Posting mode: Reply

Get a new challenge Get an audio challengeGet a visual challenge Help
Password(Password used for file deletion)
  • Supported file types are: GIF, JPG, PNG
  • Maximum file size allowed is 2048 KB.
  • Images greater than 250x250 pixels will be thumbnailed.
  • Read the rules and FAQ before posting.
  • このサイトについて - 翻訳

  • File : 1285768353.jpg-(47 KB, 370x278, stux.jpg)
    47 KB Anonymous 09/29/10(Wed)09:52:33 No.275733XXX  
    Ask one of the programmers of Stuxnet anything...
    >> Anonymous 09/29/10(Wed)09:54:27 No.275734XXX
    are you a fucking jew?
    >> Anonymous 09/29/10(Wed)09:55:03 No.275734XXX
    What's Stuxnet?
    >> Anonymous 09/29/10(Wed)09:56:17 No.275734XXX
    No, I am not Jewish.
    >> Anonymous 09/29/10(Wed)09:56:41 No.275734XXX
    Prove you are.
    >> Anonymous 09/29/10(Wed)09:57:38 No.275734XXX
    are piad by cia or mossad?
    >> Anonymous 09/29/10(Wed)09:57:41 No.275734XXX
    I need it, may you send one here?

    captcha: need ingedisc
    >> Anonymous 09/29/10(Wed)09:58:35 No.275734XXX
    can you upload some fo the vx code somewhere?
    >> Anonymous 09/29/10(Wed)09:59:07 No.275734XXX
    who was your intended target?
    >> Anonymous 09/29/10(Wed)09:59:40 No.275734XXX
    I will not provide any proof. Assume I'm just a troll bullshitting you if you want.

    It was a combined effort.
    >> Anonymous 09/29/10(Wed)10:00:36 No.275734XXX
    why did you do it?
    >> Anonymous 09/29/10(Wed)10:00:45 No.275734XXX

    Ask one of the programmers of Stfu anything
    >> Anonymous 09/29/10(Wed)10:01:29 No.275734XXX
    "It was a combined effort."

    combined effort? CIA, NSA?
    >> Anonymous 09/29/10(Wed)10:01:45 No.275734XXX
    did you work for a specific country?
    >> Anonymous 09/29/10(Wed)10:03:00 No.275735XXX
         File1285768980.jpg-(17 KB, 320x352, Troll.jpg)
    17 KB
    ok, the answer is just too easy
    >> Anonymous 09/29/10(Wed)10:03:52 No.275735XXX
    what this worm was supposed to do exactly?
    >> Anonymous 09/29/10(Wed)10:04:58 No.275735XXX

    code please ?
    >> Anonymous 09/29/10(Wed)10:05:04 No.275735XXX
    do u spit or swallow?
    >> Anonymous 09/29/10(Wed)10:05:47 No.275735XXX
    The speculation in the news media is largely correct, although there wasn't one specific target. The intent of Myrtle was to hit as much infrastructure as possible in Iran. Over 80% of their critical control systems are running American, German and Israelite technology. The initial estimate is that we set them back six to nine years.
    >> Anonymous 09/29/10(Wed)10:06:28 No.275735XXX

    what language was it written in?
    what is the standard infection vector?
    is it multi-stage?
    in what country do you reside?
    >> Anonymous 09/29/10(Wed)10:06:56 No.275735XXX
    Code or GTFO.
    >> Anonymous 09/29/10(Wed)10:07:23 No.275735XXX
         File1285769243.jpg-(54 KB, 400x300, drawn_thread_01.jpg)
    54 KB
    this thread is ridiculous
    and you are a troll

    no, maybe youre just 12yo and what is this

    if you are who you say you are..
    < solve this. its an encrypted code
    >> Anonymous 09/29/10(Wed)10:08:11 No.275735XXX
    Will you guys hit them with a similar style attack again in another 6 to 9 years?
    >> Anonymous 09/29/10(Wed)10:09:07 No.275735XXX

    why iran ?
    >> Anonymous 09/29/10(Wed)10:10:16 No.275735XXX
    I'm also interested in this
    please, OP, i wanna be a haxxor tooo
    >> Anonymous 09/29/10(Wed)10:12:03 No.275735XXX

    what the hell is this suppose to be ?
    >> Anonymous 09/29/10(Wed)10:12:14 No.275736XXX
    you know nothing

    inb4 troll
    >> Anonymous 09/29/10(Wed)10:13:19 No.275736XXX
    its obviously an encrypted code
    >> Anonymous 09/29/10(Wed)10:13:24 No.275736XXX
    I'm an American living in Germany, but I will not name any agency or company entity. As I said, it was a combined effort, and not just one of governments.

    I was contracted for my knowledge of PLC operation. You can ask me specifics about that if you want.
    >> Anonymous 09/29/10(Wed)10:14:54 No.275736XXX

    Because they cannot send back 9 years further to other countries like Ethiopia or Somalia
    >> Anonymous 09/29/10(Wed)10:15:10 No.275736XXX
    code or gtfo!!!
    >> !!0HU065jl13S 09/29/10(Wed)10:16:41 No.275736XXX
    they say it made the centrifuges fail in a way that wouldn't be noticed. how exactly does/did it do that?
    >> Anonymous 09/29/10(Wed)10:17:31 No.275736XXX
    Now this is an acronym thread!
    PLC = Power Line Connections?
    PLC = Pitiful little child?
    PLC = Power Load Core?
    PLC = Prominent Large Cock?
    >> Anonymous 09/29/10(Wed)10:18:41 No.275736XXX
    I am interested in Troubleshooting Simulation
    >> Anonymous 09/29/10(Wed)10:19:09 No.275736XXX
         File1285769949.gif-(28 KB, 987x862, Trolling101.gif)
    28 KB
    >> Anonymous 09/29/10(Wed)10:19:19 No.275736XXX
    programmable logic controller
    >> Anonymous 09/29/10(Wed)10:19:57 No.275736XXX
    >> Anonymous 09/29/10(Wed)10:20:21 No.275736XXX
    it stands for
    People Licking Clowns
    >> Anonymous 09/29/10(Wed)10:20:40 No.275736XXX
    Was it a good salary?
    Could I apply for the job?
    >> Anonymous 09/29/10(Wed)10:21:09 No.275736XXX
    How do i do things without really typing them so everyone can see what i normally do
    >> !!0HU065jl13S 09/29/10(Wed)10:22:15 No.275737XXX
    seriously, details on how it disabled the centrifuges without anyone noticing, that would have been your job with the PLCs
    >> Anonymous 09/29/10(Wed)10:22:17 No.275737XXX
    Serious post for OP:

    If you are the man power behind the PLC portion; How does it take control over the PLC? And after, what did you do with the PLC?
    >> Anonymous 09/29/10(Wed)10:22:31 No.275737XXX
    quote wiki:

    It was specifically written to attack Supervisory Control And Data Acquisition (SCADA) systems used to control and monitor industrial processes.[2] Stuxnet includes the capability to reprogram the programmable logic controllers (PLCs) and hide the changes.
    >> Anonymous 09/29/10(Wed)10:23:39 No.275737XXX
         File1285770219.jpg-(245 KB, 741x490, 1283559067108.jpg)
    245 KB
    +1000 internets to stuxnet
    >> Anonymous 09/29/10(Wed)10:24:24 No.275737XXX
    what kind of training/education did you have to go through to qualify for this job? I'm very interested
    >> Anonymous 09/29/10(Wed)10:24:52 No.275737XXX
    "Stuxnet" (Myrtle) will infect a PLC differently, depending on system and version.
    An infection sequence consists of blocks (code and data) that get injected into the PLC to alter its behavior.

    The worm contains three infection sequences. Two of these sequences are pretty much functionally equivalent.

    These two similar sequences are sfc1FC1879 and sfc1FC1880.

    The third is sfc1178a. Myrtle determines if the system is the intended target by the installation footprint.

    -The PLC type/family: only CPUs 6ES7-417 and 6ES7-315-2 are infected
    -The System Data Blocks: the SDBs will be parsed, and depending on the values they contain, the infection process will start with method of infection A, B or none. When parsing the SDBs the code searches for the presence of 2 values (7050h and 9500h), and depending on the number of occurrences of each of these values sequence A or B is used to infect the PLC.

    The code also searches for the bytes 2C CB 00 01 at offset 50h in the SDB blocks, which appear if the CP 342-5 communications processor is present. If these bytes are not found then infection does not occur.

    Infection conditions for sfc1178a are determined by more technical factors.
    >> Anonymous 09/29/10(Wed)10:26:39 No.275737XXX
    What kind of software developing approach were you using? Classical Taylorist approach? Scrum? Agile methodologies? Xtreme Programming?

    Did you have 10 managers for each developer? Was your work valued? Do you belong to a syndicate? Are you on strike today? or on holidays?

    Did you have to offshore part of the code to India?
    >> Anonymous 09/29/10(Wed)10:27:57 No.275737XXX
    how does it feel to serve jew interests?

    how does it feel to set back the extermination of the jews by 6-9 years?

    How do you live with yourself?
    >> Anonymous 09/29/10(Wed)10:28:28 No.275737XXX

    did it actually shut down centrifuges? i can't seem to find any confirmation
    >> Anonymous 09/29/10(Wed)10:29:00 No.275737XXX
    /b/ - Random
    The stories and information posted here are artistic works of fiction and falsehood.
    Only a fool would take anything posted here as fact.
    >> noko Anonymous 09/29/10(Wed)10:29:54 No.275737XXX
    this is find any CP?
    >> Anonymous 09/29/10(Wed)10:30:14 No.275738XXX
    What's the meaning of life?

    inb4 this thread turns in to a fagfilled pissing match of "look at my computer lingo." You are all faggots who were bullied at school. I hope you continually get your ass kicked.
    >> Anonymous 09/29/10(Wed)10:30:43 No.275738XXX
    /thread go back to fapping to gay porn newfags
    >> Anonymous 09/29/10(Wed)10:31:13 No.275738XXX
    I just want to congratulate you. Will your virus take down Iranian nuclear plants for sure?
    >> Anonymous 09/29/10(Wed)10:33:39 No.275738XXX
    I consider my part in the creation and distribution of Myrtle to be the single greatest thing I have ever accomplished with my life.

    The Iranians were standing on our backs and proclaiming triumph over the West. We've completely obliterated their house of cards. What you aren't hearing from their state-run media is that the infected PLCs are absolutely useless now. Myrtle cannot be removed without destroying the system.

    They now have nothing but brainless hardware.
    >> Anonymous 09/29/10(Wed)10:34:52 No.275738XXX
    Iraninan here;
    Is there any other way we can overthrow the evil Islamic regime? Islam is bad for Iran. Islam stole Iranian culture. We need all the help we can get.

    Good job.
    >> Anonymous 09/29/10(Wed)10:35:26 No.275738XXX
    Can't they replace them?
    >> Anonymous 09/29/10(Wed)10:35:38 No.275738XXX
    A nuclear program is a deterrent to war. Now that you have weakened Iran's deterrent, an Israeli or American attack has become much more likely. Iran's oil production will be taken offline as a consequence of such action, either through means of destruction or through retribution. Iran's oil production is such that it covers the spread between global oil demand and production. The removal of this production will send oil prices skyrocketing, which will be a blow against a recoverying global ecomony, plunging us all into a new recession or depression. This attack will be seen as an attack against Chinese energy interests, and will lead scenarios over time that are not very good for the human race.

    When the bombs drop on Iran, know that many millions will end up suffering for your actions.
    >> Anonymous 09/29/10(Wed)10:36:16 No.275738XXX
    how can you program any PLC after visiting /b/? How can you do anything worthy with the brain full with millions and millions of fuck?

