
Stuxnet's Secret Twin - hangonhn
http://www.foreignpolicy.com/articles/2013/11/19/stuxnets_secret_twin_iran_nukes_cyber_attack
======
ChuckMcM
The original report, of which the Foreign Policy Article is a summary, is
here: [http://www.langner.com/en/wp-content/uploads/2013/11/To-
kill...](http://www.langner.com/en/wp-content/uploads/2013/11/To-kill-a-
centrifuge.pdf)

------
davidgerard
Serious question:

Why THE FUCK are industrial controllers connected to the Internet still
running Windows?

What is going on here? Why did anyone _ever_ think this was a good idea? Your
customers may use Windows, but you don't code your site as a batch script ...

~~~
dsuth
It's a great question, and as someone heavily involved in industrial control
systems, I ask myself and others that a lot.

The only real reason I've heard comes down to cost and support. It's easy to
develop software for Windows, easy to find developers, easy to support the
operating system, easy (debatable) to use in an industrial environment. It's a
known factor.

Always remember that people on the shop floor (or hydrocarbons refinery
equally) aren't interested in maintaining a PC they don't understand, and
their management aren't interested in maintaining a well-educated IT
department. It's a simple cost/benefit equation, and so far the benefits have
been completely ignored.

Likewise, vendors of control systems don't want to put the time and effort in
to develop their IDE's, display tools etc for a Unix variant. System
integrators (ICS programmers and configurators)... well, we'd be cool with a
Linux-based control system, if it worked well.

That's why you see Windows in industrial control environments. Couple this
with the extremely conservative nature of industry, and you have a huge,
glaring problem. We (ICS engineers) know it's a problem, clients are starting
to realise it's a problem, but the wheels move slowly.

At least Stuxnet has made the wider industrial community aware of just how
deep the shit is. Now begins the slow process of crawling back out of it.

~~~
atmosx
Sorry but in this scenario maintaining a 5-person skilled IT department was/is
imperative. The TCO should of the IT department, even if you hire D.
Hartmeier[1] to configure the firewalls, should be negligible compared to the
operation's TCO.

That said, in this case I believe that the software to manage the centrifuges
is made by Siemens (Germany) and it's written on Windows. So partially it
wasn't the consumer's choice to use windows. Even if they used linux, is not
hard to think that the NSA could have written a Linux clone worm. The only
thing that can keep away such threats is "security" as Schneir mentions
here[2] "security is a process" and that process can secure any operating
system out there imho.

[1] [http://www.benzedrine.cx/index.html](http://www.benzedrine.cx/index.html)

[2] [https://www.schneier.com/crypto-
gram-0005.html](https://www.schneier.com/crypto-gram-0005.html)

------
hangonhn
Try this link if you get hit with registration:

[https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&c...](https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&ved=0CC8QqQIwAA&url=http%3A%2F%2Fwww.foreignpolicy.com%2Farticles%2F2013%2F11%2F19%2Fstuxnets_secret_twin_iran_nukes_cyber_attack&ei=ffaMUuuKOIPuiQL9nYDwDg&usg=AFQjCNGFQ0XkzPz1DfHTsyARvAbCqssAGg&sig2=9mAX5PgUYUDDetuPvXd3rQ&bvm=bv.56643336,d.cGE)

~~~
thesimpsons1022
that one requires registration as well.

~~~
sp332
Full text [http://pastebin.com/z7XxVHVx](http://pastebin.com/z7XxVHVx)

~~~
gcb1
that is 5 to 10 years of computer crime you are looking at, sp332.

~~~
sp332
I was aiming for $9k in statutory damages :)

------
cwal37
This is incredibly interesting and extremely important. It has clear
implications for infrastructure and security, particularly energy
infrastructure which I am most interested in.

This is the future of war.

~~~
at-fates-hands
My Dad used to write software for large technology companies. When he was with
Control Data, they had just finished a huge project where they automated a ton
of processed for the local energy company to make it more efficient.

When I was in college and the internet got big I and I was touting all this
cool stuff you could do, he told me about this project they did way back in
the 70's. He said it terrified him at the time because it took the human
element out of the equation. If something went wrong, it could do some serious
damage. A misplaced decimal point here and it could basically bring down an
entire region of the power grid.

He always said the software was great, but it made the people using it lazy -
which is where the real danger is.

------
0xdeadbeefbabe
Q: How could governments get something so complex right?

A: Trick question. Nice. Next question.

-[http://www.f-secure.com/weblog/archives/00002040.html](http://www.f-secure.com/weblog/archives/00002040.html)

------
xfax
Here you go:
[http://www.readability.com/read?url=http%3A//www.foreignpoli...](http://www.readability.com/read?url=http%3A//www.foreignpolicy.com/articles/2013/11/19/stuxnets_secret_twin_iran_nukes_cyber_attack)

~~~
D9u
That link also presents a registration form. Thanks anyway.

~~~
nitrogen
You can just right click the overlay, click Inspect Element, then delete the
div that contains the overlay.

------
bdamm
Here's the Foreign Policy Article, linked so there's no registration banner:
[http://www.foreignpolicy.com/articles/2013/11/19/stuxnets_se...](http://www.foreignpolicy.com/articles/2013/11/19/stuxnets_secret_twin_iran_nukes_cyber_attack?page=0:0)

~~~
vhost-
Thanks! I was using firebug to kill the overlay.

------
angrydev
Readability link:
[http://www.readability.com/articles/6ycbi4jx](http://www.readability.com/articles/6ycbi4jx)

I highly recommend downloading this extension for websites with crappy
overlays like this one!

~~~
jafaku
I just removed the overlay with firebug :p

But that's a great service, I didn't know I could use it without registering.
I will use the bookmarklet from now on, thanks!

------
swashboon
Website requires registration/login to view content. No thanks.

~~~
fla
Or open your web inspector and delete the node.

