Computer attacks linked to wealthy group or nation

Sep 26, 2010 By LOLITA C. BALDOR , Associated Press Writer

(AP) -- A powerful computer code attacking industrial facilities around the world, but mainly in Iran, probably was created by experts working for a country or a well-funded private group, according to an analysis by a leading computer security company.

The malicious code, called Stuxnet, was designed to go after several "high-value targets," said Liam O Murchu, manager of security response operations at Corp. But both O Murchu and U.S. government experts say there's no proof it was developed to target nuclear plants in Iran, despite recent speculation from some researchers.

Creating the malicious code required a team of as many as five to 10 highly educated and well-funded hackers. Government experts and outside analysts say they haven't been able to determine who developed it or why.

The malware has infected as many as 45,000 computer systems around the world. Siemens AG, the company that designed the system targeted by the worm, said it has infected 15 of the industrial control plants it was apparently intended to infiltrate. It's not clear what sites were infected, but they could include water filtration, oil delivery, electrical and nuclear plants.

None of those infections has adversely affected the industrial systems, according to Siemens.

U.S. officials said last month that the Stuxnet was the first code specifically created to take over systems that control the inner workings of industrial plants.

The Energy Department has warned that a successful attack against critical control systems "may result in catastrophic physical or property damage and loss."

Symantec's analysis of the code, O Murchu said, shows that nearly 60 percent of the computers infected with Stuxnet are in Iran. An additional 18 percent are in Indonesia. Less than 2 percent are in the U.S.

"This would not be easy for a normal group to put together," said O Murchu. He said "it was either a well-funded private entity" or it "was a government agency or state sponsored project" created by people familiar with industrial control systems.

A number of governments with sophisticated computer skills would have the ability to create such a code. They include China, Russia, Israel, Britain, Germany and the United States. But O Murchu said no clues have been found within the code to point to a country of origin.

Iran's nuclear agency has taken steps to combat the computer worm that has affected industrial sites in the country,ghout the country, including its first nuclear power station just weeks before it was set to go online. Experts from the Atomic Energy Organization of Iran met this past week to discuss how to remove the malware, according to the semiofficial ISNA news agency.

The computer worm, which can be carried or transmitted through portable thumb drives, also has affected the personal computers of staff working at the plant, according to IRNA, Iran's official news agency. The news agency said it has not caused any damage to the plants major systems.

German security researcher Ralph Langner, who has also analyzed the code, told a computer conference in Maryland this month that his theory is that Stuxnet was created to go after the nuclear program in Iran. He acknowledged, though, that the idea is "completely speculative."

O Murchu said there are a number of other possibilities for targets, including oil pipelines. He said Symantec soon will release details of its study in the hope that industrial companies or experts will recognize the specific system configuration being targeted by the code and know what type of plant uses it.

At the Homeland Security Department's National Cybersecurity & Communications Integration Center, a top U.S. cyberofficial on Friday displayed a portable flash drive containing the Stuxnet code and said officials have been studying it in the lab.

"I've let this run wild to see what it would do," said Sean McGurk, director of the cyberoperations center. "So far we haven't seen a lot of smoke coming out, so we know it's not doing anything specifically malicious right now."

Experts at the Energy Department's Idaho National Laboratory have been analyzing it.

McGurk said that "it's very difficult to know what the code was developed for. When you talk about specifically attributing it to a facility with a set purpose from a nation-state actor or criminal actor or 'hacktivist,' it's very difficult for us to say specifically, 'This is what it was targeted to do.'"

Experts in Germany discovered the worm, and German officials transmitted the malware to the U.S. through a secure network. The two computer servers controlling the malware were in Malaysia and Denmark, O Murchu said, but both were shut down after they were discovered by computer security experts earlier this summer.

In plain terms, the worm was able to burrow into some operating systems that included software designed by Siemens AG, by exploiting a vulnerability in several versions of Microsoft Windows.

Unlike a virus, which is created to attack , a worm is designed to take over systems, such as those that open doors or turn physical processes on or off.

Explore further: Twitter looks to weave into more mobile apps

4.6 /5 (9 votes)
add to favorites email to friend print save as pdf

Related Stories

Help! How to avoid fast-moving computer worm

Jan 28, 2009

Since early January, a worm that has been referred to by several names, including "Downadup," "Kido" and "Conficker," has been infecting millions of computers around the world. The worm exploits a previously discovered vulnerability ...

