When I was writing software for industrial PLCs and other controllers over five years ago I always thought that factory guys were paranoid about connecting them to the general IT system which in turn was connected to the internet. Quite specifically they were worried about viruses getting into the industrial PCs and causing production line stoppages. At the time it was just a theoretical possibility. Now it seems they were quite wise to be cautious.
Buried in the article: "Whoever created Stuxnet developed four previously unknown zero-day attacks and a peer-to-peer communications system, compromised digital certificates belonging to Realtek Semiconductor and JMicron Technology, and displayed extensive knowledge of industrial systems."
Sounds like Siemens has some work to do, although I wouldn't be too hard on them if the CIA or another state is really launching these attacks.
You should definitely blame Siemens. The default password is hard-coded into the system. If you change the password from the default, the system crashes!
If it really is the CIA, then Siemens might actually be in on it. Bonus for them if they can charge the Iranians to patch the holes that Stuxnet has exposed while continuing to feed the agency with new ones.
It most definitely would, since Siemens as a company is too expensive and complicated to bribe - even on CIA scale. Also it is public, and is too bureaucratic to get away with that without a trace.
Of course nothing prevents recruiting an engineer or two as CIA operatives, but it's not the same as involving the company.
I’m surprised at how often project names for secret projects have some relation on the project. This is really for you conspiracy theorists, but read the Book of Esther in the bible where Esther informs the King of a plot against the Jews. The King then allows the Jews to defend themselves, kill their enemies, … Esther’s was born as Hadassah which means Myrtle. According to Symantec, “While we don’t know who the attackers are yet, they did leave a clue. The project string b:\myrtus\src\objfre_w2k_x86\i386\guava.pdb appears in one of their drivers.”
This type of attack is going to become much more common in the future.
"Nation States" and their various agencies have been interested in SCADA systems for quite a while. There is no security to speak of in industrial control systems. These systems are out of the view of all but the most sophisticated hackers, and only make the news when things go boom.
I imagine that very few people other than control systems engineers ever have anything to do with Siemens PLCs and their data blocks. Those PLCs are also quite pricey items. Your average script kiddie is never going to have any access to or knowledge of these sorts of system.
Also buried in the article: "Peterson believes that Bushehr was possibly the target. "If I had to guess what it was, yes that's a logical target," he said. "But that's just speculation."
"develop four previously unknown zero-day attacks and a peer-to-peer communications system, compromise digital certificates belonging to Realtek Semiconductor and JMicron Technology, and display extensive knowledge of industrial systems."
then why did this happen?
"In recent weeks, they've broken the cryptographic code behind the software"
They're talking about the encryption of the executable code and data of the worm itself. It can't run if it doesn't decrypt itself at some point. It's not meant to be bombproof, it's just another hurdle.
I suspect that next time, the targeting systems of such a worm will be better obfuscated. If this can be achieved, then such sabotage could be carried out with perfect plausible deniability. I find this highly disturbing.
