"...it seems like the malware is unrelated to Stuxnet..."
Even if completely different, I really wouldnt bet on it being 'unrelated' to Stuxnet.
Malware discovered at an Iranian oil terminal forced Iran to disconnect key oil facilities on Sunday. Authorities said an unnamed data-deleting virus prompted them to disconnect the main oil export terminal on Kharg Island in the Persian Gulf. The websites of the Iranian oil ministry and the National Iranian Oil firm went dark …
"Iran’s computing environments are a little unusual, in that there are no legitimate channels for directly supplying and maintaining standard operating systems and apps. This may result in greater [than] usual exposure to all kinds of exploits."
I would have thought that Iran would be the ideal place to use Linux on both server and desktop. You don't need any licenses, you're not dealing with the great satan, you can set up language availability for Farsi yourself without waiting for a supplier to do it, and you can look at the source code to make sure no foreign agency is injecting stuff you don't want in there. It's also (supposedly) pretty secure from viruses, worms etc.
Iran has some pretty bright people who could handle setting up a whole government-wide secure linux-based network, after all, they were capable of hacking a US drone to get it to land on their turf.
My suspicion is that, like in all authoritarian countries* , loyalty to the party line is held in higher regard than competence** , and the loyal-but-incompetent*** people running the show screwed up.
* Yes, this also happens all too often in democratic countries
** One reason why, despite all scaremongering to the contrary, they are nowhere near having a viable nuclear bomb
*** In my experience, competency seems to correlate quite highly with independent thought
>>so, what operating system *do* these facilities run?
Got a virus? Hmmm, Let me guess. Lin... I mean genuine MS Windows.
And here's another evidence:
>there are no legitimate channels for directly supplying and maintaining standard operating systems and apps.
All roads lead to one place called Redmond ( how do you set up an "alternative" patching support?) This is a very well recognizable Windows mindset.
My point was that it is _easier_ to maintain a machine with one centralized repository. You can create your own local repository if you wish (provided you're sure you know what you're doing, of course) . I also address the "Windows mindset". here. This perhaps, is due to the lack of a single install/update interface tackling all pieces of software on the system, as well as, the famous and infamous Windows update reboots pain. To say nothing about the cost of upgrades, nor the overly high requirements for the hardware. Did I mention RPC?
Rather unlikely, Shirley, seeing as the Kharg computers are not going to be linked to the top secret networks of the Iranian teams likely to be working on the captured drone. No, this was more likely a luser fault, someone looked at little-girls-in-swimmingpools pr0n (http://www.bbc.co.uk/news/world-latin-america-17823927) on a laptop and then plugged that laptop into the Kharg network, or they used a USB memory stick on a laptop or PC that had been used for looking at little-girls-in-swimmingpools pr0n and then plugged it in at work. Seeing as the virus doesn't seem to have been targetted to do anything specific like Stuxnet, I'm guessing it's a random attack or from some Israeli "patriotic" hacker group.
To day there was this article about "'Hall of Fame' REVEALED".
I would like to have the person who invented the word "Computer Virus" added to that list.
I am not sure if it would add Bill Gates or not.
I know people who still think a virus, is something like smallpox or mad cow disease made in heaven bye bad persons or as an act of god.
They do not understand that the house they bought has doors without doors, open windows and keys left in the locks.
Why not instead report about programming errors in such and such programs exploitable bye such and such programs (freely available on the internet).
It is a novel trick. Finally someone thought of "hit them where it hurts". Everything up to this point was against their missile program and nuclear program.
Iran has very little refined petrol reserves and if memory serves me right it is forced to import petrol.
Shut down imports (viva la embargo and hacking terminals), shut down the refineries through targeted computer attacks, shut down the exports (just in case - again, what embargo does not do, computer attacks can do even better), rinse, repeat. In a couple of months they will stop the Uranium nonsense voluntarily, comply with all UN Security council resolutions they are supposed to comply for. No need to send expensive jets with even more expensive munitions against something which may in fact be protected well enough to weather any direct assault.
But the problem is that they are in compliance, they haven't diverted any nuclear material to the production of nuclear warheads as stated in the Nonproliferation Treaty.
The only reason for this covert attack is because the US government in its buffoonish 'Game of thrones' regime change in Iraq thinks that Iran now has far too much influence In that wreck of a nation and seeks to fight it all through the middle east.
"But the problem is that they are in compliance...." The problem actually is no-one will take Iran's word that they are in compliance seeing as they have been caught being NOT in compliance before. When Iran has been given the chance to get back in the IAEA's and UN's good books it has deliberately failed to do so, stalled or simply ignored offers.
November 2003 - IAEA Director General Mohamed El Baradei reports that Iran has repeatedly and over an extended period failed to meet its safeguards obligations.
In 2006, after the IAEA Board of Governors found that these failures constituted non-compliance with the IAEA safeguards agreement, it was reported to the UN Security Council, after which the Security Council passed a resolution demanding that Iran suspend its enrichment. Instead, Iran resumed its enrichment program.
February 2008 - the IAEA reports that it was working to address "alleged studies" of weaponization, but Iran simply rejected the allegations as "baseless" and made no serious effort to dispriove the allegations by allowing any investigation.
June 2009 - the IAEA reports that Iran had not “co-operated with the Agency in connection with the remaining issues ... which need to be clarified to exclude the possibility of military dimensions to Iran’s nuclear program.”
Iran has consistently refused offers to have processed Uranium supplied to them by an outside party (Russia), despite the massive savings in time and money this would provide, and despite it being a sure-fire way to get back inline with the NPT. Iran has also refined Uranium far beyond what is required for power generation alone, and in massively higher quantities than can ever be justified for their tiny medical or research requirements. Anyone still thinking that Iran is inline with the NPT is simply living with their head in the sand.