Stuxnet, Siemens and cyber-war with Iran

For several days makes "Stuxnet" headlines again: The computer worm had made in the previous year for guesswork. First, it was speculated that he was directed exclusively against Iran's nuclear facilities, it was feared, the problem could draw much wider circles.

Reason: Worldwide countless industrial plants (., Eg nuclear reprocessing plants, power plants generally, automotive industry, industrial manufacturing plants) are equipped with a special control system from Siemens, which runs on the Windows operating system. The evil computer "dragon" is to manipulate able, control and production processes, but at the same time to provide a false-positive feedback that everything was fine, when in reality such. Example, the centrifuge of a nuclear reprocessing plant just hot ran. Moreover, Stuxnet could go unnoticed steal data and information.

In November last year, tens of thousands of infections were already known. About the authorship of the virus was only rumored. Already on 24.9.2010 the platform had News reported : "Stuxnet was the 'Supervisory Control and Data Acquisition (SCADA) system' of Siemens, which is used widely for the management of water supplies, oil rigs, power plants and other industrial plants tailored. [...] Once Stuxnet has entered into a computer system, it searches for any of the three Siemens SCADA controllers [programmable logic controller] (PLCs) that manage functions such as controlling the turbine speed [...] if there was a hit, took over Stuxnet automatically control the PLC and hid all changes to the workers who manage the system or work with. "

Since September last year, always as the Hamburg security expert argued Ralph Langner talk with his analysis of the worm attack by itself. reported about on 22.9.2010: "The worm infects the computer with the Siemens WinCC Scada software, was established in July discovered. It can be used to remotely control industrial plants. He enters through four vulnerabilities in Windows that Microsoft has been closed two - one in the Windows Shell and a Druckerwarteschlangendienst.Bei in his analysis Langner relies among other things on a screen of a computer in the Bushehr plant, the Siemens executing application. 'With the knowledge we have now, it is obvious and provable that there is a direct sabotage attack with a lot of insider knowledge at Stuxnet', Langner writes on his company's website. The attack is based on a combination of multiple zero-day vulnerabilities and stolen certificates. 'This was created by a highly qualified team of experts who must have special experience with control systems. This is not a hacker sitting in the basement of his parents 'home.' In his view, the resources required for such an attack suggest that the initiator is a nation-state. "

In any case, an astonishing knowledge due to a photo of a Bushehr screen! here made ​​of the Langner photo.

What Siemens said now about all this?
Siemens AG (Berlin and Munich) is a "global powerhouse in electronics and electrical engineering," Fields of the Group are industry, energy and healthcare sectors. "Siemens has stood for over 160 years for technical achievements, innovation, quality, reliability and internationality. The company is the world's largest provider of environmental technologies. With approximately € 28 billion more than a third of its total revenue from green products and solutions. Overall, Siemens achieved in the previous fiscal year, which ended on September 30, 2010, a turnover of 76 billion euros and a net profit of 4.1 billion euros. Late September 2010, Siemens had around 405,000 employees worldwide. "

The global group is committed to the standardization of automation processes and maintains z. B. with its PLM (Product Lifecycle Management =) a huge IT platform and database for its customers in the "automotive, electrical and consumer goods industry and in the aerospace and mechanical engineering. "Over 53,000 engineers in 50 locations were as a data management platform linked together around the world." Technologically the market in many segments is influenced by the convergence of the lifecycle, manufacturing and corporate IT. The previous islands of product development, production and service software are increasingly changing to an integrated system landscape "(This is meant only as an example of corporate policy -. Said software otherwise has nothing to do with the one from the attack of the Stuxnet is concerned).

Under "IT-Security" says Siemens overlooking the areas where the virus SIMATIC PCS 7 controller:
"By networking with other business areas of process plants today are directly or indirectly connected to the Internet and thus exposed to the threat of cyber crime."

The trend to work in networks is felt in many areas, not only at Siemens; He also meets Peter Löscher call for stronger internationalization. Siemens CEO had complained , the group was "too German, too white, too male."

However, the work with strong standardization in networks, integrated system environments and international integration on the other hand also an ideal prerequisite for virus attacks and cyber Wars. In the said context it is, however, to ask certainly futile, if not possibly more security could be achieved through decentralization and stronger hierarchical instead of networked software structures - at national and company level.

Anyway, Siemens has already reacted to Stuxnet and provides help against malware that is available. Siemens also confirms that the virus is spread via networks - or when an infected USB flash drive is used.

Now a worm-extension was currently after having proudly acknowledged paternity for the malignant computer Würmeling in Israel. (Strictly speaking, of course, no proof yet). The New York Times (NYT) reported on 16.1.2011 but also U.S. involvement in Stuxnet's creation.

