A1sS4wa

Hello everyone,

Today, it is a little special session because it is the first of this blog and this is a first. Previously, I wrote this article in French, but because it has been asked to me (the next time, use the comments to do so ;-)) to translate it, I rewrite it in English.

The today's topic is not really new. It is about the famous malware Stuxnet. This “smart” malware has been discovered in June 2010 and it continues to cause much ink to flow. Much ink for nothing by the way, because, as we will see it in this article, the interesting things which should be published are – of course – never published.

For a brief history, the Israeli, self appointed leaders of the stupid Manicheans paranoids had called their typical slave number one (i.e.: the USA) to require them to realize an informatics virus which was supposed to neutralize the Iranian’s nuclear program (which afraid so many peoples). They called this project “Olympic Games”. What a terrific name. Anyway, the Zionists allied to the Yankees had decided to wreck the Iranian’s centrifuges (which were legally acquired by Iran by the way)…

Just for now, I need to remind to the reader some little things about history and the real truth which is too often forgotten by journalism who are in the pay of the Occident. Iranians are a suzerain nation and – like any suzerain nation – dislike seeing some countries make some intrusions in their country. We need to remind us that, many years ago, Israel had stolen its nuclear weapons to these fucking frogs of French (when we talk about ass-kisser, we can be pretty sure to see a French with a holder of kippa) and nobodies (if I remember well) had tell something wrong to Israel. But, to convince the world that the nuclear bomb was a necessity to Israel, jews said it was because there were surrounded by enemies who wanted the eradication of their country. Fine, nevertheless, it is not really surprising to find some people who want to kill these big pigs of jews who spend their time to steal the earth of their neighbors (and it is still in process, thing about Jerusalem, Gaza, etc...). Anyway, even if we would recognize that the situation from the Zionist usurper justified such a behavior (and we talk about billons of potential brothers killed, cities erased, etc…) in what and where is the difference between Israel of the past and the Iran of today? Who is the aggressor? USA! Who is the oppressed? Iran! How can we justify that? Just read a map to convince you of what I say. Check the number of American bases around the Persian territory and heard about the number of secret missions the Americans perform above the Iran territory with their drones (cf 1 and 2). The “yupins” said they were surrounded, here is now the turn of Iran to be in this role (map extracted from http://fonzibrain.wordpress.com/).

Oh! It looks the same. It surprising to see the rights of some becomes the prohibition imposed by those. And if talk about the threats coming from the white house, this is the straw that broke the camel’s back.

Even if the occidentals live in world of paradoxes, they try to make us consider that these types of things are normal. And, to do so, all the ways are right. Media pressure, international sanctions (by jewish media conspiracy, it is better), public assassinations and now virtual strikes. Let’s come to the virtual strikes now. Fucking jewish allied to their yankee bulldog have – until now – the military power and the physical advantage. But the fact that they have challenged us in the virtual world has been a huge mistake for them. With our computer, we can compete effectively with the U.S. We could even take the advantage. They have always considered us as great innocents, as some young children (I’ve head that recently). But they are wrong. They have made a mistake, a big mistake, they are heavily mistaken. They have underestimated us. We won’t do such a mistake because we know (us, at least) our enemies. And this is one the goal of this article to identify the all protagonists behind the conspiracy “Olympic Games”.

We have all, I think, read or head about, that the malware Stuxnet was one of the most powerful virus that has never been observed. We have told us that is was sophisticated, revolutionary… We have a lot talked about its stealth capabilities (even if the last one is not really revolutionary, we could talk about in a next article). But, for today, the goal is not to talk about pure hacking technics. I would prefer to start slowly, smoothly…

My today’s article will be about the explanation of the sabotage done against our Iranian’s brothers in order to show you who is behind the stage… First thing to say, the goal of stuxnet was about to wreck the PLC (programmer logic controller) made by Siemens which were supposed to control the centrifuges. You can easily find some illustrations of such tools (3) on internet. In our case, we talk about the S7-200 and the S8-1200 made in Germany by Siemens.

These tools are quite simple to use. We just need to program them (in an informatics language which is purely owned by Siemens) in order to make the machines driven by the PLC work properly. These black boxes are able to receive some information from the driven machines to influence on the flux of the program or to signal some results to the humans. Nothing very complicated. In the location where Stuxnet had operated, we know that these PLC where connected to a network (the network of the nuclear installations) of servers and computers. The network should look like the following one:

The entry point on the network for the malware is just before the DMZ. The spread of the virus could be done by a USB stick infected and the infection could spread itself on several versions of Windows (from XP to 7 including the Windows Server 2003 and 2008 versions). We need to see that the exploits used by Stuxnet to launch itself from a USB stick (a threat theoretically eradicated since Windows Vista because of the UAC is suddenly becoming possible, Uhm!). This exploit was almost the same between all the version of Windows and it was able to be launch by all of the Operating Systems. I’m not pretty sure that this exploit had been discovered by the Americano-jewish by chance… Anyway, the virus using several types of exploit had passed through the DMZ and had accessed the PLC (we note that the servers targeted by Stuxnet to spread its malicious actions were WinCC and the servers used MySQL)…

The final goal of Stuxnet was to inject its own malicious MC7 code inside the PLC in order to wreck the work of the centrifuges. The type of the PLCs which were under attack were the 417 and the 315-2.

