Stuxnet

Re: Stuxnet

Several times, I've considered posting something about Stuxnet, but most of what's being bandied about is little more than FUD and other misinformation. Aside from the Symantec analysis much of what has been posted on the SCADA security lists has been mainly wild, unsubstantiated speculation with little or no facts.

So far, the biggest problem that I see with SCADA isn't Stuxnet or another worm, but that the average Process Control/SCADA person is clueless about security. Coupled with the fact that SCADA processes generally required availability above all else, and most SCADA equipment and systems have zero security controls, it makes securing control systems very difficult. The current situation is about equal to 1987 with PC viruses: wide open systems with no security, and clueless users.

While Stuxnet may be a further step in the direction of information warfare, the real milestone was probably on September 6, 2007, when Israel bombed the suspected nuclear reactor in Aleppo, northern Syria. During the attack, Syrian air traffic control was mysteriously unable to see the Israeli aircraft, while normal ATC functions continued.

Re: Stuxnet

I know on Reddit and Slashdot the topic of Stuxnet has been beaten like that dead horse I have buried in my backyard. At one point on /r/netsec every other post was Stuxnet related. I avoided the forums for a few weeks because I'm transitioning to a new job, but I was surprised to log in last week and see maybe 4 new posts. While the forum regulars are always here, I think the community dies around this time of the year after the shine of Defcon has faded and the glint from DC19 is so far on the horizon.

I tried to not pay too much attention to it because I got wrapped up in the Conficker nonsense (my network at the time did get infected, however) It's interesting to see that it's a much different class of virus and it took a really long time to figure it out. I enjoyed reading the Symantec writeup on it.

Re: Stuxnet

I am equally perplexed as to the lack of conversation. This is a milestone in the development of malware: rather than one government launching aircraft to bomb a nuclear facility, they decided instead to attack it with malware.

This is bona fide information warfare and a milestone in the development of malware, if you ask me.

Of course, I may be biased by where I think malware is going.

Re: Stuxnet

Most of it is because the SCADA engineers around the world refuse to admit there's actually a problem. Many of them feel that their networks are islands unto themselves and therefore impenetrable. It's been a slow process trying to get the SCADA people to understand basic security issues.

Re: Stuxnet

I simply cannot understand the lack of attention to Stuxnet. Could someone explain to me why? Just before the weekend Symantic found out designs of the target system (http://www.symantec.com/connect/blog...t-breakthrough) which appears to confirm the Iranian target speculations ... and still I've heard almost nothing.

A serious threat to a nuclear facility, and hardly even a squeak. Clocks are going to roll over like a speedometer and everyone thinks planes are going to slam into mountains. My local news station just did a report about how dangerous WiFi is to childrens' health. What is going on here?

I understand these forums really only pick up around time of the con, but even on other hacker forums there's not much conversation.

Re: Stuxnet

Working someplace that has a fairly large SCADA installation, definitely something I've been watching. http://www.symantec.com/connect/blog...ection-process is a pretty good write-up on the PLC attack part of it.