The Story of the NYT goes like this: the beginning of 2008 have Siemens cooperated with one of the leading U.S. laboratory in Idaho, to identify vulnerabilities in computer controllers that the company sells industrial equipment worldwide. American intelligence agencies have identified it as a key equipment for Iran's uranium-enrichment facilities. (The latter was certainly not too difficult, since the controller work with a very common programmable logic controller (PLC = Programmable Logic Controller), which virtually anything can be made to work and produce.

The NYT continues: "Siemens says that program was part of routine efforts to secure its products against cyberattacks. Nonetheless, it gave the Idaho National Laboratory - which is part of the Department of Energy and responsible for America's nuclear arms - the chance to find out the well-hidden holes in the Siemens systems that were exploited the next year by Stuxnet. "

Siemens himself confirmed on his home page security cooperation with the American laboratory, but the company also mentions another department (for Advanced Energy Systems) of Rutgers University as third in the league.

The Austrian " press "(17.1.2011) makes Siemens case for" involuntary helpers "of malware-Coups:

"Siemens involuntary helpers? - Siemens had allegedly cooperated with the U.S. Department of Energy for a program to protect against cyber attacks. Of discovered vulnerabilities have you used for the construction of the worm. "

The website of the Idaho National Laboratory announced also that Siemens had granted access to its control system.

Stop! If you want to call there. Such a thing would never make the Americans. After connecting Germany and the United States, the Western community of values, the transatlantic solidarity, democracy. U.S. Department would never do anything yet so Schavan or Mr. Brüderle! Nevertheless, this version would be possible, but at the same time one must also keep in mind that they may be u verbeitet only for disinformation..

For however one reads about a Siemens safety engineer that he was in Idaho during the relevant period, and that a few more U.S. authorities (eg. example, the Department of Homeland Security) were involved, the data are obviously of him themselves set.

Siemens has actually demonstrated vulnerabilities that then u. U. could be used in this area?

This is denied by the security engineer with respect to the author:

"We have taken many years to great lengths to avoid even such sophisticated attacks like a STUXNET at our customers' facilities. Since most systems are not operated by Siemens and only a part of Siemens itself is built, it is up to the owner and operator of the plant, the plant building as recommended by us and operated - we as manufacturers can help here though.

Who especially the base white paper left by reading attentively, whose attention should really be on the responsible management of those risks are directed, which may not be technically intercepted z. B. the use of portable storage devices such as USB drives that simply do not unattended will or even may come from untrusted sources - see the main means of STUXNET.

In the summer of 2008, a test facility was constructed in Idaho, whose security is based on the recommendations of the white paper and should be checked and confirmed by the Security Researcher of the INL [Idaho National Laboratory]. The vulnerabilities found here have been fixed in order of priority by the relevant development departments. None of the vulnerabilities corresponded exactly to the procedure of STUXNET.

So far there is actually no relationship between STUXNET and use my 2008 in Idaho, except that it comes to the safety of industrial plants in both cases. "

Whether the mentioned Idaho cooperation the only access to the Siemens control system was or is? Apart from the fact that Peter Löscher likes to drink tea with Shimon Perez : Siemens as an international "global players" naturally also a branch in Israel . Under "Siemens in Israel" states:

"Siemens Israel Ltd. was founded in 2000 and is a subcontractor of the German giant Siemens AG. Its headquarters is located in Rosh Ha'ayin, the company offers Siemens' solutions and services in Israel. Almost 85 years long Siemens already operates in Israel and was helpful in providing many important infrastructure in the energy, industry and healthcare. The company has over 900 employees in Israel. "

However, this is not the only Siemens direct cooperation with the Middle Eastern state. Annette Schavan (and predecessors) by the Federal Ministry for Education and Research, it has long been an important concern to connect, German and Israeli research.

So Siemens is cooperating directly with the Israeli Technion University in Haifa (a collaboration cultivate other companies, such. B. Bayer, Carl Zeiss, Bosch). Also, "in the context of the Minerva Research Centers funded by the Minerva Foundation of the Max Planck Society, the cooperation between German and Israeli scientists and researchers is promoted in various research areas. In some Minerva Centers the Technion research under its own line; other centers will be conducted in cooperation with Israeli universities, "the ministry said.

Will say: opportunities to learn about vulnerabilities in the Siemens controllers there were may not only in Idaho, but simply in Israel itself ... Anyway, seems the acquired to have been knowledge directly into practice and indeed in the Negev Desert. .

The aforementioned NYT article knows: "The Dimona complex in the Negev, the heavily guarded heart of Israel never added nuclear weapons program, became a dangerous testing ground in a joint American-Israeli effort to undermine Iran's efforts, even a bomb making. Behind the barbed wire of Dimona, according to the experts, let Israel run centrifuges which were actually identical in Natanz in Iran, where Iranian scientists are struggling to enrich uranium. They said Dimona have tested the efficiency of the computer worm, try a critical step to its effectiveness. "

In fact, Dimona should theoretically be good for some surprises. However, never a UN inspector of the International Atomic Energy Agency would probably get lost there because it could be life-threatening probably want to inspect something. You will recall, as the Israeli Dimona technician Mordechai Vanunu was issued in 1986. He wanted to make the world aware that Israel had become a nuclear power and contacted in the London "Daily Mail". Their owners Maxwell led the photographic evidence immediately after Israel further. Vanunu was subsequently captured in Rome with the help of an attractive agent, kidnapped by Israel and braised there until 2004 (!) As secret traitor in prison. Since re-arrests, dismissals and short house arrest alternate until today Vanunu from, although he was only a simple maintenance worker and never had deeper technical insight.