Recommended for you

Twitter looks to weave into more mobile apps

6 hours ago

Twitter on Wednesday set out to weave itself into mobile applications with a free "Fabric" platform to help developers build better programs and make more money.

Google unveils app for managing Gmail inboxes

8 hours ago

Google is introducing an application designed to make it easier for its Gmail users to find and manage important information that can often become buried in their inboxes.

Fighting cyber-crime one app at a time

13 hours ago

This summer Victoria University of Wellington will be home to four Singaporean students researching cyber threats. The students have been working with Dr Ian Welch, a lecturer in Victoria's School of Engineering and Computer ...

Is big data heading for its 'horsemeat moment'?

15 hours ago

There have been so many leaks, hacks and scares based on misuse or misappropriation of personal data that any thought that "big data" could provide benefits rather than only opportunities for harm may be ...

User comments : 38

Adjust slider to filter visible comments by rank

Display comments: newest first

Quantum_Conundrum
3 / 5 (2) Sep 26, 2010
They include China, Russia, Israel, Britain, Germany and the United States


Oh come on. Half the countries in the world could have done this. What kind of idiot thinks that only those six countries could write a worm?
ClickHere
1 / 5 (2) Sep 27, 2010
Probably a 12 year old kid with a Dummies Guide to Writing Malicious Software.

Dunno bout you, but if I owned an industrial plant I wouldn't have Windows anywhere near it.
DickWilhelm
3 / 5 (2) Sep 27, 2010
Nobody tell Iran about Linux!
Arikin
5 / 5 (2) Sep 27, 2010
With the code using faults in the Siemens AG software specifically it means it wasn't that easy to make. You have to get a copy of the software used for that type of machinery. Do you know the costs of such a machine?

Although, can't see why it targets just Iranian machinery. They are not the only ones using the software.
digitaltrails
5 / 5 (2) Sep 27, 2010
The difference between a virus and a worm as summarised in the article is incorrect - see http://en.wikiped...ter_worm and
http://en.wikiped...er_virus
for a more meaningful explanation of both terms. From the description here, it sounds like Stuxnet may have elements of both.
Arkaleus
3 / 5 (2) Sep 27, 2010
Oh, I'm struggling! I'm straining my brainparts with this one! I just can't seem to figure out what's happening with all this worm and cyber-war stuff. Who on earth could possible have such mean intentions with computer networks?

Can you name any faction or power whose efforts to rule have been hampered by the internet and are now seeking to control it completely? It's just too complex for me to understand. I need another cheeseburger!

I'm glad the geezers behind the "control the world by secret" agenda are so completely delusional and technological disabled they actually spent most of their time taking over BOOKS and TV media companies.

If you never emerged from the TV capsule, it's almost flushing time! Into the recycling chambers you go, TV babies. It's too late for you to wake up now, the shock could kill you.
Skeptic_Heretic
3.7 / 5 (3) Sep 27, 2010
Most likely it was written in Iran, by an Iranian who was interested in subverting his government or other governmental control. I say this because the Iranian networks are almost entirely self segmented from the rest of the world. It would be very difficult to get this across the lines without early detection.

The reason why one would have to be wealthy or well connected is due to the complex structure of these industrial control systems. If your country of origin had never seen the code, it would have a far more difficult time creating the worm and deploying it as successfully.

Attempting to invade networks from countries that aren't well networked is very, very, difficult despite what all the movies tell you.
Arkaleus
1 / 5 (3) Sep 27, 2010
Well sssspoke, Sssskeptic! Our fellowssss with be pleassssed with your willing obedience. Disssstract and distresss the sssslaves!
Skeptic_Heretic
5 / 5 (3) Sep 27, 2010
Well sssspoke, Sssskeptic! Our fellowssss with be pleassssed with your willing obedience. Disssstract and distresss the sssslaves!

