Difference between revisions of "Stuxnet"

From Wikispooks
Jump to navigation Jump to search
 
(6 intermediate revisions by 2 users not shown)
Line 2: Line 2:
 
|wikipedia=https://en.wikipedia.org/wiki/Stuxnet
 
|wikipedia=https://en.wikipedia.org/wiki/Stuxnet
 
|start=2005
 
|start=2005
|perpetrators=NSA, Unit 8200  
+
|perpetrators=NSA, Unit 8200, AIVD, MIVD, Eric van Sebben
 
|image=Stuxnet.jpg
 
|image=Stuxnet.jpg
 
|titular_logo=1
 
|titular_logo=1
 
|constitutes=Computer virus, Cyberwarfare, Sabotage, Low-intensity warfare
 
|constitutes=Computer virus, Cyberwarfare, Sabotage, Low-intensity warfare
|description=A production of the NSA and Unit 8200, designed to sabotage Iranian efforts to develop nuclear weapons.
+
|description=A production of the [[NSA]] and [[Unit 8200]] installed with [[AIVD]] help, designed to sabotage Iranian efforts to develop nuclear weapons.
 
}}
 
}}
 
'''Stuxnet''' is a [[computer virus]] that affects [[Microsoft Windows]]. It was first identified in [[2010]], and hailed as a most impressive feat, giving rise to suspicions that it was produced by a large team of professionals such as a national [[intelligence agency]]. [[Edward Snowden]] confirmed that it was a joint [[NSA]]/[[Unit 8200]] production.<ref name=wired/>
 
'''Stuxnet''' is a [[computer virus]] that affects [[Microsoft Windows]]. It was first identified in [[2010]], and hailed as a most impressive feat, giving rise to suspicions that it was produced by a large team of professionals such as a national [[intelligence agency]]. [[Edward Snowden]] confirmed that it was a joint [[NSA]]/[[Unit 8200]] production.<ref name=wired/>
 +
Dutch newspaper [[De Volkskrant]] revealed the Dutch agency [[AIVD]] provided the fysical installation via a recruited Dutch civilian.<ref>https://www.securityweek.com/dutch-engineer-used-water-pump-to-get-billion-dollar-stuxnet-malware-into-iranian-nuclear-facility-report/</ref>
  
 
==Origins==
 
==Origins==
 +
{{YouTubeVideo
 +
|align=left
 +
|code=Dd7FmtqsyTc
 +
|caption=Computer virus's evident success in damaging Iran's nuclear facility has officials asking if our own infrastructure is safe - [[CBS]].
 +
}}
 
[[Symantec]] suggest that Stuxnet may have been in the wild already by [[2005]].<ref>http://21stcenturywire.com/2013/02/28/symantec-stuxnet-virus-targeting-iran-was-in-works-as-early-as-2005/</ref>
 
[[Symantec]] suggest that Stuxnet may have been in the wild already by [[2005]].<ref>http://21stcenturywire.com/2013/02/28/symantec-stuxnet-virus-targeting-iran-was-in-works-as-early-as-2005/</ref>
 +
In 2015, [[Kaspersky]] Lab noted that the spooky hackers outfit [[Equation Group]] - linked to the [[NSA]] - had used two of the same zero-day attacks prior to their use in Stuxnet, arguing the Stuxnet had to be made by the same outfit. The [[Equation Group]] was traced placing computers [[viruses]] in [[Iran]], [[Russia]], [[Pakistan]], [[Afghanistan]], [[India]], [[Syria]] and [[Mali]].<Ref>https://securelist.com/files/2015/02/Equation_group_questions_and_answers.pdf</ref><ref>https://web.archive.org/web/20160415235726/https://securelist.com/blog/research/68787/a-fanny-equation-i-am-your-father-stuxnet/</ref>
 +
 +
===Presidential Oversight===
 +
U.S. Presidents George Bush Jr. and Barack Obama personally authorized the deployment of the ingenious weapon in Iran, The New York Times later writes in a reconstruction. The goal: to make centrifuges break down without Iran realizing where the sabotage was coming from.<ref>https://archive.nytimes.com/www.nytimes.com/interactive/2012/06/01/world/middleeast/how-a-secret-cyberwar-program-worked.html?hp</ref>
  
