back to article Super Stuxnet's SCADA slaves: security is atrocious

Botnet boffin Peter Kleissner says at least 153 computers are still slaves to Stuxnet. Of those, six are tied to supervisory control and data acquisition (SCADA) systems which the malware is designed to exploit to destroy the attached machinery. Kleissner told a presentation at an information security conference in Vienna …

  1. Christian Berger

    As long as we don't get minimal security standards..

    ...and simply outlaw certain products and protocols nothing will change here.

    I mean you cannot design a secure product based on OPC (OLE for Process Control) as it requires insecure components to work with. And even its successor "OPC UA" is a hugely complex mess which probably _never_ will be implemented correctly.

    1. Anonymous Coward
      WTF?

      Re: As long as we don't get minimal security standards..

      Should you even succeed in rendering them outlaw, the grey and black markets will accommodate them. I'd say having some group go out and kill the targets with extreme prejudice but next thing you know, Cisco will coopt them and....

      How do you do 1/2 a joke icon?

      1. Christian Berger

        Re: As long as we don't get minimal security standards..

        "Should you even succeed in rendering them outlaw, the grey and black markets will accommodate them."

        By that logic you couldn't have any safety or security standards.

    2. GavinC

      Re: As long as we don't get minimal security standards..

      No-one is forcing you to use OPC, there are plenty of alternatives which are already widely used. For those that do, simply follow the standard industry advice, keep the control gear on a separate network to the rest of your IT systems.

      1. Anonymous Coward
        Anonymous Coward

        Re: As long as we don't get minimal security standards..

        "follow the standard industry advice, keep the control gear on a separate network to the rest of your IT systems."

        Do you know how unhelpful (and potentially misleading) this advice actually is?

        The "programming panel" (or whatever it's called for any particular vendor) pretty much *has* to connect to the automation network to configure and program the automation devices. Then it goes somewhere else to do something else.

        For example, it frequently ends up connected to the corporate LAN for one or other legitimate reason.

        It's typically a Windows PC, even if it doesn't look like one.

        See any problems with that?

        Hint: Stuxnet crossed an air gap. How do you think it did that?

        Hint: sneakernet, with the programming panel as the carrier?

  2. Destroy All Monsters Silver badge
    Holmes

    CDC levels of containment

    It is highly specialised targeting the machinery in use at Natanz

    Very highly specialized, indeed.

    1. Anonymous Coward
      Anonymous Coward

      Boss wants to build another one like that one

      Given that there isn't a huge world market for nuclear enrichment plant, and it's probably not the kind of thing you want to redesign from scratch each time, how does Joe Public know that the Natanz configuration is as unique as we're being told it is?

      [The same basic topic came up in the Point of Sale discussions a few days ago; if you know the setup (and vulnerabilities) of one branch of a retail chain, you know the setup (and vulnerabilities) of all of them, because they're all designed to the same model]

      1. Naselus

        Re: Boss wants to build another one like that one

        Stuxnet was actually hilariously specialized, so it had very little effect on anything outside the exact plant that was being used for enrichment - so specialized, it included a check on the serial numbers of the centrifuges, in fact. It would only activate fully if it detected the exact correct model of centrifuge, connected to the exact correct network, and the centrifuges in question had been produced within a set date range at one of two specific factories. And even of those, it only targeted the ones which spun within a select speed range.

        I doubt it would actually be possible to make a new facility which could trigger the original Stuxnet conditions now.

        1. Anonymous Coward
          Anonymous Coward

          Re: new facility which could trigger the original Stuxnet conditions now.

          On the other hand, if you've got the original Stuxnet code and you wanted to modify it to attack new facilities...

  3. CAPS LOCK Silver badge

    Got SCADA's ...

    .. get epoxy putty.

  4. Anonymous Coward
    Anonymous Coward

    Armageddon API

    Seems like a pretty good opportunity for an enterprising entity to gain control over an entire cyber-infrastructure - all the protocols and APIs can be reverse engineered or at least partially gleaned from Snowden docs, at that point it's a straightforward task to close the initial points of entry and take over control of these viruses for some other purpose.

  5. Peter 26

    Considering the safest way to clean yourself of stuxnet is to get complete new kit due to firmware updates which will resist wipes. Wouldn't it be wise to leave the old infected systems in place so that the attackers don't know you have got new kit which needs targeting?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020