Archive for December 11, 2010

« WarSclerotic home page

Stuxnet Worm Still Out of Control at Iran’s Nuclear Sites, Experts Say

December 11, 2010

FoxNews.com – Stuxnet Worm Still Out of Control at Iran’s Nuclear Sites, Experts Say.

Iran’s nuclear program is still in chaos despite its leaders’ adamant claim that they have contained the computer worm that attacked their facilities, cybersecurity experts in the United States and Europe say.

The American and European experts say their security websites, which deal with the computer worm known as Stuxnet, continue to be swamped with traffic from Tehran and other places in the Islamic Republic, an indication that the worm continues to infect the computers at Iran’s two nuclear sites.

The Stuxnet worm, named after initials found in its code, is the most sophisticated cyberweapon ever created. Examination of the worm shows it was a cybermissile designed to penetrate advanced security systems. It was equipped with a warhead that targeted and took over the controls of the centrifuge systems at Iran’s uranium processing center in Natanz, and it had a second warhead that targeted the massive turbine at the nuclear reactor in Bashehr.

Stuxnet was designed to take over the control systems and evade detection, and it apparently was very successful. Last week President Mahmoud Ahmadinejad, after months of denials, admitted that the worm had penetrated Iran’s nuclear sites, but he said it was detected and controlled.

The second part of that claim, experts say, doesn’t ring true.

Eric Byres, a computer expert who has studied the worm, said his site was hit with a surge in traffic from Iran, meaning that efforts to get the two nuclear plants to function normally have failed. The web traffic, he says, shows Iran still hasn’t come to grips with the complexity of the malware that appears to be still infecting the systems at both Bashehr and Natanz.

“The effort has been stunning,” Byres said. “Two years ago American users on my site outnumbered Iranians by 100 to 1. Today we are close to a majority of Iranian users.”

He said that while there may be some individual computer owners from Iran looking for information about the virus, it was unlikely that they were responsible for the vast majority of the inquiries because the worm targeted only the two nuclear sites and did no damage to the thousands of other computers it infiltrated.

At one of the larger American web companies offering advice on how to eliminate the worm, traffic from Iran has swamped that of its largest user: the United States.

“Our traffic from Iran has really spiked,” said a corporate officer who asked that neither he nor his company be named. “Iran now represents 14.9 percent of total traffic, surpassing the United States with a total of 12.1 percent. Given the different population sizes, that is a significant number.”

Perhaps more significantly, traffic from Tehran to the company’s site is now double that of New York City.

Ron Southworth, who runs the SCADA (the Supervisory Control and Data Access control system that the worm specifically targeted) list server, said that until two years ago he had clearly identified users from Iran, “but they all unsubscribed at about the same time.” Since the announcement of the Stuxnet malware, he said, he has seen a jump in users, but few openly from Iran. He suspects there is a cat-and-mouse game going on that involves hiding the e-mail addresses, but he said it was clear his site was being searched by a number of users who have gone to a great deal of effort to hide their country of origin.

Byres said there are a growing number of impostors signing on to Stuxnet security sites.

“I had one guy sign up who I knew and called him. He said it wasn’t his account. In another case a guy saying he was Israeli tried to sign up. He wasn’t.”

The implication, he says, is that such a massive effort is a sign of a coordinated effort.

Ralph Langner, the German expert who was among the first to study and raise alarms about Stuxnet, said he was not surprised by the development.

“The Iranians don’t have the depth of knowledge to handle the worm or understand its complexity,” he said, raising the possibility that they may never succeed in eliminating it.

“Here is their problem. They should throw out every personal computer involved with the nuclear program and start over, but they can’t do that. Moreover, they are completely dependent on outside companies for the construction and maintenance of their nuclear facilities. They should throw out their computers as well. But they can’t,“ he explained. “They will just continually re-infect themselves.”

“With the best of expertise and equipment it would take another year for the plants to function normally again because it is so hard to get the worm out. It even hides in the back-up systems. But they can’t do it,” he said.

And Iran’s anti-worm effort may have had another setback. In Tehran, men on motorcycles attacked two leading nuclear scientists on their way to work. Using magnetic bombs, the motorcyclists pulled alongside their cars and attached the devices.

