Category Archives: Hack

Home / Technology / Hack
5 Posts

20 Ways to Circumvent Egypt’s Internet Block by @AnonymousRx (Twitter account)

DISCLAIMER: I am not a member of the group “Anonymous” and I do not support their actions with regard to “Operation Payback”. If you recall, they had temporarily stopped the internet servers for MasterCard, VISA, PayPal, etc.

That said, if you know anyone in Egypt who is trying to get information online or transmit vital information online, here are 20 ways around the government’s internet blockade. Remember, the fight for freedom and Democracy is everyone’s fight.

  1. Nour DSL is still working in Egypt, Dial up with 0777 7776 or 07777 666
  2. IP addresses for social media: pass on to people in #Egypt: Twitter: Facebook:
  3. How to circumvent the communications blackout in #Egypt Arabic
  4. #hamradio frequencies for #egypt PLEASE SPREAD IRC:
  5. Ham Radio Software software for PC, Mac and Linux Communicate w/ #egypt
  6. TOR Bridge 04FD6AE46E95F1E46B5264528C48EA84DB10CAC4
  7. There is an Old DSL Dialup 24564600
  8. Send SMS reports to +1 949 209 7559 and they will retweet for you. Please spread to those in #Egypt on battlefield
  9. #Egypt hams are on 7.050-7.200 MHz LSB
  10. Egypt Gov only blocking by DNS. So for Twitter try Facebook
  11. VPN Server is now stable and open for FREE to ALL
  12. 12] Help the Egypt Revolutionaries by overcoming the Firewall
  13. 0m band, 7.050-7.20­0 MHz LSB, 318.5 degrees (northwest­/north from cairo) Ham Radio Operators
  14. We are now providing dialup modem service at +46850009990. user/pass: telecomix/telecomix (only for #egypt, respect that PLEASE!).
  15. People of Egypt ONLY! Use this dial-up provided by friends in France to go online: +33172890150 (login ‘toto’ password ‘toto’)
  16. FREE VPN Server to bypass ANY Blockage on ANY ADSL or Cell Network. Domain: User: FreeEgypt Pass: #Jan25
  17. Third party apps: Tweetdeck and Hootsuite still work for updating Twitter
  18. xxxxxxxxxxxxxxxxxxxxxxxxxx
  19. RetroShare: secure communications with friends
  20. Follow @AnonymousRx

Please help support #OpEgypt and join anonymous in IRC chat, you can use a secure web version of IRC called Mibbit @
Ask what you can do to help when in the chat channel,

Did a U.S. Government Lab Help Israel Develop Stuxnet? | Threat Level |

Did a U.S. Government Lab Help Israel Develop Stuxnet?

Questions are being raised about the involvement of U.S. government researchers in the creation of a digital weapon that experts believe may have sabotaged centrifuges at a uranium-enrichment plant in Iran.

Researchers at the Idaho National Laboratory, which is overseen by the U.S. Department of Energy, may have passed critical information to Israel about vulnerabilities in a system that controls Iran’s enrichment plant at Natanz. That information was then used to create and test the so-called Stuxnet worm that was unleashed in a joint cyberattack on Natanz, according to The New York Times.

The report, based on anonymous sources, is sparse on detail but asserts that in 2008, INL worked with the German firm Siemens to uncover vulnerabilities in its industrial-control system. Stuxnet was then created to exploit those vulnerabilities and was lab-tested at Israel’s nuclear facility in Dimona. The Dimona facility, according to the Times, has been involved in a joint U.S.-Israel operation for the last two years to thwart Iran’s production of enriched uranium and forestall its development of a nuclear weapon.

Researchers at Dimona set up a test bed composed of the Siemens system and the same IR-1 nuclear centrifuges (also known as P-1 centrifuges) used at Natanz to gauge Stuxnet’s effect on them. The malware was discovered in the wild last June infecting systems in Iran and elsewhere, and last November, Iran acknowledged that malicious software had sabotaged centrifuges at Natanz.

