Stuxnet (Myrtle)

The following statements concerning “Stuxnet” were published in an anonymous image board and just accessable for a couple of hours. Probably they contain oviously trolling, otherwise: take a look at the date (Sep/30th/2010), long before Stuxnet was deassambled.

The speculation in the news media is largely correct, although there wasn’t one specific target. The intent of Myrtle
was to hit as much infrastructure as possible in Iran. Over 80% of their critical control systems are running
American, German and Israelite technology. The initial estimate is that we set them back six to nine years.


I’m an American living in Germany, but I will not name any agency or company entity. As I said, it was a combined
effort, and not just one of governments.
I was contracted for my knowledge of PLC operation. You can ask me specifics about that if you want.


“Stuxnet” (Myrtle) will infect a PLC differently, depending on system and version.
An infection sequence consists of blocks (code and data) that get injected into the PLC to alter its behavior.

The worm contains three infection sequences. Two of these sequences are pretty much functionally equivalent.

These two similar sequences are sfc1FC1879 and sfc1FC1880.

The third is sfc1178a. Myrtle determines if the system is the intended target by the installation footprint.

-The PLC type/family: only CPUs 6ES7-417 and 6ES7-315-2 are infected
-The System Data Blocks: the SDBs will be parsed, and depending on the values they contain, the infection process will start with method of infection A, B or none. When parsing the SDBs the code searches for the presence of 2 values (7050h and 9500h), and depending on the number of occurrences of each of these values sequence A or B is used to infect the PLC.

The code also searches for the bytes 2C CB 00 01 at offset 50h in the SDB blocks, which appear if the CP 342-5 communications processor is present. If these bytes are not found then infection does not occur.

Infection conditions for sfc1178a are determined by more technical factors.


I don’t know all of the the specifics as far as current damage done (to centrifuges, etc), but it has only just begun.
It is a staged assault with clear goals and intentions meant to inflict serious harm to Iranian authority — NOT the
Iranian people. We could have made Iran go black eight months ago. Literally… No power. No water. Nothing. We
have their nuts in a vice like no nuts have ever been viced. We realize that the lives of millions of innocent people
are on the line.
That their engineers know about Myrtle does nothing. It cannot be removed, and it has an iron grip on critical
systems. Like I said before, it will take six to nine years for recovery (complete replacement of infected systems),
and that’s assuming they can even do it at all.
The immensity of the attack hasn’t yet dawned on the news media in general. The Iranians are quietly making
desperate pleas to Russian and European security entities for help, but so far have been rejected because they
aren’t willing to reveal what they consider state secrets.
You don’t have to believe or trust a random […] poster. Just pay attention to this. It will be a defining moment in
world history. A war was literally won with this.


(Source: Anonymous)

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert


Diese Website verwendet Akismet, um Spam zu reduzieren. Erfahre mehr darüber, wie deine Kommentardaten verarbeitet werden.