惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

WordPress大学
WordPress大学
O
OpenAI News
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
博客园 - 三生石上(FineUI控件)
Webroot Blog
Webroot Blog
GbyAI
GbyAI
S
SegmentFault 最新的问题
Cyberwarzone
Cyberwarzone
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
J
Java Code Geeks
Google DeepMind News
Google DeepMind News
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
博客园 - 【当耐特】
S
Secure Thoughts
酷 壳 – CoolShell
酷 壳 – CoolShell
AWS News Blog
AWS News Blog
Engineering at Meta
Engineering at Meta
S
Security Affairs
H
Help Net Security
Microsoft Security Blog
Microsoft Security Blog
D
DataBreaches.Net
云风的 BLOG
云风的 BLOG
Hugging Face - Blog
Hugging Face - Blog
Google DeepMind News
Google DeepMind News
Spread Privacy
Spread Privacy
T
Threatpost
Forbes - Security
Forbes - Security
C
Cisco Blogs
Scott Helme
Scott Helme
Attack and Defense Labs
Attack and Defense Labs
Simon Willison's Weblog
Simon Willison's Weblog
腾讯CDC
The Last Watchdog
The Last Watchdog
Cloudbric
Cloudbric
Last Week in AI
Last Week in AI
Recorded Future
Recorded Future
小众软件
小众软件
V
Vulnerabilities – Threatpost
美团技术团队
人人都是产品经理
人人都是产品经理
有赞技术团队
有赞技术团队
Apple Machine Learning Research
Apple Machine Learning Research
Hacker News - Newest:
Hacker News - Newest: "LLM"
I
Intezer
月光博客
月光博客
C
Cyber Attacks, Cyber Crime and Cyber Security
博客园 - 司徒正美
C
Cybersecurity and Infrastructure Security Agency CISA
Martin Fowler
Martin Fowler
博客园 - 聂微东

stuxnet Archives - Security Affairs

Fast16: Pre-Stuxnet malware that targeted precision engineering software Iran hit by a more aggressive and sophisticated Stuxnet version Dragonfly 2.0: the sophisticated attack group is back with destructive purposes Microsoft Attempts To Fix Stuxnet For The Third Time The Stuxnet vulnerability is still one of the most exploited flaws in the wild by hackers The alleged link between the Shadow Brokers data leak and the Stuxnet cyber weapon Malware posing as Siemens PLC application is targeting ICS worldwide SCADA Sssh! Don’t Talk, Filter it Shocking, a German nuclear plant suffered a disruptive cyber attack A malware was found in Iran petrochemical complexes, but it’s not linked to recent incidents
The role of a secret Dutch mole in the US-Israeli Stuxnet attack on Iran
Pierluigi Paganini · 2019-09-03 · via stuxnet Archives - Security Affairs

Pierluigi Paganini September 02, 2019

Journalists revealed the role of a mole recruited by the Dutch intelligence in the US-Israeli Stuxnet attack on the Natanz plant in Iran.

The story of the Stuxnet attack is still one of the most intriguing case of modern information warfare. The virus was developed by the US and Israel to interfere with the nuclear enrichment program conducted by Iran in the plant of Natanz.

Stuxnet

Stuxnet is a malicious computer worm developed to target SCADA systems that was first uncovered in 2010, but researchers believe its development begun at least 2005. 

Stuxnet has been designed to hit centrifuges used in the uranium enrichment process in nuclear plants of the country.

The unanswered question is, how did the U.S. and Israel get Stuxnet onto the highly secured Natanz plant?

For years, experts speculated the involvement of a spy that infiltrated the Iranian plant and installed the malware. Now, journalists Kim Zetter and Huib Modderkolk revealed that Stuxnet was dropped by a mole recruited by Dutch intelligence agents at the behest of the CIA and the Mossad, according to sources who spoke with Yahoo News.

The Dutch intelligence agency AIVD received critical data on the plant by an Iranian engineer that it recruited. That mole physically spread the malware inside the plant using a USB flash drive.

“An Iranian engineer recruited by the Dutch intelligence agency AIVD provided critical data that helped the U.S. developers target their code to the systems at Natanz, according to four intelligence sources. That mole then provided much-needed inside access when it came time to slip Stuxnet onto those systems using a USB flash drive.” wrote the journalists.

In 2004, CIA and Mossad requested help to the the Dutch intelligence to get access to the plant, only in 2007 the mole, who posed as a mechanic working for a front company doing work at Natanz, dropped the virus into the target systems.

“[T]he Dutch mole was the most important way of getting the virus into Natanz,” one of the sources told Yahoo.