Threat Level has already reported extensively on how Stuxnet worked and on clues that were previously uncovered that suggested Israel was behind the attack. Although it’s long been suspected that the United States played a key role, if not the lead role, in creating the malware, there’s been no definitive evidence.

The Times story falls short of delivering that evidence, but Threat Level has been tracking the same story for months, and it’s worth fleshing out the report with additional details.

To back claims that the Idaho National Laboratory likely played a role in Stuxnet, the Times reports that in early 2008, Siemens worked with INL to identify vulnerabilities in the specific control system that Stuxnet targeted – Siemens’ PCS 7, or Process Control System 7. The project was initiated by the Department of Homeland Security.

Siemens told the Times that the research was part of a routine program to identify vulnerabilities in various critical infrastructure systems and find ways to secure them. The INL also said the research was part of a larger project and would not comment on whether information it learned about the Siemens system during these tests was passed to intelligence services.

But let’s look at the time frame and context of these tests.

The INL began setting up a test lab to research industrial-control systems in 2002 after U.S. officials became concerned that al-Qaida might be investigating methods to conduct cyberattacks against critical infrastructure systems in the United States.

In 2001, following the 9/11 terrorism attacks, a local police detective in California began investigating what appeared to be a series of cyber-reconnaissance operations against utility companies and government offices in the San Francisco Bay Area. The surveillance appeared to come from computers in the Middle East and South Asia.

The FBI and Lawrence Livermore National Laboratory got involved and discovered a nationwide pattern of digital surveillance being conducted at nuclear power plants, gas and electric facilities, as well as water plants. The intruders were particularly focused on examining industrial-control devices that allowed for remote access to systems operating critical infrastructures.

In January and March 2002, U.S. forces in Afghanistan and Pakistan conducting raids on al-Qaida offices and compounds seized computers that provided further evidence that al-Qaida was investigating means to conduct cyberattacks against dams and other critical infrastructures.

Three months later, INL contacted Joe Weiss, a control-systems expert who worked at the time for KEMA, an energy consulting firm, to come to Idaho to discuss creating an industry test bed to uncover vulnerabilities in SCADA systems, also known as Supervisory Control and Data Acquisition systems. As a result of these discussions, Weiss began helping INL work with SCADA vendors to provide INL with equipment and knowledge for research and testing.

The research paid off. In 2004, INL presented the first demonstration of a remote SCADA hack at the KEMA Control Systems Cyber Security Conference in Idaho Falls. The purpose of the demonstration was to show that recently identified vulnerabilities in Apache software could be used to compromise a control system remotely. The attack was conducted from Sandia National Laboratory against a system at INL in Idaho Falls.

The attack was designed to show how firewalls and other traditional security systems would fail to guard against a remote intrusion. But it also demonstrated a man-in-the-middle maneuver that would hide the attacker’s malicious activity from employees monitoring display screens at the targeted facility — something that Stuxnet later accomplished remarkably well.

A second remote SCADA hack was demonstrated at the KEMA Control System Cyber Security Conference in 2006 in Portland, Oregon. This one was conducted by a different DoE lab, the Pacific Northwest National Laboratory. The attack involved compromising a secure VPN to change voltages on a simulated Olympic Peninsula electric system while, again, altering operator displays to conceal the attack.

Then in February 2007, DHS got word of a potential vulnerability in industrial-control systems. If the vulnerability — dubbed “Aurora” — were exploited, DHS learned, it could result in physical damage to equipment. It was something that Weiss and a handful of other security experts had long worried about, but no one had ever actually seen it done.

A month later, INL conducted a private test, called the Aurora Generator Test, that successfully demonstrated the vulnerability. The test involved a remote attack using dial-up modem on an industrial-control-system generator, which left the generator a spinning mess of metal and smoke. The proof-of-concept demonstration showed that a remote digital attack could result in physical destruction of a system or components.

