http://news.yahoo.com/s/csm/327178


Stuxnet malware is 'weapon' out to destroy ... Iran's Bushehr nuclear plant?
By Mark Clayton Mark Clayton Tue Sep 21, 3:08 pm ET

Cyber security experts say they have identified the world's first known cyber super weapon designed specifically to destroy a real-world target – a factory, a refinery, or just maybe a nuclear power plant.

The cyber worm, called Stuxnet, has been the object of intense study since its detection in June. As more has become known about it, alarm about its capabilities and purpose have grown. Some top cyber security experts now say Stuxnet's arrival heralds something blindingly new: a cyber weapon created to cross from the digital realm to the physical world – to destroy something.

At least one expert who has extensively studied the malicious software, or malware, suggests Stuxnet may have already attacked its target – and that it may have been Iran's Bushehr nuclear power plant, which much of the world condemns as a nuclear weapons threat.

The appearance of Stuxnet created a ripple of amazement among computer security experts. Too large, too encrypted, too complex to be immediately understood, it employed amazing new tricks, like taking control of a computer system without the user taking any action or clicking any button other than inserting an infected memory stick. Experts say it took a massive expenditure of time, money, and software engineering talent to identify and exploit such vulnerabilities in industrial control software systems.

Unlike most malware, Stuxnet is not intended to help someone make money or steal proprietary data. Industrial control systems experts now have concluded, after nearly four months spent reverse engineering Stuxnet, that the world faces a new breed of malware that could become a template for attackers wishing to launch digital strikes at physical targets worldwide. Internet link not required.

"Until a few days ago, people did not believe a directed attack like this was possible," Ralph Langner, a German cyber-security researcher, told the Monitor in an interview. He was slated to present his findings at a conference of industrial control system security experts Tuesday in Rockville, Md. "What Stuxnet represents is a future in which people with the funds will be able to buy an attack like this on the black market. This is now a valid concern."

A gradual dawning of Stuxnet's purpose

It is a realization that has emerged only gradually.

Stuxnet surfaced in June and, by July, was identified as a hypersophisticated piece of malware probably created by a team working for a nation state, say cyber security experts. Its name is derived from some of the filenames in the malware. It is the first malware known to target and infiltrate industrial supervisory control and data acquisition (SCADA) software used to run chemical plants and factories as well as electric power plants and transmission systems worldwide. That much the experts discovered right away.

But what was the motive of the people who created it? Was Stuxnet intended to steal industrial secrets – pressure, temperature, valve, or other settings –and communicate that proprietary data over the Internet to cyber thieves?

By August, researchers had found something more disturbing: Stuxnet appeared to be able to take control of the automated factory control systems it had infected – and do whatever it was programmed to do with them. That was mischievous and dangerous.

But it gets worse. Since reverse engineering chunks of Stuxnet's massive code, senior US cyber security experts confirm what Mr. Langner, the German researcher, told the Monitor: Stuxnet is essentially a precision, military-grade cyber missile deployed early last year to seek out and destroy one real-world target of high importance – a target still unknown.

"Stuxnet is a 100-percent-directed cyber attack aimed at destroying an industrial process in the physical world," says Langner, who last week became the first to publicly detail Stuxnet's destructive purpose and its authors' malicious intent. "This is not about espionage, as some have said. This is a 100 percent sabotage attack."

A guided cyber missile

On his website, Langner lays out the Stuxnet code he has dissected. He shows step by step how Stuxnet operates as a guided cyber missile. Three top US industrial control system security experts, each of whom has also independently reverse-engineered portions of Stuxnet, confirmed his findings to the Monitor.

"His technical analysis is good," says a senior US researcher who has analyzed Stuxnet, who asked for anonymity because he is not allowed to speak to the press. "We're also tearing [Stuxnet] apart and are seeing some of the same things."

Other experts who have not themselves reverse-engineered Stuxnet but are familiar with the findings of those who have concur with Langner's analysis.

"What we're seeing with Stuxnet is the first view of something new that doesn't need outside guidance by a human – but can still take control of your infrastructure," says Michael Assante, former chief of industrial control systems cyber security research at the US Department of Energy's Idaho National Laboratory. "This is the first direct example of weaponized software, highly customized and designed to find a particular target."

"I'd agree with the classification of this as a weapon," Jonathan Pollet, CEO of Red Tiger Security and an industrial control system security expert, says in an e-mail.

One researcher's findingsLangner's research, outlined on his website Monday, reveals a key step in the Stuxnet attack that other researchers agree illustrates its destructive purpose. That step, which Langner calls "fingerprinting," qualifies Stuxnet as a targeted weapon, he says.

Langner zeroes in on Stuxnet's ability to "fingerprint" the computer system it infiltrates to determine whether it is the precise machine the attack-ware is looking to destroy. If not, it leaves the industrial computer alone. It is this digital fingerprinting of the control systems that shows Stuxnet to be not spyware, but rather attackware meant to destroy, Langner says.

Stuxnet's ability to autonomously and without human assistance discriminate among industrial computer systems is telling. It means, says Langner, that it is looking for one specific place and time to attack one specific factory or power plant in the entire world.

"Stuxnet is the key for a very specific lock – in fact, there is only one lock in the world that it will open," Langner says in an interview. "The whole attack is not at all about stealing data but about manipulation of a specific industrial process at a specific moment in time. This is not generic. It is about destroying that process."



-Contd-

So far, Stuxnet has infected at least 45,000 industrial control systems around the world, without blowing them up – although some victims in North America have experienced some serious computer problems, Eric Byres, a Canadian expert, told the Monitor. Most of the victim computers, however, are in Iran, Pakistan, India, and Indonesia. Some systems have been hit in Germany, Canada, and the US, too. Once a system is infected, Stuxnet simply sits and waits – checking every five seconds to see if its exact parameters are met on the system. When they are, Stuxnet is programmed to activate a sequence that will cause the industrial process to self-destruct, Langner says.

Langner's analysis also shows, step by step, what happens after Stuxnet finds its target. Once Stuxnet identifies the critical function running on a programmable logic controller, or PLC, made by Siemens, the giant industrial controls company, the malware takes control. One of the last codes Stuxnet sends is an enigmatic “DEADF007.” Then the fireworks begin, although the precise function being overridden is not known, Langner says. It may be that the maximum safety setting for RPMs on a turbine is overridden, or that lubrication is shut off, or some other vital function shut down. Whatever it is, Stuxnet overrides it, Langner’s analysis shows.

"After the original code [on the PLC] is no longer executed, we can expect that something will blow up soon," Langner writes in his analysis. "Something big."

