Iran's nuclear ambitions facing delays
Iran's nuclear ambitions facing delays
It seems the Iranian atomic bomb effort has hit a snag.
http://news.ca.msn.com/top-stories/cbc- ... d=27273667
			
			
									
									http://news.ca.msn.com/top-stories/cbc- ... d=27273667
CHoff
						Definitely double-edged, but if the Iranian bomb is delayed until 2015, maybe by then they'll figure out not to use it.  It's the brave new world of cyberwar.  
Now if they can just put a similar worm in Iran's missle guideance, so they never know for sure it won't turn on them.
At least western defense has the head start on defending against the worm.
			
			
									
									Now if they can just put a similar worm in Iran's missle guideance, so they never know for sure it won't turn on them.
At least western defense has the head start on defending against the worm.
CHoff
						Re-install... and re-boot!?..... once they know what's going on, a day's delay?
I guess this is 'old news' and it can be released 'cos it has taken them a while to figure out what's up and it has now served its purpose.
I reinstall my operating system once every 6 months, or whenever. After you've done it several times and know what to do, it takes you just a minute or two ('cos you set it going, and it installs itself... it's a machine!).
			
			
									
									
						I guess this is 'old news' and it can be released 'cos it has taken them a while to figure out what's up and it has now served its purpose.
I reinstall my operating system once every 6 months, or whenever. After you've done it several times and know what to do, it takes you just a minute or two ('cos you set it going, and it installs itself... it's a machine!).
You can read up on the trojan/virus (it was was a combo job). Symantec dissected it as best they could. Pretty good read. As far as it showing up here in the west, it has, but the way it was built and targeted means it is essentially zero threat. The makers specifically coded it for the specific types of PLC's and centrifuges the Iransians are using. They even went so far (if I recall correctly) as to target specific computer networks. Then the package itself was/is able to evolve both by itself(apparently) as well as from external control. I believe it was discovered via the mechnism used to control it externally, and not by the Iranians at that.
It also very slowly over time damaged the centrifuges, it was very subtle. Not a grab and burn approach.
As of the last writeup I saw, there are still parts of it that they do not understand. It also is very effective because of its widespread infection. It has infected thousands of computers and machines. The only way for the Iranians to completely clean it out, is to go back and isolate from any network completely ALL computers and PLC's associated with enrichment (thousands), and then wipe them ALL to a blank root, then with proven clean loads re-load them all. After this, they must ensure that no external connection via any mechanism is allowed, ever. All it would take is one instance, and they could trash themselves all over again. The only other way would be to get different PLCs and centrifuges, maybe they could try to find a way to trick the infection into thinking they did that, but that in itself is risky as the infection is evolvable, and may pick up on it.
What a mess. Fantastic!
http://www.symantec.com/content/en/us/e ... ossier.pdf
http://isis-online.org/isis-reports/det ... ent-plant/
			
			
									
