The world’s first digital weapon: can drive the cow “the hills” seismic network virus

it attacks (seismic network virus) the natanz nuclear plant event though no longer fresh , but so far is still a lot of security researchers take delight in talking about the topic of . a the first known worldwide network weapons, it has enigmatic background and enigmatic purpose, today let’s look at this group of fans is how to attack Iran’s nuclear plants.

in January 2010, the inspector with the support of the international atomic energy agency (iaea) visited Iran’s natanz uranium enrichment plant, used for uranium enrichment gas centrifuge failure will not work in great quantities, faster than ever before. Reason is a mystery – apparently change Iran’s technical staff can not find out the reasons of the centrifuge, and to review and the inspector also don’t see any clue.

five months later, a seemingly irrelevant thing happened. A computer security company in belarus, receipt of a request for maintenance Iran computer crashes and resume, and a series of failures. This time, the reason is a mystery. Investigators found some malicious files in the system, proved that this is the world’s first digital weapon – it “shock web” worm.

as we know, it is not like before any other worms or viruses. It is not only a target or to steal information from computer, still can jump digital domain and the target computer control equipment for physical damage.


the countdown to zero, it and the birth of the world’s first digital weapons “by Wired senior writer Kim Zetter, for us it’s plan, execute, and found the story behind. , according to the book excerpts it quietly damage the natanz nuclear plant centrifuge has been about a year now. The weapons at the beginning of the offensive first control valve of the centrifuge, increase its internal pressure and thus destroyed equipment and the whole process of enrichment. The centrifuge is how to work? It is a large cylindrical tube, by a small section of the pipe work together, it rotates in supersonic isolated uranium isotopes in the air, and then used in nuclear power plants and nuclear weapons research and development of synthesis. It attacks the natanz nuclear plant each big series circuit connected to 164 centrifuges. Uranium gas to reach the centrifuge needs through a series of different stages of processing and separation in the pipe, each phase of the uranium gas more “enrichment” than on one phase, the nuclear isotope required so separated from other isotope, eventually gathered in the gas.

above selected from the bottom to zero: it and the birth of the world’s first digital weapons “

excerpts from the beginning in June 2009, the people found it for the first time about a year ago, but until 2010 the “ground attack” the unseen and study. Is ready for the presidential election in Iran, it’s behind the hand also in the preparation of a new generation of malicious software to launch the next attack on the uranium enrichment station. As enrichment plant to recover from the last “ruins”, was it the second attack caught off guard. This time, it is going to manipulation of the German Siemens company is responsible for the control and monitor the centrifuge speed of computer system. But because the computer not connected to the Internet, so they can not be directly by ranged attacks. The attackers will be infected USB flash drive as a way of spreading it. In order to enable it to attack to the target machine, the attacker first infection independent from the natanz nuclear plant outside of the five companies of computer, chose the companies, because they have some degree of correlation with its nuclear program. The aim is to make these patients “size zero” become the carrier of knowledge, help the virus on the flash drive smoothly through the antivirus software, into the protection facilities and Siemens computers. Although this five companies in the news before been exposed, but has never been confirmed. Today, we will determine which four the extracts. (Zetter released the name of the four companies: Foolad Technic Engineering Co., Behpajooh Co. Elec & amp; Comp. Engineering, Neda Industrial Group and the Control Gostar Jahed. Kaspersky is given for the fifth company name – uranium enrichment centrifuges manufacturer Kala Electric.)

political unrest, it fish in troubled waters

it second attack two weeks before the natanz nuclear plant, Iran is experiencing a commotion. On June 12, 2009, the incumbent President, Mahmoud Ahmadinejad, and challenger Mir Hossein Mr Mousavi’s presidential election are not desirable results. The two votes should be relatively close, but in two hours after the polls close, published the results are surprising, Mr Ahmadinejad beat Denver to 63% of the vote only 34% vote Mr Mousavi. Yell when voters, the next day, this group of angry protesters shout flocked to the streets of Tehran, vent their anger and suspicion. According to media reports, the overthrow of the shah of Iran’s 1979 revolution since the largest civil protest, and evolved into violent action soon. Protesters destroyed shops, setting fire to the bin, loyal to the government’s undercover corps and police are trying to use batons, electric and bullets to disperse them.

that Sunday, Mr Ahmadinejad made a speech to the success of the world, opened a new era in Iran, and protesters like football hooligans as his team annihilated the failure were laid off. In spite of this, the protesters are still going on within the next week the protests, to placate the mob, Ayatollah Ali Khamenei, on June 19th to admit that the election results, insisted that fraud issue is not enough to win 5-1 differ 11 million votes. However people mood is still not ease.