    I just can't focus anymore!
    >> Anonymous 09/29/10(Wed)10:36:36 No.275738XXX
    You are full of shit OP

    Not aware of ET monitoring aka galactic federations
    >> Anonymous 09/29/10(Wed)10:37:37 No.275738XXX

    those millions will be iranians, and nothing of value will be lost
    >> Anonymous 09/29/10(Wed)10:39:38 No.275739XXX

    The Iranian nuclear energy program threatens no one and is their due right under the NPT. Americans and yourself are the pawns of Israeli interests that are contradictory to your own interests.
    >> Anonymous 09/29/10(Wed)10:40:17 No.275739XXX

    U.S. soldierfag here. at least we will be fighting someone worth fighting.

    I do wish that their threat was still eminent to Israel, though. Any sort of attack with nuclear arms on Israel would hurt the Palestinians, as well. This threat of the holy land being turned into a radioactive wasteland would have really helped to solidify genuine peace talks between the 2.
    >> Anonymous 09/29/10(Wed)10:41:25 No.275739XXX

    Iran is a backward country and will survive continueing to be a backward country.

    America is nearly bankrupt and this will push them over the edge.

    Welcome to the Chinese century you just helped create. Hail Red China.
    >> Anonymous 09/29/10(Wed)10:43:59 No.275739XXX

    No soldiers will set foot in Iran, America can't even subdue the taliban, the Iranians would eat them for dinner.

    Enjoy the pleasant scenery of Afghanistan before you are blown up by an IED.
    >> Anonymous 09/29/10(Wed)10:48:07 No.275740XXX
    Iranians hate their own government.
    >> Anonymous 09/29/10(Wed)10:49:48 No.275740XXX

    No, only a small subset of middle class Iranians hate their government, and the exiles.

    Iranians will die for their country in droves, see Iraq-Iran war.
    >> Anonymous 09/29/10(Wed)10:52:41 No.275740XXX

    You actually seem legit. I googled around, and the name Myrtle isn't a well known name for Stuxnet; although it's mentioned atleast one place.

    1) Can you say anything about who's behind it? If not, why not? You're anonymous here.

    2) How do you know their PLC's are out of order?

    If you're telling the truth, respect man.
    >> Anonymous 09/29/10(Wed)10:53:58 No.275740XXX
    why you calling it a government?
    >> Anonymous 09/29/10(Wed)10:54:09 No.275740XXX
    My ass, just because you hate your government doesn't mean you'd rather have the United States all up in your shit.

    Better the devil you know.
    >> Anonymous 09/29/10(Wed)10:54:20 No.275740XXX
    OP here.

    I don't know all of the the specifics as far as current damage done (to centrifuges, etc), but it has only just begun. It is a staged assault with clear goals and intentions meant to inflict serious harm to Iranian authority -- NOT the Iranian people. We could have made Iran go black eight months ago. Literally... No power. No water. Nothing. We have their nuts in a vice like no nuts have ever been viced. We realize that the lives of millions of innocent people are on the line.

    That their engineers know about Myrtle does nothing. It cannot be removed, and it has an iron grip on critical systems. Like I said before, it will take six to nine years for recovery (complete replacement of infected systems), and that's assuming they can even do it at all.

    The immensity of the attack hasn't yet dawned on the news media in general. The Iranians are quietly making desperate pleas to Russian and European security entities for help, but so far have been rejected because they aren't willing to reveal what they consider state secrets.

    You don't have to believe or trust a random /b/ poster. Just pay attention to this. It will be a defining moment in world history. A war was literally won with this.
    >> Anonymous 09/29/10(Wed)10:55:05 No.275740XXX
    OP: What is it about Stuxnet that makes analyzers say it is too complex to be a one-man job? Sure, that man needs inside information on PLC operation and the related Siemens controllers, but the rest of the worm sounds pretty straightforward and not particularly sophisticated.
    >> Anonymous 09/29/10(Wed)10:55:26 No.275741XXX

    sir you are my role model
    >> Anonymous 09/29/10(Wed)10:55:59 No.275741XXX
         File1285772159.jpg-(158 KB, 1600x1067, babby spider.jpg)
    158 KB
    ITT: trolls trolling trolls

    stuxnet won't do shit, and you all know it
    >> Anonymous 09/29/10(Wed)10:56:45 No.275741XXX
    Iran is much less mountainous than Afghanistan. We have already trained-up the current forces to desert tactics, so movement and fortification in Iran could be "easy", relatively speaking. This war would be bloody and long, lots of casulties. Honestly, I don't even want to go to war with anyone else, anytime soon.

    To really root out the taliban, pashtuns, and extremists, we would need a division sized group of mountain-trained Rangers to deploy at one time. They have too much of an advantage with the generations of experience in the Hindu Kush mountains.
    >> Anonymous 09/29/10(Wed)10:58:20 No.275741XXX
    "Re: stuxnet origin

    Well, fact is that Stuxnet is very complex and developed by highly-skilled professionals, probably the most sophisticated malware we have seen so far. We estimate around 10 people working on it for at least 6 month, well coordinated. Stuxnet is using 4 - at this time unknown - vulnerabilities, which are usually not just found by accident, so I would assume they bought them on the black market. The code is not designed to steal money or intellectual property, or sending Spam, but to sabotage industrial control components and software from Siemens, so very specific in its purpose. The development team has very good knowledge of these Siemens components. They were also using 2 stolen certificates to ensure that stuxnet will be installed as a trusted application, including a procedure to reinfect PCs even after disinfection by poisoned Step7 files (used to configure Siemens software).

    However, the origin is completely speculative and I assume we will never find it out, nor will any country secret service admit their contribution or responsibility for it.

