Home > Critical Infrastructure Security, Information Security, SCADA Security > Siemens Official Slides on Stuxnet

Siemens Official Slides on Stuxnet

A couple of days ago Siemens Internal CERT released some slides about Stuxnet as a form of “Official Communication” within their constituents.

Siemens Stuxnet Slides

Siemens Stuxnet Slides

In the official slides (Here) , Siemens confirmed that its a targeted attack by using terms like “targeting a very specific configuration, certain PLC blocks and specific processes or (project)“. These bold statements simply means that Stuxnet makers had (one target) in mind, and this should eliminate any theory out there denying that its a state sponsored malware.

The slides confirmed that the malware is capable of transferring data outside of the infected system back to the command and control servers, yet nothing has been proven specially that the two C&C servers ( • www[.]mypremierfutbol[.]com • www[.]todaysfutbol[.]com ) were brought down by Symantec.

Then the slides claim that all known infections are now clean and zero plant damages reported. yet they didn’t specify their definition of “damage”, is it seeing the plant up in flames or few bytes of data going out ?

The slides go on listing the great deeds of siemens since the discovery of the malware : “white papers, cleaning tools, contacting customers, working with top AV vendors, even magazine interviews”. isn’t this what they are paid to do ?

What really got on my nerves was their genius conclusion that future infections are “Unlikely” , and that is because the malware pattern is now detected by up to date Anti Virus programs. Eureka !!

Yes, future “Stuxnet” infections might be unlikely, but this is certainly not the end of this type of attacks as long as top vendors like Siemens still use “Hard coded & publicly available” passwords on critical systems in the year 2010 and dont even admit that this is the REAL problem.

Another statement that also reflects severe undermining of the terms “due diligence, and responsibility ” is a question they highlighted in yellow : “Has the customer done all he can ? “.

Imagine a car manufacturing company that sold you a very expensive car, supposedly equipped with a seatbelt, then you run into an invisible wall that someone deliberately put in front of you and built it in a very special way, using specific materials that takes advantage of known and published weaknesses in your seatbelt buckle lock design. Imagine yourself sitting in the hospital wondering how on earth you gonna fix this messed-up face of yours, then the car makers dudes comes up and tell you that its partially your fault for not trying to do all you can, perhaps you could have tried holding the buckle with your teeth !

Advertisements
  1. bongoalex
    November 8, 2010 at 9:03 am

    Those slides are epic. I got tears in my eyes. Great Monday morning laugh! Thanks for that! EPIC FAIL! Haha

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: