Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Government

Stuxnet Virus Set Back Iran’s Nuclear Program by 2 Years 349

masterwit writes "The Jpost article states: 'The Stuxnet virus, which has attacked Iran's nuclear facilities and which Israel is suspected of creating, has set back the Islamic Republic's nuclear program by two years, a top German computer consultant who was one of the first experts to analyze the program's code told The Jerusalem Post on Tuesday. Widespread speculation has named Israel's Military Intelligence Unit 8200, known for its advanced Signal Intelligence (SIGINT) capabilities, as the possible creator of the software, as well as the United States.'"
This discussion has been archived. No new comments can be posted.

Stuxnet Virus Set Back Iran’s Nuclear Program by 2 Years

Comments Filter:
  • And the winner is... (Score:5, Informative)

    by jav1231 ( 539129 ) on Wednesday December 15, 2010 @10:30PM (#34570008)
    Stuxnet Virus Set Back Iran’s Nuclear Program by 2 Years...LOIC set Mastercard back 2 hours. Advantage, Stuxnet!
    • Re: (Score:3, Insightful)

      by ShakaUVM ( 157947 )

      >>Stuxnet Virus Set Back Iran's Nuclear Program by 2 Years...LOIC set Mastercard back 2 hours. Advantage, Stuxnet!

      Nah, Jimmy Carter set back the US nuclear program by 30 years by banning breeder reactors. Advantage: Carter, by a long mile. Well, Clinton can take some of the blame too, for killing the IFR over the protests of Dirty Dick Durbin, amazingly enough.

      I mean, good thing we never built breeder reactors, right? If we had, Iran might have a nuclear program by now, using stolen American plutonium

      • You can't be sure that allowing them wouldn't have been worse. Early breeder reactor designs were inherently unstable, allowing situations where there could be a runaway reaction. Building one and having it blow its top would have been a far worse setback than the path we did take.

        I'd agree completely that what we need need now is solid, proven breeder reactor tech, and the opportunity to get it was wasted. I just wanted to provide an alternative to the "grass is always greener" thinking - it could have
        • by ShakaUVM ( 157947 ) on Thursday December 16, 2010 @03:45AM (#34571428) Homepage Journal

          >>Early breeder reactor designs were inherently unstable, allowing situations where there could be a runaway reaction.

          You mean back in the 1950s when the first breeder reactors were built? :p Sure, I'll grant you that.

          The modern Type IV reactors safe(r), and since they get rid of most of the waste that causes most of the political problems with nuclear power, I'd say that it was a pretty bad decision by Clinton to kill the IFR research project.

          >>Building one and having it blow its top would have been a far worse setback than the path we did take.

          Sure. And if every reactor in the planet exploded right now, that would be bad, too. But if you're looking at risk levels from nuclear vs. other plants, the numbers just aren't there to support the anti-nuclear crowd. If nuclear killed even a hundredth of the people that have died from coal power (while it has been producing about half the power for our nation vs. coal), we'd have panicked and shut down all of the nuclear sites ages ago. We're fundamentally stupid about it.

          >>I'd agree completely that what we need need now is solid, proven breeder reactor tech, and the opportunity to get it was wasted. I just wanted to provide an alternative to the "grass is always greener" thinking - it could have been a disaster too.

          Sure, and I get what you're saying. But the main reason Carter and Clinton banned breeder reactors was not for safety reasons, but really about concerns over nuclear proliferation. The thinking is that if we had breeder reactors we'd not be able to morally take the high ground when we tried to stop Iran from going nuclear... oh wait. And also certain fears that people could steal the Plutonium coming out of the reactors and turn them into terrorist bombs. (Because, you know, if there's any place in America that is easy to steal from, it's a nuclear plant with all of its barbed wire and armed guards with machine guns.)

          • by MrKaos ( 858439 ) on Thursday December 16, 2010 @09:11AM (#34572890) Journal

            (You know all the political mess we are in over waste products, and how California has banned new nuclear until the waste issue is resolved? Breeder reactors use nuclear 'waste' as fuel, burning over 99% of the fuel, instead of the 1% or so efficiency we get from traditional PWR/BWR reactors. IFRs can also burn depleted uranium, and weapons-grade plutonium.)