For those worried about a future cyber attack that takes control of critical computerized infrastructure – in a nuclear power plant, for instance – Stuxnet is a big, loud warning shot across the bow, especially for the utility industry and government overseers of the US power grid.

"The implications of Stuxnet are very large, a lot larger than some thought at first," says Mr. Assante, who until recently was security chief for the North American Electric Reliability Corp. "Stuxnet is a directed attack. It's the type of threat we've been worried about for a long time. It means we have to move more quickly with our defenses – much more quickly."

Has Stuxnet already hit its target?It might be too late for Stuxnet's target, Langner says. He suggests it has already been hit – and destroyed or heavily damaged. But Stuxnet reveals no overt clues within its code to what it is after.

A geographical distribution of computers hit by Stuxnet, which Microsoft produced in July, found Iran to be the apparent epicenter of the Stuxnet infections. That suggests that any enemy of Iran with advanced cyber war capability might be involved, Langner says. The US is acknowledged to have that ability, and Israel is also reported to have a formidable offensive cyber-war-fighting capability.

Could Stuxnet's target be Iran's Bushehr nuclear power plant, a facility much of the world condemns as a nuclear weapons threat?

Langner is quick to note that his views on Stuxnet's target is speculation based on suggestive threads he has seen in the media. Still, he suspects that the Bushehr plant may already have been wrecked by Stuxnet. Bushehr's expected startup in late August has been delayed, he notes, for unknown reasons. (One Iranian official blamed the delay on hot weather.)

But if Stuxnet is so targeted, why did it spread to all those countries? Stuxnet might have been spread by the USB memory sticks used by a Russian contractor while building the Bushehr nuclear plant, Langner offers. The same contractor has jobs in several countries where the attackware has been uncovered.

"This will all eventually come out and Stuxnet's target will be known," Langner says. "If Bushehr wasn't the target and it starts up in a few months, well, I was wrong. But somewhere out there, Stuxnet has found its target. We can be fairly certain of that."

*

But if Stuxnet is so targeted, why did it spread to all those countries? Stuxnet might have been spread by the USB memory sticks used by a Russian contractor while building the Bushehr nuclear plant, Langner offers. The same contractor has jobs in several countries where the attackware has been uncovered.

"This will all eventually come out and Stuxnet's target will be known," Langner says. "If Bushehr wasn't the target and it starts up in a few months, well, I was wrong. But somewhere out there, Stuxnet has found its target. We can be fairly certain of that."


IF,,, If this code is to be effective, it must be very very specific in nature. The code would need to "look" for the exact make & model of a PLC, and also the exact function it is to FU, But it can and will look anywhere it is inserted..

I would think that the only way to make it work would be to create the code as the target code is written..

In other words,, The developer is the destroyer..

:munchin

It will be interesting to watch this roll out..

"At a nuclear power plant, in the control room, they sense an over heating scenario, and trip the emergency shut down process,, Stuxnet reverses the core rods direction"

:boohoo:boohoo:boohoo

Ba Da Bing,
Ba Da Boom...

The malware was targeted toward an exact configuration.

In lay words, suppose you intecepted communications to an unknown agent that said:

INSTRUCTIONS FOR BOMBING MISSION

1 - Enter the building through the blue door on the east side. If there is no door on the east side of the building, or if it is not blue, go home and forget the mission.

2 - Look at the clock, if it is after 3:00 am and before 4:00 am, travel 20 meters down the hallway and turn right, entering through the green door. If it is not after 3:00 am and before 4:00 am, wait, and check your watch again in ten minutes.

3 - When you enter through the green door you should be in an office. If you
are not in an ofice, go home and forget the mission.

3 - Look to the left. There should be a brown desk against the wall. If there is no desk against the wall, or if it is not brown, go home and forget the mission.

4 - Look at the top of the brown desk against the wall. It should have a telephone number of 555-1212. If there is no telephone, or if the number is not 555-1212, go home and forget the mission.

5 - Go to the desk and open the second drawer on the right.
If there is no drawers on the right, go home and forget your mission.

6 - If there is a piece of yellow paper in the bottom of the desk, put your bomb in the drawer, set the timer for ten minutes, and exit the building. If there is no piece of paper in the bottom of the drawer, or if it is not yellow, go home and forget your mission.


===

Obviously, whoever wrote those instructions was specifically targeting one particular drawer in one particular desk, in one particular office in one particular building in the world. The instructions may have been openly printed in the Wall Street Journal, the New York Times, and the Times of London, but that still doesn't tell you who/what the target is, or the source of the instructions. If every single agent began checking every single building worldwide, all but one will end up "going home and forgetting the mission" because something won't be right. But the one who succeeds with each step to the end, will plant the bomb.

It's impossible to tell who, or what, the target is. A factory? A warehouse? A hospital? A university? A power plant?

But you can bet that worldwide intelligence agencies are looking at building after building, looking at east doors, painted blue, with 20 meter hallways, and green doors, with a desk, etc.


The actual "steps" are certain Programable Logic Controllers that have been assigned certain network addresses and accept and execute certain functions as specified by certain hexadecimal codes. Some of the actual digits being sought, as well as the digits to be (falsely) transmitted once "inside" are encrypted within the malware, making it even more difficult to determine the steps being researched to qualify the target and the digits to be sent to execute the mission. Just getting to the plain text of the malware is itself an NSA level codebreaking operation.

In the example above, the color of the doors, or the piece of paper, would be encrypted so only the agent knows what he is looking for. So first you have to uncrypt the colors, THEN use logic and brute force comparisons, to figure out the target.

Clever stuff. I hope it is one of ours, and a nuclear scramble in Iran would be fine with me.

The malware was targeted toward an exact configuration.

Clever stuff. I hope it is one of ours, and a nuclear scramble in Iran would be fine with me.

After thinking about this for a couple minutes...

If you set aside the nuclear plausibilities,, and look at a different angle...

Suppose this was just some kid that wanted to be a hot-shot and prove his worth in the company???

You figure you can be a STAR IF you guarantee that your company receives the support contract for the project..

After you received said the contract and because of "problems" you discovered in the initial design,, you suggest a need for a re-design the product??

Of course this would be a very expensive re-write, but you COULD guarantee customer satisfaction,,

Because you have the fix in your pocket,, you designed it that way??

This could be a geek to geek thing..

Purpose built back-door coding is not new... A lot of 60t'ys & 70t's systems were built with hard wire back-doors that allowed designers access to de-bug and fix hex level coding.

One I remember well was the FF0F check point re-start for the S360 model 65 system. The dam thing locked up 2-3 times a night when running engineering designs. System looked like it was running fine but was actually in a redundant binary loop.

Early PC's had a set of jumper pins on the mobo that allowed a configuration reset..

Until someone can find the target, you will not know the intended results..

