

Stuxnet: A Breakthrough - there
http://www.symantec.com/connect/blogs/stuxnet-breakthrough

======
rdtsc
I like how even though it is pretty clear that the target is Iran's uranium
enrichment complex with centrifuges running at 600Hz - 1200Hz, they explicitly
avoid mentioning that. That shows considerable professionalism, as obviously
there is no factual evidence of that (and most likely there won't be unless
one of the authors decides to confess).

------
kj12345
It's fascinating to think about Symantec's motivations for creating that very
well-produced, streamlined video. It basically plays like an ad for Stuxnet,
the growth of which represents the creation of a new market for Symantec.

~~~
michaelneale
It would be an odd move in terms of the market though? ie how many windows
machines/networks are there which are hooked up to PLCs (well, there are a
lot, but many orders of magnitude less than consumer uses of windows and pcs).

Having said that - it could be VERY lucrative for them - just not in volume.
Very much high end expensive product sales (which may be a direction they want
to go in - now that MS and others are rolling out built in virus protection
with the OS?).

~~~
rdtsc
It is all about bragging rights among the security specialists.

Symantec is basically deconstructing a worm that cost some government lots of
money, time and talent to create. They want to be seen as playing in the same
league as the security experts at NSA, CIA or the respective equivalents of
another country.

~~~
borism
more likely they don't want to be behind F-Secure who did the first widely-
discussed Stuxnet write-up.

~~~
rdtsc
but then why did F-Secure bother with the write-up ?

~~~
borism
certainly not because they want to be seen on par with CIA or NSA :)

------
joe_bleau
Wow! I was guessing blindly and came pretty darn close!
<http://news.ycombinator.com/item?id=1746868>

~~~
mnemonicsloth
That's a pretty impressive prediction.

For those of us who don't do industrial process control, what would that do to
the plant?

Supposedly more than 30 programmers worked on Stuxnet. That seems like a big
investment just to increase the wear rate on a few motors, however critical
they might be.

~~~
caf
Uranium enrichment centrifuges are _very_ finely balanced, _very_ high speed
mechanical devices.

This is very likely to cause a centrifuge crash.

------
NHQ
We worked really hard to give Iran that complex bug, now a democracy loving
free market company is going to cure them of it?

~~~
zeraholladay
That's really funny on multiple levels.

First, the virus should have been less interesting.

Second, the _true_ goal of the virus might not be the actual attack but
rather, like the scenes from the Bourne movies spying on Pamela Landy from the
rooftop across the street, the realization that someone knows exactly what
you're doing and they're more sophisticated than you. Further, it indicates
there's a hole in your organization from which information is leaking or might
be leaking (even worse if you can't find something that doesn't exist). I've
followed enough of the Wikileaks controversy regarding their internal disputes
to conclude the weakest link in many organizations is their structure and
individual members. The true goal might be psychological.

------
rbanffy
I think that much was known for a little while already...

[http://spectrum.ieee.org/podcast/telecom/security/how-
stuxne...](http://spectrum.ieee.org/podcast/telecom/security/how-stuxnet-is-
rewriting-the-cyberterrorism-playbook)

~~~
jbyers
Previous stories had not identified the specific devices under control, only
speculated about the nuclear connection.

~~~
iron_ball
And honestly, bringing up the nuclear connection each time new information
emerges is seriously privileging the hypothesis.

~~~
rbanffy
It would be a very sophisticated prank just to ruin a batch of cheese...

------
extension
Fortunately, I don't see this particular type of cyber warfare existing for
very long. Nobody with expensive industrial computers is going to mess around
when it comes to security, and it should not be difficult at all to fully
insulate SCADA systems from malware.

It worked this time because nobody was expecting it, but no target worth
attacking in this way is going to let it happen again.

~~~
cnvogel
I think you are oversimplifying the situation.

With any plant of sufficient size, there will be a lot of people involved in
commissioning, servicing and operating it. This makes "fully insulating" SCADA
systems much harder.

Management people will demand to get data from the plant to manage
utilization. Servicing personnel will want to connect their laptops to the
automation systems to talk to their company's devices that are installed in
the plant during maintenance. ... ...

So, for military projects where integrity/secrecy is a value for itself, I can
imagine draconian regulations to be in place soon, or most likely they already
are. But for "normal" industrial plants where there's a need for money to be
made, there always will be a balance between IT security and pragmatism in
running the damn thing.

And if diagnosing a failed motor controller in a stalled plant is delayed
because IT security prohibits the technician from inserting his USB stick, I
can tell you how the discussion with the plant manager will turn out in 99% of
all cases.

~~~
extension
_But for "normal" industrial plants where there's a need for money to be made,
there always will be a balance between IT security and pragmatism in running
the damn thing._

And those plants likely don't have enemies powerful or motivated enough to
attack them in this way. Typical black hats these days are in it for the cash
and I don't see how sabotaging a factory could be made into cost effective
fraud.