            You are confusing two different types of *FAST* reactors technology, breeder and burner. Roughly, the process Breeder reactors perform combine similar quantities of two other elements with plutonium within the reactor and transmute them into plutonium. In other words Breeder reactors produce about three times as much plutonium that goes in creating a plutonium economy.

            The IFR is a Burner reactor prototyped at Argonne National Laboratory's EBR-II. It achieved a burnup rate of 20% of the fuel before the remainder of the fuel has to be removed and reprocessed. The ambition was to have reprocessing facilities and all other facilities on-site, hence the name Integral Fast Reactor. Given this knowledge your claim that Californian policy on Nuclear reactors is a mess is, at best, not well informed.

            Nah, Jimmy Carter set back the US nuclear program by 30 years by banning breeder reactors.

            No he didn't. While people like to piss on Carter for this decision it is highly ignorant to do so. We have over 70,000 tons of waste plutonium *now* as a result of the once through cycle reactors we have now and still no plan to properly contain it. Had Carter not stepped in and ended the plutonium economy 30 years ago we would have an epidemic of plutonium production. Additionally Breeder reactors are much less forgiving than the once through reactor cycles that are currently in operation. Carter's decision to ban breeder reactors was a wise decision considering the lack of appropriate facilities to contain plutonium available today.

            Well, Clinton can take some of the blame too, for killing the IFR

            Indeed. Killing the research into IFR and it's complementary processes was probably a mistake. However material technology is still not available to make IFR a working proposition, especially as the reactor ages. IFR is only appropriate technology when the lifespan of the reactor matches the decay time of it's waste product. Yes, I am saying we should learn how to build a reactor that lasts 600-1000 years as the decommission of an IFR reactor every 40-60 years severely reduces it's viability and practicality. Still developing the surrounding Integral technologies would be a good step forward until the material technology is available for the reactor as the fuel reprocessing technology is as important as the reactor itself.

            You mean back in the 1950s when the first breeder reactors were built? :p Sure, I'll grant you that...The modern Type IV reactors safe(r), and since they get rid of most of the waste that causes most of the political problems with nuclear power,

            Again you are confusing Breeder and Burner reactor technology. Breeder reactors allow less time to control run away reactions. Since they are cooled with sodium as the age any air that leaks into the system makes them explosive and they contain far more radioactive materials than a reactor like Chernobyl. The only new breeder reactor under construction that I know of is in India, in a flood prone area and sodium and water aren't friends in a nuclear reactor.

            I'd say that it was a pretty bad decision by Clinton to kill the IFR research project.

            Yes it was, because it has great promise for burning up not only pu-239 but also U-238, or depleted uranium, DU.

            if you're looking at risk levels from nuclear vs. other plants, the numbers just aren't there to support the anti-nuclear crowd. If nuclear killed even a hundr

    • Re: (Score:3, Insightful)

      Stuxnet Virus Set Back Iran's Nuclear Program by 2 Years...LOIC set Mastercard back 2 hours. Advantage, Stuxnet!

      Err, thats "two Jerusalem Post Years", which are sort of like the "Iraqi Information Minister's Years", so in reality it was probably a tie.

      Weake up people. Jerusalem Post is a mouthpiece of Israel's far, far right. Those are the same turkeys who believe in Greater Israel and the like. In their view, should Stuxnet not be handily around to embellish on, they would have to fall back on to their o

  • Success (Score:5, Insightful)

    by Dan East ( 318230 ) on Wednesday December 15, 2010 @10:36PM (#34570028) Journal

    Guess what? We're going to be seeing this sort of thing a whole lot more. Compare the expense and risk involved in writing this virus versus firing off cruise missiles or sending planes on bombing missions or an actual ground invasion.

    And to beat it all, no-one even knows who was actually responsible for this. Oh yes, the future of modern warfare and sabotage is most certainly here.

    • Re:Success (Score:5, Funny)

      by Anonymous Coward on Wednesday December 15, 2010 @10:44PM (#34570084)

      And to beat it all, no-one even knows who was actually responsible for this.

      True, but we do know that it was a country which can keep secrets.