 
===Death of Installer===
 
===Death of Installer===
According to an investigation by [[Dutch]] [[newspaper]] De Volkrkrant comprising of "travelling to [[Dubai]], [[Israel]] and the [[United States]], speaking with (former) employees of the [[Mossad]], [[Israel]]'s [[military]] service AMAN and the U.S. intelligence agency [[CIA]]. The newspaper also spoke with [[Iranians]], former employees of the Natanz nuclear facility, [[cybersecurity]] specialists, [[diplomats]], [[civil servants]] and individuals who worked in the [[AIVD]] or [[MIVD]]. A total of 43 people at home and abroad were interviewed, 19 of whom were from the AIVD or MIVD. Those interviews, because sources are not authorized to talk to media, were almost always on a background basis". The investigation revealed the worm was installed by recruited engineer [[Erik van Sabben]].
+
According to an investigation by [[Dutch]] [[newspaper]] [[De Volkskrant]] comprising of "travelling to [[Dubai]], [[Israel]] and the [[United States]], speaking with (former) employees of the [[Mossad]], [[Israel]]'s [[military]] service AMAN and the U.S. intelligence agency [[CIA]]. The newspaper also spoke with [[Iranians]], former employees of the Natanz nuclear facility, [[cybersecurity]] specialists, [[diplomats]], [[civil servants]] and individuals who worked in the [[AIVD]] or [[MIVD]]. A total of 43 people at home and abroad were interviewed, 19 of whom were from the AIVD or MIVD. Those interviews, because sources are not authorized to talk to media, were almost always on a background basis". The investigation revealed the worm was installed by recruited engineer [[Erik van Sabben]].
 +
 
 +
Van Sabben was a spook recruited somewhere in a [[2005]] "off-the-books" billion-dollar operation by the Dutch intelligence agencies [[AIVD]] and [[MIVD]] on the order of the [[CIA]] and [[Mossad]] to hack a nuclear facility in [[Iran]] using Stuxnet in [[2008]]. Van Sabben died 2 weeks later of a suspicious motor cycle "[[accident]]" in [[Duabi]] two weeks after the infiltration undercover operation concluded successfully. An [[AIVD]] officer later admitted on the promise of secrecy in [[2024]] that -- although the official local investigation ruled the single-bike accident "his own fault" -- that van Sabben was [[assassinated]] and "paid a high price".<ref>https://nltimes.nl/2024/01/08/dutch-man-sabotaged-iranian-nuclear-program-without-dutch-governments-knowledge-report</ref><ref>https://www.securityweek.com/dutch-engineer-used-water-pump-to-get-billion-dollar-stuxnet-malware-into-iranian-nuclear-facility-report/</ref><ref>https://www.volkskrant.nl/kijkverder/v/2024/sabotage-in-iran-een-missie-in-duisternis~v989743/</ref>
  
Van Sabben was a spook recruited somewhere in a [[2005]] "off-the-books" billion-dollar operation by the Dutch intelligence agenices [[AIVD]] and [[MIVD]] on the order of the [[CIA]] and [[Mossad]] to hack a nuclear facility in [[Iran]] with [[computer]] [[virus]] [[Stuxnet]] in [[2008]]. Van Sabben died 2 weeks later of a suspicious motor cycle "[[accident]]" in [[Duabi]] two weeks after the infiltration undercover operation concluded succesfully. An [[AIVD]] officer later admitted on the promise of secrecy in [[2024]] that - although the official local investigation ruled the single-bike accident "his own fault" - that van Sabben was [[assassinated]] and "paid a high price".<ref>https://nltimes.nl/2024/01/08/dutch-man-sabotaged-iranian-nuclear-program-without-dutch-governments-knowledge-report</ref><ref>https://www.securityweek.com/dutch-engineer-used-water-pump-to-get-billion-dollar-stuxnet-malware-into-iranian-nuclear-facility-report/</ref><ref>https://www.volkskrant.nl/kijkverder/v/2024/sabotage-in-iran-een-missie-in-duisternis~v989743/</ref>
+
===Second Worm===
<ref>https://www.volkskrant.nl/kijkverder/v/2024/sabotage-in-iran-een-missie-in-duisternis~v989743/</ref>
+
The second variant - after the suspicious death of the first installer - with substantial improvements, appeared in March 2010, apparently because its authors believed that Stuxnet was not spreading fast enough; a third, with a few more minor improvements, appeared in April 2010.<ref>https://web.archive.org/web/20210831181802/https://www.vanityfair.com/news/2011/03/stuxnet-201104</ref>
  
 
==Technical aspects==
 
==Technical aspects==
 +
{{YouTubeVideo
 +
|align=right
 +
|code=Joc0iTX9dyQ
 +
|caption=The Stuxnet Story: What REALLY happened at Natanz - OTBase
 +
}}
 
Stuxnet exploited four zero-day flaws. It is typically introduced to the target environment via an infected [[USB]] flash drive. It poses no real threat to ordinary users, since its payload is highly specific; it only affects Siemens Step7 software on computers which control a PLC.  
 
Stuxnet exploited four zero-day flaws. It is typically introduced to the target environment via an infected [[USB]] flash drive. It poses no real threat to ordinary users, since its payload is highly specific; it only affects Siemens Step7 software on computers which control a PLC.  
  

Latest revision as of 21:05, 30 May 2024

Concept.png Stuxnet 
(Computer virus,  “Cyberwarfare”,  Sabotage,  Low-intensity warfare)Rdf-entity.pngRdf-icon.png
Stuxnet.jpg
Start2005
Interest ofAIVD
A production of the NSA and Unit 8200 installed with AIVD help, designed to sabotage Iranian efforts to develop nuclear weapons.

