What's new

Cyberwar against Iran: technical dissection of stuxnet

anonymus

anonymus

BANNED
Joined
Sep 22, 2011
Messages
3,870
Reaction score
-7
Country
India
Location
India
:wave:

I found this video while looking up for online lectures for helping in my assignments.



This is a detailed description relating to working of stuxnet done by stanford university.

Thought that people here may find it interesting.
 
Last edited by a moderator:
.
Strange, I don't think it could make a massive damage to Iranian nuclear-related facilities :/
 
.
Yzd Khalifa said:
Strange, I don't think it could make a massive damage to Iranian nuclear-related facilities :/
Click to expand...

The extent of damage would never be known but even Iranian government talked about disturbances during this period.

Centrifuges are precision machines and minor disturbances could wreck them.The virus was found by kasperseky lab after Iranian reports of difficulties in their nuclear facility.

I was fascinated as to how a code was able to jump operating systems and have so many fail safe mechanisms.The people who thought of it must have brainstormed on the possible ways the code could have been detected at each stage and programmed contingencies in it.The way this virus spread was also unique.Large number of computers were infected by Stuxnet but it struck only Iranian centrifuges.

Though access to Microsoft and Siemens would have helped a lot.
 
.
Of course the Iranians won't make a big deal out of it. However, I guess I'm right to say that these cyberattacks could give the Iranians a hard-time right? :/

Even the CIA cannot be sure how greater the damage was.
 
.
Yzd Khalifa said:
Of course the Iranians won't make a big deal out of it. However, I guess I'm right to say that these cyberattacks could give the Iranians a hard-time right? :/

Even the CIA cannot be sure how greater the damage was.
Click to expand...
And it also drove Iran to establish one of the best cyber armies in the world, maybe among the top 5 or 10.Thanks to Stuxnet.

It would be better for them not to do the Stuxnet thing.
 
.
A nice technical dossier on Stuxnet.

viewer


W32.Stuxnet Dossier
 
.


Reverse engineer Stuxnet.
 
Last edited by a moderator:
.
anonymus said:
The extent of damage would never be known but even Iranian government talked about disturbances during this period.

Centrifuges are precision machines and minor disturbances could wreck them.The virus was found by kasperseky lab after Iranian reports of difficulties in their nuclear facility.

I was fascinated as to how a code was able to jump operating systems and have so many fail safe mechanisms.The people who thought of it must have brainstormed on the possible ways the code could have been detected at each stage and programmed contingencies in it.The way this virus spread was also unique.Large number of computers were infected by Stuxnet but it struck only Iranian centrifuges.

Though access to Microsoft and Siemens would have helped a lot.
Click to expand...

Pinpointing and specifically targeting Iranian computers is not that difficult and not new either.

For example, the conflicker worm which hit in 2008, specifically left out computers with Ukrainian keyborad.

overview.jpg



A reverse logic in this case along with other parameters that pin point Iranian computers etc can achieve the needed.
 
.
blame all goes for it admins, nuclear facility computers are isolated from internet for sure, so there is no hacking but improper windows settings, letting an unknown code to run on those computers.
unfortunately in Iran managers don't have a correct view of IT, they think cause some body is smart and educated in computer field like programing then they can assign him as IT admins.
I hope they have awakened after this attacks.
 
.
mohsen said:
blame all goes for it admins, nuclear facility computers are isolated from internet for sure, so there is no hacking but improper windows settings, letting an unknown code to run on those computers.
unfortunately in Iran managers don't have a correct view of IT, they think cause some body is smart and educated in computer field like programing then they can assign him as IT admins.
I hope they have awakened after this attacks.
Click to expand...

Rumor was stuxnet got in through infected pendrive.


infected pendrives as means to spread malware into organiztions has been done previously in many cases to steal corporate secrets.

The attacker would simply drop a couple of infected pendrives at various places outside the target organization or company (parking lot, near the gate etc)

A curious unsuspecting employee might simply pick it up and check (assuming it might be lost pendrive of a fellow employee.)