The vulnerability, and measures to mitigate it, were discussed in closed sessions with the NERC Critical Infrastructure Protection Committee. Word about the test leaked out and in September that year, the Associated Press published a video of the demonstration showing a generator emitting smoke after being hacked.

All of these demonstrations served to establish that a remote stealth attack on an industrial-control system was entirely feasible.

The timing is important, because by early 2008, Iran was busy installing centrifuge cascades in module A26 at the Natanz enrichment plant — the module that experts believe was later targeted by Stuxnet.

At the same time, in early 2008, President George Bush authorized a covert program that was reportedly designed to subtly sabotage Iran’s nuclear weapons program. Details of the program were never disclosed, but the Times later reported that it was, in part, aimed at undermining the electrical and computer systems at Natanz.

Enter the Idaho National Laboratory.

In March 2008, Siemens and INL researchers met to map out a vulnerability-test plan for the Siemens PCS7 system, the system that was targeted by Stuxnet. INL had tested Siemens SCADA systems previously but, according to Weiss, this is believed to be the first time INL was examining the Siemens PLC.

In May, Siemens shipped a test system from Germany to the Idaho Falls lab.

That same month, the DHS became aware of a vulnerability in the firmware upgrade process used in industrial-control systems. Firmware is the resident software, such as an operating system, that comes installed on a piece of hardware. In order to ease maintenance and troubleshooting of systems, vendors like to install patches or upgrades to software remotely, but this can expose the system to attack if the upgrade process has a vulnerability. A vulnerability was found, which DHS dubbed “Boreas.”

DHS issued a private alert – which was later inadvertently made public — saying that the vulnerability, if exploited, “could cause components within the control system to malfunction or shut down, potentially damaging the equipment and/or process.”

Stuxnet, it turns out, involved a type of remote firmware upgrade to the Siemens PLC, since it involved injecting malicious code into the ladder logic of a PLC. Boreas in retrospect, says Weiss, who is currently an independent consultant with Applied Control Systems and the author of Protecting Industrial Control Systems, showed that the concept of injecting code into the ladder logic was feasible.

“The Boreas alert never specifically discussed ladder logic or PLCs,” says Weiss. “But it showed that if you can remotely change firmware, you can cause real problems.”

Two months later, Siemens and INL began conducting research and tests on the Siemens PCS7 system to uncover and attack vulnerabilities in it. By November, the researchers had completed their work and delivered their final report to Siemens in Germany. They also created a PowerPoint presentation (.pdf) to deliver at a conference, which the Times mentions.

What the Times doesn’t say is that German researcher Ralph Langner, who has done some of the best research on Stuxnet and was the first to suggest that Iran’s nuclear program was Stuxnet’s target, discovered the PowerPoint presentation on Siemens’ website last year. And after Langner blogged about it in December, Siemens removed it from the web, but not before Langner downloaded it.

In June 2009, seven months after INL and Siemens completed their report, the first sample of Stuxnet was found in the wild. The code was found by the Russian computer-security firm Kaspersky, although no one at Kaspersky knew at the time what they possessed.

That sample, now known as “Stuxnet Version A,” was less sophisticated than Version B of Stuxnet, which was later discovered in June 2010 and made headlines. Version A was picked up through Kaspersky’s global filtering system and sat in obscurity in the company’s malware archive until Version B made headlines and Kaspersky decided to sift through its archive to see if any samples of Stuxnet had been vacuumed up earlier than 2010.

Kaspersky researcher Roel Schouwenberg told Threat Level the company was never able to pinpoint geographically where the 2009 sample originated.

At the time, Version A was discovered in June 2009, there were 12 centrifuge cascades in module A26 at Natanz that were enriching uranium. Six others were under vacuum. By August, the number of A26 cascades that were being fed uranium had dropped to 10, and eight were now under vacuum but not enriching.

Was this the first indication that Stuxnet had reached its target and was beginning to sabotage centrifuges? No one knows for certain, but in July of that year, the BBC reported that Gholam Reza Aghazadeh, the long-time head of Iran’s Atomic Energy Organization, had resigned after 12 years on the job.

