(Times of Israel) Stuxnet, gone rogue, hit Russian nuke plant, space station (fwd)

[Andy Isaacson]

On Tue, Nov 12, 2013 at 10:57:43PM +0100, Lodewijk andré de la porte wrote:
> The software was highly specific and messed with the controller of
> centrifuges. Speeding it up and slowing it down faster than they should,
> messing with the bearings (or something like that). I didn't know the ISS
> had that sort of centrifuges there.
> 
> Regardless, the protip is: don't windows for critical systems.

The final payload was specific to the Natanz turbine controllers.  The
Windows malware delivery mechanism, though, could in theory infect any
Windows host it came in contact with (that didn't have the 0days fixed).

The intermediate stage attacked the Siemens Step7 software, which runs
on Windows and which could potentially be used in space applications
(although it seems somewhat unlikely that it would have been used *on*
the ISS).  The intermediate stage was designed to be inactive unless the
specific configuration of hardware found at Natanz was detected, so in
theory it should be "safe" even if Step7 were found on an ISS system,
but that theory seems risky to depend on.

Reading the reports charitably, I would suspect that the Windows malware
delivery mechanism might have been transported to the ISS, but would
have been inactive there in the absence of a Step7 installation for the
intermediate stage to infect.

-andy