To check the contents of it , once the unsuspecting employee plugs it into the corporate computer , its mission accomplished for the attacker/hacker as access into corporate network from there becomes easier.

My guess is the same must have happened in Iran too.
 
.
Syama Ayas said:
Pinpointing and specifically targeting Iranian computers is not that difficult and not new either.

For example, the conflicker worm which hit in 2008, specifically left out computers with Ukrainian keyborad.

overview.jpg





A reverse logic in this case along with other parameters that pin point Iranian computers etc can achieve the needed.
Click to expand...



I do not have a background in computers but have studies programming in school and as a part of Engineering course.Even though i was able to comprehend the fact of virus selecting Iranian computers from many it had infected what i thought would be impossible until now was a program that could run on two different type of computers which use different assembly languages.

This opens up new possibilities as it means that even analog computers and the one running on exotic operating systems would not be safe.
 
.
Syama Ayas said:
Rumor was stuxnet got in through infected pendrive.


infected pendrives as means to spread malware into organiztions has been done previously in many cases to steal corporate secrets.

The attacker would simply drop a couple of infected pendrives at various places outside the target organization or company (parking lot, near the gate etc)

A curious unsuspecting employee might simply pick it up and check (assuming it might be lost pendrive of a fellow employee.)

To check the contents of it , once the unsuspecting employee plugs it into the corporate computer , its mission accomplished for the attacker/hacker as access into corporate network from there becomes easier.

My guess is the same must have happened in Iran too.
Click to expand...
in sensitive computers only predefined programs should have execute permission, whether from internal or external storage media, but where are admins to understand this?
 
.
anonymus said:
:wave:

I found this video while looking up for online lectures for helping in my assignments.



This is a detailed description relating to working of stuxnet done by stanford university.

Thought that people here may find it interesting.
Click to expand...

Iran has improved a lot after this attack. Now they are writing anti-virus systems. Best thing for them is they are able to detect these virus. Now they have cyber army.
 
Last edited by a moderator:
.
The point is what doesn't kill you makes you stronger,the Stuxnet was a smart move by Americans but they should have realized that their rival is Iran which makes the best out of its problems.
 
.
anonymus said:
I do not have a background in computers but have studies programming in school and as a part of Engineering course.Even though i was able to comprehend the fact of virus selecting Iranian computers from many it had infected what i thought would be impossible until now was a program that could run on two different type of computers which use different assembly languages.
Click to expand...

Malware can be designed in a way to only attack computers with specific MAC address as a mean to do a little bit of damage control (but use any machine to copy itself), this requires manufacturer cooperation with the Malware designers, this cooperation could be providing the hackers with list of Siemens industrial machines currently active in Iran and their MAC address or even not resolving the security issues despite being aware of them, this allows the hackers to use the holes in the system to carry on with their task.

Of course there are many ways to target specific computers without having to worry about widespread infection, you just have to use your imagination!
 
.

Similar threads

艹艹艹
The problem with India’s blocking of the Chinese
Replies
2
Views
579
艹艹艹
艹艹艹
Hamartia Antidote
MI5 head warns of 'epic scale' of Chinese espionage [20,000+ UK people approached to spy]
2
Replies
29
Views
2K
Menthol
Menthol
ghazi52
This student was handing out bottles of water to protesters. Minutes later, he was dead
Replies
0
Views
1K
ghazi52
ghazi52
Hamartia Antidote
Nature: ChatGPT has entered the classroom: how LLMs could transform education
Replies
0
Views
386
Hamartia Antidote
Hamartia Antidote
ghazi52
Tracing the origins of Pakistani textile design
Replies
0
Views
375
ghazi52
ghazi52

Latest posts

Pakistan Defence Latest Posts

Pakistan Affairs Latest Posts

Military Forum Latest Posts

Country Latest Posts

Back
Top Bottom