So The hunt is on Doctor..


Inspector Lestrade: In another life, Mr. Holmes, you would have made a excellent criminal.

Sherlock Holmes: Yes, and you an excellent policeman.

This gets more interesting by the day.

Iran's Nuclear Agency Trying to Stop Computer Worm
TECHNOLOGY, INTERNET, CYBER ATTACKS, TERRORISM, IRAN NUCLEAR PLANT, COMPUTER WORM, STUXNET
The Associated Press
| 25 Sep 2010 | 09:51 AM ET

Iran's nuclear agency is trying to combat a complex computer worm that has affected industrial sites throughout the country and is capable of taking over power plants, Iranian media reports said.

Experts from the Atomic Energy Organization of Iran met this week to discuss how to remove the malicious computer code, or worm, the semi-official ISNA news agency reported Friday.

The computer worm, dubbed Stuxnet, can take over systems that control the inner workings of industrial plants. Experts in Germany discovered the worm in July, and it has since shown up in a number of attacks — primarily in Iran, Indonesia, India and the U.S.

The ISNA report said the malware had spread throughout Iran, but did not name specific sites affected. Foreign media reports have speculated the worm was aimed at disrupting Iran's first nuclear power plant, which is to go online in October in the southern port city of Bushehr.

Iranian newspapers have reported on the computer worm hitting industries around the country in recent weeks, without giving details. Friday's report also did not mention Bushehr.

The Russian-built plant will be internationally supervised, but world powers remain concerned that Iran wants to use its civil nuclear power program as a cover for making weapons.

Iran denies such an aim and says its nuclear work is solely for peaceful purposes.

While there have been no reports of damage or disruption at any Iranian nuclear facilities, Tuesday's meeting signaled a high level of concern about the worm among Iran's nuclear officials.

The destructive Stuxnet worm has surprised experts because it is the first one specifically created to take over industrial control systems, rather than just steal or manipulate data.

The United States is also tracking the worm, and the Department of Homeland Security is building specialized teams that can respond quickly to cyber emergencies at industrial facilities across the country.

© 2010 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

URL: http://www.cnbc.com/id/39355692/

Remember this destroyed power generation unit at the Sayano-Shushenskaya Dam in Russia?

In that case the official reason for the destruction was a simple "overspeed" of one of the turbines. When there is the mass of five or six M1 tanks spinning over 200 rpm, it has to be perfectly balanced and well lubricated. If malware were to shut off the lubrication, vary the loads and get the generator out of phase with the other transformers, or even close the water valves too quickly (creating a water hammer) the result would be equally destructive. It would be destroyed without a blasting cap, or a single block of C4. In fact, it would be almost impossible after the fact to reconstruct exactly what caused the turbine to break loose.

I do not recall that incident, but I know all too well what happens when control valves fail or malfunction....water hammer....super heated steam in a cold line....it is bad stuff and generally creates a lot of down time.

I'm curious if Iranian tech support is in India :confused: :D

It's gotta be a Zionist conspiracy :D

16662

I'm reminded of William Gibson's Neuromancer.

As this technology gets more and more refined, things could become pretty interesting out there!

http://www.cnn.com/2010/WORLD/meast/10/03/iran.nuclear.arrests/?hpt=Sbin

Iran arrests 'nuclear spies,' intelligence chief says

By the CNN Wire Staff
October 3, 2010 7:56 a.m. EDT
(CNN) -- Iran arrested a number of "nuclear spies," its intelligence minister said, in the wake of widespread reports of a sophisticated new computer virus that may have been aimed at Iran.

Intelligence Minister Heydar Moslehi made the announcement Saturday, without giving any details, Iran's semiofficial Mehr news agency reported....

This is wild stuff. Pretty scary when you think of all the utilities and industries that are connected to the internet in this country. Electric grids, banking systems, oil and gas pipelines, power plants, banking systems, and transportation systems - just to name a few. If you're interested in this topic, "Cyber War", a new book by Richard Clarke is worth a read.

http://www.cnn.com/2010/WORLD/meast/10/03/iran.nuclear.arrests/?hpt=Sbin

Iran arrests 'nuclear spies,' intelligence chief says

By the CNN Wire Staff
October 3, 2010 7:56 a.m. EDT
(CNN) -- Iran arrested a number of "nuclear spies," its intelligence minister said, in the wake of widespread reports of a sophisticated new computer virus that may have been aimed at Iran.

Intelligence Minister Heydar Moslehi made the announcement Saturday, without giving any details, Iran's semiofficial Mehr news agency reported....

You knew they were going to grab someone to blame. I'm sure it will be a speedy trial finished with immediate be-headings. This coming from the country that says it just wants to be part of the 21 Century. The world is going to regret letting these Lunitics develop a Nuclear Bomb.

http://www.guardian.co.uk/world/julian-borger-global-security-blog/2010/nov/29/iran-nuclear-weapons

Who is killing Iran's nuclear scientists?

One senior physicist killed and another wounded in coordinated attacks in Tehran, raising the question of whether there is a nuclear hit-team at work
guardian.co.uk, Monday 29 November 2010 16.32 GMT

Assassins on motorbikes have killed an Iranian nuclear scientist and wounded another in identical attacks this morning. They drove up to the scientists' cars as they were leaving for work and attached a bomb to each vehicle which detonated seconds later.

The man who was killed was Majid Shahriari, a member of the engineering faculty at the Shahid Beheshti in Tehran. His wife was wounded. The second attack wounded Fereidoun Abbasi, who is also a professor at Shahid Besheshti University, and his wife.

They are senior figures in Iranian nuclear science. Abbasi was a member of the Islamic Revolutionary Guards, or Pasdaran, and once taught at the Pasdaran-run Imam Hossein University. He was hailed by Mahmoud Ahmadinejad three years ago as Iran's academic of the year.

Abbasi is named on UN Security Council resolution 1747 as being "involved in nuclear or ballistic missile activities". The resolution describes him as a "Senior ministry of defence and armed forces logistics scientist with links to the Institute of Applied Physics, working closing closely with Mohsen Fakhrizadeh-Mahabadi" - believed by Western intelligence to be (or have been) in charge of the Iranian nuclear weapons programme.

Shahriari co-authored a paper on neutron diffusion in a reactor core with Ali Akbar Salehi, the head of the Iranian Atomic Energy Organisation. Salehi said today Shahriari was in charge of a major project at AEOI.

The attacks bear some similarities to the assassination of another nuclear physicist, Masoud Ali Mohammadi, in January. In that attack, the bomb was strapped to a motorcyle and detonated by remote control.

You do not have to look far to see a pattern. All three had professional links. Shahriari and Ali Mohammadi were both member of the Sesame Council, which runs a particle accelerator called a synchrotron in Jordan, which brings together scientists from across the region, including Israel. Ali Mohammadi and Abbasi both taught at the IRGC's Imam Hussein University, while both Shahriari and Abbasi are listed as members of the Nuclear Society of Iran....

Sounds very Jason Bourne-esque, i.e. Bourne Ultimatum. Just what the world needs is an even more paranoid Mahmoud I'manutjob.

http://movieclips.com/wqXVp-the-bourne-ultimatum-movie-desh-makes-a-kill/

Sounds very Jason Bourne-esque, i.e. Bourne Ultimatum.



I’ve always thought of the character Jason Bourne as essentially a fantasy, like Jack Bauer, and figured this latest to be the handiwork of the likes of Michael Bodenheimer, Peter Elvinger, Kevin Daveron and Melanie Heard…
who, for that matter, are also fictitious characters.
;)

This deal is rather fascinating.

Prof. Majid Shahriari, who died when his car was attacked in North Tehran Monday, Nov. 29, headed the team Iran established for combating the Stuxnet virus rampaging through its nuclear and military networks. His wife was injured. The scientist’s death deals a major blow to Iran’s herculean efforts to purge its nuclear and military control systems of the destructive worm since it went on the offensive six months ago. Only this month, Stuxnet shut down nuclear enrichment at Natanz for six days from Nov. 16-22 and curtailed an important air defense exercise.

Prof. Shahriari was the Iranian nuclear program’s top expert on computer codes and cyber war.


http://www.nationalreview.com/corner/254105/curiouser-and-curiouser-iran-daniel-foster

Great article and all the implications that you would expect...........

http://www.newsweek.com/2010/12/13/the-covert-war-against-iran-s-nuclear-program.html

Great article and all the implications that you would expect...........

http://www.newsweek.com/2010/12/13/the-covert-war-against-iran-s-nuclear-program.html

Wow. Just damned wow.

I guess I will have to quit making fun of all the computer geeks in the world.

http://www.foxnews.com/scitech/2011/01/16/report-israel-tested-worm-linked-iran-atom-woes/

WASHINGTON -- Israel has tested a computer worm believed to have sabotaged Iran's nuclear centrifuges and slowed its ability to develop an atomic weapon, The New York Times reported Saturday.

In what the Times described as a joint Israeli-U.S. effort to undermine Iran's nuclear ambitions, it said the tests of the destructive Stuxnet worm had occurred over the past two years at the heavily guarded Dimona complex in the Negev desert.

The newspaper cited unidentified intelligence and military experts familiar with Dimona who said Israel had spun centrifuges virtually identical to those at Iran's Natanz facility, where Iranian scientists are struggling to enrich uranium.

"To check out the worm, you have to know the machines," an American expert on nuclear intelligence told the newspaper. "The reason the worm has been effective is that the Israelis tried it out."

Western leaders suspect Iran's nuclear program is a cover to build atomic weapons, but Tehran says it is aimed only at producing electricity.

Iran's centrifuges have been plagued by breakdowns since a rapid expansion of enrichment in 2007 and 2008, and security experts have speculated its nuclear program may have been targeted in a state-backed attack using Stuxnet.

In November, Iranian President Mahmoud Ahmadinejad said that malicious software had created "problems" in some of Iran's uranium enrichment centrifuges, although he said the problems had been resolved.

The Times said the worm was the most sophisticated cyber-weapon ever deployed and appeared to have been the biggest factor in setting back Iran's nuclear march. Its sources said it caused the centrifuges to spin wildly out of control and that a fifth of them had been wiped out.

It added it was not clear the attacks were over and that some experts believed the Stuxnet code contained the seeds for more versions and assaults.

The retiring chief of Israel's Mossad intelligence agency, Meir Dagan, said recently that Iran's nuclear program had been set back and that Tehran would not be able to build an atomic bomb until at least 2015. U.S. officials, including Secretary of State Hillary Clinton, have not disputed Dagan's view.

Neither Clinton nor Dagan mentioned Stuxnet or any other cyber-warfare possibly used against the Iranian program.

Israel has voiced alarm over a nuclear Iran and Israeli Prime Minister Benjamin Netanyahu has said only the threat of military action will prevent Iran from building a nuclear bomb.

Israel itself is widely believed to have built more than 200 atomic warheads at its Dimona reactor but it maintains an official policy of "ambiguity" over whether it is a nuclear power.

Any delays in Iran's enrichment campaign could buy more time for efforts to find a diplomatic solution to its stand-off with six world powers over the nature of its nuclear activities.

U.S. and Israeli officials refused to comment officially on the worm, the newspaper said.

(You don't say...)

Too bad there aren't a couple guys on motorbikes for the idiots who talk to feel important.

Note to self: Be scared if the emergency room equipment has the Windows logo on it.

Stuxnet Worm Was Weapon, Report Says

http://www.pcworld.com/article/216852/stuxnet_worm_was_weapon_report_says.html?tk=rss

"...........According to both Symantec and Langner, Stuxnet was most likely designed to infiltrate Iran's nuclear enrichment program, hide in the Iranian SCADA (supervisory control and data acquisition) control systems that operate its facilities, then force gas centrifuge motors to spin at unsafe speeds . Gas centrifuges, which are used to enrich uranium, can fly apart if spun too fast.................."

Anonymous Hackers Release Stuxnet Worm Online

By Jeremy A. Kaplan

Published February 15, 2011 | FoxNews.com

advertisement

The group of anonymous "hacktivists" that made headlines for online cyberattacks in December just released a bombshell online: a decrypted version of the same cyberworm that crippled Iran's nuclear power program.

The ones and zeroes that make up the code called the Stuxnet worm -- described as the most sophisticated cyberweapon ever created -- were reportedly found when the faceless group hacked into the computers of HBGary, a U.S. security company that the anonymous collective viewed as an enemy. And the security experts FoxNews.com spoke with said the leaked code was serious cause for concern.

"There is the real potential that others will build on what is being released," Michael Gregg, chief operating officer of cybersecurity firm Superior Solutions, told FoxNews.com. Gregg was quick to clarify that the group hasn't released the Stuxnet worm itself, but rather a decrypted version of it HBGary had been studying -- which could act almost like a building block for cybercrooks.

"As an attacker you need to understand how something works. The better you understand how it works the easier it is to build something similar that servers the same purpose," Gregg explained. The "decompiled" code the group made available is in that sense akin to a recipe book for disaster, he said.

"With the right tools -- and these guys have shown themselves more than once to be a fairly technical bunch of individuals -- then it gives others a cookbook to start modifying," he told FoxNews.com.

