An expert in information warfare and network intelligence, cools the headlines: "The Iranian worm was discovered already five months ago and damaged the systems of other countries before it damaged Iran"
"The Stuxnet computer worm that was discovered in the Iranian reactor in Bushehr is a hostile code that has been known to the information security expert community for 5 months. The worm hit computers all over the world, including in the US, India, France, Cuba, Pakistan, Russia and Belarus, but only when it hit computers in Iran did the media echo about it," says Shay Blitzblau, CEO of Magellan Information Protection Technologies, an expert in information warfare and intelligence International network.
According to Blitzblau: "Until July 19, 2010, both the American Cyber Warfare Agency and Microsoft published reports on the subject and explanations on how to deal with the hostile code. At the beginning of August 2010, thousands of computers in the world were already infected. Since the hostile code is relevant to industrial controllers, most of the entities infected were national infrastructures or local essential infrastructures. The rate of infection was no different from the rate of viruses and other network worms we know."
Blitzblau rejects the claim that it is necessarily international organizations for information warfare that developed the worm and says, "a technical analysis of the Stuxnet code by Magellan experts shows that it is a well-planned hostile code with sophisticated functions, but at the same time it lacks so many elements that it is doubtful that the author acted from a method and in-depth techno-intelligence worldviews. The code lacks many network-intelligence embedding components, of which only a few can be mentioned due to information security issues: the communication of the code is based on a standard communication protocol that is not encrypted, there are no traffic hiding components and the backdoor embedding is simple. The code is signed with a fake digital signature, a procedure that is not trivial to perform but has certainly been known for several years and was presented at many hacker conferences. In order to write the code, three simple and readily available means are required: Siemens software and an industrial controller that can be bought on ebay and in almost any computer lab, familiarity with SCADA systems and knowledge of SQL.
So how did the media spin around the worm come about? According to Blitzblau, "on September 13, a researcher named Ralph Langer from a small company from Hamburg published news updates and estimates that a country was behind the planting of the worm in Iran. A few days later, Langer presented his analysis of the worm at a large conference in Washington, and hence the story about the worm sent by countries to damage a reactor in Iran gained incredible momentum and appeared in the media around the world."
"There is no doubt that before us is a clever hostile code, but information security experts all over the world are raising an eyebrow in the face of the technical 'miracle' that has been discussed and known to everyone for months, and in particular in the face of the late arson that is making waves all over the world to which stories of imaginary fabrics are linked," concludes Blitzblau.
13 תגובות
http://www.nytimes.com/2011/01/16/world/middleeast/16stuxnet.html?_r=1&emc=eta1
http://www.foxnews.com/scitech/2010/11/26/secret-agent-crippled-irans-nuclear-ambitions/
Yes, read the Symantec report and decide who to believe. Because if Cinematec are right, the gentleman upstairs doesn't understand anything about his life.
And for those who don't understand the response above, his site was not only hacked, but the hacker gained administrator (ROOT) access to the server...
What an expert. I just tried to go to Magellan's website and I got the following caption
Server got rooted by Albanian Hacking Crew
X-n3t – **RoAd_KiLlEr** – TheDenny` – EaglE EyE – The_1nv1s1bl3
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)
Special greetz : ..::arSh::.. & TheKabuS (my dear friends
I read the analysis by Symantec and there, contrary to the opinion of the expert in the article above, it says:
W32.Stuxnet has gained a lot of attention from researchers and media recently. There is a good reason for this. Stuxnet is one of the most complex threats we have analyzed
As someone who works with programmable industrial controllers (PLC), I have never before come across a worm that tries to "handle" such industrial controllers.
Two other interesting things that caught my attention are:
1. The highest infection rates after Iran are Indonesia, India, Azerbaijan, Pakistan and Malaysia. (p. 6 in the report) In my opinion, this is the smoking gun of the organizations and industries that support Iran and that work closely with it. This is what my grandfather said, if you go to bed with dogs, don't be surprised if you wake up with fleas...
2. Another interesting thing is that the worm checks if the date of 24/06/2012 has passed. If so, the computer is not glued (p. 14 of the report). Does anyone have a guess as to why?
For the theory...:
What do you think about a nice and innocent worm that is put to sleep by order in all kinds of places in the world, and in one country its mutation develops at an amazing rate and penetrates every senior computer and generates names in it?....
Read the Symantec blog. They go down there in amazing detail about the worm.
Here is a link to their summary. Just read the executive summary 🙂
http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_stuxnet_dossier.pdf
Yes yes, we are only irritating the dwarf, and he says to himself "wait wait" (and we have something to watch out for and what to expect)
Also, Koko, the man owns a security company, which advises organizations all over the world. What are you doing about it?
Koko, there is a difference between 'the virus was introduced into Iran...' and between 'the virus also penetrated into Iran but also into many other countries...'
The argument of the author of the article is very simple. The destruction did not specifically target Iran, and secondly, it is not so sophisticated, so it could have been written by Hecker and not necessarily by Medina.
This is not a paid article.
Oh and how did I forget
Link to the website at the end of the article
What a beautiful advertisement
It takes away from the credibility of a site if it publishes news that is funded by interested parties with financial interests
It should be noted that this is a self-proclaimed expert and if the worm is six months old or 10 years old (what if 6 months is new) but it doesn't matter
What does matter is that a virus was introduced into sensitive systems in Iran
What does matter is that it is a virus that attacks miners' management systems
What does matter is that he infected a lot of important computers in Iran