The reason for his resignation was unknown. But around the same time that he resigned, the secret-spilling site WikiLeaks received an anonymous tip that a “serious” nuclear incident had recently occurred at Natanz.

Over the next months, while the world was still ignorant of Stuxnet’s existence, the number of enriched centrifuges operational in Iran mysteriously declined from about 4,700 to about 3,900. The decline began around the time Version A of Stuxnet was captured by Kaspersky’s filter.

By November 2009, the number of A26 enriching cascades had dropped to six, with 12 cascades under vacuum, according to the International Atomic Energy Agency, which issues quarterly reports on Iran’s nuclear programs.

Between November 2009 and January 2010, module A26 suffered a major problem, with at least 11 cascades directly affected. During this period, Iran decommissioned or replaced 1,000 IR-1 centrifuges of the total 8,692 it had installed.

Nonetheless, the rate of low enriched uranium (LEU) production increased significantly during this same period, and remained high for months afterward, though the rate was still far below what the IR-1 centrifuges are designed to produce, according to the Institute for Science and International Security.

In June 2010, an obscure security firm in Belarus discovered Stuxnet Version B on a system belonging to an unnamed client in Iran. Within a couple of months, Stuxnet had spread to more than 100,000 computers, most of them in Iran.

It took weeks of research for experts to reverse-engineer the code and determine that it was targeting a very specific facility and that its primary aim was to subtly sabotage that facility by altering the frequency of something at the facility.

Last month, ISIS revealed that the frequencies programmed into Stuxnet’s code were the precise frequencies that would have been needed to sabotage the IR-1 centrifuges at Natanz.

Photo: A security man stands next to an anti-aircraft gun as he scans Iran’s nuclear enrichment facility in Natanz, 300 kilometers (186 miles) south of Tehran, Iran, in April 2007.
Hasan Sarbakhshian/AP

AEOI Portal – اخبار هسته اي رسانه ها – گزارش ويژه مهر / اقدامات ايران براي مقابله با تروريسم سايبري/ تيمهاي پاكسازي آماده شدند

گزارش ويژه مهر / اقدامات ايران براي مقابله با تروريسم سايبري/ تيمهاي پاكسازي آماده شدند

رايانه‌هاي ايران از اوايل مرداد ماه مورد هجوم كرم خطرناك رايانه اي به نام استاكس نت كه اطلاعات سيستمهاي كنترل صنعتي را به سرقت مي برد قرار گرفتند اما با وجود تلاشها، فعاليت اين بدافزار كه سازندگان آن “تروريسم سايبري” ناميده شده اند ادامه دارد.

هجوم كرم جاسوسي به رايانه هاي ايراني

به گزارش خبرنگار مهر، حدود دو ماه است كه رايانه هاي ايراني در معرض تاخت و تاز ويروس خطرناك استاكس نت قرار گرفته اند كه تلاش مي كند اطلاعات سيستمهاي كنترل صنعتي را به سرقت برده و آنها را بر روي اينترنت قرار دهد.

پيچيدگي كرم نرم افزاري Stuxnet به اندازه اي است كه برخي از متخصصان خارجي حدس مي زنند ساخت اين نرم افزار مخرب توسط “تروريسم سايبري” صورت گرفته باشد. به بياني ديگر گروه يا كشوري با هدف تخريب ساختارهاي حياتي يك كشور اين نرم افزار را نوشته و فعال كرده است. گفته مي شود اين اولين ويروس رايانه اي است كه با هدف ايجاد تغييرات فيزيك در جهان واقعي ساخته شده است.

بر اساس اطلاعاتي كه شركت “سايمنتك” منتشر كرده است در حدود 60 درصد از سيستمهاي رايانه اي كه به اين ويروس آلوده شده اند در ايران قرار دارند و در همين حال اندونزي و هندوستان نيز به واسطه اين بد افزار مورد هجوم قرار گرفته اند. البته اين شركت اعلام كرده كه تاريخ نشانه هاي ديجيتالي كه از اين كرم رايانه اي به جا مانده نشان مي دهد كه اين بد افزار از ماه ژانويه سال ميلادي (دي ماه 88) ميان رايانه ها در گردش بوده است.