Your paranoia is ridiculous.
Arkaleus
1 / 5 (2) Sep 27, 2010
And your lack of adult judgment in discerning the nature of these activities shows malfeasance or insanity.
GSwift7
5 / 5 (2) Sep 27, 2010
This specific type of attack is a first, but this general type of attack is getting to be common. They almost never find the original source, and even when they have enough evidence to name a suspected source, the people accused just deny it most of the time. I marvel sometimes that we don't hear more about governments getting caught doing this. That leads me to believe that the groups who investigate, like the NSA, CIA, MI6, etc. probably know more than they say publicly. It's never smart to give away all the secrets about your defenses in response to enemy probes. This could have been a warning shot directed at Iran in response to something they did or something they are suspected to be planning. Almost anything is possible when billions of dollars worth of oil are in play. I hate to be paranoid, but this sounds like the kind of thing the Obama Administration might try. He's a very outside-the-box thinker.
Skeptic_Heretic
5 / 5 (2) Sep 27, 2010
And your lack of adult judgment in discerning the nature of these activities shows malfeasance or insanity.
Clinton couldn't keep a blowjob private. What makes you think that tens of thousands of people can keep world domination, a far more difficult conspiracy, secret?
Arkaleus
1 / 5 (4) Sep 27, 2010
Because there are many, many people just like YOU Skeptic, and it doesn't matter what information they receive because they can't discern anything useful from it.

If you aren't able to correctly describe the structure of power in the world today, then you are probably not going to be able to engage in this conversation intelligently.
Skeptic_Heretic
3.7 / 5 (3) Sep 27, 2010
Because there are many, many people just like YOU Skeptic, and it doesn't matter what information they receive because they can't discern anything useful from it.

If you aren't able to correctly describe the structure of power in the world today, then you are probably not going to be able to engage in this conversation intelligently.

So you're going to go from delusional to dipshit in one post.

Go ahead and tell me how you would go about controlling the actions of "many, many people" just like me. And by just like me, I'm assuming, people who don't listen to every retarded thing you say without checking for evidence.

Your extraordinary, and highly unlikely claim has NO evidence whatsoever. If I'm in error, present the extraordinary evidence, for your extraordinary claim.
Arkaleus
1 / 5 (3) Sep 27, 2010
Skeptic,

World domination is not a secret, Skeptic. The global government agenda is well known and even proudly announced by those factions pursuing it. It just happens that my ideology and nation opposes such factions achieving it.

Most grownups understand what they see on TV is not true, and that there is very high probability that the information we are given about things pertaining to war, politics, intelligence operations, and big finance are factually deficient, if not lies altogether.

Most 3 and 4 year olds, on the other hand, believe whatever is told to them, and will get very angry when someone tries to explain the truth to them.

So whose fault is it, really, the child's, or the parent who lies?

I'm not making an extraordinary claim when I suggest the US government is lying to you. If you think I am, then your childish model of how power flows through this earth should be more thoroughly explained for us.
GSwift7
2.3 / 5 (3) Sep 27, 2010
"The global government agenda is well known and even proudly announced by those factions pursuing it"

you sound like a nut the way you say it, but some of what you say is true. Iran certainly doesn't keep thier plans to dominate the middle east and destroy Isreal a secret. There are plenty of examples where global conspiracies have gone wrong and went public. The Iran/Contra/Oliver North thing is a good example. Whitewater/Clinton is another. The downfall of the Soviet Union and re-unification of Germany are also good examples. The attempts by the Soviets to spread comunism in Southeast Asia and the attemps by the Western nations to stop them is prolific.

I'm not sure I really buy the idea that the US government as a whole is organized and competent enough to pull off a real scam against its own people. To say that the media is in conspiracy with the government is absurd. The media can't even keep from stabbing eachother in the back every time they turn around. That's just busine
GSwift7
3 / 5 (2) Sep 27, 2010
I guess my point is that it seems like there are always a thousand different little schemes for power and wealth going on at the same time. Everyone has thier own little agenda, from Greenpeace and PETA, to Fidel Castro and Oliver Stone. They all have an agenda and a plan to "take over the wold" so to speak. I personally prefer to watch "Pinky and the Brain" though. I don't think I believe anything resembling the story behind the movie "Conspiracy Theory" is really going on.
Skeptic_Heretic
3.7 / 5 (3) Sep 27, 2010
I'm not making an extraordinary claim when I suggest the US government is lying to you. If you think I am, then your childish model of how power flows through this earth should be more thoroughly explained for us.
That isn't your claim. Your claim is that the global government cabal controls all of our actions.
Produce your evidence.
GSwift7
3 / 5 (2) Sep 27, 2010
Skeptic, you should see his more recent post on another story about this worm. Talk about crazy. Wow. I wonder what country this guy's hospital is located in?
GSwift7
3 / 5 (2) Sep 27, 2010
This guy could just be one of those hacker/troll guys, like the Goons, who play the "Something Aweful" hacker game.

http://en.wikiped...ng_Awful

This kind of story tends to attract that type of people. He even used the phrase " All your base are belong to us". That's a SA thing.
Skeptic_Heretic
3.7 / 5 (3) Sep 27, 2010
He even used the phrase " All your base are belong to us". That's a SA thing.
That's an internet thing. All conspiracy theorists have one of two things
1) too much time available on the internet
2) a chaulkboard and awful understanding of reality.
Arkaleus
1 / 5 (1) Sep 27, 2010
Ad hominem attacks show a weakness in your position SH, even if you can find another troll to help throw stones at me.

If your view is that we should believe what the US intelligence community tells us without question, then you would sound foolish to the majority of adult minds.

On the other hand, showing rational criticism (and a little humor like my SA reference) shows a mature, adult perspective especially when given the history of the US government.

GSwift7
3 / 5 (2) Sep 27, 2010
Okay, Arkaleus, that was a much less crazy comment. You can't joke on this site. The internet is serious business.

There's a difference between believing everything "they" say, and thinking everything "they" say is a conspiracy. You seem to be saying that "they" are out to get you. I can't help but imagine you sitting in a room lined with aluminum foil except for little slits in the windows.

I don't believe much of anything I hear from the official sources, as my frequent arguements with Skeptic and others on this site about global warming theory will attest.
Arkaleus
1 / 5 (3) Sep 27, 2010
I really do think you're trained to be compliant, GSwift7. Hou you can bring your TV-branded Info-tainment newthink into a defense of a military police state power expansion is absolutely beyond my comprehension.

Skeptic's balderdash is completely predictable since he is a firmly established hater troll that gets off on being anti. If it diminishes rule of law, rational liberalism or individual rights, Skeptic is its proud supporter.
Skeptic_Heretic
3.7 / 5 (3) Sep 28, 2010
Ad hominem attacks show a weakness in your position SH, even if you can find another troll to help throw stones at me.
I asked you to present your evidence. If you consider that an ad hom, then you're on the wrong site.
If your view is that we should believe what the US intelligence community tells us without question, then you would sound foolish to the majority of adult minds.
That isn't my stance. I know there are things that go on that no one knows about. I've been involved in things that no one knows about with the intelligence community. I also know that there isn't enough global competence for a global conspiracy.
Skeptic's balderdash is completely predictable since he is a firmly established hater troll that gets off on being anti. If it diminishes rule of law, rational liberalism or individual rights, Skeptic is its proud supporter.

What was that you said about ad hom attacks? And evidence any time you're ready.
GSwift7
4 / 5 (4) Sep 28, 2010
lol, that's funny. You accused Skeptic of an "ad hominen attack" when I was the one who suggested that you're using aluminum foil to block the mind control devices.

"If you aren't able to correctly describe the structure of power in the world today, then you are probably not going to be able to engage in this conversation intelligently"

What exactly is the conversation that you want to get us engaged in? Are you wanting to talk to someone about your belief (fear) that the world is against you? Have you stopped to think about the possibility that Skeptic and I might actually be getting paid to post on sites like this? Maybe my job is to discredit whistle-blowers like yourself by calling you crazy when you try to speak out against the people I work for. The rest of the world and I had a meeting about you last night, as a matter of fact. Unfortunately I'm not allowed to tell you what we talked about, but Skeptic thought it was really funny when we were looking through your computer.
Skeptic_Heretic
5 / 5 (1) Sep 28, 2010
Unfortunately I'm not allowed to tell you what we talked about, but Skeptic thought it was really funny when we were looking through your computer.
The sheer amount of anime porn was hilarious.
yyz
5 / 5 (2) Sep 28, 2010
"Symantec's analysis of the code, O Murchu said, shows that nearly 60 percent of the computers infected with Stuxnet are in Iran."

"The computer worm, which can be carried or transmitted through portable thumb drives, also has affected the personal computers of staff working at the plant"

Interesting to note the (probable) coincidental defection and subsequent repatriation of an Iranian nuclear scientist earlier this year: http://online.wsj...stralian
Arkaleus
3 / 5 (2) Sep 28, 2010
No one can organize anything greater than a birthday party?

K guys, I give up.