Stuxnet is a computer virus that affects Microsoft Windows. It was first identified in 2010, and hailed as a most impressive feat, giving rise to suspicions that it was produced by a large team of professionals such as a national intelligence agency. Edward Snowden confirmed that it was a joint NSA/Unit 8200 production.[1] Dutch newspaper De Volkskrant revealed the Dutch agency AIVD provided the fysical installation via a recruited Dutch civilian.[2]

Origins

Computer virus's evident success in damaging Iran's nuclear facility has officials asking if our own infrastructure is safe - CBS.

Symantec suggest that Stuxnet may have been in the wild already by 2005.[3] In 2015, Kaspersky Lab noted that the spooky hackers outfit Equation Group - linked to the NSA - had used two of the same zero-day attacks prior to their use in Stuxnet, arguing the Stuxnet had to be made by the same outfit. The Equation Group was traced placing computers viruses in Iran, Russia, Pakistan, Afghanistan, India, Syria and Mali.[4][5]

Presidential Oversight

U.S. Presidents George Bush Jr. and Barack Obama personally authorized the deployment of the ingenious weapon in Iran, The New York Times later writes in a reconstruction. The goal: to make centrifuges break down without Iran realizing where the sabotage was coming from.[6]

Death of Installer

According to an investigation by Dutch newspaper De Volkskrant comprising of "travelling to Dubai, Israel and the United States, speaking with (former) employees of the Mossad, Israel's military service AMAN and the U.S. intelligence agency CIA. The newspaper also spoke with Iranians, former employees of the Natanz nuclear facility, cybersecurity specialists, diplomats, civil servants and individuals who worked in the AIVD or MIVD. A total of 43 people at home and abroad were interviewed, 19 of whom were from the AIVD or MIVD. Those interviews, because sources are not authorized to talk to media, were almost always on a background basis". The investigation revealed the worm was installed by recruited engineer Erik van Sabben.

Van Sabben was a spook recruited somewhere in a 2005 "off-the-books" billion-dollar operation by the Dutch intelligence agencies AIVD and MIVD on the order of the CIA and Mossad to hack a nuclear facility in Iran using Stuxnet in 2008. Van Sabben died 2 weeks later of a suspicious motor cycle "accident" in Duabi two weeks after the infiltration undercover operation concluded successfully. An AIVD officer later admitted on the promise of secrecy in 2024 that -- although the official local investigation ruled the single-bike accident "his own fault" -- that van Sabben was assassinated and "paid a high price".[7][8][9]

Second Worm

The second variant - after the suspicious death of the first installer - with substantial improvements, appeared in March 2010, apparently because its authors believed that Stuxnet was not spreading fast enough; a third, with a few more minor improvements, appeared in April 2010.[10]

Technical aspects

The Stuxnet Story: What REALLY happened at Natanz - OTBase

Stuxnet exploited four zero-day flaws. It is typically introduced to the target environment via an infected USB flash drive. It poses no real threat to ordinary users, since its payload is highly specific; it only affects Siemens Step7 software on computers which control a PLC.

Purposes

Stuxent was engineered to sabotage the Iranian project to develop nuclear weapons. To achieve this, it had to reach the computers controlling the centrifuges, which were air-gapped.

The technical prowess needed to create such a piece of malware, and the fact it exploited 4 zero day bugs lead many to suggest that it was created by an intelligence agency, and the NSA was long suspected. The 2016 film Zero Days quotes an anonymous source that Stuxnet was developed by the NSA in concert with Unit 8200. It also stated that in its original form, it might have never been detected, but that Unit 8200 were anxious that it take effect quickly, and so they modified it to increase virulence at the expense of stealth.[11]

Effects

Stuxnet temporarily disabled 1,000 centrifuges that the Iranians were using to enrich uranium.[1]


 

Related Quotation

PageQuoteAuthorDate
Erik van Sabben“To his family members, it is still a mystery: Dutchman Erik van Sabben leaves for ten days in late 2008 for the Iranian capital of Tehran. The 36-year-old engineer - a fearless adventurer who is not afraid to take risks and works in Dubai for a heavy transport company - is going with his Iranian wife to visit her family. It should be a festive end to the year. But after just one day, Van Sabben, used to working in stressful situations and under high pressure, wants to leave Iran. He seems panicked. Why the engineer wants to leave the country, he cannot say. His Dutch mother says of it fifteen years later, “We all thought it was very strange. His Iranian wife: “He was so upset and insisted that we leave immediately.<a href="#cite_note-8">[8]</a><a href="#cite_note-9">[9]</a>

What his immediate family and wife do not know: Van Sabben carries a secret with him. He leads a double life. Research by the Volkskrant, in which over a period of two years 43 people were spoken to, 19 of whom were from the intelligence services AIVD and MIVD, shows that Van Sabben was recruited by the Dutch secret service.”
Erik van Sabben
Huib Modderkolk
2017
Many thanks to our Patrons who cover ~2/3 of our hosting bill. Please join them if you can.


References