اين كرم به دنبال سيستم مديريتي SCADA زيمنس كه معمولا در كارخانه هاي بزرگ توليدي و صنعتي مانند شركتهاي نفتي و نيروگاههاي توليد برق است و تلاش مي كند اسرار صنعتي رايانه هاي اين كارخانه ها را بر روي اينترنت بارگذاري كند.

اگرچه تاكنون اعلام نشده كه چرا ايران و يا چند كشور خاص به اين اندازه تحت تاثير آلودگيهاي اين ويروس قرار دارند اما گفته شده افرادي كه اين نرم افزارهاي خاص را ساخته اند آن را ويژه حمله به اين نقاط جغرافيايي خاص طراحي كرده اند. همچنين اعلام شده است كه كرم استاكس نت توسط ابزارهاي USB دار انتقال پيدا مي كند و زماني كه ابزاري آلوده به اين شكل به رايانه اتصال پيدا مي كند، كدهاي آن به جستجوي سيستمهاي زيمنس گشته و خود را بر روي هر ابزار USB دار ديگري كه بيابد، كپي خواهد كرد.

شنيده ها همچنين حاكي از آن است كه تعداد كمي از رايانه هاي خانگي در سرتاسر جهان نيز به اين كرم آلوده شده اند كه تعداد دقيق رايانه هاي آلوده مي تواند در حدود 15 تا 20 هزار باشد زيرا بسياري از شركتها براي چند رايانه يك آدرس IP در نظر مي گيرند.

البته موسسه سايمنتك در آخرين بررسي هاي خود اعلام كرده كه فعاليت اين كرم مخرب صنعتي مجدداً تشديد شده است.

شناسايي 30 هزار IP صنعتي آلوده به كرم جاسوس صنعتي

با توجه به اينكه سازمانها و واحدهاي صنعتي كشور دير متوجه نفوذ ويروس جاسوسي به سيستمهاي خود شده اند، آخرين اخبار نشان مي دهد كه حدود 30 هزارIP در كشور شناسايي شده اند كه به اين ويروس آلوده اند.

دبير شوراي فناوري اطلاعات وزارت صنايع و معادن از شناسايي اين 30 هزار IP صنعتي آلوده به ويروس جاسوس “استاكس نت” خبر داده و اعلام كرده كه هدف ‌گيري اين ويروس در راستاي جنگ الكترونيكي عليه ايران است و اين ويروس، اطلاعات مربوط به خطوط توليد را به خارج از كشور منتقل مي‌كند.

محمود ليايي دراين باره گفته است كه سيستم‌هاي اتوماسيون صنعتي در ايران و بسياري از كشورها تحت برند اسكادا زيمنس توليد شده‌اند كه اين سيستم‌ها هدف اصلي اين ويروس قرار دارند و حتي اگر IP هاي آلوده از ويروس پاكسازي شوند تا زماني كه اين ويروس در كل كشور نابود نشود خطر آن همچنان وجود خواهد داشت.

به گفته وي با فعال شدن ويروس استاكس نت، سيستم‌هاي اتوماسيون صنعتي، اطلاعات خط توليد را به مركز اصلي مشخص شده توسط ويروس منتقل مي‌كنند و اين اطلاعات توسط طراحان ويروس مورد پردازش قرار مي‌گيرد و به اين ترتيب براي ضربه‌زدن به كشور برنامه‌ريزي مي‌شود.

وي همچنين از تجهيز سيستم‌هاي صنعتي به آنتي ويروس خاص براي مبارزه با اين ويروس خبر داده و به صنعتگران توصيه كرده كه از آنتي ويروس شركت اسكادا زيمنس استفاده نكنند زيرا ممكن است حتي در اين آنتي ويروسها نيز نسخه‌هاي جديد ويروس و يا برنامه به روز‌رساني ويروس قبلي وجود داشته باشد.