									
						It also very slowly over time damaged the centrifuges, it was very subtle. Not a grab and burn approach.
As of the last writeup I saw, there are still parts of it that they do not understand. It also is very effective because of its widespread infection. It has infected thousands of computers and machines. The only way for the Iranians to completely clean it out, is to go back and isolate from any network completely ALL computers and PLC's associated with enrichment (thousands), and then wipe them ALL to a blank root, then with proven clean loads re-load them all. After this, they must ensure that no external connection via any mechanism is allowed, ever. All it would take is one instance, and they could trash themselves all over again. The only other way would be to get different PLCs and centrifuges, maybe they could try to find a way to trick the infection into thinking they did that, but that in itself is risky as the infection is evolvable, and may pick up on it.
What a mess. Fantastic!
http://www.symantec.com/content/en/us/e ... ossier.pdf
http://isis-online.org/isis-reports/det ... ent-plant/
Stuxnet has been in the news for months. Latest reports are that it was a joint Israeli-US effort:choff wrote:It seems the Iranian atomic bomb effort has hit a snag.
http://news.ca.msn.com/top-stories/cbc- ... d=27273667
http://www.foxnews.com/scitech/2011/01/ ... atom-woes/
Stuxnet is not an amateur's or individual's work. It is something that required the resources of a nation-state or major corporation to create. Tho per reports the delivery package used was crude - the next versions will be more subtle and refined.icarus wrote:And how long do you think until the israeli's stuxnet worm shows up in western nuke plants?
Double-edged sword.
Hardly. Stuxnet is not a "cyber only" agent, as most viruses and worms to date have been. Stuxnet crosses into the real world. Once activated, Stuxnet destroys physical plant. It caused the motors on ~20% of the Natanz centrifuges to overrev to destruction. That takes months to years to recover from.chrismb wrote:Re-install... and re-boot!?..... once they know what's going on, a day's delay?
Such targeting can be retasked, either to specific, or far more generic, targets. Stuxnet was the Trinity test; proof of concept is now validated.ladajo wrote:You can read up on the trojan/virus (it was was a combo job). Symantec dissected it as best they could. Pretty good read. As far as it showing up here in the west, it has, but the way it was built and targeted means it is essentially zero threat. The makers specifically coded it for the specific types of PLC's and centrifuges the Iranians are using. They even went so far (if I recall correctly) as to target specific computer networks.
Stuxnet had a P2P component built in, allowing its makers to get feedback on the nature of the Natanz systems, and thus tweak their specific attack protocols to perfection. Very low bandwith tho - communication was only via memory sticks that accessed the open internet at odd intervals.ladajo wrote:Then the package itself was/is able to evolve both by itself(apparently) as well as from external control. I believe it was discovered via the mechanism used to control it externally, and not by the Iranians at that.
Actually, after Stuxnet, the only way to maintain a secure industrial infrastructure is to redevelop every single component indigenously, and keep those indigenous standards secure from both foreign knowledge and networked access. To use any open commercial standard system is to beg for a Stuxnet style attack. Conceptually, Stuxnet kills the potential for a fabber-based post-scarcity society. Any moderately generic industrial hardware standard, using network-distributed templates, is vulnerable to easy targeting and destruction.ladajo wrote:As of the last writeup I saw, there are still parts of it that they do not understand. It also is very effective because of its widespread infection. It has infected thousands of computers and machines. The only way for the Iranians to completely clean it out, is to go back and isolate from any network completely ALL computers and PLC's associated with enrichment (thousands), and then wipe them ALL to a blank root, then with proven clean loads re-load them all. After this, they must ensure that no external connection via any mechanism is allowed, ever. All it would take is one instance, and they could trash themselves all over again. The only other way would be to get different PLCs and centrifuges, maybe they could try to find a way to trick the infection into thinking they did that, but that in itself is risky as the infection is evolvable, and may pick up on it. What a mess. Fantastic!
See also:
http://frank.geekheim.de/?p=1399
Vae Victis
						?? I don't think delaying a possible post-scarcity economy is necessarily a good thing.icarus wrote:Hooray!?djolds1 wrote:Conceptually, Stuxnet kills the potential for a fabber-based post-scarcity society.
Tools of destruction (weapons) tend to be very good at destroying things ... cheer them on at your ignorant peril, imho.
True. The adaptations will allow robustness and redundancy; but they will do so, as always, at the cost of convenience and efficiency.Betruger wrote:Cyber warfare was inevitable. Adapt or die.
Vae Victis
						It gets worse, the Russian's are warning of an Iranian Chernobyl.
http://www.telegraph.co.uk/news/worldne ... nobyl.html
			
			
									
									http://www.telegraph.co.uk/news/worldne ... nobyl.html
CHoff
						Yup ... any attack on a nuclear facility, cyber or otherwise, has the same potential for catastrophic outcomes for large geographical areas ... the israeli are hell bent on some kind of nuclear fall-out in the middle east it seems ...It gets worse, the Russian's are warning of an Iranian Chernobyl.
... adapt or die is the predictable wisdom to this also I guess, from our resident borg-hive mind types.
Actually, is there any credible evidence iran is actually building nuclear weapons and not just trying to peacefully generate energy to raise their living standards? I can't recall any .... or?
The Iranians were offered Russian fuel under strict control and declined.icarus wrote:Yup ... any attack on a nuclear facility, cyber or otherwise, has the same potential for catastrophic outcomes for large geographical areas ... the israeli are hell bent on some kind of nuclear fall-out in the middle east it seems ...It gets worse, the Russian's are warning of an Iranian Chernobyl.
... adapt or die is the predictable wisdom to this also I guess, from our resident borg-hive mind types.
Actually, is there any credible evidence iran is actually building nuclear weapons and not just trying to peacefully generate energy to raise their living standards? I can't recall any .... or?
I do not believe the Israelis want a nuclear war. Neither do their semi covert allies the Saudis. (You hear that right - the Saudis).
BTW the Israelis took down a nuclear operation in Syria. The Syrians were kind enough to bury the results and shut up. I can understand burying the results. Why the silence?
Engineering is the art of making what you want from what you can get at a profit.
						Evidently they would have to start from scratch. Delaying them further. They couldn't use any COTS eqpt for fear of a new virus.chrismb wrote:Re-install... and re-boot!?..... once they know what's going on, a day's delay?
I guess this is 'old news' and it can be released 'cos it has taken them a while to figure out what's up and it has now served its purpose.
I reinstall my operating system once every 6 months, or whenever. After you've done it several times and know what to do, it takes you just a minute or two ('cos you set it going, and it installs itself... it's a machine!).
Engineering is the art of making what you want from what you can get at a profit.