About the paternity of the worm said article continues: "It is still controversial, but officials from Israel responded with a wide grin when asked whether Israel put or knew who was behind the attack. Various dark hints that are hidden deep in his [the worm] code suggest a possible Israeli origin - or an attempt to deceive the examiner. "

Hidden clues in the bowels of the Stuxnets, obscure codes in Wurmkot? In fact, the aforementioned computer security consultant Ralf Langner had operated in September last year, not only as a worm specialist, but also as solid bible exegete.

The NYT on 09/30/2010 : "There are many reasons to believe that Israel has to do with Stuxnet. The secret services are the largest single department in the military and the military unit that takes care of signals, electronics and computer network security, known as unit 8200, is within the secret service the largest group. "Investigators had repeatedly in malware analysis a phrase called" Myrtus "found. That led them to believe that perhaps the project could be called that. "Mr. Langner it, the first noted that Myrtus is an allusion to the Hebrew word for Esther [Hadassah] was. The Book of Esther tells the story of a Persian plot against the Jews, who attacked their enemies preemptively. 'If you read the Bible, you can even advise', Lagner said in a telephone interview from Germany on Wednesday. "Langner was also of the view that the Stuxnet worm could have been introduced from Russian suppliers.

This all sounds a little to crochet with snow yet. The Israeli newspaper Haaretz was in any case very concrete on 17/01/11 : "Israel has already attacked Iran".

We must, therefore, at this point probably once again thank all breathe! Although unfortunately only until 2015, because Meir Dagan, the recently retired, beefy Mossad intelligence chief should, according to Haaretz, the main responsible have been for the sabotage work, he "is proud to announce that Iran's ability to develop nuclear weapons, has been thwarted and before 2015 will not be known again. "Even Israel's minister of strategic affairs, Moshe Yaalon, joined the and said loudly," The Press "(see above) in December that Iran was" because of technological difficulties' still years away from producing from nuclear weapons'. "

Should our politicians so molest again with Kriegsrethorik on Iran before 2015, we may justifiably Meir Dagan and Moshe Yaalon as our chief witnesses cite the fact that we now have only one entitled to a break!

We thought, because again we hear warnings , this time from a different direction: Russian scientists working in Iran, the Kremlin warned of a possible nuclear explosion à la Chernobyl in Buscher. The Iranians did everything they could to bring the plant up and running despite Stuxnet. You have a deadline set late last year, otherwise they feared a great loss of prestige for the country.

This allegedly was done in Iran a real harm, is remarkable. Even in Germany 14 sites were infected. Siemens spokesman Wieland Siemon told ZDNet that it concerns processing companies in the first place. "In any case we have any damage registered. ' So-called critical infrastructures such as power plants would not be affected. "Microsoft itself had responded quickly and provided a security patch for the exploited by the worm code gap. Siemens also provides technical support for themselves (see above).

So everything is not so bad? Why Stuxnet targeted in Germany hardly damage while allegedly throws back to Iran in uranium enrichment for years? To install a fix that should not be a problem for Iranian technician. Or was it with Stuxnet there as when growing GM crops? Is the pollen once in flight, it can not be retrieved ...

(Note: All emphasis, brackets and translations from English were worried by the author).

- Advertisement -

Share this post with others: These icons link to social bookmarking sites where readers can share and discover new web with others.
  • Facebook
  • Technorati
  • MySpace
  • LinkedIn
  • Webnews
  • Wikio DE

Tags: , , , , ,

3 Responses to "Stuxnet, Siemens and cyber-war with Iran"

  1. Inventory of specialty 01.20.11 - to read linked recommendations "Blackbird idea Plus = Community says:

    [...] First of all I would like to recommend the article by Friederike Beck ... Stuxnet, Siemens and cyber war against Iran ... he has a lot of information for the average consumer [...]

  2. Googlehupf says:

    Perhaps both the Iranian "nuclear threat" as their "defusing" propaganda chimeras.

    It is also interesting that the German think tank CEO Volker Perthes has recommended the United States such sabotage:

  3. Iran, Russia and China making? | Happy New 1984 says:

    [...] Have even one. The virus Stuxnet was specifically designed for Siemens controllers and it is rumored, the virus had been used by an unknown size against Iran (Siemens enrichment plants). Other wars are currently not sooo date and [...]

Leave a Reply