Careful examination of the Stuxnet worm by armies of security analysts have shown it to be a cybermissile designed to penetrate advanced security systems. It was equipped with a warhead that targeted and took over the controls of the centrifuge systems at Iran’s uranium processing center in Natanz, and it had a second warhead that targeted the massive turbine at the nuclear reactor in Bashehr.

Stuxnet was designed specifically to take over those control systems and evade detection, and it apparently was very successful. But Dave Aitel, CEO of Immunity Inc., painted a firm line between the version of the worm that destroyed Iran's nuclear plant and the code released by Anonymous.

"What they've released is essentially incomprehensible," he told FoxNews.com, saying that what the group found was far removed from the raw worm that has been "travelling around Iran destroying nuclear things."

"This is essentially just a translation. HBGary took the worm in the wild and translated it into a slightly easier to read format," Aitel said. He notes that Stuxnet is still a threat, however, and the more dangerous raw version of the worm -- or the "binary" version -- is still easily accessible for those wishing to use it maliciously.

"The stuxnet binary is widely available," Aitel told FoxNews.com. "The people who would use the binary would know how to find it."

Orla Cox, a security operations manager at Symantec, told The Guardian that it was "very difficult to tell" how dangerous Anonymous' copy of Stuxnet is.

"It would be possible [for Anonymous to use Stuxnet in an attack]," Cox said. "But it would require a lot of work; it's certainly not trivial." A hacker would need to repurpose the single-minded code and retarget it, a likely challenge, experts said.

The Anonymous group released the Stuxnet code on February 13, after finding it in a database of e-mails it stole from HBGary. "First public Stuxnet decompile is to be found here," one representative of the group wrote over Twitter.

Anonymous claims the hacking was a response to HBGary's purported efforts to penetrate the group and identify its members. But the reasons for releasing the Stuxnet code are unclear, be they malicious or merely anarchist.

The ramifications, experts say, are far less obscure.

"Now that pieces of that code become available, it's not a far step to others developing their own attack kits, Gregg told FoxNews.com. "Just because they don’t have malicious intent with it doesn't mean others wouldn't."

This won't lead to an immediate threat. But it could lead to something soon, Gregg said.

"Weeks wouldn't surprise me."

Read more: http://www.foxnews.com/scitech/2011/02/15/anonymous-hackers-offer-stuxnet-worm-online/#ixzz1E5UON3nT


>

More on HBGary :
http://arstechnica.com/tech-policy/news/2011/02/how-one-security-firm-tracked-anonymousand-paid-a-heavy-price.ars

How one man tracked down Anonymous—and paid a heavy price

By Nate Anderson
Aaron Barr believed he had penetrated Anonymous. The loose hacker collective had been responsible for everything from anti-Scientology protests to pro-Wikileaks attacks on MasterCard and Visa, and the FBI was now after them. But matching their online identities to real-world names and locations proved daunting. Barr found a way to crack the code.

In a private e-mail to a colleague at his security firm HBGary Federal, which sells digital tools to the US government, the CEO bragged about his research project.

"They think I have nothing but a heirarchy based on IRC [Internet Relay Chat] aliases!" he wrote. "As 1337 as these guys are suppsed to be they don't get it. I have pwned them! :)"

But had he?

"We are kind of pissed at him right now"

Barr's "pwning" meant finding out the names and addresses of the top Anonymous leadership. While the group claimed to be headless, Barr believed this to be a lie; indeed, he told others that Anonymous was a tiny group.

"At any given time there are probably no more than 20-40 people active, accept during hightened points of activity like Egypt and Tunisia where the numbers swell but mostly by trolls," he wrote in an internal e-mail. (All e-mails in this investigative report are provided verbatim, typos and all.) "Most of the people in the IRC channel are zombies to inflate the numbers."

The show was run by a couple of admins he identified as "Q," "Owen," and "CommanderX"—and Barr had used social media data and subterfuge to map those names to three real people, two in California and one in New York.

Near the end of January, Barr began publicizing his information, though without divulging the names of the Anonymous admins. When the Financial Times picked up the story and ran a piece on it on February 4, it wasn't long before Barr got what he wanted—contacts from the FBI, the Director of National Intelligence, and the US military. The FBI had been after Anonymous for some time, recently kicking in doors while executing 40 search warrants against group members.

Confident in his abilities, Barr told one of the programmers who helped him on the project, "You just need to program as good as I analyze."

But on February 5, one day after the Financial Times article and six days before Barr's sit-down with the FBI, Anonymous did some "pwning" of its own. "Ddos!!! Fckers," Barr sent from his iPhone as a distributed denial of service attack hit his corporate network. He then pledged to "take the gloves off."

When the liberal blog Daily Kos ran a story on Barr's work later that day, some Anonymous users commented on it. Barr sent out an e-mail to colleagues, and he was getting worked up: "They think all I know is their irc names!!!!! I know their real fing names. Karen [HBGary Federal's public relations head] I need u to help moderate me because I am getting angry. I am planning on releasing a few names of folks that were already arrested. This battle between us will help spur publicity anyway."

Indeed, publicity was the plan. Barr hoped his research would "start a verbal braul between us and keep it going because that will bring more media and more attention to a very important topic."

But within a day, Anonymous had managed to infiltrate HBGary Federal's website and take it down, replacing it with a pro-Anonymous message ("now the Anonymous hand is bitch-slapping you in the face.") Anonymous got into HBGary Federal's e-mail server, for which Barr was the admin, and compromised it, extracting over 40,000 e-mails and putting them up on The Pirate Bay, all after watching his communications for 30 hours, undetected. In an after-action IRC chat, Anonymous members bragged about how they had gone even further, deleting 1TB of HBGary backup data.

They even claimed to have wiped Barr's iPad remotely.

The situation got so bad for the security company that HBGary, the company which partially owns HBGary Federal, sent its president Penny Leavy into the Anonymous IRC chat rooms to swim with the sharks—and to beg them to leave her company alone. (Read the bizarre chat log.) Instead, Anonymous suggested that, to avoid more problems, Leavy should fire Barr and "take your investment in aaron's company and donate it to BRADLEY MANNINGS DEFENCE FUND." Barr should cough off up a personal contribution, too; say, one month's salary?

As for Barr's "pwning," Leavy couldn't backtrack from it fast enough. "We have not seen the list [of Anonymous admins] and we are kind of pissed at him right now."

Were Barr's vaunted names even correct? Anonymous insisted repeatedly that they were not. As one admin put it in the IRC chat with Leavy, "Did you also know that aaron was peddling fake/wrong/false information leading to the potential arrest of innocent people?" The group then made that information public, claiming that it was all ridiculous.

