Operation Olympic Games
November 20, 2013 7:02 AM Subscribe
The Langner Group, based in Germany, has published the most detailed report yet
on the Stuxnet
malware that was used to sabotage Iran's uranium enrichment efforts.
"Different from cyber attacks as we see them every day, a cyber-physical attack involves three layers and their specific vulnerabilities: The IT layer which is used to spread the malware, the control system layer which is used to manipulate (but not disrupt) process control, and finally the physical layer where the actual damage is created. In the case of the cyber attack against Natanz, the vulnerability on the physical layer was the fragility of the fast-spinning centrifuge rotors that was exploited by manipulations of process pressure and rotor speed. The Stuxnet malware makes for a textbook example how interaction of these layers can be leveraged to create physical destruction by a cyber attack. Visible through the various cyber-physical exploits is the silhouette of a methodology for attack engineering
that can be taught in school and can ultimately be implemented in algorithms. The report also addresses common misconceptions about Stuxnet, such as the theory that the malware would have escaped from Natanz due to a programming error, or that nation-state capabilities would be required to pull off copycat attacks against critical infrastructure installations."
Come for the detailed breakdown of the attack - how and why it worked - but stay for the detailed analysis of screencaps from Ahmadinejad's televised tours of the facility. An enormous amount of detail can be gleaned from the workstation displays, pipe locations and floor layout.
Stuxnet previously: 1