No Copy


No Right Click

Selamat Datang di Situs Belajar PLC dan SCADA

Blog gratis yang menyajikan berita seputar PLC dan SCADA.

Microsoft Windows 10

Berita seputar Microsoft Windows 10. Membahas berbagai informasi mengenai Microsoft windows terbaru.

Apple OSX

Artikel yang membahas tentang OSX terbaru dari Apple tentu sangat menarik untuk dibaca. Tak kalah serunya jika kita paham mengenai tips dan trik yang ada didalamnya.

Photography

Photography asik dan menarik jika kita mengetahuinya lebih dalam. Disini kita bisa melihat berbagai hal dari sudut pandang photo. Menarik untuk dipahami.

Wednesday, October 13, 2010

IP Ratings – What are they and what do they mean?

Electrical cabinets are one of those ubiquitous elements in industrial environments. It doesn’t matter what industry you are in – whether it’s discrete, process , utility, building and construction or even commercial retail – everything needs power. That means cables and relays carrying what may be a dangerous amount of electricity that need to be protected from the elements and environment on one side and people that need to be protected from accidental exposure on the other.

The consequences of such accidental exposure can be tragic. According to statistics collected and published by Capelli-Schellpfeffer, Inc., electrical accidents called arc flashes kill one or two people in the United States every day. Many more are injured and then there is the cost of damaged equipment and lost production to consider. Numerous standards have been devised to reduce the frequency of such accidents and make industrial environments as safe as possible. These standards govern every aspect of equipment and procedures used for managing electricity. For example, IEC 60529 classifies the level of protection provided against accidental contact with live electrical parts and the intrusion of solid objects (including  tools and body parts like hands and fingers), dust, and water in electrical enclosures.

However, there is more to adhering to safety standards than including them as requirements in an RFP. You have to know what they mean so you can select the right equipment for the right task and enforce their use. And that can be a challenge as you have to understand what the different ratings mean and how they are applied in your particular environment. In the case of IEC 60529 the grading is called an IP rating.
“IP is short for Ingress Protection, and is specifically oriented to the amount of security an electrical cabinet has against the intrusion of either solid objects, dust or moisture,” says John Kovacik, Principal Engineer, industrial control equipment with Underwriters Laboratories Inc. Underwriters Laboratories is an independent product safety certification organization that has been testing products and writing safety standards for more than a century. “The IP rating is very important for knowing what kind of enclosure is appropriate for your particular environment and application.”

An IP rating consists of the letters IP followed by two numbers and an optional letter. The numbers provide a grading against a set of conditions – specifically delineating the level of protection an enclosure has against the penetration of solids and dust (first number) or liquids (second number). If a cabinet has no rating against one of these categories of penetration, the number is replaced with an X. For example, an electrical socket rated IP22 is protected against the insertion of fingers and will continue to function safely when exposed to vertically or nearly vertically dripping water. IP22 or IP2X are typical minimum requirements for the design of electrical accessories for indoor use.

“IP ratings are very important to people setting up equipment in almost any environment,” says Kovacik, who adds that enclosures are further categorized by the environments they are designed for. “If you are setting up an electrical cabinet in an outdoor environment in Alaska, you need to know the enclosure you purchase can withstand severe winter conditions. Buying an enclosure engineered for an indoor SMT line won’t satisfy your needs. These ratings help you determine what type of enclosure is right for your requirements.”

Solids
First NumberObject size protected againstEffective against
0No protection against contact and ingress of objects
1>50 mmAny large surface of the body, such as the back of a hand, but no protection against deliberate contact with a body part
2>12.5 mmFingers or similar objects
3>2.5 mmTools, thick wires, etc.
4>1 mmMost wires, screws, etc.
5Dust protectedIngress of dust is not entirely prevented, but it must not enter in sufficient quantity to interfere with the satisfactory operation of the equipment; complete protection against contact
6Dust tightNo ingress of dust; complete protection against contact

Liquids
Second NumberProtected againstDetails
0Not protected
1Dripping waterDripping water (vertically falling drops) shall have no harmful effect.
2Dripping water when tilted up to 15°Vertically dripping water shall have no harmful effect when the enclosure is tilted at an angle up to 15° from its normal position.
3Spraying waterWater falling as a spray at any angle up to 60° from the vertical shall have no harmful effect.
4Splashing waterWater splashing against the enclosure from any direction shall have no harmful effect.
5Water jetsWater projected by a nozzle against enclosure from any direction shall have no harmful effects.
6Powerful water jetsWater projected in powerful jets against the enclosure from any direction shall have no harmful effects.
7Immersion up to 1 mIngress of water in harmful quantity shall not be possible when the enclosure is immersed in water under defined conditions of pressure and time (up to 1 m of submersion).
8Immersion beyond 1 mThe equipment is suitable for continuous immersion in water under conditions which shall be specified by the manufacturer. Normally, this will mean that the equipment is hermetically sealed. However, with certain types of equipment, it can mean that water can enter but only in such a manner that produces no harmful effects.

Further complicating matters is the fact that the IEC isn’t the only organization that offers a rating system for electrical enclosures. The National Electrical Manufacturers Association (NEMA) also has a system of protection ratings. While you may find an IP rating on almost any piece of electrical equipment, NEMA ratings are specifically focused on the industrial environment and are predominantly North American.
According to Kovacik, NEMA ratings cover additional qualifications not addressed by the IEC standards so they don’t map directly to IP ratings and that makes it important to understand how they relate. NEMA ratings also address issues such as corrosion resistance and construction practices which are not addressed by IP ratings. Because NEMA covers these additional factors, NEMA and IP ratings are not truly equivalent. A NEMA rating can satisfy or exceed all the requirements of an IP rating – for example, NEMA 1 meets all the requirements of IP20 and NEMA 6 meets all the requirements of IP67 – but the reverse is not true.

NEMA Ratings:
Type DesignationEffective against
1Indoor use primarily to provide a degree of protection against limited amounts of falling dirt.
2Indoor use primarily to provide a degree of protection against limited amounts of falling water and dirt.
3Outdoor use primarily to provide a degree of protection against rain, sleet, wind blown dust and damage from external ice formation.
3ROutdoor use primarily to provide a degree of protection against rain, sleet, and damage from external ice formation.
3SOutdoor use primarily to provide a degree of protection against rain, sleet, windblown dust and to provide for operation of external mechanisms when ice laden.
4Indoor or outdoor use primarily to provide a degree of protection against windblown dust and rain, splashing water, hose-directed water and damage from external ice formation.
4XIndoor or outdoor use primarily to provide a degree of protection against corrosion, windblown dust and rain, splashing water, hose-directed water, and damage from external ice formation.
5Indoor use primarily to provide a degree of protection against settling airborne dust, falling dirt, and dripping noncorrosive liquids.
6Indoor or outdoor use primarily to provide a degree of protection again hose-directed water, and the entry of water during occasional temporary submersion at a limited depth and damage from external ice formation.
6PIndoor or outdoor use primarily to provide a degree of protection against hose-directed water, the entry of water during prolonged submersion at a limited depth and damage from external ice formation.
7Indoor use in locations classified as Class I, Division 1, Groups A, B, C or D hazardous locations as defined in the National Electric Code (NFPA 70) (Commonly referred to as explosion-proof).
8Indoor or outdoor use in locations classified as Class I, Division 2, Groups A, B, C or D hazardous locations as defined in the National Electric Code (NFPA 70) (commonly referred to as oil immersed).
9Indoor use in locations classified as Class II, Division 1, Groups E, F and G hazardous locations as defined in the National Electric Code (NFPA 70) (commonly referred to as dust-ignition proof).
10Intended to meet the applicable requirements of the Mine Safety and Health Administration (MSHA).
12/KIndoor use primarily to provide a degree of protection against circulating dust, falling dirt, and dripping noncorrosive liquids.
13Indoor use primarily to provide a degree of protection against dust, spraying of water, oil, and noncorrosive coolant.
Note: An “X” may be added to the Type 3, 3R and 3S ratings (3X, 3RX, 3SX) to denote additional corrosion protection equivalent to a Type 4X rating.
Additional links

Wednesday, October 6, 2010

StuxnetRemover 1.0.1.3: Free Download

StuxnetRemover is a lightweith utility that will scan and remove Stuxnet/Tmphider rootkit from your computer. StuxnetRemover is able to remove active infections and clear USB devices.