تشكيل كارگروه مقابله با كرم جاسوسي صنعت

ليايي با تاكيد بر اينكه عزمي كه باعث ايجاد و انتشار ويروس جاسوس “استاكس نت ” شده است، يك عزم دولتي و سياسي است و اين سرويس فقط يك هرزنامه يا ويروس معمولي نيست از تشكيل ستادي با حضور نمايندگان وزارتخانه‌ها و دستگاه‌هاي مرتبط اين موضوع براي تصميم گيري در مورد چگونگي مبارزه با اين ويروس جاسوس خبر داد.

وي تصريح كرد: تخصص و سرمايه‌گذاري مورد نياز براي مقابله با ويروس جاسوس در كشور وجود دارد و هم اكنون نيز آنتي ويروس مخصوص براي مقابله با ويروس جاسوس توسط برخي شركت‌هاي توليدي تهيه شده است.

در همين حال كارگروه مبارزه با ويروسهاي صنعتي جاسوسي با عضويت وزارت ارتباطات، وزارت صنايع، سازمان پدافند غيرعامل، كميته افتاي وزارت ارتباطات و مديران انجمن رمز ايران تشكيل شد تا به بررسي ويروسهاي صنعتي با تمركز بر جاسوس افزار صنعتي استاكس نت و راههاي پيشگيري،‌ پاكسازي و ايمن سازي سيستمهاي صنعتي آسيب پذير از حملات امنيتي بپردازد.

براين اساس هفته گذشته نيز نشستي با حضور نمايندگان اين سازمانها در وزارت صنايع برگزار شد كه در آن ميزان شيوع اين جاسوس افزار در سيستمهاي صنايع كشور مورد بررسي قرار گرفت و بر ضرورت آشنايي هرچه بيشتر مسئولان با روشهاي نفوذ ويروسهاي صنعتي و ابزارهاي مقابله با آن تاكيد شد كه اين امر مي تواند تاثير بسزايي در كاهش تخريب حملات ويروسي به فضاي مجازي و سايبري صنعت كشور داشته باشد.

در اين كارگروه همچنين مقرر شد تا اطلاع‌ رساني مناسب به واحدهاي صنعتي در خصوص روشهاي مقابله با اين ويروسها انجام شود، همچنين از توان توليد داخل به منظور تهيه ابزارهاي مقابله‌اي، حداكثر استفاده صورت گيرد.

پاكسازي سيستم‌هاي صنعتي آلوده با تيمهاي عملياتي

مديرعامل شركت فناوري اطلاعات نيز درباره راهكار مقابله با كرم جاسوس سيستم‌هاي صنعتي از پاكسازي توسط تيم‌هاي امدادي دستگاه‌ها و تحت هماهنگي تيم “ماهر” خبر داده و اعلام كرده نمايندگان تمام دستگاه‌هاي حياتي و حساس نيز در مركز ماهر (مركز مديريت امداد و هماهنگي عمليات رخداد رايانه‌اي) مستقر هستند.

سعيد مهديون با تاكيد بر اينكه مركز ماهر آماده پاسخگويي و اطلاع رساني در اين زمينه است گفت: در حال حاضر تيم‌هاي مربوطه كار را شروع كردند و با همكاري ماهر كارهاي پاكسازي را انجام مي‌دهند.

در همين حال وزير ارتباطات و فناوري اطلاعات از آمادگي تيمهاي عملياتي اين وزارتخانه براي پاكسازي سيستمهاي صنعتي آلوده به كرم جاسوسي استاكس نت خبر داده و گفته است تاكنون خسارت جدي از خرابي و از كاراندازي سيستمهاي صنعتي گزارش نشده است.

