You can’t wrap fire in paper. Once the Stuxnet malware was available, it was only a matter of time before someone dug into the code and figured out what it did. Ralph Langner and his team are the best I know on the Siemens’ gear and protocol. It was fascinating to get his updates on the progress over the past few weeks. Very impressive work, and the details and targets are in a way mind blowing and in another way obvious.

So here is what Ralph has made public so far:

  • the attack actually affects the S7 PLC’s not just the WinCC application
  • the attack is on a specific process not just a generic attack on that brand and type of PLC. The attacker had full knowledge of the process and engineering behind it to craft this attack. A very directed attack.
  • it is very nasty to identify and clean up the impact on the PLC’s. While I did not have this info, it ties right into my earlier blog about how do you know you have cleaned out Stuxnet and why is Siemens so silent on this issue.

There is much more I want to and will write about this, but it’s Ralph’s good work and story so I’ll let him decide the time and manner of the unveiling.