hijacking driver signing keys, using multiple zero day exploits, rewriting windows api's etc. It's pretty impressive. If copy catted, it could be huge.

An impressive article, but completely unreadable on a 1024x wide screen. Perhaps wired.com is infected with StuxnetB that screws with their screen resolution detection?

How is it "the most menacing malware in history"? It was a highly targeted attack on a very specific SCADA system? The attack vector was sneakernet, and not only did it only attack a very specific SCADA setup from one particular vendor, it even went to certain lengths to make sure that it didn't cause any damage to any other similar systems except the intended target.

Stuxnet is an interesting event, but not because it presented any threat to anyone other than the intended target.

It's more like because of the implications of a piece of malware designed to destroy a physical system, and not put a keylogger on a machine or make it into a part of a botnet and stuff.

It's more like because of the implications of a piece of malware designed to destroy a physical system, and not put a keylogger on a machine or make it into a part of a botnet and stuff.

To be fair, SCADA systems have been a massive soft target for a long time. They have little or no security and control infrastructure with high monetary or strategic value. I'm really surprised we've not seen more of it before now TBH.

Wow! Why haven't I seen this thread before. I read the whole article in one go!


An impressive article, but completely unreadable on a 1024x wide screen. Perhaps wired.com is infected with StuxnetB that screws with their screen resolution detection?

Yes, I agree. It was very badly formatted...