
Iranian nuclear program hacked, made to play AC/DC - munin
http://www.f-secure.com/weblog/archives/00002403.html
======
ChuckMcM
This seems to be real. A number of sources have reported it. Although when I
first read the headlines I was hoping it was something other than it was.

As far as I can tell the music simply indicated a compromised system. However,
back in the way back times, if you programmed the seeks on a large disk drive
you could get it to play 'music' of a sort from the resonance of the stepper
motors. I had wondered if someone has changed stuxnet to modify the centrifuge
speeds to play notes, and then have the facility play heavy metal music (which
would be appropriate for a facility that was purifying a very heavy metal).

~~~
JonnieCache
_> if you programmed the seeks on a large disk drive you could get it to play
'music' of a sort from the resonance of the stepper motors._

<http://www.youtube.com/watch?v=dmoDLyiQYKw>

<http://georgewhiteside.net/projects/diskette-organ/>

I too was really hoping they'd done this to the centrifuges.

Instinctively I think this story reeks of bullshit. Not saying it didn't
happen, but rather I sense deeper levels of foul play: like others have said,
it feels like a distraction or misdirection. The metasploit mention is
incongruous as well.

~~~
tptacek
Every time I come to any conclusion about what's happening with Iranian
computers, I'm proven wrong weeks later. It is nuts what is going on here. I
agree: playing AC/DC on nuclear facility computers sounds too theatrical to be
real. Which probably means it was a Sepultura/Muppets mashup and not AC/DC.

~~~
Steko
The speakers blared Thuderstruck this time Iranians, next time it will be a
Creed/Nickleback marathon. Don't be that country.

~~~
lancefisher
Conan O'Brien just stole your joke.

~~~
vampirechicken
And I posted it an hour before this guy. It's an easy joke progression.

~~~
Steko
Your comment is showing 2 hours after mine, but you're right it's an obvious
joke. When my patent is issued my lawyers will be in contact with you.

~~~
vampirechicken
I will send my cybermen to deal with your lawyers.

------
peterwwillis
Metasploit? The US and Israel spent probably hundreds of millions on
developing custom frameworks using massive international teams, even
implementing cutting-edge cryptanalysis to create the first trojans. And now
someone broke a VPN, picked up Metasploit, and attached an MP3 to the payload?
What the fuck?

If this is real, it certainly wasn't the same team that executed the first
attacks. Sounds like a couple of prankster pentesters.

~~~
gavinlynch
100% agree. And I doubt they are delivering music payloads all the way across
the air gap just for fun. A guess, but it sounds like these machines aren't
subject to the same restrictions as the really intense stuff on the other side
of the security curtain.

------
mmakunas
Somewhere an RIAA lawyer is trying to figure out how to sue the AEOI.

------
randomstring
Impossible because AC/DC doesn't allow it's music to be released in digital
form.

~~~
alan_cx
Rubbish, I have many CD's of theirs.

~~~
philjones88
No, they mean as in MP3 format. I did look at trying to purchase a complete
set of none physical music. It's hard to give them my money...

~~~
randomstring
Oops, I was wrong. It looks like AC/DC went digital back in 2007 with an
exclusive with Verizon.

[http://www.reuters.com/article/2007/08/02/us-acdc-
idUSN01367...](http://www.reuters.com/article/2007/08/02/us-acdc-
idUSN0136768220070802)

I'm sure everyone who shelled out $12/album with Verizon's DRM is still
rocking out to Hells Bells.

------
mtgentry
In future wars, it will be hard to know when your nuclear centrifuges have
been compromised or if you've simply been rick-roll'd.

------
runn1ng
Seems like a viral campaign to Iron Man 3.

~~~
hoboslobo
More like a viral campaign for Thor 2 considering the song choice.

------
blhack
They hacked into some workstations. This isn't the same as stuxnet.

Presumably this was a bug in a VPN software somewhere, which led to, probably,
some windows machines. The fact that this was _at_ a nuclear facility is
kindof pointless; it's just an office.

Stuxnet specifically went after industrial control systems, and destroyed the
machines they controlled.

~~~
jrockway
The link says, "The automation network and Siemens hardware were attacked and
shut down." That seems like more than just your average office computer.

~~~
peterwwillis
That could also be interpreted as _"someone tried to run some shellcode [that
was copied from Stuxnet] on the POS Windows XP boxes we use for QA tests, so
we shut down the SCADA interconnect just in case."_ It's pointless to
speculate though. I bet it turns out to be a really stupid prank by an ex-
scientist.

------
tsahyt
Considering how much effort went into stuxnet and flame this seems to be
rather weird. Go to extreme lengths in coding malware to... play AC/DC?
Something doesn't seem quite right.