    I personally think that we should be much more aware of future exploits of it. Stuxnet will be analysed be "common" cybercriminals, and sooner or later they will learn from it to create other, highly targeted threats, with a new qualilty, difficult to detect."
    >> Anonymous 09/29/10(Wed)10:59:32 No.275741XXX
    from wiki

    >Stuxnet has also been dubbed as a western declaration of cyberwar against Iran.[42][43] In response to the infection, Iran has assembled a team to combat it. With more than 30,000 IP addresses affected in Iran, an official has said that the infection is fast spreading in Iran and the problem has been compounded by the ability of Stuxnet to mutate. Iran has set up its own systems to clean up infections and has advised against using the Siemens SCADA antivirus since it is suspected that the antivirus is actually embedded with codes which update Stuxnet instead of eradicating it.[44][45][46][47]

    Any comment on this OP? Particularly their belief that Siemens is trying to deliberately fuck them over.
    >> Anonymous 09/29/10(Wed)11:02:22 No.275741XXX
    Note how OP uses the word 'we', he's just some basement dwelling advanced skiddie, if even that.
    He acts like he's the fucking president or something.

    Troll with ego issues
    >> Anonymous 09/29/10(Wed)11:02:25 No.275741XXX
    Ok op, assuming this is legit... why the fuck would anyone think it was a good idea to let this cat out of the bag?

    You can bet that there are is a warehouse of little chinamen reverse engingeering this fucker as we speak.

    and the American, "Israelite" and German SCADA... um.... we use that shit too.
    >> Anonymous 09/29/10(Wed)11:04:16 No.275742XXX
    OP: What's keeping this worm of yours inside Iran? Why isn't it fucking up industrial plants all over the world?
    >> Anonymous 09/29/10(Wed)11:04:57 No.275742XXX
    It seems to heavily rely on default SCADA passwords. One would hope that US plants have been non-stupid enough to change those after all the constant hype of "electronic pearl harbor" ... especially if a TLA tipped them off that it would be an especially good idea round about now ...
    >> Anonymous 09/29/10(Wed)11:06:06 No.275742XXX
         File1285772766.jpg-(30 KB, 355x342, 1282721098806.jpg)
    30 KB
    stuxnet is nothing more than a PSYOP.

    The things attributed to this virus cannot even be done by a algorithm.
    >> Anonymous 09/29/10(Wed)11:06:24 No.275742XXX
         File1285772784.jpg-(17 KB, 275x301, moot on his laptop.jpg)
    17 KB
    >> Anonymous 09/29/10(Wed)11:07:20 No.275742XXX
    are you saying it's non-computable?

    then a human wouldn't be able to do it either
    >> furfag !S91LArbYek 09/29/10(Wed)11:08:25 No.275742XXX
    Holy fuck are you ever stupid
    >> Anonymous 09/29/10(Wed)11:08:39 No.275742XXX
    >Any comment on this OP? Particularly their belief that Siemens is trying to deliberately fuck them over.

    Many entities were involved in the planning and creation. You're talking about Western corporations that have a vested interest in our success -- however, I was not privy to many operational specifics, such as who provided what.

    I will make a speculation though... You don't just stumble upon certs dumpster diving, Microsoft knows Windows better than anyone on the planet, and "theft" makes a good cover.
    >> Anonymous 09/29/10(Wed)11:09:30 No.275742XXX
    Well at least the things claimed ITT.
    idk if there is a real virus out there or not, that is only speculation. But my gut feeling says no.
    >> Anonymous 09/29/10(Wed)11:10:54 No.275742XXX
    Not that I know anything about PLCs but it looks entirely do-able to me. They're just fancy specialised computers. Once you're in, actions destructive to the hardware they're controlling are very likely possible.

    Seems to me these things should have a "write protect jumper" so they have to be explicitly switched into programmable mode, but maybe that's not practical for some reason.
    >> Anonymous 09/29/10(Wed)11:13:05 No.275743XXX
    OP: you say the virus cannot be removed from the target PLCs. What's keeping their owners from just flashing the firmware?
    >> Anonymous 09/29/10(Wed)11:13:55 No.275743XXX
    CA level certs have been stolen before. the certificate system is defective by design, but we don't have better ways of managing trust... so this is what happens from time to time.
    >> Anonymous 09/29/10(Wed)11:14:13 No.275743XXX
    Actual Stuxnet co-creater here. It's intent was to cause Iranians to get paranoid and replace their USB thumbdrives, which we would benefit from as we are a USB thunmbdrive manufacture. We targeted their nuclear program so that people would think it was something more nefarious than it was. Massive thumbdrive production increase, here we come! Now I can afford the 5th wheel for my 5 wheel car.
    >> Anonymous 09/29/10(Wed)11:15:58 No.275743XXX
         File1285773358.jpg-(38 KB, 480x384, f3a9125c50ff3b1b6bcaf752fe55fb(...).jpg)
    38 KB
    LULZ, back to lurker mode.
    >> Anonymous 09/29/10(Wed)11:16:39 No.275743XXX
    when hiding on the thumbdrive, is it hiding in the memory or in the thumbdrive's firmware?
    >> Anonymous 09/29/10(Wed)11:16:46 No.275743XXX
    Well, thats okay, Iran will just flood Iraq and Afghanistan with more weaponry and more GIs will die, and give Hezbollah some more long range missiles, it'll all come out even.
    >> Anonymous 09/29/10(Wed)11:16:54 No.275743XXX
    Give me the first two numbers of you zip code, please (called "PLZ")
    >> Anonymous 09/29/10(Wed)11:17:39 No.275743XXX
    If this virus is so advanced, why hasn't it jumped to humans yet?
    >> Anonymous 09/29/10(Wed)11:17:53 No.275743XXX
    and on g4 they said it wasnt just a bunch of 4channers...
    >> Anonymous 09/29/10(Wed)11:18:43 No.275743XXX
    >OP: you say the virus cannot be removed from the target PLCs. What's keeping their owners from just flashing the firmware?
    The hundreds of thousands of manhours in custom development which they have now either lost, or that is directly threatened. You don't just buy this kind of thing Plug-N-Play.
    >> Anonymous 09/29/10(Wed)11:19:43 No.275744XXX
    I heard Stuxtent had 39 0-day attacks and 5 hippos, which is 3 more hippos than your standard computer virus.
    >> Anonymous 09/29/10(Wed)11:20:07 No.275744XXX
         File1285773607.jpg-(4 KB, 126x126, reaction blonde animu.jpg)
    4 KB
    ... which they never made offline backups of?
    >> Anonymous 09/29/10(Wed)11:20:40 No.275744XXX
    OP here. Part of the contract was to have it infect PLC's only.
    >> Anonymous 09/29/10(Wed)11:21:02 No.275744XXX
    Hey OP. I worked for Siemens in Germany for almost a decade. I was even involved in designing some of Siemens' own IT infrastructure. Can you answer this?: Where or at what plant are these devices made and what program on what operating system is used to design their chips? Here are some easier ones: What's the name of these PLC's ? What kind of licensing does the Step7 software use? What is the name of the portable computers used to program these PLC's?