      • Re: (Score:2, Offtopic)

        So definitely not the US then . . . :P
        • Re:Success (Score:4, Informative)

          by geegel ( 1587009 ) on Thursday December 16, 2010 @03:23AM (#34571372)

          The latest evidence seems to point out that China might be behind the Stuxnet worm, as an expedient way of sabotaging a nuclear power without the diplomatic drama.

          Of course, this is all highly circumstantial. We'll probably never know with absolute certainty.

          Here's [forbes.com] a rather insightful analysis on this hypothesis.

          • The only country that doesn't want to stop Iran getting nuclear weapons is Iran itsself. There is no shortage of suspects. Israel, China, the US, UK, every single country in Europe, Australia,Canada, the UN, and every country in the middle east or adjacent do it worried about a potential conflict spilling over. Saudi Arabia, Egypt, Russia... ok, it's easier to just list the countries that *wouldn't* want to stop Iran. There is only one.
            • Canada? Really?

              CSIS making one of the most sophisticated worms out there, I doubt it.
    • Re:Success (Score:4, Insightful)

      by Fluffeh ( 1273756 ) on Wednesday December 15, 2010 @10:48PM (#34570094)

      Oh yes, the future of modern warfare and sabotage is most certainly here.

      Absolutely. If anyone ever needed a proof of concept to do something like this, you can't go idly past this one. I totally agree that this will open a LOT of eyes who will all now be in the "Lets do one of those worm things to solve [insert problem], it worked with the Iranian nuclear program..."

      Might be a good time for the CV to start brushing up on writing some malware. Maybe form a small botnet or two just to cut your teeth on... Certainly beats spamming out messages about all sorts of pharmaceuticals as far as a paycheck goes.

      • Re:Success (Score:4, Insightful)

        by rtb61 ( 674572 ) on Thursday December 16, 2010 @12:18AM (#34570592) Homepage

        It will just change security. More isolation in systems. Simpler programs only designed to do the job they need to do and absolutely nothing else. More appliances with completely stripped down or even no operating system.

        Basically if you use M$ windows in what is meant to be a completely secure system, than you are a bloody idiot.

        I think the two year setback is also likely wildly optimistic, even including the time already lost, unless of course Iran chooses to stick with M$ Windows.

        The best hacks are still in hardware, chips built into capacitors, resistors etc. just waiting for that encoded signal to come in via their power feed to initiate intermittent power fluctuations (better than burn out, far harder to fix) and, really destructive when all spares will suffer from the same fault.

        • The best hacks are still in hardware, chips built into capacitors, resistors etc. just waiting for that encoded signal to come in via their power feed to initiate intermittent power fluctuations (better than burn out, far harder to fix) and, really destructive when all spares will suffer from the same fault.

          You mean by damaging sensitive hardware such as centrifuges (by speeding them up and slowing them down quickly) in ways that are not immediately obvious, but will take a long time (2 years) to replace

    • Re: (Score:3, Funny)

      by cbeaudry ( 706335 )

      I dont think so.

      We will see this sort of thing only if its politically inconvenient to use standard warfare.

      Because quick and easy, means cheap. Which means, the military industrial complex isn't making profit.

      We wont be seeing this replacing standard warfare anytime soon.

    • by mysidia ( 191772 )

      And to beat it all, no-one even knows who was actually responsible for this. Oh yes, the future of modern warfare and sabotage is most certainly here.

      This is what happens when you use off the shelf bloated (buggy) operating systems to power your infrastructure, rather than using slim custom-built OSes that only run approved code which includes only the functions necessary for that system.

    • Re: (Score:3, Funny)

      I absolutely guarantee the US government payed as much for this code as it would have for any comparable attack with hardware. Hell, the company I work for just payed $19,000 for a SQL statement shorter than this very sentence.
      • Re:Success (Score:4, Insightful)

        by nitehawk214 ( 222219 ) on Wednesday December 15, 2010 @11:54PM (#34570474)

        I absolutely guarantee the US government payed as much for this code as it would have for any comparable attack with hardware. Hell, the company I work for just payed $19,000 for a SQL statement shorter than this very sentence.

        Invoice:
        Writing short sql statement: $10
        Knowing which short sql statement to write: $18990
        (assuming it did something useful and necessary)

      • ...Hell, the company I work for just payed $19,000 for a SQL statement shorter than this very sentence.

        Yeah, well, that was after you lost the lawsuit and had to pay up. Next time, write better code!

    • Re:Success (Score:4, Interesting)

      by timeOday ( 582209 ) on Thursday December 16, 2010 @12:04AM (#34570528)

      Compare the expense and risk involved in writing this virus versus firing off cruise missiles or sending planes on bombing missions or an actual ground invasion.

      In other words, the relative advantage conferred by our overwhelming advantage in wealth and firepower is being tossed out for a level playing field in which we are very vulnerable and, even developing nations can pose a serious threat.

    • I wish I could say I think you are wrong. Best I can do is hope you are wrong.

      The expense and risk are tricky. One things bombs have going for them is a track record. They may not always achieve your goals, but you have more history to look at.

      The history here isn't good. As a software developer, I wish people wouldn't "do that" as it's a PITA to code against. People will do that, and it helps to keep me employed.

      Long term, will black hats consistently win over white hats, even with things like nuclear ener

    • Guess what? We're going to be seeing this sort of thing a whole lot more.

      International law will have to address this within a few years.

      It will be interesting to see what they come up with. I can't imagine that they'll just say it's all OK. Probably they'll forbid it, and everyone will still do it anyway.

  • SIGINT? (Score:4, Funny)

    by PatPending ( 953482 ) on Wednesday December 15, 2010 @10:36PM (#34570032)

    "SIGINT" is an appropriate name for this:

    SIGINT is the signal sent to a process by its controlling terminal when a user wishes to interrupt the process.

    Although I would have preferred one of these [wikipedia.org] instead:

    SIGKILL

    SIGSTOP

    SIGSTFU

    Okay, I made the last one up.

    • signals and intelligence, in army jargon.
    • Uh, it meant something else, for a LOOONG time before computers were around.

    • by mysidia ( 191772 )

      SIGSTFU

      Okay, I made the last one up.

      This is one we definitely need....

      And it's pretty obvious what it should do, also.... close and invalidate any file descriptors attached to that process that are TTY devices. If there are any pipes (named or otherwise) open for write access, then substitute with /dev/null

      • Re:SIGINT? (Score:5, Funny)

        by Anonymous Coward on Wednesday December 15, 2010 @11:52PM (#34570466)

        SIGHUP -> SIGOHNO
        SIGINT -> SIGPWND
        SIGQUIT -> SIGWUT
        SIGILL -> SIGWTF
        SIGABRT -> SIGORLY
        SIGTRAP -> SIGRAEP
        SIGKILL -> SIGSTFU
        SIGSEGV -> SIGOMFG
        SIGTERM -> SIGRTFM
        SIGSTOP -> SIGKTHX
        SIGCONT -> SIGGOGO

    • by Nemyst ( 1383049 )
      They sent an interrupt signal to Iran's nuclear program?
    • Military jargon like this seem sot be a very weird combination of abbreviation and acronym, in ALL CAPS to boot.

    • I prefer the Signal Search Group of Veterans (SIGSEGV). They're a bit harder to ignore, and are really good at messing with your memory.

  • by Anonymous Coward

    to be a wedge issue in the next US elections. /rolls eyes

  • by c0lo ( 1497653 )
    Just asking.
  • by SuperKendall ( 25149 ) on Wednesday December 15, 2010 @10:48PM (#34570092)

    I don't know why people think the only strong suspects are Israel and the U.S.

    If you think about it, Russia not only has a number of potential motives (was paid off by one of the other arab nations like Saudi Arabia, annoyed at Iran for some reason, wants to make money selling the "fix" to the problem...), they have countries with many hackers that are well known for ability and also not as prone to speak out about what they are doing as a team (and this was a team effort) of U.S. hackers would be. On top of THAT, Russia also has (had?) engineers on site, which they could have used as an attack vector even unknowingly.

    • by antifoidulus ( 807088 ) on Wednesday December 15, 2010 @11:02PM (#34570168) Homepage Journal
      Russia has actually repeatedly try to mediate the standoff by promising to do all the uranium enrichment necessary for nuclear power in Russia and then send the enriched uranium to Iran, all at a cost of course. The argument was that Iran could use the uranium to generate nuclear power ,which is their projects ostensible goal, without Iran getting any of the technology necessary to make a bomb. It never really made any progress.
      • The argument was that Iran could use the uranium to generate nuclear power ,which is their projects ostensible goal, without Iran getting any of the technology necessary to make a bomb. It never really made any progress.