Thanks to the leaked e-mails, we now have the full story of how Barr infiltrated Anonymous, used social media to compile his lists, and even resorted to attacks on the codebase of the Low Orbit Ion Cannon—and how others at his own company warned him about the pitfalls of his research.

"I will sell it"
Barr had been interested in social media for quite some time, believing that the links it showed between people had enormous value when it came to mapping networks of hackers—and when hackers wanted to target their victims. He presented a talk to a closed Department of Justice conference earlier this year on "specific techniques that can be used to target, collect, and exploit targets with laser focus and with 100 percent success" through social media.

His curiosity about teasing out the webs of connections between people grew. By scraping sites like Facebook or LinkedIn, Barr believed he could draw strong conclusions, such as determining which town someone lived in even if they didn't provide that information. How? By looking at their friends.

"The next step would be ok we have 24 people that list Auburn, NY as their hometown," he wrote to the programmer implementing his directives. "There are 60 other people that list over 5 of those 24 as friends. That immediately tells me that at a minimum those 60 can be tagged as having a hometown as Auburn, NY. The more the data matures the more things we can do with it."

The same went for hackers, whose family and friends might provide information that even the most carefully guarded Anonymous member could not conceal. "Hackers may not list the data, but hackers are people too so they associate with friends and family," Barr said. "Those friends and family can provide key indicators on the hacker without them releasing it…"

His programmer had doubts, saying that the scraping and linking work he was doing was of limited value and had no commercial prospects. As he wrote in an e-mail:

Step 1 : Gather all the data

Step 2 : ???

Step 3 : Profit

But Barr was confident. "I will sell it," he wrote.

To further test his ideas and to drum up interest in them, Barr proposed a talk at the BSides security conference in San Francisco, which takes place February 14 and 15. Barr's talk was titled "Who Needs NSA when we have Social Media?" and his plan to draw publicity involved a fateful decision: he would infiltrate and expose Anonymous, which he believed was strongly linked to WikiLeaks.

"I am going to focus on outing the major players of the anonymous group I think," he wrote. "Afterall - no secrets right? :) We will see how far I get. I may focus on NSA a bit to just so I can give all those freespeech nutjobs something… I just called people advocating freespeech, nutjobs - I threw up in my mouth a little."

With that, the game was afoot.

Page 2


"I enjoy the LULZ"
Barr created multiple aliases and began logging on to Anonymous IRC chat rooms to figure out how the group worked. He worked to link these IRC handles to real people, in part using his social networking expertise, and he created fake Twitter accounts and Facebook profiles. He began communicating with those he believed were leaders.

After weeks of this work, he reported back to his colleagues on how he planned to use his fake personas to drum up interest in his upcoming talk.

I have developed a persona that is well accepted within their groups and want to use this and my real persona against eachother to build up press for the talk. Pre-talk plan.

I am going to tell a few key leaders under my persona, that I have been given information that a so called cyber security expert named Aaron Barr will be briefing the power of social media analysis and as part of the talk with be dissecting the Anonymous group as well as some critical infrastructure and government organizations

I will prepare a press sheet for Karen to give to Darkreading a few days after I tell these folks under persona to legitimize the accusation. This will generate a big discussion in Anonymous chat channels, which are attended by the press. This will then generate press about the talk, hopefully driving more people and more business to us.

Barr then contacted another security company that specializes in botnet research. He suspected that top Anonymous admins like CommanderX had access to serious Internet firepower, and that this probably came through control of bots on compromised computers around the world.

Barr asked if the researchers could "search their database for specific targets (like the one below) during an operational window (date/time span) to see if any botnet(s) are participating in attacks? Below is an attack which is currently ongoing." (The attack in question was part of Anonymous' "Operation Payback" campaign and was targeted at the government of Venezuela.)

The report that came back focused on the Low Orbit Ion Cannon, a tool originally coded by a private security firm in order to test website defenses. The code was open-sourced and then abandoned, but someone later dusted it off and added "hivemind mode" that let LOIC users "opt in" to centralized control of the tool. With hundreds or thousands of machines running the stress-test tool at once, even major sites could be dropped quickly. (The company recorded only 1,200 machines going after MasterCard on December 11, for instance.)

To boost the credibility of his online aliases, Barr then resorted to a ruse. He asked his coder to grab the LOIC source code. "I want to add some code to it," Barr said. "I don't want to distribute that, it will be found and then my persona will be called out. I want to add it, distribute it under a persona to burn and then have my other persona call out the code."

The code to be added was an HTTP beacon that linked to a free website Barr had set up on Blogspot. He wanted a copy of the altered source and a compiled executable. His programmer, fearing Anonymous, balked.

On January 20, the coder wrote back, "I'm not compiling that shit on my box!" He even refused to grab a copy of the source code from message boards or other IRC users, because "I ain't touchin' any of that shit as those are already monitored."

"Dude," responded Barr. "Anonymous is a reckless organization. C'mon I know u and I both understand and believe generally in their principles but they are not a focused and considerate group, the[y] attack at will and do not care of their effects. Do u actually like this group?"

The coder said he didn't support all they did, but that Anonymous had its moments. Besides, "I enjoy the LULZ."

"Dude—who's evil?"
At one time, Barr supported WikiLeaks. When the site released its (edited) "Collateral Murder" video of a US gunship killing Reuters photographers in Iraq, Barr was on board. But when WikiLeaks released its huge cache of US diplomatic cables, Barr came to believe "they are a menace," and that when Anonymous sprang to the defense of WikiLeaks, it wasn't merely out of principle. It was about power.

"When they took down MasterCard do u think they thought alright win one for the small guy!" he asked. "The first thought through most of their malcontented minds was a rush of power. That's not ideals."

He continued in this philosophical vein:

But dude whos evil?

US Gov? Wikileaks? Anonymous?

Its all about power. The Wikileaks and Anonymous guys think they are doing the people justice by without much investigation or education exposing information or targeting organizations? BS. Its about trying to take power from others and give it to themeselves.

I follow one law.

Mine.

His coder asked Barr how he slept at night, "you military industrial machine capitalist."

"I sleep great," Barr responded. "Of course I do indoor [enjoy?] the money and some sense of purpose. But I canget purpose a lot of places, few of which pay this salary."

The comments are over the top, of course. Elsewhere, Barr gets more serious. "I really dislike corporations," he says. "They suck the lifeblood out of humanity. But they are also necessary and keep us moving, in what direction I don't know.

"Governments and corporations should have a right to protect secrets, senstive information that could be damage to their operations. I think these groups are also saying this should be free game as well and I disagree. Hence the 250,000 cables. WHich was bullshit… Society needs some people in the know and some people not. These folks, these sheep believe that all information should be accessible. BS. And if they truly believe it then they should have no problem with me gathering information for public distribution."

