Report: Desperate Iran seeks outside help in dealing with Stuxnet

A report late last week suggested Iran had successfully gotten the Stuxnet worm under control.  This report, via DEBKafile, suggests otherwise:

---

Tehran this week secretly appealed to a number of computer security experts in West and East Europe with offers of handsome fees for consultations on ways to exorcize the Stuxnet worm spreading havoc through the computer networks and administrative software of its most important industrial complexes and military command centers. debkafile's intelligence and Iranian sources report Iran turned for outside help after local computer experts failed to remove the destructive virus.

None of the foreign experts has so far come forward because Tehran refuses to provide precise information on the sensitive centers and systems under attack and give the visiting specialists the locations where they would need to work. They were not told whether they would be called on to work outside Tehran or given access to affected sites to study how they function and how the malworm managed to disable them. Iran also refuses to give out data on the changes its engineers have made to imported SCADA (Supervisory Control and Data Acquisition) systems, mostly from Germany.

The impression debkafile sources gained Wednesday, Sept. 29 from talking to European computer experts approached for aid was that the Iranians are getting desperate. Not only have their own attempts to defeat the invading worm failed, but they made matters worse: The malworm became more aggressive and returned to the attack on parts of the systems damaged in the initial attack.

One expert said: "The Iranians have been forced to realize that they would be better off not 'irritating' the invader because it hits back with a bigger punch."

---

The official story from Tehran echos the SoftPedia report:  That the Stuxnet infestation is not as bad as reported and that the Bushehr nuclear facility is on schedule.

The spread of the virus, with nearly 60% of reported infections coming out of Iran, strongly suggests that it was indeed the intended target of Stuxnet. Computer and national security experts continue to insist that the complexity of the system and its ability to exploit previously unknown weaknesses in the Microsoft Windows operating system means it was developed with a specific target in mind. It’s unlike anything seen before.

Pure speculation of course, but perhaps the existence of Stuxnet is the reason why Israel allowed the Bushehr facility to be fueled last August. A window of opportunity to launch an air strike on the facility closed when the rods were inserted into the reactor.  An airstrike afterwards would almost certainly result in a release of radioactive material into the environment, a devastating collateral impact.  Perhaps Israel—or one of its allies—developed a quieter, more devious way to prevent Iran from developing its nuclear capability, or destroy the facility in a way that could be blamed on lax Iranian security protocols.

Dark Avenger Redux: Stuxnet and the next generation of virtual warfare UPDATE: Target acquired?

Have you ever heard of Stuxnet?  If not, you will soon.  It may be the most destructive piece of code to be released into the wild since the days of the Dark Avenger virus.

When I was running a FidoNet Bulletin Board System (BBS) in 1990, nothing struck dread in the heart of a BBS surfer more than seeing the following string of text, written randomly in sectors on his hard drive:

""Eddie lives... somewhere in time!"

Dark Avenger, nee Vesselin Bontchev (or, Todor Todorov?), is/was a computer programmer from Sofia, Bulgaria who authored the DOS program that bore his name.  The Dark Avenger virus was the seminal code that set off the whole war between virtual warhead and digital armor.  It’s infectiousness and its stealth mode of operation made it difficult to control, detect and destroy. During the debate surrounding researcher Sarah Gordon’s research on the Dark Avenger, there was considerable—and informed—speculation that the virus was developed by a team behind the Iron Curtain.

It’s 2010. Enter Stuxnet. 

Stuxnet is the world’s first virtual super weapon that was intentionally designed to take down a real-world target.  It could be a manufacturing facility, a chemical plant or… a nuclear power plant?

---

A gradual dawning of Stuxnet's purpose

Stuxnet surfaced in June and, by July, was identified as a hypersophisticated piece of malware probably created by a team working for a nation state, say cyber security experts. Its name is derived from some of the filenames in the malware. It is the first malware known to target and infiltrate industrial supervisory control and data acquisition (SCADA) software used to run chemical plants and factories as well as electric power plants and transmission systems worldwide. That much the experts discovered right away.

But what was the motive of the people who created it? Was Stuxnet intended to steal industrial secrets – pressure, temperature, valve, or other settings –and communicate that proprietary data over the Internet to cyber thieves?

By August, researchers had found something more disturbing: Stuxnet appeared to be able to take control of the automated factory control systems it had infected – and do whatever it was programmed to do with them. That was mischievous and dangerous.

