Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?
Take advantage of Black Friday with 15% off sitewide with coupon code "BLACKFRIDAY" on Slashdot Deals (some exclusions apply)". ×

Researcher Offers New Perspective On Stuxnet-Wielding Sabotage Program 46

An anonymous reader writes with this excerpt from Help Net Security: "Stuxnet, the malware that rocket the security world and the first recorded cyber weapon, has an older and more complex 'sibling' that was also aimed at disrupting the functioning of Iran's uranium enrichment facility at Natanz, but whose modus operandi was different. The claim was made by well-known German control system security expert and consultant Ralph Langner, who has been analyzing Stuxnet since the moment its existence was first discovered. He pointed out that in order to known how to secure industrial control systems, we need to know what actually happened, and in order to do that, we need to understand all the layers of the attack (IT, ICS, and physical), and be acquainted with the actual situation of all these layers as they were at the time of the attack."

Iranian Hackers Probe US Infrastructure Targets 203

Taco Cowboy points out reports in The Register and The Jerusalem Post (along with a paywalled article at the WSJ) that say "[Iranian hackers are] responsible for a wave of computer attacks on U.S. corporations, with targets including oil, gas and electricity companies. Unlike the cyber incursions from China, the goal of the Iranian attacks is sabotage rather than espionage. The cyber attacks are seen as attempts to gain control of critical processing systems. The attacks on oil, gas and power firms have so far concentrated on accruing information on how their systems work – a likely first step in a co-ordinated campaign that would eventually result in attacks aimed at disrupting or destroying such infrastructure."

The One Sided Cyber War 215

Curseyoukhan writes with a skeptical perspective on the U.S. Cyberwar posturing. From the article: "The first shot was probably the release of Stuxnet sometime during or before 2009. Even though no one has officially claimed responsibility everyone knows who was behind it. Stuxnet hit with a bang and did a whole lot of damage to Iran's uranium-enrichment capabilities. We followed up Stuxnet with Flame — the Ebola virus of spyware. What did the Iranians fire back with? A series of massive, on-going and ineffective DDoS attacks on American banks. This is a disproportionate response but not in the way military experts usually mean that phrase. It's the equivalent of someone stealing your car and you throwing an ever-increasing number of eggs at his house in response. It's fascinating that Iran continues to do nothing more despite the fact that U.S. critical infrastructure currently has the defensive posture of a dog waiting for a belly rub. Keep that in mind the next time you hear that a 'cyber Pearl Harbor' is imminent."

Malware Infects US Power Facilities Through USB Drives 136

angry tapir writes "Two U.S. power companies have reported infections of malware during the past three months, with the bad software apparently brought in through tainted USB drives, according to the U.S. Department of Homeland Security's Industrial Control Systems Cyber Emergency Response Team (ICS-CERT). The publication (PDF) did not name the malware discovered. The tainted USB drive came in contact with a 'handful of machines' at the power generation facility and investigators found sophisticated malware on two engineering workstations critical to the operation of the control environment, ICS-CERT said."

Iran Claims New Cyberattacks On Industrial Sites 75

wiredmikey writes "Iranian officials on Tuesday said a 'Stuxnet-like' cyberattack hit some industrial units in a southern province. 'A virus had penetrated some manufacturing industries in Hormuzgan province, but its progress was halted,' Ali Akbar Akhavan said, quoted by the ISNA news agency. Akhavan said the malware was 'Stuxnet-like' but did not elaborate, and that the attack had occurred over the 'past few months.' One of the targets of the latest attack was the Bandar Abbas Tavanir Co, which oversees electricity production and distribution in Hormuzgan and adjacent provinces. He also accused 'enemies' of constantly seeking to disrupt operations at Iran's industrial units through cyberattacks, without specifying how much damage had been caused. Iran has blamed the U.S. and Israel for cyberattacks in the past. In April, it said a voracious malware attack had hit computers running key parts of its oil sector and succeeded in wiping data off official servers."

New Malware Wiping Data On Computers In Iran 95

L3sPau1 writes "Iran's computer emergency response team is reporting new malware targeting computers in the country that is wiping data from partitions D through I. It is set to launch on only particular dates. 'Clearly, the attacker was trying to think ahead. After trying to delete all the files on a particular partition the malware runs chkdsk on said partition. I assume the attacker is trying to make the loss of all files look like a software or hardware failure. Next to these BAT2EXE files there's also a 16-bit SLEEP file, which is not malicious. 16-bit files don't actually run on 64-bit versions of Windows. This immediately gives away the malware's presence on a x64 machine.' While there has been other data-wiping malware targeting Iran and other Middle East countries such as Wiper and Shamoon, researchers said there is no immediate connection."
The Military

Submission + - Iran bags another US drone (

AmiMoJo writes: "The Iranian military says it has captured an unmanned US drone aircraft in its airspace over Gulf waters. The Revolutionary Guards said they had brought down a ScanEagle — one of the smaller, less sophisticated drones employed by the Americans. The US said it was looking into the reports."

