The Glade 4.0

"Turn the lights down, the party just got wilder."
It is currently Sun Nov 24, 2024 6:45 am

All times are UTC - 6 hours [ DST ]




Post new topic Reply to topic  [ 54 posts ]  Go to page Previous  1, 2, 3  Next
Author Message
 Post subject:
PostPosted: Wed Oct 27, 2010 8:50 am 
Offline

Joined: Fri Sep 04, 2009 10:27 am
Posts: 2169
Thanks Taskiss, good read.


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Wed Oct 27, 2010 11:26 am 
Offline
Lean, Mean, Googling Machine
User avatar

Joined: Thu Sep 03, 2009 9:35 am
Posts: 2903
Location: Maze of twisty little passages, all alike
The basic Uranium enrinchment process goes like this:

1) Uranium yellow cake (U3O8) goes through several chemical process to convert it into Uranium Hexafluoride (UF6).

2) UF6 has an interesting phase diagram -- it has a triple-point at roughly 64 C, and 1.5 atm (22 psi). So you don't have to heat it up very much to make it sublime into a gas. You can then feed it into a cascade arrangement of gas centrifuges.

3) The gas centrifuges take advantage of the fact that there's only a single natural isotope of Fluorine on earth, and therefore that the UF6 molecules will vary in molecular weight based only on the isotope of Uranium they contain. Through centrifugal action and a slight thermal gradient, they can separate the UF6 that contains U-235 from that containing U-238.

The problem with MoF6 is that it's denser than UF6 and therefore has a slightly different phase diagram. At the operating temperature/pressure of the gas centrifuges, MoF6 will condense into a liquid, which the gas centrifuges aren't equipped to handle. Moreover, because of the cascade arrangement, one centrifuge failing can spew unexpected matter into downstream centrifuges, causing them to fail, etc.

I don't know whether the blogger was being literal when he said it "destroyed" their centrifuges, but it's certainly possible. The gas centrifuges used in Uranium enrichment are vacuum sealed and operate at 500-600 m/s, depending on your metallurgical skill (i.e. nearly Mach-2). Higher operating speeds are more energy efficient and, more importantly (if I'm not mistaken), also result in a higher yield of U-235. If Iran is already pushing the limits of their metallurgy* to maintain higher speeds, then it might be possible that injecting too much dense matter (i.e. MoF6) could over-stress the centrifuges and make them literally tear themselves apart.

Is this the work of Stuxnet as the blogger speculates? Eh...I don't know. Iran claims to have been producing their own UF6 since back in, like, 2005. But it's a dubious claim, and it seems more likely that they were just buying UF6 from Pakistan. In reality, they were probably hung up at the UF4 stage until relatively recently. But if I understand the process correctly (and maybe I don't), Mo and other impurities arise in the U3O8 -> ... -> UF4 process, which Iran probably has been playing around with since 2005-2006-ish. In which case, the MoF6 problems probably aren't the work of Stuxnet, at least not exclusively. Any way you turn it, though, I doubt it's helped.

* Edit: and by "their" metallurgy, I probably mean Pakistan. No one can prove it, but Iran's centrifuge design is suspiciously similar to Pakistan's. You can thank this guy for that.

_________________
Sail forth! steer for the deep waters only!
Reckless, O soul, exploring, I with thee, and thou with me;
For we are bound where mariner has not yet dared to go,
And we will risk the ship, ourselves and all.


Top
 Profile  
Reply with quote  
 Post subject: Re: Cyber Warfare
PostPosted: Wed Oct 27, 2010 11:50 am 
Offline
Commence Primary Ignition
User avatar

Joined: Thu Sep 03, 2009 9:59 am
Posts: 15740
Location: Combat Information Center
What of the possibility that Iran is simply blaming Stuxnet to hide its own failure to make the process work right?

_________________
"Hysterical children shrieking about right-wing anything need to go sit in the corner and be quiet while the adults are talking."


Top
 Profile  
Reply with quote  
 Post subject: Re: Cyber Warfare
PostPosted: Wed Oct 27, 2010 11:52 am 
Offline
The Dancing Cat
User avatar

Joined: Wed Nov 04, 2009 2:21 pm
Posts: 9354
Location: Ohio
Diamondeye wrote:
What of the possibility that Iran is simply blaming Stuxnet to hide its own failure to make the process work right?

Surely you'd never accuse IRAN of propaganda!

_________________
Quote:
In comic strips the person on the left always speaks first. - George Carlin


Top
 Profile  
Reply with quote  
 Post subject: Re: Cyber Warfare
PostPosted: Wed Oct 27, 2010 12:04 pm 
Offline
Commence Primary Ignition
User avatar

Joined: Thu Sep 03, 2009 9:59 am
Posts: 15740
Location: Combat Information Center
Hopwin wrote:
Diamondeye wrote:
What of the possibility that Iran is simply blaming Stuxnet to hide its own failure to make the process work right?