رضا تقي پور با اشاره به اقدامات مدنظر اين وزارتخانه براي پاكسازي سيستمهاي صنعتي آلوده به كرم جاسوسي استاكس نت اعلام كرد كه سيستمهايي كه از وجود اين بدافزار در شبكه هاي خود آگاهي دارند مي توانند با مراجعه به مراكز ماهر و گوهر شركت فناوري اطلاعات در خصوص پاكسازي اين ويروس رايانه اي اقدام كنند.

وي با بيان اينكه در اين مراكز ابزاري براي پاكسازي سيستمها از اين بدافزار وجود دارد ادامه داد: در صورتيكه اين ابزارها براي سيستمهاي مورد نظر كفايت نكند تيمهاي عملياتي وزارت ارتباطات آمادگي آن را دارند تا براي پاكسازي شبكه ها و رايانه هاي آلوده به اين ويروس اقدام كنند.

تقي پور در مورد خطر اين ويروس رايانه اي در سيستمهاي وزارت ارتباطات و فناوري اطلاعات با تاكيد بر اينكه سيستمهاي دولتي كم و بيش از فايروال (ديواره هاي آتش) و مسائلي نظير اين استفاده مي كنند اضافه كرد: نفوذ و آسيب اين كرم جاسوسي در سيستمهاي دولتي جدي نيست اما سيستمهاي موسسات و سازمانهايي كه اين ابزارهاي امنيتي را در اختيار ندارند طبيعتا مورد تهديد و آسيب هستند.

وزير ارتباطات و فناوري اطلاعات بر اقدامات موثر براي ريشه كن كردن اين بدافزار در كشور تاكيد كرد و گفت: از شركتها، موسسات و سازمانهاي مختلف درخواست مي شود از طريق اطلاع گيري از طريق سايتهاي مربوط نسبت به انجام امور لازم براي ريشه كن كردن اين بدافزار اقدام كنند.

تقي پور در مورد ميزان خسارت وارده به سيستمهاي صنعتي در برابر نفوذ اين كرم جاسوسي گفت: اليته نمي توان بر روي اطلاعات قيمت گذاشت اما خسارت خيلي جدي كه باعث خرابي و از كاراندازي سيستمها شود گزارش نشده اما قطعا بايد به صورت كامل اين بدافزار پاكسازي شود.


Lets see, how many countries in the world have access to such sophisticated and well budgeted hackers? It is not hard to guess isn’t it? Why don’t they call for an investigation to this amazing proof of state sponsored terrorism that is spreading all around the world?

BBC News – Stuxnet worm ‘targeted high-value Iranian assets’

Stuxnet worm ‘targeted high-value Iranian assets’

Bushehr nuclear power plant
Some have speculated the intended target was Iran’s nuclear power plant

One of the most sophisticated pieces of malware ever detected was probably targeting “high value” infrastructure in Iran, experts have told the BBC.

Stuxnet’s complexity suggests it could only have been written by a “nation state”, some researchers have claimed.

It is believed to be the first-known worm designed to target real-world infrastructure such as power stations, water plants and industrial units.

It was first detected in June and has been intensely studied ever since.

“The fact that we see so many more infections in Iran than anywhere else in the world makes us think this threat was targeted at Iran and that there was something in Iran that was of very, very high value to whomever wrote it,” Liam O’Murchu of security firm Symantec, who has tracked the worm since it was first detected, told BBC News.

Some have speculated that it could have been aimed at disrupting Iran’s Bushehr nuclear power plant or the uranium enrichment plant at Natanz.

However, Mr O’Murchu and others, such as security expert Bruce Schneier, have said that there was currently not enough evidence to draw conclusions about what its intended target was or who had written it.

India and Indonesia have also seen relatively high infection rates, according to Symantec.

‘Rare package’

Stuxnet was first detected in June by a security firm based in Belarus, but may have been circulating since 2009.

Unlike most viruses, the worm targets systems that are traditionally not connected to the internet for security reasons.

Instead it infects Windows machines via USB keys – commonly used to move files around – infected with malware.

Once it has infected a machine on a firm’s internal network, it seeks out a specific configuration of industrial control software made by Siemens.