Download: http://www.softpedia.com/progDownload/StuxnetRemover-Download-165585.html

How Stuxnet Worm Works

Stuxnet looks for industrial control systems and then changes the code in them to allow the attackers to take control of these systems without the operators knowing. In other words, this threat is designed to allow hackers to manipulate real-world equipment, which makes it very dangerous.
It’s like nothing we’ve seen before – both in what it does, and how it came to exist. It is the first computer virus to be able to wreak havoc in the physical world. It is sophisticated, well-funded, and there are not many groups that could pull this kind of threat off. It is also the first cyberattack we’ve seen specifically targeting industrial control systems.
The worm is made up of complex computer code that requires lots of different skills to put it together. Symantec security experts estimate it took five to ten people to work on this project for six months. In addition, knowledge of industrial control systems was needed along with access to such systems to do quality assurance testing; again indicating that this was a highly organized and well-funded project.
"We've definitely never seen anything like this before," said Liam O’Murchu, Researcher, Symantec Security Response. "The fact that it can control the way physical machines work is quite disturbing."

Exploring Stuxnet’s PLC Infection Process

We first mentioned that W32.Stuxnet targets industrial control systems (ICSs) -- such as those used in pipelines or nuclear power plants -- 2 months ago in our blog here and gave some more technical details here.
While we are going to include all of the technical details in a paper to be released at the Virus Bulletin Conference on September 29th, in recent days there has been significant interest in the process through which Stuxnet is able to infect a system and remain undetected.
Because Stuxnet targets a specific ICS, observing its behavior on a test system can be misleading, as the vast majority of the most interesting behavioral characteristics simply will not occur. When executed, one of the behaviors that one may immediately see is Stuxnet attempting to access a Programmable Logic Controller (PLC) data block, DB890. This data block is actually added by Stuxnet itself, however, and is not originally part of the target system. Stuxnet monitors and writes to this block to alter the PLC program flow depending on certain conditions.
In this blog entry we will discuss the details of the PLC infection and rootkit functionality. In particular we will discuss the following important aspects of the Stuxnet attack on targeted ICSs:
  1. How it chooses industrial control systems to target
  2. The method used to infect PLC code blocks
  3. The actual code that is placed onto PLCs during infection
  4. The PLC rootkit code that is present on an infected Windows machine
These four points are to be addressed individually as the code to achieve each of these tasks is quite different.
Stuxnet’s goal is to modify the behavior of an industrial control system by modifying PLCs. It does this by intercepting read/write requests sent to the PLC, determining whether the system is the intended target, modifying the existing PLC code blocks and writing new blocks to the PLC, and finally hiding the PLC infection from the PLC operator/programmer using rootkit functionality. The tasks are distinct because, for instance, the hiding of infected code blocks takes place on the infected Windows machine using standard C/C++ code whereas the malicious code that Stuxnet aims to run on the industrial control system execute on the PLC and are written in MC7 bytecode. MC7 is the assembly language that runs on PLCs and is often originally written in STL.
Before discussing Stuxnet’s techniques for attacking PLCs let’s first look at the basics of how PLCs are accessed and programmed.
To access a PLC, specific software needs to be installed; Stuxnet specifically targets the WinCC/Step 7 software used for programming particular models of PLC. With this software installed, the programmer can connect to the PLC via a data cable and access the memory contents, reconfigure it, download a program onto it, or debug previously loaded code. Once the PLC has been configured and programmed, the Windows machine can be disconnected and the PLC will function by itself. To give you an idea of what this looks like in real life, here’s a photo of some basic test equipment in the lab:

 
The screenshot below shows a portion of the Stuxnet malicious code in the Step7 STL editor. The beginning of the MC7 code for one of Stuxnet’s Function Code (FC) blocks is visible; the code shown is from the disassembled block FC1873.
The Step 7 software uses a library file called s7otbxdx.dll to perform the actual communication with the PLC. The Step7 program calls different routines in this DLL when it wants to access the PLC. For example, if a block of code is to be read from the PLC using Step 7, the routine s7blk_read is called. The code in s7otbxdx.dll accesses the PLC, reads the code and passes it back to the Step7 program, as shown in the following diagram:
Let’s now take a look at how access to the PLC works when Stuxnet is installed. When executed, Stuxnet renames the original s7otbxdx.dll file to s7otbxsx.dll. It then replaces the original DLL with its own version. Stuxnet can now intercept any call that is made to access the PLC from any software package.

 
Stuxnet ’s modified s7otbxdx.dll file contains all potential exports of the original DLL – a maximum of 109 – which allows it to handle all the same requests. The majority of these exports are simply forwarded to the real DLL, now called s7otbxsx.dll, and nothing untoward happens; in fact, 93 of the original 109 exports are dealt with in this manner. The trick, however, lies in the 16 exports that are not simply forwarded but are instead intercepted by the custom DLL. The intercepted exports are the routines to read, write, and locate code blocks on the PLC. By intercepting these requests Stuxnet is able to modify the data sent to or returned from the PLC without the operator of the PLC ever realizing it. It is also through these routines that Stuxnet is able to hide the malicious code that is on the PLC.
To understand how Stuxnet accesses and infects a PLC we will first mention the types of data present. PLCs work with blocks of code and data which are loaded on to the PLC by the operator. For the sake of understanding, we will briefly explain what the most common types of blocks are and what they do:
  • Data Blocks (DB) contain program-specific data, such as numbers, structures and so on.
  • System Data Blocks (SDB) contain information about how the PLC is configured; these are created depending on the number/type of hardware modules that are connected to the PLC.
  • Organization Blocks (OB) are the entry point of programs. They are executed cyclically by the CPU. In regards to Stuxnet, two notable OBs are:
    • OB1 is the entry-point of the PLC program. It is executed cyclically, without specific time requirements.
    • OB35 is a standard watchdog Organization Block, executed by the system every 100ms. This function may contain any logic that needs to monitor critical input in order to respond immediately or perform functions in a time critical manner.
  • Function Blocks (FC) are standard code blocks. They contain the code to be executed by the PLC. Generally, the OB1 block references at least one FC block.
The following sections detail the previously mentioned four main aspects of the threat.
1. Determining which PLCs to infect.
Stuxnet infects PLCs with different code depending on the characteristics of the target system.
An infection sequence consists of PLC blocks (code blocks and data blocks) that will be injected into the PLC to alter its behavior. The threat contains three infection sequences.Two of these sequences are very similar, and functionally equivalent. We dubbed these two sequences A and B. The third sequence was named sequence C. Stuxnet determines if the system is the intended target by fingerprinting it. It checks:
  • The PLC type/family: only CPUs  6ES7-417 and 6ES7-315-2 are infected
  • The System Data Blocks: the SDBs will be parsed, and depending on the values they contain, the infection process will start with method of infection A, B or none.  When parsing the SDBs the code searches for the presence of 2 values (7050h and 9500h), and depending on the number of occurrences of each of these values sequence A or B is used to infect the PLC.
The code also searches for the bytes 2C CB 00 01 at offset 50h in the SDB blocks, which appear if the CP 342-5 communications processor (used for Profibus-DP) is present.  If these bytes are not found then infection does not occur.
Infection conditions for sequence C are determined by other factors.
2. Method of infection
Stuxnet uses the code-prepending infection technique. When Stuxnet infects OB1 it performs the following sequence of actions:
  1. Increases the size of the original block
  2. Writes malicious code to the beginning of the block
  3. Inserts the original OB1 code after the malicious code
As well as infecting OB1, Stuxnet also infects OB35 in a similar fashion. It also replaces the standard coprocessor DP_RECV code block with its own, thereby hooking network communications on the Profibus (a standard industrial network bus used for distributed I/O).
The overall process of infection for methods A/B is as follows:
  • Check the PLC type; it must be an S7/315-2
  • Check the SDB blocks and determine whether sequence A or B should be written
  • Find DP_RECV, copy it to FC1869, replace it with a malicious copy embedded in Stuxnet
  • Write the malicious blocks (in total, 20 blocks) of the sequence, embedded in Stuxnet
  • Infect OB1 so that the malicious code is executed at the start of a cycle
  • Infect OB35, which will act as a watchdog
3. Infection code
The code inserted into the OB1 function is responsible for starting infection sequences A and B. These sequences contain the following blocks:
  • Code blocks: FC1865 though FC1874, FC1876 through FC1880
    (Note that FC1869 is not contained within Stuxnet but is instead a copy of the original DP_RECV block found on the PLC)
  • Data blocks: DB888 through DB891.
Sequences A and B intercept packets on the Profibus by using the DP_RECV hooking block. Based on the values found in these blocks, other packets are generated and sent on the wire. This is controlled by a complex state machine (implemented in the various FC blocks mentioned above). This machine can be partially controlled by the DLL via the data block DB890.
Under certain conditions the sequence C is written to a PLC. This sequence contains more blocks than A/B:
  • FC6055 through FC6084
  • DB8062, DB8063
  • DB8061, DB8064 through DB8070, generated on the fly
Sequence C is meant to read and write I/O information (Input/Output) to the memory-mapped I/O areas of the PLC, as well as the peripheral I/O.
The control flow for program A/B is shown below, which is partially shown in the screen shot from the Step7 editor shown above (code block FC1873):


The program flow for code sequence C is more complex, as can be seen from the following diagram:


4. The rootkit
The Stuxnet PLC rootkit code is contained entirely in the fake s7otbxdx.dll. In order to achieve the aim of continuing to exist undetected on the PLC it needs to account for at least the following situations:
  1. Read requests for its own malicious code blocks
  2. Read requests for infected blocks (OB1 , OB35, DP_RECV)
  3. Write requests that could overwrite Stuxnet’s own code
Stuxnet contains code to monitor for and intercept these types of requests The threat modifies these such requests so that Stuxnet’s PLC code is not discovered or damaged. The following list gives some examples of how Stuxnet uses the hooked exports to handle these situations:
  • s7blk_read: read requests are monitored, and Stuxnet will return:
    • The real DP_RECV (kept as FV1869) is requested
    • An error if the request regards its own malicious blocks
    • A cleaned version (disinfected on the fly) copy of OB1 or OB35
  • s7blk_write: write requests to OB1/OB35 are monitored to make sure the new versions of these are infected.
  • s7blk_findfirst / s7blk_findnext: these routines are used to enumerate blocks on a PLC. Malicious blocks will be voluntarily “skipped”.
  • s7blk_delete: deletion of blocks is also monitored
Stuxnet is thus able to ensure its continuing presence on the PLC.
As we have noted before, Stuxnet is a complex threat and its PLC infection code is another part of that complexity.  Discussion of the injected MC7 code itself that we reverse engineered a couple of months ago could by itself fill multiple blogs. For more details on not only the PLC infection routines but the threat in general, be sure to read the whitepaper soon to be released at the Virus Bulletin conference.

Tuesday, October 5, 2010

34.000 Komputer di Indonesia Terinfeksi Stuxnet

JAKARTA, KOMPAS.com - Indonesia tercatat menjadi negara tertinggi kedua yang di dunia yang terinfeksi Stuxnet, malware (malicious software) alias program jahat jenis worm yang tengah merajalela di dunia saat ini. Demikian hasil analisis Kaspersky Lab, pengembang solusi keamanan terkemuka yang berpusat di Rusia.

Stuxnet, sebuah worm komputer Windows spesifik pertama kali ditemukan pada bulan Juni 2010 oleh sebuah perusahaan keamanan yang berasal dari Belarus. Worm ini menjadi terkenal karena merupakan worm pertama yang memata-matai dan memprogram ulang sistem industri. Belakangan ini, serangan worm Stuxnet telah menimbulkan banyak spekulasi dan diskusi mengenai maksud dan tujuan, asal, dan – yang terpenting - identitas dari penyerang dan targetnya.