Surely you'd never accuse IRAN of propaganda!


Of course not!

I merely suggest that it is a possibility. I make no claims of likelyhood either. I am sure, however, that such a course of action would occur to Iranian counterintelligence organs if they are experiencing problems making the process work.

_________________
"Hysterical children shrieking about right-wing anything need to go sit in the corner and be quiet while the adults are talking."


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Wed Oct 27, 2010 12:12 pm 
Offline

Joined: Sat Oct 24, 2009 5:44 pm
Posts: 2315
Has Iran even been complaining about Stuxnet sabotaging their processes? I thought the official line was that the virus hadn't done anything.

If this is Israel's work, I'm honestly very surprised that even they would risk this. Imagine if this virus got into something in Europe or the US and caused a major nuclear accident.


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Wed Oct 27, 2010 12:44 pm 
Offline
Manchurian Mod
User avatar

Joined: Fri Sep 04, 2009 9:40 am
Posts: 5866
My understanding is that Stuxnet is a very refined virus with clear parameters it looks for before actually attacking a system.

_________________
Buckle your pants or they might fall down.


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Wed Oct 27, 2010 4:32 pm 
Offline
Lean, Mean, Googling Machine
User avatar

Joined: Thu Sep 03, 2009 9:35 am
Posts: 2903
Location: Maze of twisty little passages, all alike
Yeah, that's what makes it interesting. Stuxnet is ... "well-behaved" for a rootkit unless you happen to be its target. It's infected a lot of systems, but there hasn't been any direct damage done because it doesn't really do anything other than spread itself around if your PLCs don't match its target.

As for Iran's official line, I'm not sure. I don't think they've said anything about it one way or the other.

_________________
Sail forth! steer for the deep waters only!
Reckless, O soul, exploring, I with thee, and thou with me;
For we are bound where mariner has not yet dared to go,
And we will risk the ship, ourselves and all.


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Wed Oct 27, 2010 6:51 pm 
Offline
User avatar

Joined: Thu Sep 03, 2009 3:08 am
Posts: 6465
Location: The Lab
Stuxnet isn't completely understood, but one of the common beliefs is, that is has a specific target in mind, and that it will only attack that one target (it may already have done it).

To me, what is really scary is the potential of something as robust as stuxnet to be applied maliciously to attack other targets, or worse, any target.


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Wed Oct 27, 2010 9:01 pm 
Offline
Peanut Gallery
User avatar

Joined: Thu Nov 26, 2009 9:40 pm
Posts: 2289
Location: Bat Country
Something that our own .mil doesn't seem to understand is, that if we relied less on the newest technology and still did more things old-school, we'd be much less vulnerable to "cybar waugh." Some people insist on always installing the newest sexiest gadget though, regardless if it makes sense or is good for the amount of money you spend supporting it.

_________________
"...the line dividing good and evil cuts through the heart of every human being. And who is willing to destroy a piece of his own heart?" -Aleksandr Solzhenitsyn


Top
 Profile  
Reply with quote  
 Post subject: Re:
PostPosted: Wed Oct 27, 2010 9:41 pm 
Offline
Commence Primary Ignition
User avatar

Joined: Thu Sep 03, 2009 9:59 am
Posts: 15740
Location: Combat Information Center
Wwen wrote:
Something that our own .mil doesn't seem to understand is, that if we relied less on the newest technology and still did more things old-school, we'd be much less vulnerable to "cybar waugh." Some people insist on always installing the newest sexiest gadget though, regardless if it makes sense or is good for the amount of money you spend supporting it.


It doesn't even have to be a gadget, even basic websites are like that. Army Knowledge Online is a **** mess.

_________________
"Hysterical children shrieking about right-wing anything need to go sit in the corner and be quiet while the adults are talking."


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Fri Oct 29, 2010 9:19 am 
Offline

Joined: Fri Sep 04, 2009 10:27 am
Posts: 2169
Probably not a coincidence that the Iran has just notified the EU it would like to restart talks about its nuclear program.


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Fri Oct 29, 2010 9:27 am 
Offline
Rihannsu Commander

Joined: Thu Sep 03, 2009 9:31 am
Posts: 4709
Location: Cincinnati OH
Stuxnet just seems awfully.... big... to be a computer weapon. For what its looking to do, and the level of sophistication required... think about this, the software would either have to be so massive that it can uniquely identify not only the hardware its connected to but then make a decision as to what would cause the damage.
It would have to mask its functions to the OS, have 'check in with home' capabilities, Seek-and-infect capablities, and drivers to actually manipulate hardware, on top of all this it has to be undetectable to have gone under the radar.

