Cracking Stuxnet
:
Stuxnet malware is reportedly a contributing factor to the Fukushima nuclear disaster. Clue ... virtually every control system failed or reacted wrongly to emergency conditions.
http://www.wired.com/threatlevel/2011/07/how-digital-detectives-decipher...
How Digital Detectives Deciphered Stuxnet, the Most Menacing Malware in History
By Kim Zetter July 11, 2011 | 7:00 am | Categories: Stuxnet
Liam O Murchu was the first to notice that Stuxnet was much more complex and sophisticated than previously believed. “Everything in it just made your hair stand up and go, this is something we need to look into.” Researchers in Symantec’s offices in Europe and the United States were among those who grabbed the code in July and created signatures for customers. But once they had done this, the malware passed to Liam O Murchu in the company’s Culver City, California office.
O Murchu is a 33-year-old Irishman and avid snowboarder. As manager of operations for Symantec Security Response, it was his job to review significant malware threats to determine if they should be analyzed in-depth. Malware containing zero-day exploits, however, were special and got examined by hand. Several layers of masking obscured the zero-day exploit inside, requiring work to reach it, and the malware was huge — 500k bytes, as opposed to the usual 10k to 15k. Generally malware this large contained a space-hogging image file, such as a fake online banking page that popped up on infected computers to trick users into revealing their banking login credentials. But there was no image in Stuxnet, and no extraneous fat either. The code appeared to be a dense and efficient orchestra of data and commands.
O Murchu’s interest was immediately piqued …
Good point
"The other thing that you are forgetting is that the Fukushima reactors were built back in the '70s, and they were designed in the late '60s; BEFORE anyone ever heard of a reprogrammable Siemens controller."
Very true. Fukushima went online 20 years before USB was introduced and about 25 years before Siemens introduced the first pls control systems. There are no indications that the control circuits at Fukushima were ever updated from hardwire relay to digital pls.
Even if Fukushima had been completely rewired since 1999 and had the Siemems pls controllers and Stuxnet malware successfully installed manually via USB, it could not have effected the FDNPP. The malware was specifically written to affect centrifugal motors that NPP's don't use. Even for the intended purpose, Stuxnet was not that successful in disrupting the Iranian targets that it was written for. Stuxnet code was written to expire on 6-24-12, it soon will be history.
http://www.imdb.com/title/tt0337978/
Thanks for the well written
Thanks for the well written post. You're absolutely right, reactor control systems are hard wired and not re-programmable digital systems.
guess who!
"but midway across the river the scorpion does indeed sting the frog, dooming them both. When asked why, the scorpion points out that this is its nature. The fable is used to illustrate the position that the behaviour of some creatures is irrepressible, no matter how they are treated and no matter what the consequences."
Bad Guys
:(
“Well, bad guys are people who are writing malicious code that infects systems that can cause unintended consequences or intended consequences.”
http://www.wired.com/threatlevel/2011/07/how-digital-detectives-decipher...
How Digital Detectives Deciphered Stuxnet, the Most Menacing Malware in History
By Kim Zetter July 11, 2011 7:00 am
As Chien and O Murchu mapped the geographical location of the infections, a strange pattern emerged. Out of the initial 38,000 infections, about 22,000 were in Iran. Indonesia was a distant second, with about 6,700 infections, followed by India with about 3,700 infections. The United States had fewer than 400. The infection numbers were way out of sync with previous patterns of worldwide infections. South Korea and the United States were always at the top of charts in massive outbreaks. But even in outbreaks centered in the Middle East or Central Asia, Iran never figured high in the numbers. It was clear the Islamic Republic was at the center of the Stuxnet infection.
The sophistication of the code, plus the fraudulent certificates, and now Iran at the center of the fallout made it look like Stuxnet could be the work of a government cyberarmy — maybe even a United States cyberarmy. In intercepting data the attackers were expecting to receive, the researchers risked tampering with a covert U.S. government operation. Asked recently if they were concerned about this, Chien replied, “For us there’s no good guys or bad guys.” Then he paused to reconsider. “Well, bad guys are people who are writing malicious code that infects systems that can cause unintended consequences or intended consequences.”
Whether the “bad guy” was the United States or one of its allies, the attack was causing collateral damage to thousands of systems.” The clock was ticking. All the researchers knew at this point was that Stuxnet had a foothold on more than 100,000 computers, and they had no real idea what it was doing to them.
“For the longest time we were thinking, well, maybe it just spread in Iran because they didn’t have up-to-date security software, and that if this gets over to the United States, some water-treatment plant or some train-control system or anything could be affected,” Chien recalled recently. “So, really, we were trying to find out, full steam ahead, what exactly does this thing affect?”
Vulnerable to Cyberattack?
http://online.wsj.com/article/SB123914805204099085.html
TECHNOLOGY APRIL 8, 2009
Electricity Grid in U.S. Penetrated by Spies
By SIOBHAN GORMAN
Associated Press
Robert Moran monitors an electric grid in Dallas. Such infrastructure grids across the country are vulnerable to cyberattacks.