But it gets worse. Since reverse engineering chunks of Stuxnet's massive code, senior US cyber security experts confirm what Mr. Langner, the German researcher, told the Monitor: Stuxnet is essentially a precision, military-grade cyber missile deployed early last year to seek out and destroy one real-world target of high importance – a target still unknown.

"Stuxnet is a 100-percent-directed cyber attack aimed at destroying an industrial process in the physical world," says Langner, who last week became the first to publicly detail Stuxnet's destructive purpose and its authors' malicious intent. "This is not about espionage, as some have said. This is a 100 percent sabotage attack."

---

SCADA systems automate the controls of everything from a neighborhood package water plant to a massive steel manufacturing facility; from a candy factory to some of the world’s most sophisticated energy facilities:  Nuclear reactors.

As mentioned above, there was a lot of speculation that Dark Avenger and the variants that followed it were coded by Iron Curtain development teams, with the intention of releasing them into the wild and eventually, getting them to find their way across the pond into the nascent virtual networks (like FidoNet) and government networks, like ARPANet (that would be the Internet that Al Gore invented).

So where did Stuxnet come from?  Good question.  The experts say that the elegance of the code, the depth of the encryption and the specific nature of the program’s intended target indicate that it is the product of a program that could only be funded at the state level. 

Just like the same experts were saying about the Dark Avenger.

The real $64 trillion question is: “What facility was Stuxnet designed to destroy?”

UPDATE: Maybe the guided missile has homed in on it’s target. Via Fox News, the W32.stuxnet code has apparently infected computers at Iran’s Bushehr nuclear facility:

---

A complex computer worm capable of seizing control of industrial plants has affected the personal computers of staff working at Iran's first nuclear power station weeks before the facility is to go online, the official news agency reported Sunday.

The project manager at the Bushehr nuclear plant, Mahmoud Jafari, said a team is trying to remove the malware from several affected computers, though it "has not caused any damage to major systems of the plant," the IRNA news agency reported.

It was the first sign that the malicious computer code, dubbed Stuxnet, which has spread to many industries in Iran, has also affected equipment linked to the country's nuclear program, which is at the core of the dispute between Tehran and Western powers like the United States.

Experts in Germany discovered the worm in July, and it has since shown up in a number of attacks -- primarily in Iran, Indonesia, India and the U.S.

The malware is capable of taking over systems that control the inner workings of industrial plants.

In a sign of the high-level concern in Iran, experts from the country's nuclear agency met last week to discuss ways of fighting the worm.

---

Eddie lives, somewhere in time.  And maybe he’s figured out his purpose in “life.”

If Stuxnet’s target really is Bushehr, then all I can say is “happy hunting.”

While Obama vacations (again) at Martha’s Vineyard this weekend, Israel faces a difficult choice

President Obama takes a couple of weeks off starting Friday.  He’s going to Martha’s Vineyard to enjoy a cool, North Atlantic sea breeze and some great Atlantic seafood.

---

WASHINGTON -- President Obama is fleeing the heat and headaches of the capital in search of summer's greatest delight: some time to unwind and kiss the office goodbye. Even if it is the Oval Office.

With wife Michelle, daughters Sasha and Malia and pet dog Bo in tow, Obama is hoping for a pleasantly uneventful 10 days as he heads to Martha's Vineyard, Mass., on Thursday.

"Just like a lot of American people, the president is taking a little time with his family to recharge his batteries," deputy press secretary Bill Burton told reporters.

The long-awaited vacation comes after a hectic three-day fundraising and speechmaking sprint across the country and with new poll numbers showing Americans none too pleased with Obama's handling of the economy as crucial midterm elections approach.

---

Meanwhile, the state of Israel has a very difficult choice to make.

August 13:

 

From a Fox News report earlier today:

---

Iran has a uranium-enrichment plant at Natanz and another at Qom, which Western allies blew the whistle on last year. Several facilities critical to the nuclear program are known to be scattered throughout the country, and others are believed to exist in unknown locations. Iran has committed to building more reactors and more enrichment facilities, and as long as it has nuclear physicists, the regime can continue to pursue its goals.

Attacking Iran's nuclear program might be like Mickey Mouse chopping broomsticks in The Sorcerer's Apprentice. The program could be taken down -- but for how long?

Smith, in urging caution toward the idea of a military strike, was echoing Defense Secretary Robert Gates, who said last year that an attack could buy time, but it would not halt the program.