        Oh hey, suddenly this proposal magically looks all the better to Iran! Perhaps Iran is finding out how hard it is to say "no" to a solution a Russian REALLY wants you to agree to...

        all at a cost of course.

        Now do you see why Russia is a pretty good candidate suspect in all this?

        Pardon me, so

  • Okay, so the F'n A says that they've been set back two years. The main reason cited is that they ahve to wipe all their machines etc to ensure the malware is gone.

    This is where my ignorance on the topic begins... So they have malware that attacks the Iran nuclear facility. It targets them without really hurting anybody else. How can this realistically take two years to clean up? Again, I'm being dense here, but the target is so specific I don't see how they can't just change a couple of things and avoid

    • There's a whole gigantic facility (possibly two) that needs to have all its machinery removed and replaced with a different type, and you really believe it's a plug and play type of deal? (Stuxnet only affects a specific machine, the Siemens S7-300, and only when attached to specific variable frequency drives [centrifuges] - this is why Stuxnet is known to be a targeted operation. The Windows infection is just meant to use way to get itself onto those specific machines, and it does no real harm on Windows m
    • Re:Two years...? (Score:5, Informative)

      by surfdaddy ( 930829 ) on Wednesday December 15, 2010 @11:16PM (#34570250)
      A VERY interesting article with a lot of detail from (I know) Fox News: http://www.foxnews.com/scitech/2010/11/26/secret-agent-crippled-irans-nuclear-ambitions/ [foxnews.com] A bit more detail that I'd read elsewhere. I strongly encourage everybody to read this. Quite an admirable job. But then you think that of course this could happen to control systems in the US as well. We all know countries and organizations that might be happy to attack. I'm sure this sort of thing will only grow in the years ahead.
  • Well I hate the word "cyberwar", but I wasn't really sure what else to call it. It seems that warfare has finally taken place at the computer level. It will be interesting to see where it goes from here..

    Personally, I'd prefer war this way. Less lives lost.

  • Problematic Approach (Score:5, Interesting)

    by Anonymous Coward on Wednesday December 15, 2010 @11:05PM (#34570176)

    The problem with this approach and other similar forced social and technological engineering attempts by the west against Iran, is that it forces Iran to become more independent and self-reliant. It is true that there is a temporary short-term win, however in the long run it creates a scenario of technological escalation.

    Lets review Technological Escalation ala'Iraq:

    Attack Vector: IED v1.0 - Road side bomb with detonator fuse wire, bomber hides in near buy building, waits for US tanks to go past, presses red button
    US Countermeasure: Train soldiers to look for suspicious packages or mounds of garbage were wire or some such are leading away from mound, once detected fire at location where wire ends up.

    Attack Vector: IED v2.0 - Same as v1 but now uses a wireless trigger mechanism based on childrens walkie-talkies to set-off explosive. As before waits for US tanks to go past, presses red button
    US Countermeasure: Provide signal jamming equipment on-board all patrols and tanks.

    Attack Vector: IED v3.0 - Same as v2 but now uses continuous signal trigger mechanism to set-off explosive. As before waits for US tanks to go past, presses red button, but now signal stops and explosive goes kaboom!
    US Countermeasure: Same as before but instead of jamming the signal, all terrestrial signals are replicated, allowing the tank/patrol to pass by without being blown up.

    Attack Vector: IED v4.0 - Same as v3 uses continuous signal trigger mechanism to set-off explosive. Signal begin sent is encrypted and uses a random sequence number, As before waits for US tanks to go past, presses red button, signal stops and explosive goes kaboom!
    US Countermeasure: Pray...., play crappy rock/death metal music while driving around bagdad.

    Attack Vector: IED v5.0 - Same as v4, but now they have time to refine the design of the ordinates, remember the movie coneheads with Dan Akroid? Well it turns out for a really good focused explosion, all you need is a piece of steal in that shape packed with C4, with the pointy end aim at the direction you wish the explosive to fire - Armoured penetration as per and 09' pentagon report is roughly successful 85% of the time.
    US Countermeasure: Pray....