But Anonymous had a bit of a problem with that.

The hunter and the hunted
As Barr wrapped up his research and wrote his conference presentation, he believed he had unmasked 80-90 percent of the Anonymous leadership—and he had done it all using publicly available information.

"They are relying on IP for anonymity," he wrote in a draft of his presentation. "That is irrelevant with social media users. U use IRC and FB and Twitter and Forums and Blogs regularly… hiding UR IP doesn't matter."

Barr would do things like correlate timestamps; a user in IRC would post something, and then a Twitter post on the same topic might appear a second later. Find a few of these links and you might conclude that the IRC user and the Twitter user were the same person.

Even if the content differed, what if you could correlate the times that someone was on IRC with the times a Facebook user was posting to his wall? "If you friend enough people you might be able to correlate people logging into chat with people logging into Facebook," Barr wrote.

The document contained a list of key IRC chatrooms and Twitter accounts. Facebook groups were included, as were websites. But then Barr started naming names. His notes are full of comments on Anonymous members. "Switch" is a "real asshole but knows what he's talking about," while "unbeliever" might be "alexander [last name redacted]."

In the end, Barr determined that three people were most important. A figure called Q was the "founder and runs the IRC. He is indead in California, as are many of the senior leadership of the group." Another person called Owen is "almost a co-founder, lives in NY with family that are also active in the group, including slenaid and rabbit (nicks)." Finally, CommanderX can "manage some significant firepower." Barr believed he had matched real names to each of these three individuals.

He wasn't doing it to actually expose the names, though. "My intent is not to do this work to put people in jail," Barr wrote to others in the company. "My intent is to clearly demonstrate how this can be effectively used to gather significant intelligence and potentially exploit targets of interest (the other customers will read between the lines)."

He then revealed himself on Twitter to the person he believed was CommanderX. "I am not going to release names," Barr said on February 5, using the alias Julian Goodspeak. "I am merely doing security research to prove the vulnerability of social media." He asked for Anonymous to call off its DDoS attack on HBGary Federal, an attack that had begun earlier that day.

Some of the responses from CommanderX were a bit chilling. Late in the conversation, CommanderX warned Barr "that your vulnerabilities are far more material. One look at your website locates all of your facilities. You might want to do something about that. Just being friendly. I hope you are being paid well."

Then came an IRC log that Barr sent around, in which a user named Topiary tried to recruit him (under the name CogAnon) for "a new operation in the Washington area" where HBGary Federal has its headquarters. The target is "a security company."

By late afternoon on the 5th, Barr was angry and perhaps a little scared, and he asked his PR person to "help moderate me because I am getting angry. I am planning on releasing a few names of folks that were already arrested." It's not clear that Barr ever did this, however; he admitted in another e-mail that he could get a bit "hot" in private, though he would generally cool down before going public.

Hours later, the attack escalated from some odd DDoS traffic to a full-scale break-in of HBGary Federal systems, one that showed tremendous skill. "What amazes me is, for a security company - you had such a basic SQL vulnerability on your website," wrote one Anonymous member later.

Days afterward, the company has still not managed to restore its complete website.

Page 3

"Danger, Will Robinson!"

Throughout Barr's research, though, the coder he worked with worried about the relevance of what was being revealed. Barr talked up the superiority of his "analysis" work, but doubts remained. An email exchange between the two on January 19 is instructive:

Barr: [I want to] check a persons friends list against the people that have liked or joined a particular group.

Coder: No it won't. It will tell you how mindless their friends are at clicking stupid shit that comes up on a friends page. especially when they first join facebook.

Barr: What? Yes it will. I am running throug analysis on the anonymous group right now and it definately would.

Coder: You keep assuming you're right, and basing that assumption off of guilt by association.

Barr: Noooo….its about probabilty based on frequency...c'mon ur way smarter at math than me.

Coder: Right, which is why i know your numbers are too small to draw the conclusion but you don't want to accept it. Your probability based on frequency right now is a gut feeling. Gut feelings are usually wrong.

Barr: [redacted]

Coder: [some information redacted] Yeah, your gut feelings are awesome! Plus, scientifically proven that gut feelings are wrong by real scientist types.

Barr: [some information redacted] On the gut feeling thing...dude I don't just go by gut feeling...I spend hours doing analysis and come to conclusions that I know can be automated...so put the taco down and get to work!

Coder: I'm not doubting that you're doing analysis. I'm doubting that statistically that analysis has any mathematical weight to back it. I put it at less than .1% chance that it's right. You're still working off of the idea that the data is accurate. mmmm…..taco!

Later, when Barr talks about some "advanced analytical techniques" he's been pondering for use on the Anonymous data, the coder replies with apparent frustration, "You keep saying things about statistics and analytics but you haven't given me one algorithm or SQL query statement."

Privately, the coder then went to another company official with a warning. "He's on a bad path. He's talking about his analytics and that he can prove things statistically but he hasn't proven anything mathematically nor has he had any of his data vetted for accuracy, yet he keeps briefing people and giving interviews. It's irresponsible to make claims/accusations based off of a guess from his best gut feeling when he has even told me that he believes his gut, but more often than not it's been proven wrong. I feel his arrogance is catching up to him again and that has never ended well...for any of us."

Others made similar dark warnings. "I don't really want to get DDOS'd, so assuming we do get DDOS'd then what? How do we make lemonade from that?" one executive asked Barr. The public relations exec warned Barr not to start dropping real names: "Take the emotion out of it -> focus on the purpose. I don't see benefit to you or company to tell them you have their real names -- published or not."

Another internal warning ended: "Danger Will Robinson. You could end up accusing a wrong person. Or you could further enrage the group. Or you could be wrong, and it blows up in your face, and HBGary's face, publicly."

"Quite simply, nonsense"
But Barr got his Financial Times story, and with it the publicity he sought. He also made clear that he had the real names, and Anonymous knew he would soon meet with the FBI. Though Barr apparently planned to keep his names and addresses private even at this meeting, it was easy to see why Anonymous would have doubts.

When HBGary President Penny Leavy, who was an investor in separate company HBGary Federal, waded into IRC to reason with Anonymous, she pleaded ignorance of Barr's activities and said that they were "for security research only; the article was to get more people to the [BSides] event." To which someone responded, "Penny: if what you are saying is tree [true] then why is Aaron meeting with the FBI tomorrow morning at 11am? PLEASE KEEP IN MIND WE HAVE ALL YOUR EMAILS." (The answer from the e-mails is that Barr was trying to drum up business with the feds, not necessarily take down Anonymous.)

As for the names in Barr's BSides presentation, Anonymous insisted that they were wrong. "Penny please note that the names in that file belong to innocent random people on facebook. none of which are related to us at all," said one admin.

