Stuxnet Non-Proliferation Treaty rootkit Enforcer

Stuxnet Maybe the first Non-Proliferation Treaty rootkit

Enforcer, not meant only for Iran either.

Hello N. Korea, Syria etc.

So far everything points to a universal 

"Trust but verify, and turn it off if it violates

Non-Proliferation Treaty" rule set.

It monitors reactor production and
radiation levels, gathers size, location
and other identifying and quantitative data
and periodical sends this data through one
of the backdoors thru a maze of IPs
till it delivers said data to a repository.
( To be clear, it is a bot, they talk to each
other P2P. G )

And the production of that reactor
is tracked in detail, and reports same.

Now even if the worm/rootkit is cut
off from the web it still operates.

With its own artificial intelligence it
tracks the data and if given limits are
crossed, production of weapon grade
material then the actions are tripped.

A big disaster would be if it caused
a Chernobyl, so it has been tested
and has paradigms to keep out
put as safe levels. It will take over
a out of control hot reactor and shut
it down if need be.

But its main defense against violations
of the non-proliferation treaty is to
corrupt the material rendering it incapable
of further processing. Destroy the product
for weapons but safely.

It in no way will damage a system,
as it is capable of taking over a reactor
and running it. Any civilian collateral
damage would be catastrophic  for
the policy.

But it can on its own stop the violation.
In the case of a nuclear member, it
can just watch, with no interference.
Its artificial Intelligence working to
id the location and identifying data.

Of the 30,000 or 300,000 computers
it has penetrated in Iran it only has
to survive  on 'one' to pick up new
instructions and or new infection
vectors to re infect Iran's entire net
work again.

How detailed and extensive is the
monitoring the worm does?
Here are some details.
http://www.symantec.com/connect/blogs/exploring-stuxnet-s-plc-infection-process
Very extensive monitoring and
control abilities. Plus an artificial Intelligence.
If it looses contact.
If Iran isn't sure of 100% eradication
then they might want to leave it connected.
I would prefer real humans to artificial Intelligence
running a reactor any time.

But all this depends on Iran's regime.
And Irans IT experts.
With a switch of pay loads this could
go after the banks or power plants,
manufacturing lots of options.

Iran may have been check mated here.
This one was easy to find.
Are there others Invisible persistent
Rootkits? also on those PCs?

I would be hard put to say no
with any assurance or certainty.

Remarkable concept.

Paradigm Intel says it has artificial Intelligence

craft, so it would know difference between China's

reactor and Iran's reactor.

This display will also serve as a big deterrent, 

and warning shot to any other cyber Pirates.

Next demonstration maybe to take down

an entire bot net in seconds.

There is little doubt about who is behind

this, but there will be NO evidence either.

Lots of knowledge but no Proof.

And a very powerful deterrent against

cyber strikes on US.

Like when USA had the only nukes.

Then Russia got them.

Ok who is next to hit Iran, prove

they have the Cyber Power?

Gerald

Tactical Internet Systems analyst.

• Stuxnet development Paradigm Intel
• "TEHRAN Times" NOT sucessfull
• Iran's future Nuclear program. NOT
• Iran wins one, Almost
• The new war domain at work.
• Cyber command confused maybe mislead.
• 
  
  
  
  
  • Stuxnet is not new.
• Iran, US go one step further for win

.

Stuxnet development Paradigm Intel

Stuxnet Paradigm Intel

Stuxnet is a joint effort.

An extraordinary piece of professional craft.

Multi State craft.

The expertise required for this effort is remarkable.

Just assembling the required experts was a huge effort.

http://en.wikipedia.org/wiki/Stuxnet

We have identified outside Uber hackers,

State hackers, nuclear experts, and using state of the art

programing/exploits/hacking.

This worm is based on past well tested and proven

malware fitted with unknown zero day exploits four of them.

One would have been sufficient.

It required experts with intimate knowledge of the nuclear systems.

The Teams were organized around these tasks.

#1) Penetration methods and vectors 4 

#2) Worm, security, backdoors and reporting

#3) Controlling nuclear processes

#4) Fingerprinting exact targets

#5) Rootkit paradigms

#6) Security team for counter strike

#7) ARTIFICIAL INTELLIGENCE ENGINE

And NSA used outside Uber Hackers, 

other State experts, Nuclear Scientists,

and pre-tested it over and over.

And maintained Opsec.

As we have said "the new

paradigms will be discovered

with in new contexts.

This opens a new era in

warfare in a new domain.

Hope they are ready for 

the counter strike.

Its coming.

Iran doesn't have the craft

and won't have for years.

But there are others who

do.

But this shows that NSA is at the
top of the Game world wide,
and they learn from every attack 
on US systems. 
This deluxe combo relies on
old stand-bys and cutting edge
craft, and even 4 unknown zero 
day exploits. The data they have
collected on this would fill several
blogs already, and there is a lot
more to reverse engineer.


There are Gov. guys out there
that are buying unknown zero
day exploits, I've talked to
one. He was interested in 
our BSU's.


We are scanning for the application
of the "Law of Untended Consequence."


We may not see that until a counter
strike.


One nice "LUC" maybe the expulsion
of Abberjonny as Iranian President
from the discovery of Stuxnet.
Some of the file names are
very illuminating.


This surprised me, I knew it was
possible, but didn't think NSA
had the imagination, originality
or Guts to do it.
VERY IMPRESSIVE.
 true masters of their craft,
on every level, well thought
out Paradigm, GENIUS.
This isn't the first one they've
done just the first discovered.
And they may have meant for it to
be found? ( At this point, most common 
malware detection tools will detect this.)

Iran can get FUCKED very hard
if they mishandle this Nuke thing.

Gerald

Tactical Internet Systems analyst.

• Iran's future Nuclear program. NOT
• Iran wins one, Almost
• The new war domain at work.
• Cyber command confused maybe mislead.
• Stuxnet is not new.
• Iran, US go one step further for win
• Iran's secret Nuke.
  
  
  
  
  
  abysssec Here is unpacked stub of stuxnet for fans http://bit.ly/czCqF7 password=abysssec #stuxnet Some files cannot be scaned? G

.

I

"TEHRAN Times" NOT sucessfull

Iran successfully battling cyber attack
Tehran Times Political Desk

TEHRAN - Iranian information technology officials have confirmed that some Iranian industrial systems have been targeted by a cyber attack, but added that Iranian engineers are capable of rooting out the problem.

NOT you can't view the page.

GUESS THEY WERE NOT SO SUCCESSFULL.

See for your self.


http://www.tehrantimes.com/index_View.asp?code=227332

"Microsoft OLE DB Provider for SQL Server error '80004005'

Transaction (Process ID 110) was deadlocked on lock resources with another process and has been chosen as the deadlock victim. Rerun the transaction.

/NCMS/1004.asp, line 12"

jEEZE one problem after another.

tisk tisk tisk

Gerald

Tactical Internet Systems analyst.

.

Iran's future Nuclear program. NOT

Iran's future Nuclear program.

Ahmadinejad is done, total epic failure on every

front.

Iran's nuke program has been turned on its
head with the discovery of Stuxnet in 300,000

of its PC's and associated control mechanisms.

While they are scrambling for methods to dis-infect

these machines and digging to see just how deep this

infection goes and running damage assessments and

checking the depth of the Top Secret leaks they stopped

trusting their info/data comms. 60% of Iranian computers
are compromised. Expect to see another 20% over next
week.

This is a huge embarrassment for Ahmadinejad and
his Revolutionary Guard, MOIS and  Qods.
It means their PC are compromised also.

Ahmadinejad actions has resulted in the exposure

of all of Iran's Secrets at least to NSA. This may be

enough to bring the Iranian President down.

In the mean time they have reverted to "Russian Rules".

Hard copy only and hand delivery. Which will slow the

entire Intelligence structure to almost a crawl.

The damage assessment will take years to complete,

heads will roll and numerous unexplained deaths from

regime assassinations for sloppy opsec.

Look for many more defections as key people try and

avoid the purge. 

Iran's imported cyber engineers may be able to remove

the bug from PCs, but the control consuls is a different

matter, there are a myriad or places to hide code.

They can never be sure every one of the 300,000 are clean.

And then there is the matter of undisclosed methods of  

infection, unknown vectors.

And then there is the risk of Iranian success in removing

the bug, If the world doesn't really know what Iran is doing

on its nuke program they are going to be attacked.

Nuke facilities and leadership taken out.

A suicide action for Ahmadinejad,  a sure method of
changing Iranian presidents.

So Iran either lets the world look or get attacked.

But they haven't got to this paradigm yet, they

are still busy scrambling dealing with the BUG,

and their embarrassment and civilian retribution.

Gerald

Anthropologist

The bones of the Bug that brought down Ahmadinejad.
Iran wins one, Almost

Google did an undo for "discard" God Bless Google.

.

Iran wins one, Almost

Iran wins one, Almost

It turns out Iran's paranoia is justified.

They search the world over for a cyber security

company, to run Computer security/forensics for its Nuclear 

facilities.

NO American or European cos.

The old Russian KGB network recommends

VirusBlokAda experienced in cyber
security headquartered in Belarus.

The sell a anti-virus program that they say

is very good on Malware.

But Iran wants their top level engineers,

hackers to check their PCs in the Nuclear

facilities. 

They had big problems with the previous

production from their program.

It was corrupted, impure, useless.

Running their product thru the centrifuges

destroyed them. And at the current level

the product isn't nuclear bomb material.

Iran took it out and effectively dumped it

and started all over.

Internet Anthropologist Think Tank: Iran Epic nuke fail?

Abberjonneys hench men couldn't pin 

the problem on any thing or person.

It just seemed to have been contaminated

thru some unknown method.

They even killed some scientists,

tortured some and threatened every

one else. 

Some ran for America's CIA.

And were welcomed. 

They determined it wasn't any of their

own people, that sabotaged the material.

To late for the ones they assassinated.

And the finger pointed to hacking.

Eventually they went to the Russians

for cyber forensics as they don't have 

this skill set at the level Iran needed in house.

For VirusBlokAda this was an important

but routine job. They have offices in 9 countries.

Mostly non-Western block.

They are trusted by the former Soviet block,

and do similar work on call for many of the 

other countries. Important because

if they do find something in Iran it will

put them on the Security Vendor map.

And trigger some nice Iranian bonuses for

corp and individuals.

They didn't find much in the computers,

and then some how got an ok and payment

to check the programmable controls for the

nuclear reactors.

And they hit it big.

They watched the OS lie to them,

detract code from programs they read,

and add code to programs they were

reinstalling.

And they found Stuxnet:
Mahmoud Alyaie told Mehr that the Iranian industrial control systems are made by Siemens and the Stuxnet is designed to attack exactly these systems and transfer classified data abroad.
An IT official of Iran's mines and metals ministry told the Mehr news agency that 30,000 computers belonging to industrial units have already been infected by the virus.

These guys are good and are tenacious.

But can they remove it and be sure?

What surprises await them.

Note they just discovered it, 

did not say they removed it.
ISNA news agency, however, reported that the Iranian Atomic Organization held a seminar this week to improve the organization's cyberdata, especially against Stuxnet, and 'explore ways to remove it.' THEY HAVE NOT BEEN ABLE TO REMOVE IT, g

Target rich environment.

On September 22, Russia’s President Dmitry Medvedev signed a decree which bans deliveries of S-300 missile systems to Iran. Called “On Measures to Implement Resolution 1929 of June 9, 2010 of the UN Security Council,” the document prohibits any transit across Russia and the transfer to Iran of all types of combat tanks, armored personnel carriers, large-caliber artillery systems, warplanes, helicopter gunships, warships, missiles or missile systems as defined in the UN Register of Conventional Arms.

But it didn't ban cyber security services.

Hmmm.

Iran is considering replacing all 30,000 infected units.
That is probably the best way to go.
The Nuke program would be on hold for 2 yrs
during the replacements.
Or they can continue with USA watching everything in their nuke program.
Iran's nuke program is an open book to NSA.
This is why US has had such patience in negotiating with Iran. And how US has 
convinced Israel not to strike at Iran's
nuke reactors.
And note it took Ruskies to find it, the
regime couldn't do it.

Gerald

Tactical Internet Systems analyst.

Yes there are invisible persistent rootkits IPR

New war domain at work.

Quiz: who said "Trust but Verify" ? good for 3 pts. G

“new era of engagement” that is the trademark of Obama’s foreign policy. 
“Engagement” looks like this: Total Engagement...New def for
"Total Engagement"  ...tee hee G
Hats off to NSA. Salute. 

Update:


He also announced that a working group composed of representatives from the Communications and Information Technology Ministry, the Industries and Mines Ministry, and the Passive Defense Organization has been set up to find ways to combat the spyware. WELL IF ITS ONLY THE REGIMES EXPERTS WORKING ON THIS, IT WILL CONTINUE TO SPREAD. G

Communications and Information Technology Minister Reza Taqipour stated that Iranian engineers possess the expertise to create the required anti-virus software to clean the malware-infected systems. BUT THEY DIDN'T HAVE THE EXPERTISE TO FIND IT. g