Siemens factory The worm searches out industrial systems made by Siemens

Once hijacked, the code can reprogram so-called PLC (programmable logic control) software to give attached industrial machinery new instructions.

“[PLCs] turn on and off motors, monitor temperature, turn on coolers if a gauge goes over a certain temperature,” said Mr O’Murchu.

“Those have never been attacked before that we have seen.”

If it does not find the specific configuration, the virus remains relatively benign.

However, the worm has also raised eyebrows because of the complexity of the code used and the fact that it bundled so many different techniques into one payload.

“There are a lot of new, unknown techniques being used that we have never seen before,” he said These include tricks to hide itself on PLCs and USB sticks as well as up to six different methods that allowed it to spread.

In addition, it exploited several previously unknown and unpatched vulnerabilities in Windows, known as zero-day exploits.

“It is rare to see an attack using one zero-day exploit,” Mikko Hypponen, chief research officer at security firm F-Secure, told BBC News. “Stuxnet used not one, not two, but four.”

He said cybercriminals and “everyday hackers” valued zero-day exploits and would not “waste” them by bundling so many together.

Microsoft has so far patched two of the flaws.

‘Nation state’

Mr O’Murchu agreed and said that his analysis suggested that whoever had created the worm had put a “huge effort” into it.

“It is a very big project, it is very well planned, it is very well funded,” he said. “It has an incredible amount of code just to infect those machines.”

Start Quote

There have been no instances where production operations have been influenced or where a plant has failed”

End Quote Siemen’s spokesperson

His analysis is backed up by other research done by security firms and computer experts.

“With the forensics we now have it is evident and provable that Stuxnet is a directed sabotage attack involving heavy insider knowledge,” said Ralph Langer, an industrial computer expert in an analysis he published on the web.

“This is not some hacker sitting in the basement of his parents’ house. To me, it seems that the resources needed to stage this attack point to a nation state,” he wrote.

Mr Langer, who declined to be interviewed by the BBC, has drawn a lot of attention for suggesting that Stuxnet could have been targeting the Bushehr nuclear plant.

In particular, he has highlighted a photograph reportedly taken inside the plant that suggests it used the targeted control systems, although they were “not properly licensed and configured”.

Mr O’Murchu said no firm conclusions could be drawn.

However, he hopes that will change when he releases his analysis at a conference in Vancouver next week.

“We are not familiar with what configurations are used in different industries,” he said.

Instead, he hopes that other experts will be able to pore over their research and pinpoint the exact configuration needed and where that is used.

‘Limited success’

A spokesperson for Siemens, the maker of the targeted systems, said it would not comment on “speculations about the target of the virus”.

He said that Iran’s nuclear power plant had been built with help from a Russian contractor and that Siemens was not involved.

“Siemens was neither involved in the reconstruction of Bushehr or any nuclear plant construction in Iran, nor delivered any software or control system,” he said. “Siemens left the country nearly 30 years ago.”

Siemens said that it was only aware of 15 infections that had made their way on to control systems in factories, mostly in Germany. Symantec’s geographical analysis of the worm’s spread also looked at infected PCs.

“There have been no instances where production operations have been influenced or where a plant has failed,” the Siemens spokesperson said. “The virus has been removed in all the cases known to us.”

He also said that according to global security standards, Microsoft software “may not be used to operate critical processes in plants”.

It is not the first time that malware has been found that affects critical infrastructure, although most incidents occur accidentally, said Mr O’Murchu, when a virus intended to infect another system accidently wreaked havoc with real-world systems.

In 2009 the US government admitted that software had been found that could shut down the nation’s power grid.

And Mr Hypponen said that he was aware of an attack – launched by infected USB sticks – against the military systems of a Nato country.

“Whether the attacker was successful, we don’t know,” he said.

Mr O’Murchu will present his paper on Stuxnet at Virus Bulletin 2010 in Vancouver on 29 September. Researchers from Kaspersky Labs will also unveil new findings at the same event.