    >> Anonymous 09/29/10(Wed)11:21:14 No.275744XXX
    If he'd read the Slashdot thread on this yesterday he'd have seen the Myrtle reference.

    Just a troll doing his troll thing
    >> Anonymous 09/29/10(Wed)11:23:01 No.275744XXX
    So what is meant by PLCs?

    PALs, CPLDs or FPGAs?
    Then it's almost certainly bullshit.

    While any program could configure the devices via jtag it takes intrinsic knowledge of the device itself and the circuit in which it sits in to build such a application. Why do you think the xilinx webpack software is over 2 gig large?

    furthermore I really doubt any of these circuits have their jtag ports connected while in use.
    >> Anonymous 09/29/10(Wed)11:23:17 No.275744XXX
    Bumping my question.
    >> Anonymous 09/29/10(Wed)11:24:40 No.275744XXX
    do you really think you can get into a nuclear facility with a thumb drive like that?
    you really know nothing about security protocols in nuclear facilities...
    >> Anonymous 09/29/10(Wed)11:25:39 No.275744XXX
    Was the primary goal just to monitor scada systems in iran or to actually disrupt and potentially destroy?
    >> Anonymous 09/29/10(Wed)11:26:25 No.275744XXX
    Why did you use such a shitty detactable unpacking mehtod?

    Was this intended to be found?
    >> Anonymous 09/29/10(Wed)11:26:26 No.275744XXX
    I'd ask who the insider was and how they got the stolen certs, what the target was specifically and whether they think they got it, but OP obviously has nothing to do with it and if he did wouldnt post here

    this post in particular:
    is pure bs, stuxnet has either completed what it was supposed to do (probable) or failed. it'll take a while to mop it up completely but can't update any more and wasn't designed to be able to update, it updated based on a couple of fixed domain which of course were taken offline the moment it was discovered, and by then it had already done what it had intended or wasn't going to

    this is just some troll jacking off
    >> Anonymous 09/29/10(Wed)11:26:32 No.275744XXX
    link pl0x?
    >> Anonymous 09/29/10(Wed)11:27:18 No.275745XXX
    I think it's mostly just the size of the thing. I mean it's not unusual for malware to be a team effort, a good portion of the crimeware coming out of Russia is thought to be (or to re-use code from an existing "in-house" software base, at least.)
    >> Anonymous 09/29/10(Wed)11:28:46 No.275745XXX
    the unpacking method was actually remarkably advanced and stealthy, but there was no effort to uninstall itself after a certain time had passed (which would have been trivial) so clearly whoever did it didn't care about it being found (it probably would have been anyway, on a USB thumbdrive somewhere)
    >> Anonymous 09/29/10(Wed)11:29:46 No.275745XXX

    JTR PLCs. We took a basic framework inherent to all JTR's regardless of additions, modified it with the injection, and increased its priority level so that it would remap the input sequence. It remaps as sequences are entered so that there is no need for actual conveyance for the payload; it's always in between the interface layer and doesn't depend on the clock also being compromised. It's actually quite clever really.
    >> Anonymous 09/29/10(Wed)11:29:52 No.275745XXX

    being that the malware contained like 4 0-days (i think?) and 2 stolen signed certificates id say its very unlikely it was built buy an individual. Its pretty common thought that it was the work or a nationstate.
    >> Anonymous 09/29/10(Wed)11:31:00 No.275745XXX
    learn metasploit and write your own suxnet! kiddys
    >> Anonymous 09/29/10(Wed)11:31:02 No.275745XXX
    so.... has WWIII begun?
    >> Anonymous 09/29/10(Wed)11:31:24 No.275745XXX
    it's the fact that it uses FOUR 0-day exploits for windows, it uses stolen certs from legit major hardware manufacturers, and it requires advanced knowledge of a industrial controllers in general and the particular system being hijacked

    and it's not that it wasn't a one man job, that is obvious and nothing notable, the catchphrase is it must have been the work of "a nation state"
    >> Anonymous 09/29/10(Wed)11:31:33 No.275745XXX
    Im certainly no expert on stuxnet but Ive read and heard numerous places that is used a very rudimentary unpacking method considering the sophistication level of this malware.
    >> Anonymous 09/29/10(Wed)11:31:43 No.275745XXX
    Nuclear engineer from Iran here.

    We had a good laugh at Myrtle and used the chance to make the zionistic regimes think they can harm us.

    Right now, we're working on the final tests for nuclear warheads which will be then send off to Israel soon.
    >> Anonymous 09/29/10(Wed)11:32:24 No.275745XXX

    Someone put haters gonna hate on op's picture.

    It fits well
    >> Anonymous 09/29/10(Wed)11:32:38 No.275745XXX
    Looks like someone forgot to update the Norton antivirus. You snooze you lose Iran!
    >> Anonymous 09/29/10(Wed)11:33:11 No.275745XXX
    you are an idiot.
    >> Anonymous 09/29/10(Wed)11:33:43 No.275745XXX
    >Was the primary goal just to monitor scada systems in iran or to actually disrupt and potentially destroy?

    To quote the man who hired me, "to provide a collar and leash."

    Their destruction is self-defeating in the long term. Domination is much more productive (see Germany and Japan). America already pays out the nose to world food organizations and charities.

