How mission "STUXNET" left unfinished a view from inside Iran;
(Google Translation)
The site "Wired Lite" in the joint report, "STUXNET" decode and it aims to attack Iranian nuclear facilities was investigated. In the first part of this paper that read "STUXNET" How was the first time and it was treated with anti-virus companies.
Centrifuges in the plant room problem
In January 2010, and IAEA inspectors to investigate the uranium enrichment facility, "Natanz" were finished. At the same time they found something in the cascade of centrifuges at its rooms were busy enriching uranium, is disabled.
Plant experts "Natanz", with clothes, shoes, white gloves and their rooms quickly cascade "clean" side and it went on the centrifuges and heavy in one of the shiny silver cylinders’ leave.
Centrifuge plant replacement within one month
. Now, more than one month of plant specialists who were doing this work?
Annual replacement of 800 centrifuges at the plant normally
10 percent of its centrifuges to Iran annually, typically due to physical damage or other reasons, were replaced. Since then, nearly 8,700 centrifuges at the plant, "Natanz", there should normally throughout the year; about 800 of them were replaced.
Between 1,000 to 2,000 centrifuges to replace defective over several months
Atomic Energy Agency, later, film cameras to monitor Iran's uranium enrichment program in the cascade was installed outside the room, was reviewed, the agency officials were surprised by counting the number of centrifuges. Great numbers of centrifuges had been replaced: the next estimates that between 1,000 to 2,000 centrifuges were replaced only a few months.
The question was: Why?
It was clear that there is a problem in the field of centrifuges
But it was clear that something was damage to the centrifuge.
A malicious computer worm penetrated the plant systems
What the inspectors did not know was that the response was followed around by their own secret: the computer memory, disk space and power. A few months ago, in June 2009, professional and personal, without noise, a malicious computer worm was released. The worms crawl into the PC's and had only one goal: "to destroy Iran's uranium enrichment program."
"STUXNET" the first real weapon in the Cyber World
But almost a year before the date of discovery of the inspectors, there was a worm. Computer security researchers spent several months in the decoder software and find that the complex is a malicious program that was ever written. Cyber weapons as the first software that finally the real world, since the paper's office.
An Iranian computer's pollution in 2010
"Sergei Yvlasn" on June 17, 2010 at his office in Belarus was busy checking emails concerned the report will attract. List of Iranian computer continually restart was: despite efforts to control computer operator, Serial device was switched off again. The user that the computer appeared to be viral.
Computer security into a multibillion-dollar industry
"Yvlasn" date antivirus scanner to the computer security of a small company called "Virus Block Ada" in "Minsk", the capital of Belarus, was visiting.
Made up of individuals and organizations active in the field of computer security
Top security experts such as "Bruce Ashnyr", "Dan Kaminski" and "Charlie Miller" among other rock stars as there are security experts and top companies such as "Symantec", "Punishment" and "Kaspersky" the famous names that have become protect everything from laptops, to grandmothers critical military networks.
However, "Ada block virus" was not a rock star and not a famous name, but the company was unknown even in the computer security industry, few people had heard of it. But this situation will change soon.
The virus of "Day Zero", the most powerful weapon of hackers
Research team "Yvlasn" viral went looking for the customers computer was infected with the virus and found that the security hole, "Day Zero" will be used for expansion. Security holes "zero day" Hackers are the most powerful weapon in the way of bugs in the software still has not been identified by the manufacturer or constructor date antivirus scanner is used.
These problems are extremely rare. Find and use a bug requires great skill and time. Among more than 12 million each year, researchers in the field of antivirus software, malware are discovered less than ten software of holes "zero day" use.
Forms in the "Windows Explorer" operating efficiency "STUXNET"
In this case, using the security hole caused by the virus as well flash memory can be transmitted from computer to computer. Error in file "LNK" "Windows Explorer" was one of the major sections of "Microsoft Windows". When the flash memory connected to a computer was infected, "Explorer", automatically it would scan. This would make the code work the hole "day zero" and secretly activated a large part of which file was encoded into the destination computer. As a Personal aircraft camouflage military troops in the area of the foot.
In retrospect, the hole seemed to be very clear, because such an attack would yield learning. The researchers soon learned that the holes were previously used.
Companies rush to get the date antivirus scanner "STUXNET"
Company "block virus Ada" with "Microsoft" call to inform the company has no holes. Global software giant is preparing a patch that was on July 12, "Ada block the virus' discovery that their introduction in a public forum to bring security.
the virus (. stub and MrxNet.sys), called it "STUXNET" said.
Computer security industry is starting to open and decode the structure of the virus, there were also more evaluations.
Approval of the other companies to look for legal theft "STUXNET" in Windows
It was clear that this code is generated a year ago in June 2009 and its mysterious maker during this time, to update and modify the code and has published three versions of it.
The virus of one startup file valid signature and that the company was using (RealTek), a hardware manufacturing company in "Taiwan", was stolen.
Internet authorities "RealTek" to speed the approval was invalid, but "STUXNET" This time, another confirmation that the company "JMICRON technology" was. The main office of the Company's production of electronic circuits (both random and nonrandom) in the commercial real estate office is "RealTek" it is located. The attacker to physically reach into the two companies had been stolen and your approval? The distance between the company and key hacked digital signatures were stolen them?
Security company didn’t arrest one of them had found confirmation in his blog wrote: Seldom seen such a professional operation. This shows that [the attacker] had access to very large.
Attack "STUXNET" Industrial Control Systems, "Step 7" construction company "Siemens"
The "STUXNET" In terms of other very ordinary and seemed to satisfy their goals. Experts recognize that they have been exposed to this virus software, "Symantec Step 7" target, an industrial control system that the company "Siemens" Germany has made it to motor control, valve and switch on the Square food production factories and automobile assembly lines, gas pipes and facilities to clean water is used.
Appeared "STUXNET" The only purpose is to spy
Although this was a new virus type (control systems, hackers are not usually targeted, because no clear economic interest in these systems are not hacked), but what "STUXNET" systems, "Symantec" done, new no."STUXNET" as one of the cases of industrial espionage.
Companies to date antivirus scanner model different versions of the virus were added to the database to identify and often paid them to other viruses.
Story "STUXNET" could end here, but few researchers were not yet willing to give them the virus.
Company Investigation "Symantec" samples "STUXNET"
Researchers at the offices of "Symantec" in Europe and America among people who were in July, the virus code and the models were designed for subscribers. But after this, the virus "Liam Mvrchv his" office of the company's employees in "calories" state "California", was.
"STUXNET" should be investigated deeper
"He Mvrchv", 33 year old man is Irish. His director of operations, "Symantec Security Response," and has a duty to the security of critical threats and determined whether or not they require deep analysis.
"Symantec" and work with viruses that are difficult to deal with them
Among the more than 1 million files on the virus, "Symantec" date antivirus scanner and other companies to receive monthly, most of them are versions of other viruses and worms that have been previously identified. These files are processed automatically without human intervention.
Use "STUXNET" holes "Day Zero"
However, the viruses of the gaps "zero day" use, they are special and are checked by humans. "He Mvrchv" virus "STUXNET" to one of the engineers in the field of "zero day" had no experience; he thought that "STUXNET" is a good opportunity for training to the engineers.
Tags:
