Hacker News new | past | comments | ask | show | jobs | submit login
Iranian nuclear program hacked, made to play AC/DC (f-secure.com)
237 points by munin on July 24, 2012 | hide | past | web | favorite | 65 comments

This seems to be real. A number of sources have reported it. Although when I first read the headlines I was hoping it was something other than it was.

As far as I can tell the music simply indicated a compromised system. However, back in the way back times, if you programmed the seeks on a large disk drive you could get it to play 'music' of a sort from the resonance of the stepper motors. I had wondered if someone has changed stuxnet to modify the centrifuge speeds to play notes, and then have the facility play heavy metal music (which would be appropriate for a facility that was purifying a very heavy metal).

>if you programmed the seeks on a large disk drive you could get it to play 'music' of a sort from the resonance of the stepper motors.



I too was really hoping they'd done this to the centrifuges.

Instinctively I think this story reeks of bullshit. Not saying it didn't happen, but rather I sense deeper levels of foul play: like others have said, it feels like a distraction or misdirection. The metasploit mention is incongruous as well.

I think there are very few credible things about this story.

why would the computer security people tell everyone that it was metasploit? usually, IT staff tells people very little about current or ongoing security events.

why would workstations have speakers? perhaps they were internal speakers, but still.

are the phrases and word choices used in the e-mail consistent with the type of person who purports to have sent the e-mail? I'd like someones more expert opinion here on whether an Iranian person would say "maxed out", for example.

and finally, why would a real nuclear scientist risk death and imprisonment to tell an antivirus company that someone had compromised their computers to play AC/DC?

The workers at Iran's nuclear facilities are free to just do whatever the hell they want now and if they get busted they can blame it on US/Israeli hackers.

Sounds to me like the most plausible explanation so far. Some connected employee/s breached internal IT security protocol by transferring music to their workstations, maybe even being caught at a night shift blasting music. They tried to cover it up with some stories and it got out of hand.

I'm serious, I think anyone who's been in (any) military capacity can see such a thing happening.

Every time I come to any conclusion about what's happening with Iranian computers, I'm proven wrong weeks later. It is nuts what is going on here. I agree: playing AC/DC on nuclear facility computers sounds too theatrical to be real. Which probably means it was a Sepultura/Muppets mashup and not AC/DC.

The speakers blared Thuderstruck this time Iranians, next time it will be a Creed/Nickleback marathon. Don't be that country.

Conan O'Brien just stole your joke.

And I posted it an hour before this guy. It's an easy joke progression.

Your comment is showing 2 hours after mine, but you're right it's an obvious joke. When my patent is issued my lawyers will be in contact with you.

I will send my cybermen to deal with your lawyers.

This isn't Mikko Hypponen's sense of humour - I'd say it's real, even if it is ridiculous.

Could be a faked email by someone winding him up.

This seems to be real. A number of sources have reported it.

Yes, but they're all referring back to the same original claim. I don't find this story credible at all, and think it more likely that someone has spoofed an email using the addresses and header data found in a previous Wikileaks release.

That's entirely possible of course. Hence my wording. I keep hoping to hear they have the centrifuges singing, that would be a very worthy hack :-)

The story says "sending and receiving email," spoofed headers do nothing for receiving...

Are there a number of sources? Kinda seems like there are a lot of people repeating the same unverifiable story from the same single source...

I had hoped it wasn't true, because sooner or later meddleing in Irans stuff is going to piss them of then one of the two sides will do something stupid, or Obama needs to be a hawk again, or Israel gets enough, or something else and vola, we got another war in the middle-east going on.

I hope that the any government protest will resume and the people in Teheran will overthrow the priests. I have no sympathy for the Iranian goverment, but I fear a war more than I fear a neuclear armed Iran (what are they going to do with them, anyway? Blow up Israel? Attack the united states?).

Unfortunately the saber rattling and sabotage by USA and Israel only helps entrench the mullahs.

> However, back in the way back times, if you programmed the seeks on a large disk drive you could get it to play 'music' of a sort from the resonance of the stepper motors.

I would love to see the entire facility spontaneously erupt into a symphony like this: http://vimeo.com/1109226

On a clear disk you can seek forever.

Metasploit? The US and Israel spent probably hundreds of millions on developing custom frameworks using massive international teams, even implementing cutting-edge cryptanalysis to create the first trojans. And now someone broke a VPN, picked up Metasploit, and attached an MP3 to the payload? What the fuck?

If this is real, it certainly wasn't the same team that executed the first attacks. Sounds like a couple of prankster pentesters.

100% agree. And I doubt they are delivering music payloads all the way across the air gap just for fun. A guess, but it sounds like these machines aren't subject to the same restrictions as the really intense stuff on the other side of the security curtain.

Sounds more like someone at the target end trying to explain something they don't understand by blaming it on something they've heard of which might be related.

I know that some of the pentest training courses specifically use aeoi.org as a target. Not for actual attacks, but for conducting reconnaissance and target enumeration. I wonder if someone decided to see just how vulnerable the enumerated systems were.

Somewhere an RIAA lawyer is trying to figure out how to sue the AEOI.

Impossible because AC/DC doesn't allow it's music to be released in digital form.

Rubbish, I have many CD's of theirs.

No, they mean as in MP3 format. I did look at trying to purchase a complete set of none physical music. It's hard to give them my money...

Oops, I was wrong. It looks like AC/DC went digital back in 2007 with an exclusive with Verizon.


I'm sure everyone who shelled out $12/album with Verizon's DRM is still rocking out to Hells Bells.

I think it was a joke.

Not allowed and possible are not mutually exclusive events.

In future wars, it will be hard to know when your nuclear centrifuges have been compromised or if you've simply been rick-roll'd.

