This article is claiming they've been trying to get rid of a worm for months? Why wouldn't they just format the computers and return to a previously backed up state?
Secondly, if the government needed information on how to solve the problem and didn't want to be detected, wouldn't they just send one or two of their top people to research it and then tell everyone else? How does large traffic from a certain country imply that the government is trying to find out how to defeat the worm?
Stuxnet is harder to get rid of than that because it has a rootkit that targets Siemens PLCs. The Windows PC is simply the vector to get it there. You can reformat and reinstall your Windows PCs all you like, but your SCADA systems will still be infected.
I don't really understand industrial control systems, but it seems like restoring all the code that runs on all of your PLCs from backup would be challenging, especially if your tools to do so are also infected.
You would think they'd be able to get clean versions from Siemens, then zero-fill any writable memory, flash the bios with a clean version, and go from there. I get that their technical expertise isn't great, but it should be too hard to fix. At worst, they should be able to rip everything out, send it back to Siemens, and ask for a clean version in return. Not sure what international regulations might prevent Siemens from doing that, but it doesn't seem to be an insurmountable challenge.
I thought about that too, but I speculate that the clean versions from Siemens wouldn't come from the factory ready to run an Iranian nuke plant -- you'd think that code would all be developed by the engineers who run the plant. All of that code would have to be recompiled from source too, as Stuxnet attaches itself to the PLC binaries.
That's certainly possible, although I don't understand why they would take that approach. The PLCs themselves should be relatively standardized, and any specific software that was created in house should be in an offline backup somewhere. Clearly, they didn't follow best practices, but it shouldn't take a year to start from scratch, assuming you had the basics on file.
I believe <i>somebody</i> just blew up one or two of their "top people". The article seems to indicate the scientist who was killed was in charge of the Stuxnet recovery.
Also, I'd bet fixing the whole plant's industrial control systems isn't as simple as restoring from a backup. I imagine there can be a lot of complexities such as the backup systems being infected, having to write custom tools to detect and prevent future infections, etc.
Also, I'm curious, what are people's thoughts on the worm's authors? Is it generally accepted to be Israeli-made, or are there some doubts about that? I remembered reading something about a reference to Israeli in the code from some anti-virus folks, not sure if that is actually true though. And I don't personally think that the CIA / U.S. military is innovative or clever enough to pull this off, but obviously that's just my opinion. Are there any other candidates?
The CIA / U.S. military have been involved with electronic warfare for a long time. I would disagree and say they're at least as innovative and perfectly capable of carrying out something like this. If it was a US operation though, I would probably add the NSA to the mix as well, since they likely would have had involvement at some point in the process. In either scenario though, it would likely involve contractors of some sort, if only for the specialized Siemens knowledge that would be required.
Likely a joint project, offered in return for one of the Israeli settlement freezes of the last few years. The motorcycle bombings were clearly Mossad, but the technical expertise, specifically the specs needed on the Siemens products, would probably have come from the US.
I think the US is plenty capable of pulling this type of thing off. They've done something somewhat similar a long while back... well, allegedly anyways.
Although the headline is conjecture, the article mostly quotes experts in the field, so I would hardly say that it has zero substance. The main point is that highly technical websites and mailing lists that deal with the hardware and software involved have seen an influx of Iranian visitors, which might imply that there is an ongoing effort to contain the damage.
Indeed, all conjecture, zero substance. Once more: don't expect serious journalism from Fox News. Nevertheless, I can quite easily believe Teheran lacks the technical knowhow to defend themselves. And given the large number of involved parties (we were talking Siemens hardware), a clean room approach won't work either.
i.e. speculative conjecture, and a generalisation based on cultural assumptions: I can quite easily believe Teheran lacks the technical knowhow to defend themselves.
(plus Teheran is a city and a region, not a nation state - it would have made more sense to talk about Iran)
EDIT; I surrender, I saw the Fox logo, it's now very clear -> 'fair and balanced' ;)
Sorry, I didn't realise. Previously, I'd only heard this kind of reference made in 1950s war films.
Perhaps I'm wrong, I but I think it's foolish to dismiss a country's capabilities without firm evidence. Much of the news media picks up on vague themes, and often makes assumptions based on its own country's perceived superiority. In my opinion, there's no good reason to duplicate their error.
Secondly, if the government needed information on how to solve the problem and didn't want to be detected, wouldn't they just send one or two of their top people to research it and then tell everyone else? How does large traffic from a certain country imply that the government is trying to find out how to defeat the worm?
Very strange article. Almost surreal.