A computer attack on Iranian nuclear program did more harm than first reported. And an attack on law enforcement officer data in Missouri shows how low some hackers go. A new report suggests Iran's nuclear program has not recovered from the Stuxnet worm as previously believed. It appears Iran is still replacing thousands of expensive centrifuges that were damaged by the worm. Stuxnet was not entirely purged from Iran's nuclear facilities and it resurfaced again to damage more systems, Western intelligence sources told DEBKAfile July 20. DEBKAfile claimed Iran had replaced an estimated 5,000 centrifuges to remove the threat. Iran finally resorted to the only sure-fire cure, scrapping all the tainted machines and replacing them with new ones, according to the report, noting a spokesperson from Iran foreign ministry said July 19 it was installing newer and faster centrifuges at its nuclear plants to speed up operations.
The worm was among the most sophisticated pieces of malware ever discovered in the wild. It exploited the AutoRun functionality on Windows to infect computers from USB drives. It then used a hardcoded default password for Siemens' management applications to compromise the machine before taking over specialized industrial-control computers that ran a proprietary operating system from Siemens. The worm also hijacked the facility monitoring system to falsely show the machines were functioning normally, preventing officials from catching on to what was really happening. While Stuxnet specifically targeted Siemens' industrial process control computers used in nuclear centrifuge operations, an ESET researcher noted there are plenty other industrial process automation and control systems being used on modern critical infrastructure, and that network operators have to assess their threat exposure level and how to mitigate it.
Hackers said they posted the names, addresses, and other personal information of 7,000 law enforcement officers that were stolen from a Missouri Sheriffs Association training academy Web site they compromised, The Register reported August 1. One of the identified individuals confirmed with The Register that the data listed for him in the 938 kilobyte file was accurate. Many of the entries include officer Social Security numbers, e-mail addresses, and the usernames and passwords for their accounts on the Web site. AntiSec claimed responsibility and said the data dump was made in retaliation for the recent arrest of 14 people accused of participating in a Web attack in December that strained server capacity for PayPal. Many of the passwords employed by the officers were ordinary dictionary words, or were identical to their names or badge numbers, demonstrating some of the same mistakes other users make in setting up security pass codes. Assuming the officers used the same password for other accounts, as is common, their e-mail accounts would also be compromised. The file suggests the training site failed to follow industry best practices by securing the password database with one-time hashes to prevent them from being read by attackers.