Pegasus Research Consortium

Stuxnet: Zero Victims - Securelist (http://securelist.com/analysis/publications/67483/stuxnet-zero-victims/)

By GReAT
11 November 2014
The Stuxnet cyber-sabotage operation remains one of the favorite discussion subjects of security researchers everywhere. Considered the first known cyber-weapon, Stuxnet targeted the Iranian nuclear program using a subtle and well designed mechanism.


One of the reasons to revisit the Stuxnet subject is the publication (November 11th, 2014) of the book "Countdown to Zero Day" (http://www.amazon.com/Countdown-Zero-Day-Stuxnet-Digital/dp/077043617X/) by journalist Kim Zetter.




We are quite excited about the book which includes new and previously undisclosed information about Stuxnet. Some of the information is actually based on interviews conducted by Kim Zetter with members of Kaspersky Lab's Global Research and Analysis Team. To complement the book release, we've decided to also publish new technical information about some previously unknown aspects of the Stuxnet attack.

Even though Stuxnet was discovered more than four years ago, and has been studied in detail with the publication of many research papers. However, is still not known for certain what object was originally targeted by the worm. It is most likely that Stuxnet was intended to affect the motors that drive uranium enrichment centrifuges.

But where were those centrifuges located – in the Natanz plant or, perhaps, in Fordow? Or some other place?


The story of the earliest known version of the worm – "Stuxnet 0.5" – is outside the scope of this post; we are going to focus on the best known variants created in 2009 and 2010. (The differences between them are discussed in our 2012 publication - Back to Stuxnet: the missing link (http://securelist.com/blog/incidents/33174/back-to-stuxnet-the-missing-link-64/)).

In February 2011, Symantec published a new version of its W32.Stuxnet Dossier report (http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_stuxnet_dossier.pdf). After analyzing more than 3,000 files of the worm, Symantec established that Stuxnet was distributed via five organizations, some of which were attacked twice – in 2009 and 2010.  more (http://securelist.com/analysis/publications/67483/stuxnet-zero-victims/)



Stuxnet: Anatomy of the first weapon made entirely out of code – SOCKS (http://socks-studio.com/2012/07/17/stuxnet-anatomy-of-the-first-weapon-made-entirely-out-of-code/)

Stuxnet (http://en.wikipedia.org/wiki/Stuxnet) is the first computer virus (precisely a "worm") created to target, study, infect and subvert only industrial systems, namely Siemens'.

The great complexity of the worm has caused much speculation over the possible perpetrators: very probably the virus has been conceived with the support of a nation state and it has been speculated that Israel and the United States may have been involved.

On 1 June 2012, the NYTimes got a little further, explaining that Stuxnet is part of a U.S. and Israeli intelligence operation called Operation Olympic Games (http://en.wikipedia.org/wiki/Operation_Olympic_Games), started under President George W. Bush and expanded (http://www.theregister.co.uk/2013/07/08/snowden_us_israel_stuxnet/) under President Barack Obama. Iran responded with an open call for hackers willing to participate in the Iranian revolution, by involving themselves in the first nation-wide war fought through code.

GREAT VIDEO !

3:21 Stuxnet: Anatomy of a Computer Virus on Vimeo (https://vimeo.com/25118844#embed)
An infographic dissecting the nature and ramifications of Stuxnet, the first weapon made entirely out of code. This was produced for Australian TV program HungryBeast on Australia's ABC1

Stuxnet | Redhawk500's Blog (https://redhawk500.wordpress.com/tag/stuxnet/)

The Great Cyber-Wars Have Escalated.
In his 2010 book "Cyber War", former White House cybersecurity expert Richard Clarke sketches out a nightmare scenario in which online attacks bring the US to a standstill – and the experts can't even tell which country attacked them. He says he believes the United States, China and others are already hacking into each other's critical national systems, burying "logic bombs" and other attack software in the event they are needed – something he compares to the arms race and mechanization that preceded World War One.
?



Cyber War: The Next Threat to National Security and What to Do About It: Richard A. Clarke (http://www.amazon.com/Cyber-War-Threat-National-Security/dp/0061962244)

Invisibly, military units from over a score of nations are moving into a new battle space," he writes. "Because the units are unseen, parliaments and publics have not noticed the movement of these forces...

With attention divided elsewhere, we may be laying the groundwork for cyber war." Even if such a doomsday scenario never unfolds, most experts believe hacking is already taking its place alongside air strikes and special forces as tools for limited military activity.
[...]
?

So far, Stuxnet has infected at least 45,000 industrial control systems around the world, without blowing them up – although some victims in North America have experienced some serious computer problems, Eric Byres, a Canadian expert, told the Monitor.

Most of the victim computers, however, are in Iran, Pakistan, India, and Indonesia. Some systems have been hit in Germany, Canada, and the US, too.

Once a system is infected, Stuxnet simply sits and waits – checking every five seconds to see if its exact parameters are met on the system. When they are, Stuxnet is programmed to activate a sequence that will cause the industrial process to self-destruct, Langner says.