Seems like a viral campaign to Iron Man 3.

More like a viral campaign for Thor 2 considering the song choice.

They hacked into some workstations. This isn't the same as stuxnet.

Presumably this was a bug in a VPN software somewhere, which led to, probably, some windows machines. The fact that this was at a nuclear facility is kindof pointless; it's just an office.

Stuxnet specifically went after industrial control systems, and destroyed the machines they controlled.

The link says, "The automation network and Siemens hardware were attacked and shut down." That seems like more than just your average office computer.

That could also be interpreted as "someone tried to run some shellcode [that was copied from Stuxnet] on the POS Windows XP boxes we use for QA tests, so we shut down the SCADA interconnect just in case." It's pointless to speculate though. I bet it turns out to be a really stupid prank by an ex-scientist.

Considering how much effort went into stuxnet and flame this seems to be rather weird. Go to extreme lengths in coding malware to... play AC/DC? Something doesn't seem quite right.

The choice of music is excellent though ;)

Could be a psychological thing. Hacker saying, "we own you so hard, we're going to be as blatant as hell about it."

I would guess you are right. Not really the paranoid type, but when considering things like this with Iran I wouldn't be surprised if it was government doings and the AC/DC thing is a distraction from whatever they really did.

Deploy the Nickleback Virus. That should bring them to the negotiating table.

This sound like a good idea and I'm sure it makes anyone American absolutely brim with patriotic pride. It's also a completely idiotic thing to do. Creating malware takes a lot fewer resources than creating real weapons and the US and West in general is far more vulnerable to malware than Iran or most small countries due to the economy's greater mechanization. What happens when there is blowback?

Patriotic pride? Unless I've missed something about your train of thought here, AC/DC is still an Australian band and not from the US.

Not to mention that further tensions is not desired right now -- with Obama neck and neck with the Republican and Israel getting impatient and Iran getting offended, this could turn very nasty, very soon (and the west can ill afford another war in the middle-east with the current economy and gas prices).

I hope the regime fall, but it has to be internal or it won't stick.

"the west can ill afford another war in the middle-east with the current economy and gas prices"

"The west" isn't a monolith. Elites everywhere profit from war, simply because it first and foremost tightens control and keeps people busy.

This is the song that was playing: http://www.youtube.com/watch?v=RukUetw0hAM

Do they still run stock Windows PCs in a nuclear facility? Do they still have critical machinery participating in insecure local network?

Well, maybe it isn't a nuclear lab after all, but a honeypot for hackers? And the actual lab is somewhere else? Because otherwise they would figure it out already, I think.

hacker tool Metasploit

I was thinking had it happened to US, some nutjob would have declared Metasploit illegal. Though US regulations don't apply to us non-US folks, developing nations tend to pick things from west, especially for issues concerning technology. I blame US for broadband fair-usage quota.

Also, EU or US regulations make travelling difficult. Hasn't EU declared hacking tools illegal? Man, it would suck to be detained in a foreign country for installing metasploit.

Just in germany, and trust me, you'd much rather be detained in germany than in the us, in europe you actually have rights when someone arrests you..

edit: sorry I couldn't resist, just watched Harold and Kumar escape from guantanamo bay yesterday :P

insert generic, overwrought "authoritarian police state" comment about the United States here

edit: oh sorry, the OP already made this point :p

Whoever is skilled enough to hack into some computers at a nuclear reactor facility must also be clever enough to not give itself away with a childish prank. There are many better things they can do than playing music. I'm sure the story is fake.

Seems like "Who Made Who" by AC/DC would be appropriate here since it was done for the soundtrack of "Maximum Overdrive," a Steven King movie about the machines taking over.

Wait until AC/DC finds out their intellectual property has been used on a computer without their permission.

Yeah, I heard it plays 'Thunderstruck'

Government cover up. The government wouldn't play AC/DC, so it must be someone else.

You'd be surprised. During Operation Just Cause in Panama, US troops used loudspeakers blasting music (including Van Halen) to flush Noriega out of his hiding place.

Believe it or not, even government workers have a sense of humor ...

Probably less "sense of humor" than psychological warfare by constantly demonstrating superiority and presence - plus depending on the volume and proximity, this could interfere with enemies communicating and could even keep them from sleeping. Maybe not the worst thing at first but I can see how this can get more effective over time...

They always use AC/DC....

... Why would they not?

Because it's evil. ;) THUNDERSTRUUCK!

Fantastic news. I would've gone for High Voltage:

Plug me in, turn me on, I'm a sparklin' man

High voltage rock 'n' roll


This is actually bad.

It means that the US is out of ideas on how to stop Iran's nuclear program via cyber weapons.

Because if they had an idea on the level of stuxnet they wouldn't announce infected PCs in such an obvious way. :/

I think it's exactly the opposite. If the story is really true then the psychological effects are enormous. It tells them:

"Look we have everything under control. We can even afford to let you know that. Look, we can make your top secret workstations play music just for fun. Don't mess with us, otherwise we can make even your bombs explode in your own bunkers."

I think if the Iranians are really so stupid to make war with Israel or U.S. (which means WW3) this would lead to their own self destruction.

We do not know the real impact of stuxnet.

I can believe that some government idiots after looking Matrix sponsored "cyberwar".

I can believe that some smart guys really tried to write a first "cyberweapon".

I can believe that iranian intelligence service gladly playing this game.

I can't believe that a country with a lot of people with high education can have a problem with a worm.

Windows or not Windows - it does not matters. Sane persone can't overlook some strange process in OS.

Rootkits? Do you think that this kind of servers frequently rebooting?

And now it even plays AC/DC for "stupid iranians"!

Even lamerz can do nuclear physics! Process explorer for true genuises!

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact