Stuxnet infection of industrial hong kong post tracking equipment is called supervisory control and

Chinese veterans personal experience for American soldiers to see more >> hong kong post tracking
Paul Shaka Orleans, U.S. Army Major (Maj Paulo Shakarian, US Army) Published in "Air and Space Power Journal," the Chinese hong kong post tracking version of 2013 Spring Dr. Paul Shaka Orleans, U.S. Army Major (Maj Paulo Shakarian, US Army), West Point Military Assistant Professor of Electrical Engineering and Computer hong kong post tracking Science. He holds a Bachelor of Science in Computer Science, specializing in information security at West Point, MS in Computer Science from the University of Maryland, hong kong post tracking PhD. He in a variety of academic and professional journals published many papers on cyberspace, computer science and artificial intelligence, hong kong post tracking and other topics.
June 17, 2010, the Belarusian security researchers discovered a small company VirusBlockAda a removable storage devices can be infected with malicious software. In later months, after a while the computer security community busy identifying these findings detected only one part of a new computer worm, this new virus called hong kong post tracking "Stuxnet" (Stuxnet). Stuxnet specifically for industrial equipment. Since the vast majority of infections occur in Iran, while Iran's Natanz uranium enrichment centrifuge plant downtime due to unknown reasons, after this news was disclosed, the ultimate goal of most media speculation that Stuxnet attack Iran's nuclear facilities. November 2010, Iranian President Mahmoud Ahmadinejad publicly acknowledged, a computer hong kong post tracking virus, "our (nuclear) centrifuge few several machines created some problems," thus confirmed some skepticism outside . Some well-known experts hong kong post tracking in the computer security community to Stuxnet virus called "unprecedented," "evolutionary leap" and "We want the kind of threat not always see." The author believes that such malicious software on behalf of a military revolution in the virtual realm, that changes hong kong post tracking the nature of Stuxnet cyber warfare radically. In this regard, for four reasons: (1) Stuxnet cyber weapon is for the case of the first pieces of industrial equipment; (2) evidence that this virus attacks the target hong kong post tracking device to be successful; material (3) This represents the development of malicious software progress; hong kong post tracking (4) Stuxnet case shows some common assumptions about cyber security is not always correct. This author hong kong post tracking has four points each discussed in this article, and to investigate the effects caused by Stuxnet military revolution of the future.
Some of the major computer security company detailed examination of Stuxnet, unanimously hong kong post tracking found that the main purpose of this virus is difficult to detect the cause of industrial equipment failure. It has long been assumed that the possibility of using a network of industrial facilities in attack mode, and now this new virus first battle. Furthermore, the sole purpose of this is to carry out the attack of malicious software. All other malicious software contains some standard code used to implement a variety of criminal activities - such as identity theft and password information, launch denial of service attacks, send spam e-mail, and so on. But Stuxnet is not, although it is a highly complex technology, but do not intend to engage hong kong post tracking in any of these criminal activities. Its design is to replicate itself and spread through to infect Microsoft Windows-based computer system to communicate with the industrial equipment. This is the internet being used for a variety of criminal purposes hong kong post tracking different sorts of malicious software. Stuxnet is designed to destroy, rather than a crime.
Stuxnet infection of industrial hong kong post tracking equipment is called supervisory control and data acquisition system (SCADA), such systems for nuclear power plants, oil / gas pipelines, refineries, water systems, or other computer equipment needed to control critical infrastructure, including real-time hong kong post tracking data acquisition, control, and monitoring. SCADA usually called a programmable logic controller (PLC) for controlling the physical components of the computer hardware. In order to PLC programming, system administrators PLC connected to a standard Microsoft Windows computer. PLC are ready to use, usually unplug hong kong post tracking from the computer. For example, hong kong post tracking if the system administrator wants to accelerate the operation of centrifuges, he connected to the PLC with Windows computer, run a PLC can communicate with the computer software, and upload the new directive. Assuming Stuxnet infects a computer connected to the PLC, the malicious software to run a "block-style" attack the system. System administrators tried to issue a command to the PLC, Stuxnet hong kong post tracking intercepts this command, hong kong post tracking and instead issued its own instructions, and then issued a false report to the Windows computer, lied to the original instruction has been uploaded. By providing a false report, Stuxnet concealed itself, it is difficult to find.
Stuxnet was designed to attack the Siemens Step 7 software control PLC. In addition, the virus infects only two types of PLC: Siemens hong kong post tracking S7-315 and S7-417. S7-315 is a general-purpose controller, run a single array of devices. For example, different stages of arrays and groups such devices S7-315 control operation of a manufacturing process. S7-417 is the top model in the series, can run multiple arrays, and therefore more control than the S7-315 devices. Security experts found, Stuxnet only when connected to the PLC in a very special form of the same configuration of the device will launch an attack. For example, when a virus is found S7-315, if the PLC with 33 or more variable frequency drive is connected, it will attack. Variable hong kong post tracking frequency drive for controlling the speed of some devices (e.g., motor speed). Similarly, for the S7-417 PLC, it is to find 164 variable frequency drive 6 cascade before the attack. The malware also recognized in the variable frequency drive is manufactured by Iran Farah Europa Gallivare (Fararo Paya) or the Finnish company Vacon (Vacon) company, was an attack.
Once Stuxnet hong kong post tracking infections have been completed to determine the frequency hong kong post tracking of the drive is locked system, it launched an attack. Based on the analysis of the software, the experts found that the virus was found between the drive after running 807-1210 Hz, periodically modify this setting speed, hong kong post tracking the drive between 2-1410 Hz continuously variable hong kong post tracking speed. As a result, the device controlled by a variable frequency drive will operate hong kong post tracking in unexpected ways. But the report sent to the operator Stuxnet was falsely PLC program is correct, then the operator that the device is operating in the normal range. Stuxnet modify these settings run value facts show an important point - the purpose of this virus is to damage industrial equipment. If Stuxnet is just a proof of concept, or just want to grandstanding, maybe it is not necessary to modify the operating frequency.
Iran is the center of this attack appears, as can be seen from the analysis of the number of viral infections and viral samples. As of September 29, 2010, the network security company Symantec (Symantec) tracked 10 million computers were infected, of which about 60,000 units located in Iran. Indonesia hong kong post tracking Secondly, there are about 15,000 infections. hong kong post tracking Cooperation with other security company Symantec, a collection of 3280 copies of the software and its unique sample of Stuxnet variants. These samples hong kong post tracking represent a total of 12,000 cases of infection. Stuxnet hong kong post tracking It has a list of previously infected system. Thus, for a given sample, the researchers can determine the spread of the virus to enter the path to a computer. By evaluating these samples, Symantec infection history can be traced back to one of five different institutions - all institutions have a presence in Iran.
From the Natanz uranium enrichment plant for understanding shows that between its centrifuges configuration and Stuxnet code strikingly similar. According hong kong post tracking to the IAEA, the Natanz uranium enrichment plant in the IR-1 centrifuge cascade system is composed of 164 centrifuges. This attack Stuxnet looking S7-417 controller configuration exactly. Another indicator is the maximum possible speed of the IR-1 centrifuges 1,400-1,432 Hz, the frequency range is very close to the maximum speed set in the attack Stuxnet: 1,410 Hz. The IR-1 centrifuges transferred to such high frequency operation is likely to result in equipment damage.
If the enrichment process is decomposed into a series of stages, each stage has a plurality of centrifuge run, the optimization of the concentration process can be obtained. From a 2006 interview hong kong post tracking that the Iranians are using this phased approach, which uses 15 stages for uranium enrichment. Each stage is equipped with a predetermined number of centrifuges to obtain the optimal production results. Research Professor at Princeton University's Nuclear Future Alexander Glazer (Alexander Glaser) studied 164 sets of optimal allocation scale centrifuge cascades. After specializing in SCADA monitoring system research Lange Communication Technology Co. founder Ralph Lange (Ralph Langer) compares this data with structural analysis of Stuxnet found that this virus may severely interfere with each stage of the centrifuge optimal configuration, the results of the optimal form seems Configuration Glazer finds just the opposite. If the goal is to Stuxnet attack Natanz centrifuges to enrich uranium results of the attack will lead to the optimal level of output can not reach the original, which is significantly lower than the design capacity production.
In addition to the above technical analysis, the Iranian leader's statement also revealed some evidence of the potential effectiveness of Stuxnet. President Ahmadinejad in November hong kong post tracking 2010 confirmed malware infected their centrifuges, hong kong post tracking though he did not explicitly mention the existence of Stuxnet. Secretary-General of Iran's Supreme National Security Council Saeed Jalili in an interview with the German "Der Spiegel" magazine interview, questions were specifically asked to Stuxnet was used to attack Natanz. While Jalili did not elaborate on the damage hong kong post tracking caused by the virus (again played down the role of the virus), hong kong post tracking he did admit there was a incident. He said: "Our experts have long ago stopped this attack."
It is worth noting that in late 2009 or early 2010, Iran abandoned and replaced the Natanz uranium enrichment plant about 1,000 IR-1 centrifuges (6 cascade, cascade 164 centrifuges each). These centrifuges waste time, and the number of centrifuges to replace, timing and data consistent with the Stuxnet attack structure. Another failure of the centrifuge possible explanation is the device manufacturing defects, but it is unclear why such defects need so long to show it. From the previous analysis point of view, Stuxnet does not seem to try to damage the centrifuge immediately, but over a period of time in a more subtle way to adjust the frequency, it is difficult to determine what the problem is caused by a virus, or by a number of other factors enrichment process caused. This behavior of malicious software, make more consistent interpretation abandoned these centrifuges. In addition to the IR-1 led to the withdrawal line outside the Natanz uranium enrichment plant in the period 2009-2010 also experienced a less than optimal level of uranium production events. IAEA report shows that the number of the Natanz uranium enrichment production remained relatively stable hong kong post tracking during that period, despite a substantial increase in the number hong kong post tracking of centrifuges. This indicates that the system is below the optimal hong kong post tracking level of production.
Although hong kong post tracking Iran claims that in late 2010, the impact of Stuxnet hong kong post tracking on their nuclear program is minimal, security experts assert Lange, the virus causing retrogression two Iranian nuclear program. There are two levels of reasons. hong kong post tracking First, as mentioned above, more subtle damage caused by Stuxnet, but is likely to produce an effective damage. Thus malware caused equipment failure is difficult to identify the source. Second, given the nature of the active proliferation of Stuxnet, the uranium enrichment process to remove the virus all computer equipment, is extremely difficult. It is for these concerns may be, Iran in October 2010 (for unknown reasons) a general moratorium on the Natanz uranium enrichment operation.
It is natural to ask questions: "Stuxnet also affect what other countries?" There are reports that Germany, Finland and China's monitoring equipment were also found in the virus, but no industrial systems in these countries due to infection and damage. This may be due to the PLC in their respective countries have different configurations, as only a specific configuration Stuxnet attack. Siemens claims that the use of its software users, only 15 systems reported a virus infection. In these 15 systems, there is no damage occurred together. Iran did not report the infection is likely to Siemens. Iran in 2002-2003, although the acquisition of S7-315 and S7-417 controller hong kong post tracking card, the IAEA finds Iran is likely to be transferred to these hardware hong kong post tracking devices of its nuclear program, which prompted Siemens to stop sales to Iran. But we all know, S7-417 is installed in the Bushehr nuclear power plant, Bushehr could also be a target Stuxnet attack. In Bushehr S7-417 hong kong post tracking from Siemens is not directly available, but purchased from a company called Power Machines Corp Russian power equipment hong kong post tracking company, hong kong post tracking which according to the contract with Iran, as part of Iran Teleperm system were installed.
Like other malware, like, Stuxnet takes advantage of security flaws in the system software previously unrecognized: zero-day vulnerabilities. Because of this vulnerability had not been found, and therefore anti-virus software is not identified. As the reader is referred, at the end of 2009 appeared hong kong post tracking on Google Arora virus attacks (generally considered to come from China), is the use of a zero-day vulnerability. Can take advantage of two zero-day vulnerabilities virus has been unheard of, but Stuxnet actually use the Microsoft Windows operating system four zero-day vulnerabilities, plus the Siemens software, a zero-day vulnerability. In the Windows system is Stuxnet use four zero-day vulnerabilities, there are two vulnerabilities associated with elevated privileges feature, allowing Stuxnet illegal to take root, or administrator-level access to the identity of the infected system. The other two vulnerabilities associated with virus spread through removable storage devices or LANs spread of the virus. The occasion of this writing, hong kong post tracking self-propagating computer virus is still rare, because it is usually very difficult to control. A "zombie network" for example, a large number of computers hong kong post tracking infected with malicious viruses, has been infected with a computer is not a legitimate association "command and control" server control. This is a very common hong kong post tracking platform for engaging in cybercrime. Botnet viruses spread, mainly through the spam and malicious websites, self-propagating very limited way.
The final aspect of Stuxnet hong kong post tracking discussed herein military revolution triggered, it proves some security assumption is untenable. The first common assumption is that the physical isolation of the system more secure. By definition, SCADA system control devices with critical implications hong kong post tracking for the mission, many managers do not put these computers with external networks