The development of the deadly cyber weapon started under the administration of George Bush Junior as part of a military operation named “Olympic Games”, but the Obama administration has been pushing a more energetic on the offensive program. 

The Olympic Games operation was carried out by a joint U.S.-Israel mission that involved the NSA, the CIA, the Mossad, the Israeli Ministry of Defense and the Israeli SIGINT National Unit- It was revealed that the cyber spies were helped by three other nations, the Netherlands, Germany. and likely France, although is also known the involvement of U.K. intelligence.

Germany provided technical specifications and knowledge about the ICS systems manufactured by Siemens that were controlling the centrifuges at the Natanz Iranian plant. France only provided support to intelligence.

“But the Dutch were in a unique position to perform a different role — delivering key intelligence about Iran’s activities to procure equipment from Europe for its illicit nuclear program, as well as information about the centrifuges themselves.” continue the journalists. “This is because the centrifuges at Natanz were based on designs stolen from a Dutch company in the 1970s by Pakistani scientist Abdul Qadeer Khan. Khan stole the designs to build Pakistan’s nuclear program, then proceeded to market them to other countries, including Iran and Libya.”

In 1996, Iran secretly purchased a set of blueprints and centrifuge components from Pakistani scientist Abdul Qadeer Khan. In 2000, cyberspies from AIVD hacked the email system of a key Iranian defense organization to obtain more information about Iran’s nuclear program.

The AIVD, along with U.S. and British intelligence, infiltrated Khan’s supply network of European consultants and front companies who helped build the nuclear programs in Iran and Libya. The spies used both conventional and cyber capabilities.

In 2003, British and U.S. intercepted a ship containing thousands of centrifuge components headed to Libya, the same model used at Natanz. Western intelligence persuaded Libya to give up the program in exchange for the lifting of sanctions.

In 2004, Mossad and the CIA asked for help from AIVD. The U.S.seized the components from the ship and those already in Libya and sent them to the Oak Ridge National Lab in Tennessee and to a facility in Israel where scientists assembled the centrifuges and devised methods to hack them.

The Dutch, with an insider in Iran, established a dummy company with employees, customers, and records showing a history of activity.

In 2006, the researchers conducted a sabotage test with centrifuges, and President George Bush authorized the operation.

By May 2007, Iran had 1,700 centrifuges installed at Natanz, while the Dutch mole was inside Natanz in the summer of the same year.

A first company established by the mole had failed to access to Natanz, but fortunately, the second one with the support of Israel achieved the goal.

The mole visited Natanz a few times to collect configuration information about the systems in the plant.

“[He] had to get … in several times in order to collect essential information [that could be used to] update the virus accordingly,” one of the sources told Yahoo News.

Symantec researchers discovered that the Stuxnet code was updated over time, in May 2006 and in February 2007, when the Iran’s government began installing the centrifuges at Natanz. The final updates were made on Sept. 24, 2007.

The code was designed to close exit valves on random numbers of centrifuges so that gas would go into them but couldn’t get out. This was intended to raise the pressure inside the centrifuges and cause damage over time and also waste gas.

The mole installed the code by inserting a USB into the control systems or he infected the system of one of the engineers that unwittingly delivered Stuxnet when he programmed the control systems using a USB stick.

Once the systems were infected, the mole didn’t return to Natanz again, while malware continues its action throughout 2008. In June 2009, the attackers launched a new version of Stuxnet, followed by other variants in March and April 2010.

This new version of Stuxnet was dropped into Natanz by infecting employees of five Iranian companies (all of them contractors in the business of installing industrial control systems in Natanz and other facilities in Iran) who brought it into the plant.

“It’s amazing that we’re still getting insights into the development process of Stuxnet [10 years after its discovery],” said Liam O’Murchu, director of development for the Security Technology and Response division at Symantec. O’Murchu was one of three researchers at the company who reversed the code after it was discovered. “It’s interesting to see that they had the same strategy for [the first version of Stuxnet] but that it was a more manual process. … They needed to have someone on the ground whose life was at risk when they were pulling off this operation.”

Researchers pointed out that the spreading mechanisms implemented in the latest version caused Stuxnet to spread wildly out of control. The malware first infected the customers of the five contractors, then thousands of other machines around the world. This is the root cause of the discovery of Stuxnet in June 2010.

Months after the discovery of the cyber weapon, Iranian authorities arrested and possibly executed several workers at Natanz plant, but it is not clear if one of them was the Dutch mole.

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – Stuxnet, ICS)

[adrotate banner=”5″]

[adrotate banner=”13″]