One scientist was wounded and the other killed. Confirmed reports say that the murdered scientist was in charge of dealing with the Stuxnet virus at the nuclear plants.

Read more: http://www.foxnews.com/scitech/2010/12/09/despite-iranian-claims-stuxnet-worm-causing-nuclear-havoc/#ixzz17o22VDy0

Categories: Uncategorized

Comments: 1 Comment

Iran, Israel and the Arab Contradiction – WSJ.com

December 11, 2010

Ronen Bergman: Iran, Israel and the Arab Contradiction – WSJ.com.

The WikiLeaks cables reveal that Egypt and Saudi Arabia can’t decide if they fear a Shiite bomb more than they hate the Jewish state.

By RONEN BERGMAN

Tel Aviv, Israel

Speaking recently to the heads of his country’s major media outlets, Israeli Prime Minister Benjamin Netanyahu was unable to contain his glee at the revelations from the latest WikiLeaks documents (a reaction that elicited a private protest from the U.S. Embassy in Tel Aviv).

The main reason for Mr. Netanyahu’s satisfaction was that the highly classified State Department documents present a picture of an Arab world that despises Hamas, believes that Hezbollah is a danger to Lebanon, and fears Iran. Arab leaders take the last matter so seriously that they even appear to be doing their best to persuade the United States to attack Iran’s nuclear installations.

Egypt’s President Hosni Mubarak, for example, “hates Hamas, and considers them the same as Egypt’s own Muslim Brotherhood, which he sees as his own most dangerous political threat,” states one February 2009 memorandum to Secretary of State Hillary Clinton. Another memo, dated July 2008, reports that Mr. Mubarak informed Sen. John Kerry that the Iranians “are big, fat liars and justify their lies because they believe it is for a higher purpose.”

According to this report, Mr. Mubarak views Iran as the primary long-term challenge facing Egypt. Omar Suleiman, Mr. Mubarak’s intelligence chief and right-hand man, told Gen. David Petraeus in July 2009 that Iran is running agents inside Egypt in an effort to subvert the Egyptian regime in collusion with members of the Muslim Brotherhood.

View Full Image

bergman

Associated Press

The latest WikiLeaks documents show that Arab Leaders share Mr. Netanyahu’s concern over Iran.

The tenor of these confidential statements echoes the concerns that Israeli leaders have long raised about Iran. So Mr. Netanyahu and other Israelis are happy to point to the documents as proof that Israel’s existential worries are shared by many of its neighbors. And with Iran perceived as a clear danger both to Israel and to numerous Arab governments, it might be expected that the Arabs and Israel would join forces to confront their common enemy.

A closer look at the documents, however, presents a political reality that is far more complex. WikiLeaks reveals that the enemy of my enemy is not necessarily my friend.

Transcripts of meetings between Gulf Arab leaders and U.S. officials show that while Arab hatred and fear of Iran is considerable, hostility toward Israel is just as great. In addition, because the Palestinian problem has not been solved, open Arab-Israeli cooperation is a nonstarter. The documents do confirm the existence of covert intelligence contacts between Israel and certain Arab states, including Saudi Arabia, but the ties are tenuous and cooperation is strictly ad hoc.

For such ties to have any political impact, they would have to be open—and this is simply not about to happen. Mr. Mubarak may despise Hamas, but he points out to his American interlocutors that he cannot act against Hamas in Gaza for fear of appearing to collaborate with Israel.

Both the Egyptians and the Jordanians state that they fear Iran and would like to see economic sanctions against it until its nuclear project is scrapped. But in the same breath officials from both countries declare that no Arab state could openly join in such sanctions, for fear of being seen as betraying an Islamic nation. Needless to say, no one is willing to come out publicly in support of military action against Iran even by the United States, let alone Israel.

What should concern Israel even more, however, are the contours of American foreign policy that emerge from WikiLeaks. Israeli political leaders act as if they believe that there is a high degree of confluence between Israeli and American strategic goals in the Middle East. Anyone who reads the WikiLeaks documents discovers otherwise.

