The Stuxnet Attack On Iran's Nuclear Plant Was 'Far More Dangerous' Than Previously Thought

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.sfgate.com/technology/businessinsider/article/The-Stuxnet-Attack-On-Iran-s-Nuclear-Plant-Was-4996325.php

The Stuxnet virus that ravaged Iran's Natanz nuclear facility "was far more
dangerous than the cyberweapon that is now lodged in the public's
imagination," cyber security expert Ralph Langerwrites in Foreign Policy.

Stuxnet, a joint U.S.-Israel project, is known forreportedly destroying
roughly a fifth of Iran’s nuclear centrifuges by causing them to spin out
of control.

But the exploit had a previous element that was much more complicated and
"changed global military strategy in the 21st century," according to Langer.

The lesser-known initial attack was designed to secretly "draw the
equivalent of an electrical blueprint of the Natanz plant" to understand
how the computers control the centrifuges used to enrich uranium, Peter
Sanger of The New York Times reported last June.

Langer adds that the worm — which was delivered into Natanz through a
worker's thumb drive — also subtly increased the pressure on spinning
centrifuges while showing the control room that everything appeared normal
by replaying recordings of the plant's protection system values while the
attack occurred.

The intended effect was not destroying centrifuges, but "reducing lifetime
of Iran's centrifuges and making the Iranians' fancy control systems appear
beyond their understanding," Langer writes.

He notes that the coding was "so far-out, it leads one to wonder whether
its creators might have been on drugs." (The worm was reportedly tested at
Israel's Dimona nuclear facility.)

Only after years of undetected infiltration did the U.S. and Israel unleash
the second variation to attack the centrifuges themselves and
self-replicate to all sorts of computers. And the first version was only
detected with the knowledge of the second.

So while the second Stuxnet is considered the first cyber act of force, the
new details reveal that the impact of the first virus will be much greater.
That's because the initial attack "provided a useful blueprint to future
attackers by highlighting the royal road to infiltration of hard targets":
humans working as contractors.

> From Foreign Policy:

"The sober reality is that at a global scale, pretty much every single
industrial or military facility that uses industrial control systems at
some scale is dependent on its network of contractors, many of which are
very good at narrowly defined engineering tasks, but lousy at
cybersecurity."

Or as one of the architects of the Stuxnet plan told Sanger: “It turns out
there is always an idiot around who doesn’t think much about the thumb
drive in their hand.”

Given that the next attackers may not be nation-states, they may be much
more likely to go after civilian critical infrastructure. Langer notes that
most modern plants operate with a standardized industrial control system,
so "if you get control of one industrial control system, you can infiltrate
dozens or even hundreds of the same breed more."

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

# OWASP http://www.appsecusa.org
# Builders, Breakers and Defenders
# Time Square, NYC 20-21 Nov
o()xxxx[{::::::::::::::::::::::::::::::::::::::::>

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security offers security intelligence, risk management services and customized security solutions. The 
YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk 
mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.