Thats got to be one huge virus....I dont understand how it could go unnoticed by AV programs.


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Fri Oct 29, 2010 9:43 am 
Offline

Joined: Fri Sep 04, 2009 10:27 am
Posts: 2169
Every reason you listed why you don't believe it could be has been addressed in this thread.


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Fri Oct 29, 2010 10:01 am 
Offline
Lean, Mean, Googling Machine
User avatar

Joined: Thu Sep 03, 2009 9:35 am
Posts: 2903
Location: Maze of twisty little passages, all alike
True, but he's not entirely wrong about the size. Stuxnet is a fat virus at about 0.5MB. But that in and of itself doesn't really have any effect on whether it would be detected by AV software. AV programs don't generally discover new viruses. Heuristics are still largely crap at this point. New viruses are still discovered and cataloged mostly by human analysis. There's several ways this can happen: 1) someone can discover the virus running on their system "in the wild" and submit it to an AV company for analysis, or 2) the virus infects one of many "honeynets" set up by the AV companies and other security experts just to see what's out there.

But beyond that, once a virus has kernel-level access, it's all over for anti-virus programs, whether the virus has been discovered or not. Per the wiki article, Stuxnet gets "root" access by using one of four(!) "zero-day" exploits in Windows, in addition to a couple known exploits. A zero-day exploit, if you don't know, is a previously-unknown vulnerability (hence, it's being used on the "0th" day of the developer's response to the bug).

That's interesting because normally you would call that incredible hubris. Virus writers -- assuming that they even discovered that many 0-day vulns at once, wouldn't use them all in one go. They know it's just a matter of time before someone discovers their virus, at which point they've basically just done Microsoft (or whoever) the huge favor of identifying 4 new exploits at all once. Better to ration them out one at a time, switching to a new vulnerability whenever the virus was discovered and the exploit patched.

Still, if you really are just that good that you can feel certain that either 1) your virus won't be detected for a long, long time or 2) even if detected, your virus will resist analysis well enough to keep its exact methods secret (or some combination of the two), then using 4 at once makes a certain sort of evil genius sense. Even though your exploit may be 0-day, that doesn't necessarily mean that it will work on every system it encounters. There are usually some mitigating factors that you can't control for. So having multiple exploits greatly increases the odds of infection. As well, you may not be the only person on earth who knows about your chosen exploit(s). What happens if some other douchebag writes a far less stealthy virus that happens to use the same exploit? The hole gets closed and your virus get shut down without anyone ever knowing about it. But if you already have backup contingencies...

And that's exactly what happened with Stuxnet. If I'm not mistaken, two of its zero-day exploits were discovered and patched before Stuxnet itself was ever discovered. Even if you're a whitehat in the A/V business, you have to have a certain amount of respect for anyone who can pull that gambit off.

_________________
Sail forth! steer for the deep waters only!
Reckless, O soul, exploring, I with thee, and thou with me;
For we are bound where mariner has not yet dared to go,
And we will risk the ship, ourselves and all.


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Fri Oct 29, 2010 12:26 pm 
Offline

Joined: Thu Sep 03, 2009 10:03 am
Posts: 4922
They probably have more future day 0's that are unused.


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Sat Oct 30, 2010 8:40 pm 
Offline
User avatar

Joined: Fri Sep 25, 2009 8:22 pm
Posts: 5716
Stathol - are you government?

For what it's worth, I attended a party very recently with a bunch of NSA folks (everyone around here works for NSA). I brought this up. 1 of 3 NSA employees left immediately. The other 2 did the "I know something cool" dance. They all "knew where it came from". One said "it's not us". He could have meant NSA or the US, I'm guessing he meant NSA. It was about a 1-minute conversation. Everyone is cleared around here and I don't like to push.

Anyway, the implication was that 1) it's classified (which suggests to me that it's government of some sort), and 2) it's not that highly classified if all 3 knew about it.

For what it's worth.


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Sat Oct 30, 2010 8:49 pm 
Offline
User avatar

Joined: Fri Feb 05, 2010 11:59 am
Posts: 3879
Location: 63368
I can neither confirm nor deny...

_________________
In time, this too shall pass.


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Sat Oct 30, 2010 9:15 pm 
Offline
Lean, Mean, Googling Machine
User avatar

Joined: Thu Sep 03, 2009 9:35 am
Posts: 2903
Location: Maze of twisty little passages, all alike
No, I'm not government.

That's interesting, though. Regardless of who "us" refers to, the implication is definitely that Stuxnet was somebody's state project, and if you've read their demeanor right, somebody who isn't hostile to us.