The choice of music is excellent though ;)

~~~
Sanddancer
Could be a psychological thing. Hacker saying, "we own you so hard, we're
going to be as blatant as hell about it."

------
vampirechicken
Deploy the Nickleback Virus. That should bring them to the negotiating table.

------
quantgenius
This sound like a good idea and I'm sure it makes anyone American absolutely
brim with patriotic pride. It's also a completely idiotic thing to do.
Creating malware takes a lot fewer resources than creating real weapons and
the US and West in general is far more vulnerable to malware than Iran or most
small countries due to the economy's greater mechanization. What happens when
there is blowback?

~~~
tomjen3
Not to mention that further tensions is not desired right now -- with Obama
neck and neck with the Republican and Israel getting impatient and Iran
getting offended, this could turn very nasty, very soon (and the west can ill
afford another war in the middle-east with the current economy and gas
prices).

I hope the regime fall, but it has to be internal or it won't stick.

~~~
hopefully
"the west can ill afford another war in the middle-east with the current
economy and gas prices"

"The west" isn't a monolith. Elites everywhere profit from war, simply because
it first and foremost tightens control and keeps people busy.

------
espeed
This is the song that was playing:
<http://www.youtube.com/watch?v=RukUetw0hAM>

------
guard-of-terra
Do they still run stock Windows PCs in a nuclear facility? Do they still have
critical machinery participating in insecure local network?

Well, maybe it isn't a nuclear lab after all, but a honeypot for hackers? And
the actual lab is somewhere else? Because otherwise they would figure it out
already, I think.

------
irahul
_hacker tool Metasploit_

I was thinking had it happened to US, some nutjob would have declared
Metasploit illegal. Though US regulations don't apply to us non-US folks,
developing nations tend to pick things from west, especially for issues
concerning technology. I blame US for broadband fair-usage quota.

Also, EU or US regulations make travelling difficult. Hasn't EU declared
_hacking tools_ illegal? Man, it would suck to be detained in a foreign
country for installing metasploit.

~~~
tinco
Just in germany, and trust me, you'd much rather be detained in germany than
in the us, in europe you actually have rights when someone arrests you..

edit: sorry I couldn't resist, just watched Harold and Kumar escape from
guantanamo bay yesterday :P

~~~
gavinlynch
_insert generic, overwrought "authoritarian police state" comment about the
United States here_

edit: oh sorry, the OP already made this point :p

------
borplk
Whoever is skilled enough to hack into some computers at a nuclear reactor
facility must also be clever enough to not give itself away with a childish
prank. There are many better things they can do than playing music. I'm sure
the story is fake.

------
gexla
Seems like "Who Made Who" by AC/DC would be appropriate here since it was done
for the soundtrack of "Maximum Overdrive," a Steven King movie about the
machines taking over.

------
RyanMcGreal
Wait until AC/DC finds out their intellectual property has been used on a
computer without their permission.

------
sidcool
Yeah, I heard it plays 'Thunderstruck'

------
username3
Government cover up. The government wouldn't play AC/DC, so it must be someone
else.

~~~
rit
You'd be surprised. During Operation Just Cause in Panama, US troops used
loudspeakers blasting music (including Van Halen) to flush Noriega out of his
hiding place.

Believe it or not, even government workers have a sense of humor ...

~~~
kahawe
Probably less "sense of humor" than psychological warfare by constantly
demonstrating superiority and presence - plus depending on the volume and
proximity, this could interfere with enemies communicating and could even keep
them from sleeping. Maybe not the worst thing at first but I can see how this
can get more effective over time...

------
adrianwaj
Fantastic news. I would've gone for High Voltage:

 _Plug me in, turn me on, I'm a sparklin' man

High voltage rock 'n' roll_

<http://www.youtube.com/watch?v=i0NcFU838GY>

------
MartinMond
This is actually bad.

It means that the US is out of ideas on how to stop Iran's nuclear program via
cyber weapons.

Because if they had an idea on the level of stuxnet they wouldn't announce
infected PCs in such an obvious way. :/

~~~
bitcracker
I think it's exactly the opposite. If the story is really true then the
psychological effects are enormous. It tells them:

"Look we have everything under control. We can even afford to let you know
that. Look, we can make your top secret workstations play music just for fun.
Don't mess with us, otherwise we can make even your bombs explode in your own
bunkers."

I think if the Iranians are really so stupid to make war with Israel or U.S.
(which means WW3) this would lead to their own self destruction.

------
Ingaz
We do not know the real impact of stuxnet.

I can believe that some government idiots after looking Matrix sponsored
"cyberwar".

I can believe that some smart guys really tried to write a first
"cyberweapon".

I can believe that iranian intelligence service gladly playing this game.

I can't believe that a country with a lot of people with high education can
have a problem with a worm.

Windows or not Windows - it does not matters. Sane persone can't overlook some
strange process in OS.

Rootkits? Do you think that this kind of servers frequently rebooting?

And now it even plays AC/DC for "stupid iranians"!

Even lamerz can do nuclear physics! Process explorer for true genuises!