Kaspersky Lab belum melihat cukup bukti untuk mengidentifikasi penyerang atau targetnya, tetapi Kaspersky dapat mengkonfirmasikan bahwa ini adalah satu-satunya serangan malware canggih yang didukung dengan biaya besar, tim penyerang dengan keahlian tinggi dan pengetahuan teknologi SCADA yang baik.

"Serangan-serangan ini dapat digunakan sebagai alat untuk perang dunia maya atau terorisme dunia maya atau sabotase dunia maya yang bergantung pada sumber serangan dan targetnya. Sejauh ini apa yang telah kita lihat mengenai Stuxnet lebih cenderung digunakan sebagai alat untuk melakukan sabotase. Kaspersky Lab tidak dalam posisi untuk mengomentari sisi politik dari serangan ini," ujar Eugene Kaspersky, Co-founder and Chief Executive Officer of Kaspersky Lab dalam rilis persnya akhir pekan lalu.

Berdasarkan geografis penyebaran Stuxnet; Iran, India dan Indonesia memimpin dalam hal infeksi sejauh ini. Namun, epidemi Stuxnet (seperti epidemi lainnya) tidak statis; worm ini secara terus menerus menyebar, dan sementara beberapa sistem tetap terinfeksi, banyak dari sistem tersebut telah dibersihkan. Negara yang paling rentan serangan ini adalah India dengan jumlah serangan mencapai 86.258 unit komputer. Indonesia di pisisi kedua dengan korban34.138 komputer.
Tujuan utama worm ini adalah untuk mengakses Simatic WinCC SCADA, yang digunakan sebagai sistem pengendali industri dan bertugas untuk mengawasi dan mengendalikan industri, infrastruktur, atau proses-proses berbasis fasilitas. Sistem serupa digunakan secara luas pada pengilangan minyak, pembangkit tenaga listrik, sistem komunikasi yang besar, bandar udara, perkapalan, dan bahkan instalasi militer secara global.

Pengetahuan mendalam tentang teknologi SCADA, kecanggihan serangan yang berlapis-lapis, penggunaan beberapa kerentanan zero-day dan sertifikat yang sah membawa kita kepada pemahaman bahwa Stuxnet diciptakan oleh tim yang terdiri dari para profesional dengan keahlian yang sangat terampil dan memiliki sumber daya dan dukungan finansial yang besar.
Target serangan dan wilayah yang dijangkiti oleh worm ini (terutama Iran) menyiratkan bahwa mereka bukanlah kelompok penjahat dunia maya biasa. Lebih jauh lagi, ahli keamanan Kaspersky yang menganalisa kode worm tersebut menegaskan bahwa tujuan utama Stuxnet bukan untuk memata-matai sistem yang terinfeksi tetapi untuk melakukan sabotase.

Para peneliti di Kaspersky Lab menemukan bahwa worm tersebut mengeksploitasi dua dari empat kerentanan zero-day yang telah dilaporkan langsung kepada Microsoft. Analis Kaspersky telah bekerja sama dengan Microsoft untuk memastikan kelancaran dari peluncuran patch, serta memastikan pelanggan terlindungi dan memperoleh informasi mengenai serangan tersebut. Semua produk Kaspersky Lab telah berhasil mendeteksi dan menetralisir Worm.Win32.Stuxnet.

Sumber: www.kompas.com

Mengenal Stuxnet Lebih Dekat (Becarefull VIRUS on SCADA!!!)

JAKARTA, KOMPAS.com - Sebuah virus komputer yang dirancang untuk menyerang sistem industri muncul secara luas. Fasilitas nuklir di Iran diduga salah satu target serangan virus tersebut. Hal tersebut mengindikasikan adanya campur tangan suatu negara atau lembaga berdana besar untuk menyusup sistem keamanan nasional negara lain.

Stuxnet disebut-sebut para pakar keamanan sebagai bentuk senjata cyber yang menjadi sarana terorisme di dunia maya. Serangannya tidak hanya mencuri informasi di komputer korban, namun mengambil alih sistem kontrol berbasis mesin.