    Attack Vector: IED v6.0 - Same as v5, but made to be more weather resistant, with added proximity sensors, modern cars aren't made with as much steel and Iron as patrol cars or tanks - so it makes for a good differentaitor which can be use with a proximity fuse.
    US Countermeasure: N/A

    Do you really want to force your enemies hand like this?

    • Do you really want to force your enemies hand like this?

      It has been quite profitable for those in the military/contractor revolving door who have been responsible for this strategy. Although in theory its people higher up the chain who decide the policy, they do so based on the expert advice of people who are neither entirely honest nor interested in the long term.

    • by cowwoc2001 ( 976892 ) on Thursday December 16, 2010 @12:34AM (#34570648)

      More sophisticated = more costly. If the end-result of this game is raising the cost for Iran to seek nuclear weapons then it's a win in its own right.

    • by khallow ( 566160 )

      Do you really want to force your enemies hand like this?

      Yes. I'm puzzled why I wouldn't want to force a foe into a much harder path.

  • Comment removed (Score:4, Interesting)

    by account_deleted ( 4530225 ) on Wednesday December 15, 2010 @11:06PM (#34570184)
    Comment removed based on user account deletion
    • by santax ( 1541065 )
      Ahhh... would that be the reason we got that fed-story about how openbsd ssh has a backdoor. With all the stuff in wikileaks and happening to Assange, this would actually be a perfectly good time to get paranoid.
    • For Iran to do what you propose would require that they had a large workforce of highly skilled IT people who are both willing to work for the Iranian government and considered trustworthy by the Iranian government. Iran is not exactly known for its leading edge science and technology. The article itself states that IT in Iran is abyssmal. They may be well advised to try to do as you say, but they probably can't.
      • by santax ( 1541065 )
        Well, the article might be biased. With 20 million people on the internet, the 2nd most in the whole middle eastern, there are bound to be some really good techs there.
  • ... I would argue that this is *proof* that a transparent national defense (as promoted by the pro-Wiki-Leaks crowd) is a very bad idea. Assuming that the U.S. is behind this (a bold assumption yes, but is highly likely), for some-one to "leak" information on this, would be a travesty.

    And no: this is not flame-bait ... I just making a "case in point" observation here.

    • The travesty would be if the US did this and all the discussions, memos, meetings, names of programmers etc were all just classified secret...

      Place blame where it is needed. US security regarding classified information is significantly lacking... The fact that you could burn to a CD or copy to a USB drive on a classified network is completely ass backwards.

  • Uh... (Score:2, Interesting)

    by Anonymous Coward

    Great - so they were delayed 2 friggin years. Woop-de-doo. Now they'll get it sorted out and get back on track, and the problem is EXACTLY the same as it was beforehand.

    There are only two ways to stop Iran from pursuing this - either convince them somehow it's not something they need/want to do, or use military force to make it something they CANNOT do. This did neither.

    Frankly, I don't think there is any practical way out of this one. I have a hunch Iran wants nuclear weapons to be able to tell the res

  • If we wanted to take away their toys, we'd just bomb them into the ground. Nope, I bet it's Russia. They like all that cloak and dagger crap. On this side of the pond we favor a more direct approach.
  • He was purportedly the lead Iranian scientist trying to eliminate stuxnet.
    https://www.nytimes.com/aponline/2010/12/02/world/middleeast/AP-ML-Iran.html [nytimes.com]

  • by KingAlanI ( 1270538 ) on Thursday December 16, 2010 @12:42AM (#34570692) Homepage Journal

    Iran actually would have plausible reasons for blaming *this* on the Jews. :P
    Russia maybe not, but Israel definitely (duh!), and the US maybe (Logically, Americans who feel an affinity towards Israel would have that extra reason to be concerned about, and want to do something about, Iran's nuclear behavior)

    This action of buying time, whoever did it, could come in very handy.

  • by ThatsNotPudding ( 1045640 ) on Thursday December 16, 2010 @07:37AM (#34572222)
    by US and Israel. I think this is why Knesset member Lieberman is so concerned about Wikileaks; something they have confirms this program.

Your password is pitifully obvious.

Working...