The United States faces serious difficulties in Iraq, Afghanistan, Pakistan and the Gulf. Israel has very little to offer the U.S. in resolving these problems. By contrast, some of Israel’s adversaries do, notably Saudi Arabia. Not surprisingly, the cables of American representatives in the Arab world reveal a list of priorities in which Israel does not figure highly, if at all.

The bottom line is this: Having a common foe—or even more than one—is not enough to turn long-term enemies into friends. History teaches us that it is impossible to run an effective campaign against rogue states without a wall-to-wall coalition of responsible partners who are aware of their role in preserving the safety of the family of nations. Unless the concerned states of the Middle East drastically change the way they collaborate (with the U.S. acting as mediator), the campaign to stop Iran from getting the bomb will be lost.

Mr. Bergman is a senior military and intelligence analyst for Yedioth Ahronoth, an Israeli daily. He is currently working on a book about the Mossad and the art of assassination.

 

Categories: Uncategorized

Comments: 2 Comments

US says cyberworm aids effort against Iran

December 11, 2010

US says cyberworm aids effort against Iran.

Friday, Dec 10, 2010

The US has acknowledged that the Stuxnet computer worm helped slow Iran’s nuclear programme, and has come close to admitting the existence of a secret international drive to sabotage Tehran’s progress toward the bomb.

Asked about Tehran’s recent admission that Stuxnet has affected its enrichment plant at Natanz, which can produce both nuclear fuel and weapons grade material, Gary Samore, President Barack Obama’s top adviser on the Iranian nuclear file, welcomed the news.

“I’m glad to hear that they are having problems with their centrifuge machines,” he told a conference in Washington, referring to the centrifuges used to enrich uranium. “The US and its allies are trying to do everything that we can to ensure that we complicate matters for them.”

In a further apparent reference to attempts to sabotage Iran’s nuclear programme, Mr Samore added: “Their technical problems go beyond steps that outside countries are taking.” He highlighted Tehran’s dependence on outdated technology and a limited industrial base.

The US maintains it does not know the origin of the Stuxnet virus, which has affected companies across the world though some 60 per cent of cases have been in Iran.

“It’s hard to figure out where all these things are coming from,” William Lynn, deputy defence secretary and the Pentagon’s top official on cybersecurity, told the Financial Times this week.

There has been widespread speculation that Stuxnet was developed in Israel and recent technical analyses have suggested the worm was designed to destroy centrifuges at Natanz by spinning them so fast that they break.

Last month, Mahmoud Ahmadi-Nejad, Iran’s president, said that “a limited number” of centrifuges had been hit by a “software” attack while the UN’s nuclear watchdog noted that the plant temporarily halted enrichment in mid-November.

Without commenting on the origin of Stuxnet, Mr Samore argued it was essential for the US to delay Iran’s programme to “buy time” for diplomacy and ramped up sanctions.

He emphasised Iran’s nuclear programme had made less progress than either the country’s missile programme or a recently revealed North Korean enrichment plant. Indeed, he argued that “one of the most important elements” in the US approach to Pyongyang was now to “ensure that North Korea does not sell or transfer nuclear technology or materials to countries in the Middle East” – precisely because the Stalinist state’s enrichment facilities appeared more advanced than Iran’s.

He added that the US and its allies were looking for more sanctions, since talks with Iranian negotiators in Geneva this week had failed to yield any progress. The next stage of the negotiations is set to take place in Istanbul in January.

“It’s important that we take additional measures,” Mr Samore said. “That’s a way of correcting any impression that the Iranians might have that just talking for the sake of talking is going to in any way get out of them out of the sanctions noose that is tightening around their throats.”

In a report on Stuxnet issued this week, the US Congressional Research Service said: “States appear to possess a motive to develop Stuxnet because, unlike other forms of malware, the worm is not designed to steal information, but rather to target and disrupt control systems and disable operations.”

It said the US, Israel, the UK, Russia, China and France were all thought to have the expertise and motivation to develop the worm, but added: “It is likely the developer did not consider the unintended consequence of the worm becoming widely available and subject to manipulation to make it less identifiable and more potent.”

By Daniel Dombey in Washington

Categories: Uncategorized

Comments: 2 Comments