[meelash]

This article is claiming they've been trying to get rid of a worm for months? Why wouldn't they just format the computers and return to a previously backed up state?

Secondly, if the government needed information on how to solve the problem and didn't want to be detected, wouldn't they just send one or two of their top people to research it and then tell everyone else? How does large traffic from a certain country imply that the government is trying to find out how to defeat the worm?

Very strange article. Almost surreal.

[spudlyo]

Stuxnet is harder to get rid of than that because it has a rootkit that targets Siemens PLCs. The Windows PC is simply the vector to get it there. You can reformat and reinstall your Windows PCs all you like, but your SCADA systems will still be infected.

I don't really understand industrial control systems, but it seems like restoring all the code that runs on all of your PLCs from backup would be challenging, especially if your tools to do so are also infected.

[redthrowaway]

You would think they'd be able to get clean versions from Siemens, then zero-fill any writable memory, flash the bios with a clean version, and go from there. I get that their technical expertise isn't great, but it should be too hard to fix. At worst, they should be able to rip everything out, send it back to Siemens, and ask for a clean version in return. Not sure what international regulations might prevent Siemens from doing that, but it doesn't seem to be an insurmountable challenge.

[spudlyo]

I thought about that too, but I speculate that the clean versions from Siemens wouldn't come from the factory ready to run an Iranian nuke plant -- you'd think that code would all be developed by the engineers who run the plant. All of that code would have to be recompiled from source too, as Stuxnet attaches itself to the PLC binaries.

Of course this is all wild speculation.

[redthrowaway]

That's certainly possible, although I don't understand why they would take that approach. The PLCs themselves should be relatively standardized, and any specific software that was created in house should be in an offline backup somewhere. Clearly, they didn't follow best practices, but it shouldn't take a year to start from scratch, assuming you had the basics on file.

[woodall]

Nuclear Facilities

[cypherpunks01]

I believe <i>somebody</i> just blew up one or two of their "top people". The article seems to indicate the scientist who was killed was in charge of the Stuxnet recovery.

Also, I'd bet fixing the whole plant's industrial control systems isn't as simple as restoring from a backup. I imagine there can be a lot of complexities such as the backup systems being infected, having to write custom tools to detect and prevent future infections, etc.

Also, I'm curious, what are people's thoughts on the worm's authors? Is it generally accepted to be Israeli-made, or are there some doubts about that? I remembered reading something about a reference to Israeli in the code from some anti-virus folks, not sure if that is actually true though. And I don't personally think that the CIA / U.S. military is innovative or clever enough to pull this off, but obviously that's just my opinion. Are there any other candidates?

[d2viant]

The CIA / U.S. military have been involved with electronic warfare for a long time. I would disagree and say they're at least as innovative and perfectly capable of carrying out something like this. If it was a US operation though, I would probably add the NSA to the mix as well, since they likely would have had involvement at some point in the process. In either scenario though, it would likely involve contractors of some sort, if only for the specialized Siemens knowledge that would be required.

[redthrowaway]

Likely a joint project, offered in return for one of the Israeli settlement freezes of the last few years. The motorcycle bombings were clearly Mossad, but the technical expertise, specifically the specs needed on the Siemens products, would probably have come from the US.

[spudlyo]

This whole affair feels like a cyberpunk action thriller. It's a bit spooky that it's real.

[icegreentea]

I think the US is plenty capable of pulling this type of thing off. They've done something somewhat similar a long while back... well, allegedly anyways.

http://en.wikipedia.org/wiki/Siberian_pipeline_sabotage