_________________
Sail forth! steer for the deep waters only!
Reckless, O soul, exploring, I with thee, and thou with me;
For we are bound where mariner has not yet dared to go,
And we will risk the ship, ourselves and all.


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Sun Oct 31, 2010 1:10 am 
Offline
adorabalicious
User avatar

Joined: Thu Sep 03, 2009 10:54 am
Posts: 5094
Yeah I am pretty sure I know one of hte mathematicians onthat.

_________________
"...but there exists also in the human heart a depraved taste for equality, which impels the weak to attempt to lower the powerful to their own level and reduces men to prefer equality in slavery to inequality with freedom." - De Tocqueville


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Sun Oct 31, 2010 10:44 am 
Offline
Lean, Mean, Googling Machine
User avatar

Joined: Thu Sep 03, 2009 9:35 am
Posts: 2903
Location: Maze of twisty little passages, all alike
Huh?

_________________
Sail forth! steer for the deep waters only!
Reckless, O soul, exploring, I with thee, and thou with me;
For we are bound where mariner has not yet dared to go,
And we will risk the ship, ourselves and all.


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Mon Nov 15, 2010 1:12 pm 
Offline
User avatar

Joined: Thu Sep 03, 2009 3:08 am
Posts: 6465
Location: The Lab
Minor necro to provide some updates from Symantec (via a 3rd party).

Apparently they've determined more specifics in stuxnets target definition.

http://www.techeye.net/security/symante ... +(Tech+Eye)

techeye.net wrote:
Anti-virus company Symantec has made what it calls a "breakthrough" in finding out what on earth Stuxnet is actually supposed to do.

A Dutch researcher helped to piece the puzzle together, after Symantec launched a call for help on its Security Response Blog early this month. Thanks to help from the land of lax flax laws, Symantec discovered Stuxnet needs specific frequency converter drives manufactured by suppliers Vacon, Finland and Fararo Paya located in Iran's capital Tehran, alongside a S7-300 CPU and a CP-342-4 Profibus communications module.

In an industrial control system, the frequency converter drives control the speed of a motor, such as used in water systems, gas pipelines and so on. A low frequency sets a low motor speed, whereas higher frequencies make things faster.

A frequency converter drive is a power supply that can change the frequency of the output, which controls the speed of a motor. The higher the frequency, the higher the speed of the motor.

Stuxnet basically monitors the system and changes pace, up or down, should the frequency converter drives operate in the range of 807Hz to 1210Hz.
This sabotages an entire process which requires high frequencies, causing major headaches and panic to all engineers involved.

Symantec stated it did not know what on Earth these speeds are required for, but it added it would be unlikely that "a conveyor belt in a retail packaging facility" is the target.

The security company did however say "efficient low-harmonic frequency converter drives that output over 600Hz are regulated for export in the United States by the Nuclear Regulatory Commission as they can be used for uranium enrichment".

As Iran has been hit by Stuxnet, it has been speculated Stuxnet was designed to sabotage the country's nuclear program. Iran has been blaming Israel and the USA for spreading Stuxnet, whereas other people believe China coded it to bang up India.

Symantec's full and updated paper on Stuxnet can be found here. Link to Symantec Stuxnet Dossier (PDF)

Read more: http://www.techeye.net/security/symante ... z15NKTVMxU


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Mon Nov 15, 2010 2:36 pm 
Offline
Lean, Mean, Googling Machine
User avatar

Joined: Thu Sep 03, 2009 9:35 am
Posts: 2903
Location: Maze of twisty little passages, all alike
Holy ****. That's incredible.

_________________
Sail forth! steer for the deep waters only!
Reckless, O soul, exploring, I with thee, and thou with me;
For we are bound where mariner has not yet dared to go,
And we will risk the ship, ourselves and all.


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Mon Nov 15, 2010 2:48 pm 
Offline
User avatar

Joined: Tue Sep 08, 2009 9:36 am
Posts: 4320
Both very nifty and pretty scary at the same time.


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Mon Nov 15, 2010 2:52 pm 
Offline
Rihannsu Commander

Joined: Thu Sep 03, 2009 9:31 am
Posts: 4709
Location: Cincinnati OH
actually tying to the freqency of the power supply is on one hand clever. It certainly wouldn't have occured to me that that would be a valid way of uniquely identifying the target.

That said, that makes StuxNet's wider practicallity somewhat less, unless there are other ways to uniquely target hardware. Heck, I sometimes can't find drivers for some hardware when I have the physical card in front of me. Most equipement doesn't have a unique power signature like a high energy centrifuge (and turning up the frequency can't do as much damage as it can to a centrifuge)


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 54 posts ]  Go to page Previous  1, 2, 3  Next

All times are UTC - 6 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 327 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group