Another user complained to Leavy that "the document that [Barr] had produced actually has my girlfriend in it. She has never done anytihng with anonymous, not once. I had used her computer a couple times to look at a group on facebook or something."

In the note posted on HBGary Federal's website when it was taken over, Anonymous blasted Barr's work. "You think you've gathered full names and addresses of the 'higher-ups' of Anonymous? You haven't. You think Anonymous has a founder and various co-founders? False…. We laughed. Most of the information you've 'extracted' is publicly available via our IRC networks. The personal details of Anonymous 'members' you think you've acquired are, quite simply, nonsense."

Oh—and remember the threatening IRC log above, the one "recruiting" Barr to attack a DC security company? Anonymous says that it was all a joke.

"I mean come on, Penny," wrote Topiary in an IRC chat, "I messaged Aaron in PM [private message] and told him about a 'secret' Washington OP, then he emailed the company (including you) being entirely confident that we were directly threatening you, and he thought we didn't know who he was.

"He seriously works at a security company?"

Never forgive, never forget

Anonymous doesn't like to let up. Barr's Twitter account remains compromised, sprinkled with profane taunts. The HBGary websites remain down. The e-mails of three key players were leaked via BitTorrent, stuffed as they were with nondisclosure agreements, confidential documents, salary numbers, and other sensitive data that had nothing to do with Anonymous.

And they have more information—such as the e-mails of Greg Hoglund, Leavy's husband and the operator of rootkit.org (which was also taken down by the group).

When Leavy showed up to plead her case, asking Anonymous to at least stop distributing the e-mails, the hivemind reveled in its power over Leavy and her company, resorting eventually to tough demands against Barr.

"Simple: fire Aaron, have him admit defeat in a public statement," said Topiary, when asked what the group wanted. "We won't bother you further after this, but what we've done can't be taken back. Realize that, and for the company's sake, dispose of Aaron."

Others demanded an immediate "burn notice" on Barr and donations to Bradley Manning, the young military member now in solitary confinement on suspicion of leaking classified documents to Wikileaks.

The hack unfolded at the worst possible time for HBGary Federal. The company was trying to sell, hopefully for around $2 million, but the two best potential buyers started to drag their heels. "They want to see delivery on pipeline before paying those prices," Leavy wrote to Barr. "So initial payout is going to be lower with both companies I am talking with. That said our pipeline continues to drag out as customers are in no hurry to get things done quickly so if we dont sell soon and our customers dont come through soon we are going to have cash flow issues."

And being blasted off the 'Net by Anonymous is practically the last thing a company in such a situation needs. After the attacks, Leavy told the Financial Times that they cost HBGary millions of dollars.

“I wish it had been handled differently,” she added.

"The Internet is here"
And who were Barr and his company up against in all this? According to Anonymous, a five-member team took down HBGary Federal and rootkit.com, in part through the very sort of social engineering Barr had tried to employ against Anonymous.

One of those five was allegedly a 16-year old girl, who "social engineered your admin jussi and got root to rootkit.com," one Anonymous member explained in IRC.

Another, pleased with power, harrassed Penny Leavy and her husband, who sat beside her during the chat: "How does it feel to get hacked by a 16yr old girl?" One can almost hear the taunt echoing from some kind of grade school playground.

The attackers are quintessentially Anonymous: young, technically sophisticated, brash, and crassly juvenile, all at the same time. And it's getting ever more difficult to dismiss Anonymous' hacker activity as the harmless result of a few mask-wearing buffoons.

Perhaps the entire strange story can be best summed up by a single picture, one that Barr e-mailed to two of his colleagues back on January 28. "Oh fuck," it says beneath a picture of an Anonymous real-world protest. "The Internet is here."

http://www.reuters.com/article/2011/02/26/us-nuclear-iran-bushehr-analysis-idUSTRE71P1S220110226

Analysis: Iran's first nuclear plant faces more delays

By Fredrik Dahl
VIENNA | Sat Feb 26, 2011 12:23pm EST
VIENNA (Reuters) - Iran's surprise announcement it will have to remove fuel from its first nuclear reactor suggests a new setback for its atomic ambitions, but the reason for the unusual step and how long it may take remain unclear.

"It is significant. Unloading unspent fuel is a rare occurrence in the nuclear industry," said a senior Western diplomat familiar with the issue.

The U.N. nuclear watchdog said in a report obtained by Reuters on Friday it had been informed by Iran that it would take fuel assemblies out from the core of the Russian-built Bushehr reactor, just a few months after they were loaded....

"Unloading fuel from a reactor core which has already reached the stage of criticality is unusual, pointing toward possible problems with the fuel itself," Olli Heinonen, former head of IAEA inspections worldwide, told Reuters.

If the issue was caused by a leaking fuel assembly and this was known, it would not take much time, he said.

"But if it turns out to be a quality problem or if other vital equipment is broken or malfunctioning, it may take a long time," Heinonen, now at Harvard University, said....


:::::::::::::::::::::::::::::::::::::::::::::::::: :::::::::::::::::::::::::::::::

http://online.wsj.com/article/SB10001424052748703409304576167221841795258.html

Iran Is Exploring Nuclear Weapons, Watchdog Says

MIDDLE EAST NEWS
FEBRUARY 26, 2011
By JAY SOLOMON
WASHINGTON—The United Nations' nuclear watchdog said it has uncovered new information indicating that Iran is exploring ways to militarize its nuclear program, including ways to affix atomic weapons onto long-range missiles.

The quarterly report released by the International Atomic Energy Agency, and reviewed by the Wall Street Journal, also said Tehran continues to expand its production of nuclear fuel, despite a recent slowdown that Western diplomats attributed to a cyber attack on Iran's Natanz uranium-enrichment facility.

The IAEA said Iran is trying to move more advanced centrifuges into its Natanz facility that could significantly reduce the amount of time Tehran would need to produce weapons-grade fuel....

...and I still just want to get my hands on a copy of Stuxnet. I want to take it apart and see how it works.

Stuxnet has infected a Russian nuclear plant and the international space station

http://io9.com/stuxnet-has-infected-a-russian-nuclear-plant-and-the-sp-1462375259

Now why would a worm from an Iranian nuclear facility show up in a Russian nuclear plant and the Russian controlled Space Station?

Now why would a worm from an Iranian nuclear facility show up in a Russian nuclear plant and the Russian controlled Space Station?

Easy.

Russians, and porn. :D

TR

Easy.

Russians, and porn. :D

TR

No, that was the sucksnet virus...

Easy.

Russians, and porn. :D

TR

Now people do the lol on the interwebs, but that made me lol.