James Bond Film Skyfall Inspired By Stuxnet Virus 187

Velcroman1 writes "No smartphones. No exploding pens. No ejector seats. No rocket-powered submarines. 'It's a brave new world,' gadget-maker Q tells James Bond in the new film Skyfall. The new film, released on the 50th anniversary of the storied franchise, presents a gadget-free Bond fighting with both brains and brawn against a high-tech villain with computer prowess Bill Gates would be envious of. What inspired such a villain? 'Stuxnet,' producer Michael G. Wilson said. 'There is a cyberwar that has been going on for some time, and we thought we'd bring that into the fore and let people see how it could be going on.'"
The Military

Iran's High Tech Copycat War Against the West: Drones and Cyberwar 159

An anonymous reader writes "Iran and its nuclear program seem to be getting all the headlines. Yet, Iran has found a way to respond to western cyber attacks such as Stuxnet, drone surveillance and targeted assassinations; they've decided to respond in kind. Iran has launched its own cyber attacks on U.S. banks via denial-of-service attacks. Iranian drones recently were used to spy on Israeli nuclear facilities. Cyberweapons were also used against Saudi oil facilities. The goal: to make sure the west, specifically the United States, knows that Iran does have the tools to strike back. While Iran does not have a world-class military like the United States, it does have the capabilities to cause damage if it wants to. With Iran taking to cyberspace and drones, it shows such technology is not just under the control of the U.S. Iran has been careful, though, not to escalate the conflict. The risk: what if the plan backfires and goes beyond its intended scope?"

Trade Show Video Features Iranian Tech, Talk of Stuxnet Retaliation 131

dcblogs writes "Iran recently held a security trade show and conference, attended by high-ranking police and military officials. A video by an Iranian news outlet shows some of the products, from crossbows to unidentified systems, and includes an interview with Iran's police chief, Brig. Gen. Esmail Ahmadi-Moqadam: 'It's true that the U.S. made Stuxnet virus did some damage to our facilities but we were able to get them all up and running in no time. However, those who attack should expect retaliation and we haven't gone there just yet.'"
The Almighty Buck

Iran Running Out of Physical Currency, Satellite Broadcasts Dropped in Europe 480

iONiUM writes "In an interesting problem with physical currency, Iran is now running out of hard currency, due to a combination of inflation, and 'Koenig & Bauer AG of Würzburg, Germany, also says it has not responded to an Iranian request for bids to make the presses to print new rials.' Perhaps they should switch to BitCoin." In addition to not printing money for them, the European currency presses won't sell Iran the equipment needed to print their currency domestically (not unexpected with the embargo). pigrabbitbear adds: "Eutelsat Communications, one of the largest satellite providers in Europe, has just nixed its contract with IRIB, the Iranian state broadcasting company. While IRIB's programming is still mostly up and running in Iran, the decision means that 19 IRIB TV and radio channels have now been axed from Europe and much of the Middle East."

Precision Espionage MiniFlame Malware Tied To Flame 34

Gunkerty Jeb writes "Initially thought to be merely a module of the now-infamous Flame malware, MiniFlame, or SPE is, in reality, a secondary surveillance tool deployed against specially identified targets following an initial Flame or Gauss compromise. MiniFlame/SPE was one of three previously unseen pieces of malware discovered during a forensic analysis of Flame's command and control servers. Researchers at Kaspersky Lab and CERT-Bund/BSI determined that the program, which has compromised somewhere between 10 and 20 machines, can stand alone as an independent piece of malware or run as a plug-in for both Flame and Gauss."

US Suspects Iran Was Behind a Wave of Cyberattacks 292

SternisheFan writes in with this Times article about more trouble brewing between the U.S. and Iran. "American intelligence officials are increasingly convinced that Iran was the origin of a serious wave of network attacks that crippled computers across the Saudi oil industry and breached financial institutions in the United States, episodes that contributed to a warning last week from Defense Secretary Leon E. Panetta that the United States was at risk of a 'cyber-Pearl Harbor.' After Mr. Panetta's remarks on Thursday night, American officials described an emerging shadow war of attacks and counterattacks already under way between the United States and Iran in cyberspace. Among American officials, suspicion has focused on the 'cybercorps' that Iran's military created in 2011 — partly in response to American and Israeli cyberattacks on the Iranian nuclear enrichment plant at Natanz — though there is no hard evidence that the attacks were sanctioned by the Iranian government. The attacks emanating from Iran have inflicted only modest damage. Iran's cyberwarfare capabilities are considerably weaker than those in China and Russia, which intelligence officials believe are the sources of a significant number of probes, thefts of intellectual property and attacks on American companies and government agencies."

New State-Sponsored Malware "Gauss" Making the Rounds 106

EliSowash writes "A newly uncovered espionage tool, apparently designed by the same people behind the state-sponsored Flame malware that infiltrated machines in Iran, has been found infecting systems in other countries in the Middle East, according to Kaspersky researchers. Gauss is a nation-state-sponsored banking Trojan which carries a warhead of unknown designation. Besides stealing various kinds of data from infected Windows machines, it also includes an unknown, encrypted payload which is activated on certain specific system configurations. Just like Duqu was based on the 'Tilded' platform on which Stuxnet was developed, Gauss is based on the 'Flame' platform."

God is real, unless declared integer.