WASHINGTON -- Cyberspies have penetrated the U.S. electrical grid and left behind software programs that could be used to disrupt the system, according to current and former national-security officials.
The spies came from China, Russia and other countries, these officials said, and were believed to be on a mission to navigate the U.S. electrical system and its controls. The intruders haven't sought to damage the power grid or other key infrastructure, but officials warned they could try during a crisis or war.
"The Chinese have attempted to map our infrastructure, such as the electrical grid," said a senior intelligence official. "So have the Russians."
The espionage appeared pervasive across the U.S. and doesn't target a particular company or region, said a former Department of Homeland Security official. "There are intrusions, and they are growing," the former official said, referring to electrical systems. "There were a lot last year."
Many of the intrusions were detected not by the companies in charge of the infrastructure but by U.S. intelligence agencies, officials said. Intelligence officials worry about cyber attackers taking control of electrical facilities, a nuclear power plant or financial networks via the Internet.
Authorities investigating the intrusions have found software tools left behind that could be used to destroy infrastructure components, the senior intelligence official said. He added, "If we go to war with them, they will try to turn them on."
Stuxnet Geek Chatter
Skipping merrily over the denials, disclaimers and PR,BS ... It would be rather anomalous for an operational nuclear installation to volunteer Stuxnet infection in October of 2010.
http://www.yomiuri.co.jp/dy/national/T101004003493.htm
Oct. 5, 2010
After Stuxnet finds its way onto an ordinary computer via the Internet, it hides there, waiting for a USB memory stick to be connected to the computer, when it transfers itself to the memory stick. When the USB device is then connected to a computer linked to an isolated server, it can enter the system and take control of it.
As computers that harbor Stuxnet do not operate strangely, the virus can be transferred to a memory stick inadvertently.
According to the security company, the virus is designed to target a German-made program often used in systems managing water, gas and oil pipelines. The program is used at public utilities around the world, including in Japan.
The virus could cause such systems to act erratically, and it could take months to restore them to normal.
The 63 infected computers found in Japan were likely infected sometime after June.
According to the company, about 60 percent of the computers that have been infected with the virus were discovered in Iran. Since September, about 30,000 computers there have been found to be infected with the virus. The country's Industry and Mines Ministry has called the virus an electronic act of war.
Have you read the article
Have you read the article you posted? Cause nothing in it points to a possible relation between Stuxnet and Fukushima. Actually it clearly states that the whole point of Stuxnet was reducing the performance of one single uranium enrichment facility in Iran.
Yes
;)
Why yes, I did read the article. Oh and thanks for your interest...
This does appear to be a topic of some general significance. The Stuxnet malware matter has been discussed, for some time, as ONE of the many failure scenarios in the multiple systems collapse in the Fukushima Nuclear Power Plant complex.
Siemens controllers went haywire on about a jillion applications globally. Adjustable Speed Drives (ASD) are widely used, as are lots of other Stuxnet sensitive power electronics.
Odd how much $$$ that Siemens paid AREVA to get out of nukes.
Odd how quickly Germany and South Africa pulled the plug.
It is premature to RULE-OUT Siemens Controller issues and/or malware as a player in the Fukushima nuclear cascade/cascode disaster. Japan has a lot more skin in the game than anybody else.
cyber attacks on infrastructure
Perhaps the OP just meant to suggest such types of cyber attacks are possible at nuclear power plants in general?
From Japan's newspaper, Asahi Shimbun, Aug. 7, 2011:
http://www.asahi.com/english/TKY201108060224.html
"Cyber ??attacks in recent years have targeted not only the state and private enterprises but also nuclear plants, railway signaling systems and production line systems at car and other factories."
Not sure if this English translation means the attacks targeted Japan's nuclear power plants in recent years, or just nuclear power plants in general? Perhaps some Japanese speakers can look at the original to offer their input?
Either way, the thought of this as a possibility is disturbing, no?
Many MOX Nukes
:
Word on the street, for some time, has indicated that a version of the Stuxnet worm was found in the Fukushima Nuclear Plant control systems. This was detected months before the earthquake. Lots of geek-chatter about this, on the internet, months ago. I think that report is likely.
The Stuxnet malware was, or is residing in computers and thumb-stick memory devices all over the world. The worm was reportedly, primarily designed to disrupt the Iranian centrifuge efforts. But like any virus, it travels. There are now several versions and the code techniques are well documented.
Cooling water valves and H2 vent valves and other emergency systems rather dramatically 'did the wrong things' during the Fukushima crisis. Whether or not some version of the Stuxnet malware was involved is out of my paygrade. Whether the possible Stuxnet contribution was Murphy's Law in action, or a deliberate attack; is WAY out of my paygrade.
Several things went wrong at Fukushima prior to the Nuclear explosion in the Unit-3 building. The evidence of induced radiation in previously inert building materials eliminates all reasonable doubt of that explosion. That is, by my lights, the facts.