the next day, a 26-year-old woman named Neda Agha Soltan, – were arrested in the protests cause traffic jams, then died of the neck by AnQiang shot, only because she and her music teacher coming out of the car looked at the parade.

by Space Imaging/Inta SpaceTurk provides one day recently of the satellite image shows the Iran’s natanz region once mysterious the natanz nuclear plant, located about 150 km south of Tehran.

two days later, is that on Monday, June 22, the guardian council is responsible for the supervision of the Iranian election officially declared Mr Ahmadinejad won the election, in the nearly two weeks after the protest, Tehran has become unusually quiet. The police used tear gas and live ammunition to disperse demonstrators, almost no longer has the rebels in the streets. About half past four in the afternoon local time, when Iran is working to soothe and care for those in the event of a few days ago is frightened and sad people, through a new round of it launched an attack and concentration.

to recover from the last attack

in the streets of Tehran chaos, the technical personnel from the natanz nuclear plant through a period of relative calm. In the same year is under attack for the first time, they have already heavily centrifuge, by the end of February, at natanz has replaced the 5400 machines, close to Mr Ahmadinejad promised 6000 units last year. Although some centrifuge haven’t into uranium enrichment work, but at least they are in the recovery and improvement; By the end of June has replaced 7052 centrifuges, 4092 of them have been put into work. In addition to A24 area 18 series tube, now it is A26 area increased by 12 series tube. A28 area also have 7 series tube is installed, has been pumping air into vacuum state, ready to receive uranium gas.

also in improving the performance of the centrifuge. Iran’s low-enriched uranium production rose by 20% and in 2009 the whole summer to keep high yield. Although before it attacks, Iran has rapidly across the technology milestone and successfully produce 839 kilograms of low-enriched uranium, it is enough to a breakthrough in nuclear weapons. If continue to keep the pace, Iran will produce enough enriched uranium production within a year two nuclear weapons. However, this estimate is based on the natanz centrifuges just install IR – 1 the ability to work. And Iran have been installed in the pilot plant of small series tube is more advanced IR – 2 centrifuge, once successful, technicians will install them in the ground, so will a reassessment of new ability to enrich uranium. The more advanced IR – 2 centrifuge, the higher working efficiency. IR 3000-1 the centrifuge can concentrate sufficient uranium to make nuclear weapons a year, and takes the same amount of uranium 1200 IR – 2 can be completed.

the second attack

in order to attack experiment plant, the attacker with four companies first laid hands on him. All of these companies engaged in industrial control and deal with related business, or manufacturing related products, either assembly component or installation of industrial control system. They are easy to targeted by it because they are as the contractor of the natanz nuclear plant, can provide virus attacks the natanz nuclear plant.

photos as Iran’s President, Mahmoud Ahmadinejad, visited natanz centrifuges factory in 2008.

in order to ensure to get more code, the new it much more than the old version on the two kinds of route of transmission. It can only be transmitted through 0.5 spread of Siemens PLC program Step 7 project documentation. While a new version of the virus can be exercised through USB flash drive in Windows to run automatically spread function, based on the local network of the victims or using spooled zero-day vulnerabilities to spread, kaspersky lab and symantec antivirus software then found a loophole in the code.

symantec experts can find this information, is due to a strange characteristics of the worm. Whenever infected with a new computer, the worm will be the host of the information stored in its own log. This led to, by analyzing the information of these worms in the sample, we can back out of the full path to the worms. According to its log files, Foolad Technic company is the first victim. It on June 23rd that on Tuesday at 4 PM infected with the virus that it. A week later, other companies were also attacked.

the following Monday, around 5000 demonstrators took to the streets of Tehran, silently to Qoba mosque in memory of the victims of this election protests. About 11 o ‘clock on the night of the 20 points, it will attack the second company – Behpajooh computer.

why Behpajooh will be the target company? The reason is obvious. Behpajooh Isfahan is an engineering company, is a new uranium Iran’s gas conversion factory, it will grind uranium into uranium gas for the natanz nuclear plant to provide raw materials to enrich uranium, it is also the center of the Iran nuclear technology, thus is known as the base of Iran’s nuclear weapons development program. Behpajooh for illegal procurement activities having an affair with Iran in the United States federal court filing for the record.

Behpajooh are installing and programming of industrial control and automation system, including Siemens. The company’s web site didn’t mention the natanz nuclear plant, but actually mentioned in Isfahan factory installed Siemens S7-400 PLC, and Profibus communication module Step 7 and WinCC software. They clearly and it attacks the natanz nuclear plant in the target device.

in Behpajooh 9 day after the attack, which is on July 7, 5 o ‘clock in the morning, it was attacked Neda industrial group and the Control Gostar Jahed the computers of the company and they are recorded in the log. The two companies have design or installation of industrial control system.


You may also like...