    Note the deafening silence out of Iran recently concerning the progress of their "peaceful" nuclear ambitions. Any progress they claim to make in the next few years is complete fabrication.
    >> Anonymous 09/29/10(Wed)11:33:55 No.275745XXX
         File1285774435.jpg-(27 KB, 325x265, 1247327129836.jpg)
    27 KB
    yes i herd they encrypted the injection layer using an aes military grade trojan riding a multi headed hydra which unscrambled the firewall in realtime
    >> Anonymous 09/29/10(Wed)11:34:10 No.275745XXX
         File1285774450.jpg-(5 KB, 200x131, w32.jpg)
    5 KB
    good things always come from germany :)
    like me :3 , hitler, stuxnet
    pic related, as you can see, iran was in particular the target
    >> Anonymous 09/29/10(Wed)11:34:26 No.275745XXX
    this thread is so full of shit.

    i have a history of malware analysis, believe me or not, i wont provide proof either. but one thing i can say and you better believe me:

    >> Anonymous 09/29/10(Wed)11:35:15 No.275746XXX
    This kinda NSFW site will cost you your head back home, hakmed.
    Go back to
    >> Anonymous 09/29/10(Wed)11:35:50 No.275746XXX
    I don't see how the unpacker even matters if you have stolen authenticode(?) certs to make windows trust your hax. In fact you might actually *want* to use something generic and unremarkable e.g. UPX so as to not make heuristic scanners suspicious.
    >> Anonymous 09/29/10(Wed)11:36:00 No.275746XXX
         File1285774560.jpg-(120 KB, 370x278, hgh.jpg)
    120 KB
    >> Anonymous 09/29/10(Wed)11:36:07 No.275746XXX
         File1285774567.jpg-(376 KB, 1500x1200, armyoftrolls.jpg)
    376 KB
    LOL that doesn't even make sense.
    >> Anonymous 09/29/10(Wed)11:36:30 No.275746XXX
    0-days aren't THAT hard to come by (and according to wikipedia, at least one of the claimed 0-days actually wasn't a 0-day at all), and I'm sure you can find the infamous stolen certs online with ease if you know where to look.
    >> Anonymous 09/29/10(Wed)11:37:15 No.275746XXX
    Real Iranian here.

    I don't even know what to say... /b/ is infested with idiots who will believe anything.

    Go smoke some methamphetamine and troll /b/ all night or something.
    >> Anonymous 09/29/10(Wed)11:37:17 No.275746XXX
    ITT: virgins
    >> Anonymous 09/29/10(Wed)11:38:54 No.275746XXX

    im pretty sure wether the code is signed or not has nothing to do with an antivirus picking up shady activity.
    >> Anonymous 09/29/10(Wed)11:39:02 No.275746XXX
    not according to

    (first doc I could find about it, I could find dozens.. stux probably worked but this whole "derp I am military uber guy we can now destroy iran with stuxnet we have access to every system in iran with 0.5mb which all off the shelf antivirus software now detects" is stupid
    >> Anonymous 09/29/10(Wed)11:39:58 No.275746XXX

    im pretty sure you can't
    >> Anonymous 09/29/10(Wed)11:40:23 No.275746XXX
    if it's not signed you cant load it into the kernel as a driver without a huge warning and dialog to deny it, which would be pretty suspicious with or without a virus :\
    >> Anonymous 09/29/10(Wed)11:40:24 No.275746XXX
    I work in industrial automation. Not with seimens, but with others. Many do have write protect jumpers. Often they aren't used. If this virus does what they claim, they almost certainly have very good Intel on these plants. They would need to know, or somehow figure out, the specific addresses of the IO that controls these devices, and to not be noticed, they would have to manipulate the IO that feeds telemetry back to SCADA. Id love to have been a fly on the wall.
    >> Anonymous 09/29/10(Wed)11:41:11 No.275746XXX
    Being important to our great leader has it advantages.

    My life doesn't differ much from yours. Uncensored Internet and all the porn I want to watch. Only the masses are controlled, those faithful to our great nation enjoy bonuses
    >> Anonymous 09/29/10(Wed)11:41:34 No.275746XXX
         File1285774894.jpg-(389 KB, 1024x768, 2m7fo.jpg)
    389 KB
    OP is a jewfag; Iran was a retarded-ass target. North Korea would have been better -- this devastation coupled with Kim Jong-Il's impending transfer of power to his son would totally buttfuck the government in the ass. Iran is a run of the mill tin-pot dictatorship; NK is one of the last bastions of oppressive totalitarian dumbfuckery and subjects its citizens to horrors that most of us find difficult to imagine.

    Of course, the best target would have been Israel, but that was obviously ruled out from the beginning due to OP's blatant jewishness. So why not North Korea, OP?
    >> Anonymous 09/29/10(Wed)11:41:54 No.275746XXX
         File1285774914.jpg-(66 KB, 333x500, Mohammad-Ali-Ramin-38053.jpg)
    66 KB
    Iranianfag here again.

    Chill out you faggots, I don't know what you guys are so worried about. Go penetrate your girlfriends anus with proper lube and have anal in the rectum.

    Good bye, don't reply to me.
    >> Anonymous 09/29/10(Wed)11:42:33 No.275746XXX
    >is pure bs, stuxnet has either completed what it was supposed to do (probable) or failed

    You don't need to believe me. The anonymity gives me a chance to talk about something I've dedicated my life to for the past three years. I don't care if you think I'm a troll or not -- I'm not posting here for your benefit.