Sampai saat ini belum diketahui siapa di balik Stuxnet ini. Berikut adalah beberapa informasi mengenai sepak terjang Stuxnet.

Bagaimana Stuxnet Bekerja?

- Virus itu adalah perangkat lunak berbahaya, atau malware, yang umumnya menyerang sistem kontrol industri yang dibuat oleh perusahaan Jerman, Siemens. Para ahli mengatakan virus tersebut dapat digunakan untuk mata-mata atau sabotase.
- Siemens mengatakan malware menyebar melalui perangkat memori USB thumb drive yang terinfeksi, memanfaatkan kerentanan dalam sistem operasi Windows Microsoft Corp.
- Program serangan perangkat lunak Malware melalui Sistem Supervisory Control and Data Acquisition, atau SCADA. Sistem itu digunakan untuk memonitor pembangkit listrik secara otomatis - dari fasilitas makanannya dan kimia untuk pembangkit listrik.
- Analis mengatakan para penyerang akan menyebarkan Stuxnet melalui thumb drive karena banyak sistem SCADA tidak terhubung ke Internet, tetapi memiliki port USB.
- Sekali saja worm menginfeksi sebuah sistem, dengan cepat dan membentuk komunikasi dengan komputer server penyerang sehingga dapat digunakan untuk mencuri data perusahaan atau mengendalikan sistem SCADA, kata Randy Abrams, seorang peneliti dengan ESET, sebuah perusahaan keamanan swasta yang telah mempelajari Stuxnet.

Siapa Penciptanya?

- Siemens, Microsoft dan para ahli keamanan telah mempelajari worm dan belum menentukan siapa yang membuatnya.
- Mikka Hypponen, seorang kepala penelitian pada perusahaan perangkat lunak keamanan F-Secure di Finlandia percaya itu adalah serangan yang disponsori oleh suatu negara. Stuxnet sangat kompleks dan "jelas dilakukan oleh kelompok dengan dukungan teknologi dan keuangan yang serius."
- Ralph Langner, ahli cyber Jerman mengatakan serangan dilakukan oleh pakar yang berkualifikasi tinggi, mungkin negara bangsa. "Ini bukan peretas yang duduk di ruang bawah rumah orang tuanya. Pada website-nya, www.langner.com /en/index.htm, Langner mengatakan penyelidikan akhirnya "fokus" pada penyerang. "Para penyerang harus tahu ini. Kesimpulan saya adalah, mereka tidak peduli, mereka tidak takut masuk penjara."

Di Mana Disebarkan?

Sebuah studi tentang penyebaran Stuxnet oleh teknologi perusahaan AS Symnatec menunjukkan bahwa negara-negara yang terkena dampak utama pada 6 Agustus adalah Iran dengan 62.867 komputer yang terinfeksi, Indonesia dengan 13.336, India dengan 6.552, Amerika Serikat dengan 2913, Australia dengan 2.436, Inggris dengan 1.038, Malaysia dengann 1.013 dan Pakistan dengan 993. Laporan ini terus berubah seiring penyebarannya.

Laporan Pertama

- Perusahaan Belarusia Virusblokada adalah yang pertama mengidentifikasi virus itu pada pertengahan Juni. Direktur Komersial, Gennady Reznikov kepada Reuters perusahaan memiliki dealer di Iran, dan salah satu klien dealer komputernya sudah terinfeksi virus yang ternyata Stuxnet. Reznikov mengatakan Virusblokada sendiri sudah tidak ada hubungannya dengan pembangkit listrik tenaga nuklir di Bushehr.
- Menurut juru bicara Siemens, Michael Krampe, Siemens telah mengidentifikasi 15 pelanggan yang menemukan Stuxnet pada sistem mereka, dan "masing-masing mampu mendeteksi dan menghapus virus tanpa membahayakan operasi mereka."

Sumber: http://tekno.kompas.com/read/2010/10/04/2347081/Mengenal.Stuxnet.Lebih.Dekat
#