The long-documented, architectural design defect(s), of the General Electric Mark-1 pseudo-containment joke, was the primary cause of the Fukushima multiple reactor failures. Inadequate seismic and tsunami design protections loaded the gun. The earthquake and tsunami pulled the trigger. Station blackout was a factor. MOX was a player. Perhaps Stuxnet was a plausible if not published factor in the instant disaster.
No induced radiation detected
No induced radiation was detected. All radioactive materials detected after the event existed before the event.
LOL
Another aspiring comodian (sic).
You have them rolling in the aisles, except not in Japan, Ukraine, Pennsylvania, Idaho ...
The victims suffer, among other things, a reduced sense of humor.
But either way, you are killing the audience.
LOL
Just one more OBVIOUS gawdam
Just one more OBVIOUS gawdam LIE
Beaucoups of radiation of EVERY sort were released from the Fukushima INCIDENTS. It would be irresponsible to refer to ANY PART of the Fukushima disasters as 'an accident'.
Failure to plan is a PLAN TO FAIL.
Neutron emissions of every sort, Alpha, Beta and Gamma, radionuclides and ALL the fission exotics were negligently 'let-fly' from the Fukushima Death-RAY Farm. GE, TEPCO, AREVA, Siemens, Hitachi, Toshiba, Japan Inc., USofA and the rest of the nuclear industry scuz-buckets CAUSED this disaster, by deliberately sticking their heads up their stinky parts and whistling. The Nuclear Test Ban Treaty Organization and NATO nations helped conceal the unfolding Fukushima disaster scene.
There was less lying when a Pope gave birth during a processional.
The atmospheric discharges from Fukushima exceeded the Chernobyl releases. The oceanic discharges from Fukushima vastly exceeded the Chernobyl water contamination. The LYING from Fukushima has FAR exceeded the considerable Soviet era LIES about Chernobyl. The homicidal death toll is greater in Fukushima than in Chernobyl.
Lying like dogs and wanton killing like Charles Manson. Fukushima has unveiled an unanticipated post-civilizational madness.
Mad Dog Killers and propaganda, unrivaled since the Reich 'Final Solution'
Computers don't control reactor.
Word on the street, for some time, has indicated that a version of the Stuxnet worm was found in the Fukushima Nuclear Plant control systems. This was detected months before the earthquake. Lots of geek-chatter about this, on the internet, months ago. I think that report is likely.
============================
The computers at a nuclear power plant are only for data logging. They are not allowed to have ANY input on the control of the reactor. The reactor protection system, the electronics that activates emergency systems is all non-programmable discrete logic circuits. That is, all the functionality is hardwired into the circuitry, like your stereo amplifier, and is not reprogrammable.
Therefore, a virus can't affect the reactor control systems. The operator's display panels are also non-programmable discrete electronics.
Again, the programmable computers are only used to log data for examination after an event; kind of like a cockpit data recorder in an airliner.
Nothing in the article
Nothing in the article supports OP's claim that "Stuxnet malware is reportedly a contributing factor to the Fukushima nuclear disaster." I mean, absolutely nothing.
And then you have infinite "disturbing" possibilities that you may want to discuss, but let's start for knowing how to read and how some sources support or not the occurrence of such possibilities.
Geek Chatter
:(
Dear Anonymous Siemens friend with buttocks inasling.
Since you asked, here is some example Internet Chatter. It would not be unusual for such links to be dead by now ... You check.
http://www.godlikeproductions.com/forum1/message1407768/pg1
http://www.whatreallyhappened.org/content/fukushimas-stuxnet-infected-si...
Fukushima's Stuxnet-infected Siemens operating system
Japanese nuclear plant in Fukushima ran on Siemens computers that the Stuxnet worm was programmed to infect- in fact the virus was found in Fukushima systems last year.
Makes you wonder why the cooling system wasn't functioning.
[link to www.whatreallyhappened.net]
Anonymous Coward (OP)
User ID: 497111
Netherlands
3/21/2011 2:37 AM
Report Abusive Post
Report Copyright Violation Re: Fukushima's Stuxnet-infected Siemens operating system Quote [+] #
Sorry if this is old news, hadn't seen it here yet
misterx
But why do I have to be
But why do I have to be connected to siemens to realize that all this "Stuxnet-Fukushima connection" is just total bull?
There was a massive earthquake and a massive tsunami that affected a 40 year old plant that had already been singled out for safety issues, why the hell would anyone need a "cyber attack" angle to understand anything that happened?
It's like finding a corpse in the middle of Antarctica with 27 bullet wounds in the head and speculate that the cause of death was a rare tropical disease.
New cybervirus found in
New cybervirus found in Japan / Stuxnet designed to attack off-line servers via USB memory sticks
The Yomiuri Shimbun
Stuxnet, a computer virus designed to attack servers isolated from the Internet, such as at power plants, has been confirmed on 63 personal computers in Japan since July, according to major security firm Symantec Corp.
(Oct. 5, 2010)
http://www.yomiuri.co.jp/dy/national/T101004003493.htm
Cross-Link
Cross-Link to related discussion
http://www.nuc.berkeley.edu/node/5607