India on Stuxnet Alert

Monday, June 18, 2012 @ 02:06 PM gHale


By Richard Sale and Gregory Hale
The Indian government authorized two agencies to carry out state-sponsored attacks if necessary, sources told ISSSource.

In addition these sources also said the government is stepping up its cyber security capabilities with plans to protect critical national infrastructure from a Stuxnet-like attack.

RELATED STORIES
Flame Out: Certificate Management Changed
Flame Keeps Security Wags on Alert
Talk to Me: Stuxnet, Flame a Global Alert
Stuxnet Warfare: The Gloves are Off
Flame: ‘20 Times Larger than Stuxnet’
New Stuxnet Waiting for Green Light
Stuxnet Loaded by Iran Double Agents

The Indian National Security Council, headed by Prime Minister Manmohan Singh, is currently finalizing plans that would give the Defense Intelligence Agency (DIA) and National Technical Research Organization (NTRO) the power to carry out unspecified offensive operations, the source said.

India is also hoping to co-ordinate its defensive capabilities better, in the event of an attack that could debilitate its critical infrastructure.

The country reportedly suffered from the hit by Stuxnet, although it doesn’t appear to have caused any serious damage and was unlikely to have been a deliberately targeted attack, the sources said.

As ISSSource reported last September, Stuxnet was the creation of a joint U.S., Israel project. While the targeted victim was the Natanz nuclear site in Iran, other organizations across the world operating with the Siemens system suffered from collateral damage from the attack. India was one, there were also companies in the United States using that technology that suffered a hit from Stuxnet.

Stuxnet is a sophisticated piece of computer malware designed to sabotage industrial processes controlled by Siemens SIMATIC WinCC and PCS 7 control systems. The code used known and previously unknown vulnerabilities to install, infect and propagate, and was powerful enough to evade state-of-the-art security technologies and procedures.

The worm used at least four zero-day exploits and had Microsoft Windows driver modules signed using genuine cryptographic certificates stolen from respectable companies, contained about 4,000 functions, and utilized advanced anti-analysis techniques to render reverse engineering difficult.

As ISSSource’s Richard Sale reported back in October, Stuxnet had its true origin in the waning moments of George W. Bush’s presidency in 2009, said former senior intelligence officials, one of whom worked for the National Intelligence office.

At the time, President Bush wanted to sabotage the electrical and computer systems at Natanz, which is a fuel enrichment plant in Iran. After Bush left office, President Barack Obama accelerated the program, these sources said.

The groundwork for the plan began much earlier though. In 2007, Idaho National Laboratory (INL) inked a development contract with Siemens the purpose of which was to help Siemens study its own computer weaknesses, the sources said. Quite a few suppliers have these types of pacts with INL to test platforms to find and resolve weaknesses.

In 2008, shortly after Siemens brought in the system for analysis, the Department of Homeland Security got wind of it and teamed with INL to study Siemens PCS 7 or Step 7 platform which runs all sorts of sensors and machines in the process control system, the sources said.

As it turned out the system they were testing was also the same system running the nuclear enrichment plant in Natanz.

While the technical plan of creating the Stuxnet virus was ongoing, Israel was training operatives, or as it turned out double agents, to plant the worm using a corrupt “memory stick.32,” said former and serving U.S. intelligence officials.

These sources, who requested anonymity because of their close proximity to investigations, said a saboteur at the Natanz nuclear facility, probably a member of an Iranian dissident group, used a memory stick to infect the machines there. They said using a person on the ground would greatly increase the probability of computer infection, as opposed to passively waiting for the software to spread through the computer facility.

“Iranian double agents would have helped to target the most vulnerable spots in the system,” one source said. In October 2010, Iran’s intelligence minister, Heydar Moslehi said an unspecified number of “nuclear spies” were arrested in connection with Stuxnet.33 virus.



Leave a Reply

You must be logged in to post a comment.