    Don't trust me. Don't believe me. Just watch the news. You're all going to shit bricks by Christmas, and you can brag about how it's old news because you read 4chan.
    >> Anonymous 09/29/10(Wed)11:43:40 No.275747XXX
    post some scada code
    >> Anonymous 09/29/10(Wed)11:43:41 No.275747XXX

    Correct, but my point is, whats the point of using signed code if you are going to use an uber noob unpacking method that 90% of avs will pick up on. Just seemed like the packing method was half assed compared to the rest of the thing. Then again, maybe there was reason for this (ie they wanted it to be found)
    >> Anonymous 09/29/10(Wed)11:44:33 No.275747XXX
    Yea, achmad achmidinejad here. We didnt even have a nuclear program, it was all a bluff and those machines made goat cheese. So what, we milk some more goats and call it a day. It would have been easier for your agents to suck the goats titties dry than spend you millions compromising goat cheese production. You really are such gullible idiots.
    >> Anonymous 09/29/10(Wed)11:44:48 No.275747XXX
    here you go, lot of informations
    >> Anonymous 09/29/10(Wed)11:46:11 No.275747XXX

    Listen to this fag.
    >> Anonymous 09/29/10(Wed)11:47:58 No.275747XXX
    >> Anonymous 09/29/10(Wed)11:48:07 No.275747XXX
    >So why not North Korea, OP?

    Because the Koreans are smart enough not to build their entire infrastructure on the technology of their enemies. The Iranians raised a little flag from our ramparts, then claimed they built the castle.

    OP out.
    >> Anonymous 09/29/10(Wed)11:49:06 No.275747XXX
         File1285775346.jpg-(285 KB, 1024x768, lolimfeedingthetrolls.jpg)
    285 KB
    AHAHAHA haven't even seen that

    a PLD circuit contains such a small mount of data that a typical self replicating 'virus' wouldn't even fit inside the device.
    >> Anonymous 09/29/10(Wed)11:49:30 No.275747XXX

    leave Iran ALONE!!!
    >> Anonymous 09/29/10(Wed)11:50:23 No.275747XXX
    Bumping my question. Any input on this OP?
    >> Anonymous 09/29/10(Wed)11:51:35 No.275748XXX
         File1285775495.jpg-(886 KB, 2960x900, 1285587398243.jpg)
    886 KB

    You can't seriously be implying that Koreans are smarter than Iranians.
    >> Anonymous 09/29/10(Wed)11:53:48 No.275748XXX
         File1285775628.jpg-(68 KB, 450x418, Gareth Williams.jpg)
    68 KB
    OP i thought they found you dead in a bag?!
    >> Anonymous 09/29/10(Wed)11:54:24 No.275748XXX

    Fappable? Because I did.
    >> Anonymous 09/29/10(Wed)11:55:23 No.275748XXX
    how sad.. you realize stuxnet is well analyzed and the papers on it are readily available (symantec is releasing another one at a virus conference today in fact, which I look forward to reading)
    we know, for example, how it updated (long since disabled), and that it targeted one machine. we know what the changes did but without the context of the machine we don't know what those changes would do. that'll all be fun to figure out, and it'll float around like blaster for a while, but otherwise it's over

    mmm, well if you say so ..
    >> Anonymous 09/29/10(Wed)11:56:18 No.275748XXX

    Americans are extremely ignorant about Iranians.

    They know practically nothing about them.
    >> Anonymous 09/29/10(Wed)11:57:10 No.275748XXX
    this guy doesnt realize that the certs used in stuxnet were stolen from korean companies, yet he's trying to pretend to have worked on stuxnet.. how adorable, it's like watching a kid play pretend astronaut or something
    >> Anonymous 09/29/10(Wed)11:58:17 No.275749XXX

    And you sound like a fucking idiot because they are Taiwanese companies.

    Get off the internet, fag.
    >> Anonymous 09/29/10(Wed)11:58:51 No.275749XXX
         File1285775931.jpg-(433 KB, 1280x1748, 2315164.jpg)
    433 KB
    not the first time 4chan beats the news
    pic related
    >> Anonymous 09/29/10(Wed)11:59:05 No.275749XXX

    ond of game
    >> Anonymous 09/29/10(Wed)12:00:16 No.275749XXX
    not OP but they replaced the dll used to write to the firmware, intercepting any calls to request/overwrite the altered code

    of course this was only supposed to last long enough to cause whatever damage / other goal it was intended to cause, and it probably has, and since then they'll certainly have replaced the whole thing including the controller
    >> Anonymous 09/29/10(Wed)12:00:56 No.275749XXX

    Even if you wrote Stuxnet, what makes you think those Machines intended to be infected are even Connected to the Internet?

    and even if Someone attempts to smuggle a USB in, Iranians would have installed metal detectors and magnets the size of your moms meat flaps to wipe any data that was stored on said USB

    Nice, try, Troll harder.
    >> Anonymous 09/29/10(Wed)12:03:56 No.275749XXX

    op still googleing, failing ^^
    >> Anonymous 09/29/10(Wed)12:04:08 No.275749XXX
    not OP, but stuxnet didnt require internet access since it moved around on USB drives and certain step7 files
    >> Anonymous 09/29/10(Wed)12:05:20 No.275749XXX
    and not to forget every inch of your ass searched.

    but then again newfags think anyone can whaltz into a Nuclear Plant with a USB and blow Iran up
    >> Anonymous 09/29/10(Wed)12:05:55 No.275750XXX
    how did u get the entrance to the windows systems and why was it uncovered especially by the white-russians?
    >> Anonymous 09/29/10(Wed)12:06:27 No.275750XXX
    >someone worth fighting.

    HAHAHA, OH WOW.jpg.

    It's so sad how you Americans think you're so free but really you're just mindless drones who bought into your own propaganda.
    >> Anonymous 09/29/10(Wed)12:08:09 No.275750XXX
    stuxnet is russian... it was infected into the bases by a russian contractors flash drive, learn2news.
    >> Anonymous 09/29/10(Wed)12:08:19 No.275750XXX
    Theyre would be magnets at the entrance, very powerful fucking ones.
    Anything on a USB would be obliterated.
    >> Anonymous 09/29/10(Wed)12:08:30 No.275750XXX
         File1285776510.jpg-(25 KB, 729x451, fucking_magnets.jpg)
    25 KB
    >magnets the size of your moms meat flaps to wipe any data that was stored on said USB
    >magnets to wipe any data that was stored on said USB
    >magnets USB
    magnets don't affect flash storage, you retard
    >> Anonymous 09/29/10(Wed)12:08:44 No.275750XXX
         File1285776524.jpg-(27 KB, 296x500, secret_agent_1.jpg)
    27 KB
    According to a claim upthread Russian contractors got it in, knowingly or otherwise. It's a feasible scenario. Most spy-work is paying people off that legitimately have access, rather than obtaining it yourself.
    >> Anonymous 09/29/10(Wed)12:09:48 No.275750XXX
    there are multiple enrichment facilities in iran, the data used to program the PLCs gets carried around via step7 files (which stuxnet could also infect), probably via USB as well as other means
    >> Anonymous 09/29/10(Wed)12:10:14 No.275750XXX


    i can remember until 95, there were 2 scada systems in the US, that you could dial up to wich didn't even require passwords. everybody who knew of those was to scared to fuck around of course. most of you newfags werent even born back then
    >> Anonymous 09/29/10(Wed)12:10:30 No.275750XXX