But that doesn't mean a strike is off the table, from either the United States or Israel. Adm. Mike Mullen, chairman of the Joint Chiefs of Staff, stated plainly in an interview on Aug. 1 that the U.S. military has an attack plan for Iran.

---

Our President, who eschewed both the Boy Scouts Jamboree and the National Day of Prayer; who sued Arizona for daring to pass a law enforcing existing US policy; who stood before Muslim guests at the White House iftar dinner and announced his support for a new mosque at Ground Zero; who called good, ordinary heartland Americans “bitter clingers;” who insulted the Israeli head of state during an official visit, is on vacation.

While Iran shoves fissile material into a new reactor supported by the Russian and Chinese governments, President Barack Hussein Obama is rubbing elbows with elitists on Martha’s Vineyard.  While Israel decides whether to take a drastic step in defending her very existence, our President is livin’ large.

Aloof.  Disconnected.  Uncaring.

Gimme some feedback in the comments.

Another John Bolton prediction of Israeli attack on Iran

These are becoming all too common.

I acknowledge that Bolton has been sounding the alarm on Iranian nukes for longer than virtually anyone else.  I also acknowledge that he’s absolutely right about the extraordinary danger a nuclear armed Iran would be, especially with the leverage that the threat of using such a capability Iran would use to further destabilize the region.  I also acknowledge that, sooner or later, Bolton will be able to look in the camera and say: “I told you this was going to happen.”

We don’t need to be pressuring Iran.  We need to go Cuban Missile Crisis on the Russians, or some bad shtuff is gonna go down in the Middle East.

August 13:

August 2009:

 

September 2008:

 

 

Gimme some feedback in the comments.

Would the U.S. Shoot Down an Israeli Jet?

From Wired.com's Danger Room:

In a town hall on the campus of the University of West Virginia, a young airman asked Chairman of the Joint Chiefs of Staff Adm. Mike Mullen to respond to a “rumor.” If Israel decided to attack Iran, the speculation went, those jet would need to fly through Iraqi airspace to reach their targets. That airspace is considered a “no-fly” zone by the American military. So might U.S. troops shoot down the Israeli jets, the airmen asked the chairman, if they breached that airspace?


Mullen tried to sidestep the question. “We have an exceptionally strong relationship with Israel. I’ve spent a lot of time with my counterpart in Israel. So we also have a very clear understanding of where we are. And beyond that, I just wouldn’t get into the speculation of what might happen and who might do what. I don’t think it serves a purpose, frankly,” he said. “I am hopeful that this will be resolved in a way where we never have to answer a question like that.”

The airmen followed-up: “Would an airmen like me ever be ordered to fire on an Israeli – aircraft or personnel?”


Mullen’s second answer was much the same as his first. “Again, I wouldn’t move out into the future very far from here. They’re an extraordinarily close ally, have been for a long time, and will be in the future,” the admiral said.

Would the U.S. Shoot Down an Israeli Jet? Top Officer Won’t Say | Danger Room | Wired.com

My sense is that by the time US commanders are given orders either way, the aircraft in question would have already completed their mission and returned safely to their own airspace.

From Article 9 of The Status of Forces Agreement with Iraq:

3. Surveillance and control over Iraqi airspace shall transfer to Iraqi authority
immediately upon entry into force of this Agreement.

4. Iraq may request from the United States Forces temporary support for the Iraqi
authorities in the mission of surveillance and control of Iraqi air space.

In reading the full agreement, it's apparent that if Iraq wants U.S. air defense forces to engage foreign aircraft flying through its airspace, the government of Iraq is expected to request assistance. I know of no formal agreement between the two countries that a violation of Iraq's airspace (a technical violation of sovereignty) would immediately place U.S. commanders in the position of having to give the order to repel or destroy the offending aircraft. This means coordination between the two countries at the highest levels of civilian authority.

I don't see any way that a decision to treat Israeli aircraft as hostile could be made by the time the mission is completed. So? Would the U.S. fire on Israeli jet? The question is moot.

Extra Point: The trip over Syria is probably just as quick and I frankly think the Israelis would get a bigger jolly out of flying over Syria (and defeating their air defenses) than a risky trip over Iraq.

Update: Allahpundit has a common sense take on the question, and believes Admiral Mullen's non-answer was the right one.  I agree--either answer would have ignited a firestorm.  But, mad right wing nuts that we are, isn't it fun to speculate just what conniptions Teh One might have?