Skip navigation

Nuclear program of Iran

warning: Creating default object from empty value in /var/www/vhosts/ on line 33.

An anonymous reader writes "Ralph Langner, the security expert who deciphered how Stuxnet targeted the Siemens PLCs in Iran's Natanz nuclear facility, has come up with a cybersecurity framework for industrial control systems (ICS) that he says is a better fit than the U.S. government's Cyber Security Framework. Langner's Robust ICS Planning and Evaluation, or RIPE, framework takes a different approach to locking down ICS/SCADA plants than the NIST-led one, focusing on security capabilities rather than risk. He hopes it will help influence the final version of the U.S. government's framework."

Your rating: None

Aurich Lawson

Researchers have uncovered a never-before-seen version of Stuxnet. The discovery sheds new light on the evolution of the powerful cyberweapon that made history when it successfully sabotaged an Iranian uranium-enrichment facility in 2009.

Stuxnet 0.5 is the oldest known version of the computer worm and was in development no later than November of 2005, almost two years earlier than previously known, according to researchers from security firm Symantec. The earlier iteration, which was in the wild no later than November 2007, wielded an alternate attack strategy that disrupted Iran's nuclear program by surreptitiously closing valves in that country's Natanz uranium enrichment facility. Later versions scrapped that attack in favor of one that caused centrifuges to spin erratically. The timing and additional attack method are a testament to the technical sophistication and dedication of its developers, who reportedly developed Stuxnet under a covert operation sponsored by the US and Israeli governments. It was reportedly personally authorized by Presidents Bush and Obama.

Also significant, version 0.5 shows that its creators were some of the same developers who built Flame, the highly advanced espionage malware also known as Flamer that targeted sensitive Iranian computers. Although researchers from competing antivirus provider Kaspersky Lab previously discovered a small chunk of the Flame code in a later version of Stuxnet, the release unearthed by Symantec shows that the code sharing was once so broad that the two covert projects were inextricably linked.

Read 24 remaining paragraphs | Comments

Your rating: None

DavidGilbert99 writes "Eugene Kaspersky and Mikko Hypponen have been watching the cyber security world every since happy hackers were writing viruses for nothing more than their own entertainment. Today however things are very much different. At the DLD 2013 conference, the pair debated the current state of cyber warfare and cyber weapons. Kaspersky said that while cyber weapons may be much 'cleaner' than traditional missiles, guns and bombs, they are 'much worse' as they can be used by just about anyone who has some level of computer proficiency. Both agreed that it was very difficult to protect against the highly-complex nation-state developed malware like Stuxnet, Flame and Gauss. Hypponen said that we are in the 'first stages of a cyber-arms race' warning: 'I think we've only seen the very beginning of these problems.'"

Share on Google+

Read more of this story at Slashdot.

Your rating: None

burning fire computerHe's unassuming, even a little dweebish, but nonetheless Adriel Desautels represents a new breed of Internet mercenary that wields terrifying power across the world.

Desautels is a hacker, and he trades in Zero Day exploits. Zero Days are bits of code that can penetrate, manipulate and/or incapacitate normal functions on a computer, and, most importantly, they have not yet been seen by the internet community.

Their lack of history makes them incredibly difficult to defend against, and so they're incredibly lucrative—both to state and non-state actors.

A post by Ryan Gallagher on Slate today outlines how companies or individuals peddling Zero Days in black and gray markets make a killing at the cost of societal stability.

From the post:

“As technology advances, the effect that zero-day exploits will have is going to become more physical and more real,” [Desautels] says. “The software becomes a weapon. And if you don’t have controls and regulations around weapons, you’re really open to introducing chaos and problems.”

Desautels' company, Netragard, Inc., could be considered one of the good guys: They've pledged to only sell their exploits within the U.S., to the government and properly-vetted private entities.

Others though, are not so well-meaning—the primary motivator in most unregulated markets is money. As Gallagher notes, one post by the hacker group Anonymous outlined how the company Endgame sold 25 exploits for $2.5 million—a package Bloomberg called "cyber warfare in a box."

Of other concern is that the market has little to no oversight, allowing groups to decide exactly whom they direct their wares to:

Desautels says he knows of “greedy and irresponsible” people who “will sell to anybody,” to the extent that some exploits might be sold by the same hacker or broker to two separate governments not on friendly terms.

In a time when American defense secretaries await the first "cyber pearl harbor," the idea that organizations can sell exploits to shady individuals with nefarious agendas makes the idea all the more realizable.

Also, it puts into the spotlight the burgeoning cyber arms race taking place across the globe, really since the U.S. announced with pride that it was responsible for Stuxnet, thus inviting itself to become victim to attacks (and promptly realizing its defenses were insufficient).

What often goes without mentioning, though, especially when infrastructure is so often the target, is what the moral implications are for the "manufacturers" of these weapons of war: An exploit that takes out water treatment plants or exposes the names of covert operatives could be the digital equivalent of a cluster bomb.

Equally the moral equivalent.

We've covered mercenary Zero Day exploits at Business Insider, most recently that of "Red October," but the lengthy, in-depth post on Slate today is also definitely worth a read.

OR CHECK OUT: The 18 things SEALs never leave home without >

Please follow Military & Defense on Twitter and Facebook.

Join the conversation about this story »

Your rating: None

This month tensions between Iran and the West escalated in a standoff over Iran’s nuclear program. The death toll rose in bloodshed touched off by protests against Syrian President Bashar al-Assad’s rule. Meanwhile in the U.S., Republican candidates faced off on the campaign trail and in a series of primaries as the GOP convention inched nearer.

Your rating: None