    Iranianfag reporting in, agreed.
    >> Anonymous 09/29/10(Wed)12:10:36 No.275750XXX
    >>275750365 read >>275749376

    inb4 how do magnets work
    >> Anonymous 09/29/10(Wed)12:14:19 No.275751XXX
    fucking newfags
    How does I strong Neodymium Magnets?
    >> Anonymous 09/29/10(Wed)12:14:37 No.275751XXX
    How do magnets work?

    sigh. according to wikipedia:
    >While the fundamental concepts of PLC programming are common to all manufacturers, differences in I/O addressing, memory organization and instruction sets mean that PLC programs are never perfectly interchangeable between different makers. Even within the same product line of a single manufacturer, different models may not be directly compatible.
    >> Anonymous 09/29/10(Wed)12:16:05 No.275751XXX
    >> Anonymous 09/29/10(Wed)12:16:39 No.275751XXX
    Hai guise, Stuxnet here. I can confirm OP is NOT a fag.
    >> Anonymous 09/29/10(Wed)12:18:06 No.275751XXX
    Let me quote from your link, newfag
    "More modern forms of portable memory, such as SD memory cards and USB flash drives, do not have magnetic films to record data like their floppy-disk forefathers did. As a result, they are immune to interference from external household magnets. "A magnet powerful enough to disturb the electrons in flash would be powerful enough to suck the iron out of your blood cells," said Bill Frank, executive director of the CompactFlash Association."

    Go shove your neodymium toy up your arse
    >> Anonymous 09/29/10(Wed)12:19:37 No.275751XXX
    thats utter bullshit dude
    Remember offsets are hexadezimal...
    >> Anonymous 09/29/10(Wed)12:22:43 No.275752XXX
    As I said before, they would have metal detectors at the enterance as well

    Lets see how well an SD card goes against a Powerdrill.

    Powerdrill 1 Flash Memory 0

    also, who are you to say cheaper, tackier models of USBs/flash memory are less susceptible to magnet damage
    >> Anonymous 09/29/10(Wed)12:22:48 No.275752XXX
    You should read your sources more, lurk moar, and troll less. Kthxbai.
    >> Anonymous 09/29/10(Wed)12:24:56 No.275752XXX
    For gods sake

    Conficker for the amount of time, it was going around was doing more damage than faggot Stuxnet

    Russian Contractors wont get the damn thing in the front door
    >> Anonymous 09/29/10(Wed)12:25:01 No.275752XXX
    Just stop posting
    >> Anonymous 09/29/10(Wed)12:25:27 No.275752XXX
    Hey Guys!

    That pic is not of the reactor that got Stuxnetted. That is a picture of their uranium enrichment facility.

    'How do YOU know?' you ask...

    I know because I WORK at a uranium enrichment facility and I used to work at a nuclear power plant!

    >> Anonymous 09/29/10(Wed)12:25:47 No.275752XXX

    usb drives go trough a metal detector quite easy. fucktards. there isnt much metal at all
    >> Anonymous 09/29/10(Wed)12:25:51 No.275752XXX

    let ME quote YOUR post,

    Let me quote from your link, newfag
    "More modern forms of portable memory, such as SD memory cards and USB flash drives, do have magnetic films to record data like their floppy-disk forefathers did. As a result, they are vulnerable to interference from external household magnets. "A magnet powerful enough to disturb the electrons in flash would be one millionth billionth powerful enough to suck the iron out of your blood cells, which is a really bizarre analogy I am making which doesnt really make sense" said Bill Frank, executive director of the CompactFlashNoMagnets Association, from a magnet proof cage."

    Even the guy agrees dipshit
    >> Anonymous 09/29/10(Wed)12:28:56 No.275753XXX

    SD cards can not be picked up by metal detectors. I know for a fact after a place I worked at. They were very easy to steal.
    >> Anonymous 09/29/10(Wed)12:29:43 No.275753XXX

    They would search you.

    If its not the magnets, its the powerdrill.
    >> Anonymous 09/29/10(Wed)12:29:48 No.275753XXX
    put sd into metal wristband of your watch
    put sd into portemonnaie amongst coins
    put sd under your belt buckle

    face it you retard: it's trivial to smuggle such a small device past a metal detector when you're not considered a state enemy deserving anal probing

    also if you invest years of planning into creating something like stuxnet, one would think that they invest more than $1 for a decent usb stick
    >> Anonymous 09/29/10(Wed)12:30:33 No.275753XXX

    Fail. If Russia had that kind of capability they would have taken Caucasian insurgent propaganda outlets and lines of communication down by now. If they were feeling especially confident, they might have given it to their pet Ayman al-Zawahiri and let al-Qa'idah wreak havoc with it.
    >> Anonymous 09/29/10(Wed)12:30:49 No.275753XXX
    We know it's a bunch of centrifuges. They didn't just have one scada system hit though, they had a whole lot through the entire country, some of which might have been reactors and some of which might have been centriguges. Infections occured outside iran, too.
    >> Anonymous 09/29/10(Wed)12:31:42 No.275753XXX
    -10/10 troll

    must be the hardest fail ever around here

    Delete Post [File Only]
    Style [Yotsuba | Yotsuba B | Futaba | Burichan]