The PLCs are some big state machines. That is to say, they have got a cycle of several subroutines that are used in order to arrive in a final wanted state for the driver machine. It’s the conventional way to drive the machines connected to theses PLC. The malware had the objective to modify the code of the PLCs programmed by our Iranian’s brothers in order to disrupt the normal work of the centrifuges.

At the beginning – and after the infection module has been launched and executed (which means that the code obfuscated has been disobfuscated) – there is a Dll called s7otbxdx.dll. Inside this Dll, there were all the malicious actions made by the malware (hooks, injection, exploits, disruption code, some obfuscation tools, binaries, etc…). This Dll was responsible of the launch and the well coordination of all these embedded malicious modules. s7otbxdx.dll were supposed to set the hooks for the stealth of the malware but the Dll was also responsible to hijack the PLCs to modify their behavior and to coordinate the attack on all the PLCs. The action of disruption is particularly vicious because it tends to hide the existence of possible malicious actions.

It is interesting to try to understand why our brothers in Iran didn’t realize that there were under attack before a while. Why did they not see that the centrifuges didn’t work correctly? Several possible reasons could explain that. The first is about the low disturbance inducted by the virus on the centrifuges. At first glance, everything looked to be fine. Nevertheless, the disturbance inducted was enough to destroy in a long period of time, the centrifuges. The second reason was to hide the virus to the eyes of our brothers. Because of the trickster jewish had thought that the Iranians would quickly discover the problem and would have stopped everything before that the centrifuges explode. An other explanation (which may be speculative) could be about the fact that is all the centrifuges would have been destroyed in a short period of time, people would have questioned about the fact that there could have had flaws in the structure of the centrifuges sold to Iran (which would immediately blamed the Germans and the Siemens company which is the servant of the Americans).

In order to hide the malfunctions to the Iranians eyes, the virus were charged to deceive the Iranians scientific who were supposed to monitor the centrifuges. In particular, the virus was supposed to change the normal display of the Iranian GUI responsible to monitor the network of PLCs. How to do that? We simply need to “hook” the function responsible to display the information from the PLCs in order to change the true values returned by the false ones responsible to deceive the Iranians. To do so, the malware needed to simulate the “normal” behavior of the PLC according to the input values configured by the Iranians scientists. In this manner, the Iranians who monitor the centrifuges had always some good and coherent values. But, in reality, it was the malicious actions launched by Stuxnet which were executed by the PLC for the centrifuges. I explain the situation with some pictures to be clearer, here is the normal behavior of a PLC which is correctly programmed (we need to keep at mind that the PLC and the centrifuge are strongly linked because one drives the other):

It the PLC is compromised, normally the state machine should not work as it is supposed to do and this one is supposed to trace back the information. That is to say:

But, it the outputs of the PLC are wrong and – more important – are not in agreement with the input of the Iranians, the virus would be quickly detected. Our brothers in Iran would have seen the problem. To counteract this, the pirates who had made stuxnet had decided to send back the information simulated by the virus according to the input of the Iranians. In this way, everything looks good for people who monitor the system even if it the hell in the system. The fallowing pictures sum up the situation:

This is what has really happened in Iran. These are the weapons used by our enemies against us. I think the detection and the discovery of the attack was a very painful sport. But our brothers did it! We finally won the battle against the occidentals terrorists. Our bothers had very few chances to discover such a sophisticated attack. Let’s congratulate them.

Now, it’s time to pay the bill. About what has been written in this article, we can say that these fucking jewish and this fucking yankees were not alone in this conspiracy. We need to add the Germans as a protagonist in this huge operation. Otherwise, how to explain the fact that the designers of the virus known so well how the PLC worked, how to program them to destroy the centrifuges, how the network behind the nuclear installations was (to spread the virus), how to know which type of PLCs were used, how to simulate the action of the PLC according to any input if they had never access to the data of the constructor… So many questions that have for only answer the fact that the Germans were implicated in this operation. It is obvious! Germans want to be forgiven about what they done against the jewish during the second world war. To do so, they are ready to do everything (even the most immoral and stupid things, and we can thing about the sell of the submarines able to launch nuclear weapon by the Germans to Israel (4)). But, what need to be forgiven to the German’s Nazi? What is the price of the jewish forgiveness? We preferred when the Germans burnt them. At least, their action, these days, were public health!

Links :

1) http://en.wikipedia.org/wiki/Iran%E2%80%93U.S._RQ-170_incident

2) http://www.lepoint.fr/monde/detroit-d-ormuz-imposant-exercice-naval-conduit-par-les-etats-unis-face-a-l-iran-17-09-2012-1507028_24.php

3) http://fr.wikipedia.org/wiki/Automate_programmable_industriel

4) http://citizenkane.fr/der-spiegel-devoile-la-cooperation-germano-israelienne-sur-des-projets-nucleaires-sous-marins.html

For those who want, I will post the previous message in french in pdf. Here, you will find the current one in english. Please, enjoy : http://dl.free.fr/nxuowhXag (psd : A1sS4wa)

A1sS4wa

mardi 27 novembre 2012

mercredi 21 novembre 2012

lundi 29 octobre 2012

Stuxnet or "who are behind the stage"