Σάββατο 14 Μαΐου 2011

Cyberattacks and Stuxnet

Computerworld - An Iranian military commander Saturday accused the German electronics giant Siemens with helping U.S. and Israeli teams craft the Stuxnet worm that attacked his country's nuclear facilities.

According to the Islamic Republic News Service (IRNA), Iran's state news agency, Brigadier General Gholam Reza Jalali laid some of the blame for Stuxnet on Siemens.

"Siemens should explain why and how it provided the enemies with the information about the codes of the SCADA software and prepared the ground for a cyber attack against us," Jalali told IRNA.

Siemens did not reply to a request for comment on Jalali's accusations.

Cyberattacks
Security experts can't verify Iran's claims of new wormDHS chief: What we learned from StuxnetUpdate: Iran says it was targeted with second worm, 'Stars'Iranian general accuses Siemens of helping U.S., Israel build StuxnetStuxnet scored quick hit on first target, says researcherBlack Hat may keep quiet about plans for controversial talks'Perfect Citizen': Wrong, But the Best the NSA Can DoAn Early Year-End RitualThreat of cyberattacks from overseas high, federal IT execs sayThink tank in Estonia ponders war in cyberspace More in Cybercrime & Hacking Jalali heads Iran's Passive Defense Organization, a military unit responsible for constructing and defending the country's nuclear enrichment facilities. He is a former commander in Iran's Revolutionary Guard.

Stuxnet, which first came to light in June 2010 but hit Iranian targets in several waves starting the year before, has been extensively analyzed by security researchers, most notably a three-man team at Symantec, and by Ralph Langner of the German firm Langner Communications GmbH.

According to both Symantec and Langner, Stuxnet was designed to infiltrate Iran's nuclear enrichment program, hide in the Iranian SCADA (supervisory control and data acquisition) control systems that operate its plants, then force gas centrifuge motors to spin at unsafe speeds. Gas centrifuges, which are used to enrich uranium, can fly apart if spun too fast.

Jalali suggested that Iranian officials would pursue Siemens in the courts.

"The Foreign Ministry and other relevant political and judicial organizations should lodge complaints at international courts," said Jalali. "The attacking countries should be held legally responsible for the cyberattack."

He also claimed that Iranian researchers had traced the attack to Israel and the U.S. "The investigations and research showed that the Stuxnet worm had been disseminated from sources in the U.S. and Israel," said Jalali, who added that the worm sent reports of infected systems to computers in Texas.

Jalali's allegations of U.S. and Israeli involvement were the first from an Iranian official, although President Mahmoud Ahmadinejad has repeatedly blamed the two countries for trying to destabilize his government.

In January, the New York Times, citing confidential sources, said that Stuxnet was jointly created by the U.S. and Israel, with the latter using its covert nuclear facility at Dimona to test the worm's effectiveness on centrifuges like the ones Iran employs.

According to the Times, Siemens cooperated in 2008 with the Idaho National Laboratory (INL) to help experts there identify vulnerabilities in the SCADA hardware and software sold by the German firm. The lab -- located about 30 miles east of Idaho Falls, Idaho -- is the U.S. Department of Energy's lead nuclear research facility.

Jalali repeated earlier claims by others in Iran, including Ahmadinejad, that Stuxnet did not cause major damage or disrupt its nuclear enrichment program because researchers discovered the worm and instituted defenses.

"If we were not ready to tackle the crisis and their attack was successful, the attack could have created tragic incidents at the country's industrial sites and refineries," said Jalali.

He suggested that massive casualties could have resulted, and suggested that they might have been on the scale of the Bhopal, India disaster, where in 1984 a Union Carbide pesticide plant released chemicals that killed between 4,000 and 8,000 people.

Symantec, however, has said that Stuxnet was very successful. In a February update to its research on the worm, Symantec said the first attacks in June 2009 infected Iranian computers just 12 hours after the worm was compiled. The average time between compilation and infection was 19 days for the 10 successful attacks Symantec monitored over an 11-month span.

Source :Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer or subscribe to Gregg's RSS feed . His e-mail address is gkeizer@computerworld.com.

Δεν υπάρχουν σχόλια:

Δημοσίευση σχολίου