Anyone else here want to try an explain how international power is distributed in the 21st century? Or is this going to be some sort of mystery?
GSwift7
5 / 5 (1) Sep 28, 2010
Now you are making sense. Power isn't distributed, it's fought over and sought after. There are so many people and groups of people seeking to tell everyone else what to do and how to do it, that even like-minded people can't agree on things. Imagine if you will, a comunity sealed off and left to deal with things on their own. Even a small comunity like a city block. Build a wall around them and ask them to work things out. Good luck to them. Even a small group is challenged to organize and reach a consensus on any scale surpassing the simpelest of issues. Views and agendas diverge exponentially as the size of any group increases. Conspiracies are common but there are so many of them that they cancel each other out in a way, I think.
TehDog
not rated yet Sep 28, 2010
To hopefully get back on topic, a recap of what is known :-
http://www.thereg...nalysis/

http://www.thereg..._weapon/

and :-

http://www.thereg...ability/

All it takes is a single infected usb stick...
(Semi-pro tip for windows users, disable autoplay for removable media like usb pens, cds, dvds etc.)
frajo
5 / 5 (2) Sep 29, 2010
Conspiracies are common but there are so many of them that they cancel each other out in a way, I think.
Conspiracies are planned actions within one generation only. Members of a conspiracy have to be very careful whom they trust and we all know that you can't control whom your successor will trust.
One level above the conspiracy we have the (political) agendas. The neocons have an agenda which lasts longer than the lives of their adherents, even for several generations. Their inevitable doom is the inherent group thinking which positions them against a majority of mankind. Imperia pereunt.
Comes the next level: social progress. It's a very slow grinding mill, but it is unstoppable in the long run. Time units are millennia. It's not a conspiracy, it's not a political agenda. It's evolution.
Arkaleus
1 / 5 (1) Sep 29, 2010
To me, the suspicion of the US being behind this attack is justified prima facia.

To wit: Neighbor A is feuding with neighbor B and they regularly threaten violence on one another. Neighbor A publicly announces the completion of his brick making factory (DHS cyberwar department) Next week, Neighbor B gets a brick through his window. Who is my prime suspect?

All this other rot about conspiracies and paranoia you brought up serve no purpose but distraction. Conspiracies are THE RULE of the game, be it simple ones for profit, or complex ones for ideological revolutions. There are societies that maintain behaviors and associations that last for generations, if not centuries. You might consider the way intelligence operations operate to be a conspiracy themselves, by their very nature.

OBVIOUSLY the first suspect in any hostile act towards Iran are the western powers and Israel. It would be extraordinary from any other source.
Skeptic_Heretic
5 / 5 (1) Sep 29, 2010
You're trying to insist that only the US has problems with Iran, you're quite wrong.

The Saudis have jsut as great a reason to keep Iran down, as do the Iraqis, the Jordanians, the Eastern Block, Most of NATO, etc.

Your perspective is tainted by your nationality and fueled by your ignorance.
frajo
not rated yet Sep 29, 2010
Cui bono? Who will profit after Siemens has been thrown out of business?
Skeptic_Heretic
not rated yet Sep 29, 2010
Cui bono? Who will profit after Siemens has been thrown out of business?
Phillips, Motorolla, and GE to name the big three. However, Siemens will never go out of business in this sector. At least not in a drastic and immediate fashion. That and the fact that it would be highly detrimental to most sovreign nations to see Siemens be pushed out of this space, as a majority of our advanced control infrastructure is courtesy of Siemens.
CarolinaScotsman
4.7 / 5 (3) Oct 03, 2010
Probably a 12 year old kid with a Dummies Guide to Writing Malicious Software.

Dunno bout you, but if I owned an industrial plant I wouldn't have Windows anywhere near it.

If I owned an industrial plant, I wouldn't have the internet anywhere near the control systems.
FCCIII
not rated yet Oct 04, 2010
I've been virus fighting for a long time (among other tasks) and I can tell you this type of attack wouldn't take 6 months or much cash to a motivated individual.

Figure this: Microsoft systems are prevalent and often easily penetrable, SCADA, MODBUS, and other industrial protocols are simple and easily accessed if not secured, and all you need is one well placed employee to 'skip' that software right on over to the 'secured' internal network and wha-la, you have an infected site.

Also figure this: A virus writer need not know the complexities and intricacies of the device he's shutting down or any thing about it when it comes to sending 'DOWN' commands to it.

Easier than you think I suspect.
My estimate is on one month and two or more well placed individuals and no real investment, its a 'spare time' project for the right (or wrong) guys.

So, word to the wise, put a d*mn password on your stuff!