Skip navigation
Help

Stuxnet

warning: Creating default object from empty value in /var/www/vhosts/sayforward.com/subdomains/recorder/httpdocs/modules/taxonomy/taxonomy.pages.inc on line 33.

An anonymous reader writes "Ralph Langner, the security expert who deciphered how Stuxnet targeted the Siemens PLCs in Iran's Natanz nuclear facility, has come up with a cybersecurity framework for industrial control systems (ICS) that he says is a better fit than the U.S. government's Cyber Security Framework. Langner's Robust ICS Planning and Evaluation, or RIPE, framework takes a different approach to locking down ICS/SCADA plants than the NIST-led one, focusing on security capabilities rather than risk. He hopes it will help influence the final version of the U.S. government's framework."

0
Your rating: None

Given that we now know that the National Security Agency (NSA) has the ability to compromise some, if not all of VPN, SSL, and TLS forms of data transmission hardening, it’s worth considering the various vectors of technical and legal data-gathering that high-level adversaries in America and Britain (and likely other countries, at least in the “Five Eyes” group of anglophone allies) are likely using in parallel to go after a given target. So far, the possibilities include:

  • A company volunteers to help (and gets paid for it)
  • Spies copy the traffic directly off the fiber
  • A company complies under legal duress
  • Spies infiltrate a company
  • Spies coerce upstream companies to weaken crypto in their products/install backdoors
  • Spies brute force the crypto
  • Spies compromise a digital certificate
  • Spies hack a target computer directly, stealing keys and/or data, sabotage.

Let’s take these one at a time.

0
Your rating: None
Original author: 
Joshua Kopstein

Dsc_3747_large

The US government is waging electronic warfare on a vast scale — so large that it's causing a seismic shift in the unregulated grey markets where hackers and criminals buy and sell security exploits, Reuters reports.

Former White House cybersecurity advisors Howard Schmidt and Richard Clarke say this move to "offensive" cybersecurity has left US companies and average citizens vulnerable, because it relies on the government collecting and exploiting critical vulnerabilities that have not been revealed to software vendors or the public.

"If the US government knows of a vulnerability that can be exploited, under normal circumstances, its first obligation is to tell US users," Clarke told Reuters. "There is supposed to be some mechanism...

Continue reading…

0
Your rating: None


One of the Twitter feeds MiniDuke-infected machines use to locate a command-and-control server.

Kaspersky Lab

Unidentified attackers have infected government agencies and organizations in 23 countries with highly advanced malware that uses low-level code to stay hidden and Twitter and Google to ensure it always has a way to receive updates.

MiniDuke, as researchers from Kaspersky Lab and Hungary-based CrySyS Lab have dubbed the threat, bears the hallmark of viruses first encountered in the mid-1990s, when shadowy groups such as 29A engineered innovative pieces of malware for fun and then documented them in an E-Zine by the same name. Because MiniDuke is written in assembly language, most of its computer files are tiny. Its use of multiple levels of encryption and clever coding tricks makes the malware hard to detect and reverse engineer. It also employs a method known as steganography, in which updates received from control servers are stashed inside image files.

In another testament to the skill of the attackers, MiniDuke has taken hold of government agencies, think tanks, a US-based healthcare provider, and other high-profile organizations using the first known exploit to pierce the security sandbox in Adobe Systems' Reader application. Adding intrigue to this, the MiniDuke exploit code contained references to Dante Alighieri's Divine Comedy and also alluded to 666, the Mark of the Beast discussed in a verse from the Book of Revelation.

Read 11 remaining paragraphs | Comments

0
Your rating: None

Aurich Lawson

Researchers have uncovered a never-before-seen version of Stuxnet. The discovery sheds new light on the evolution of the powerful cyberweapon that made history when it successfully sabotaged an Iranian uranium-enrichment facility in 2009.

Stuxnet 0.5 is the oldest known version of the computer worm and was in development no later than November of 2005, almost two years earlier than previously known, according to researchers from security firm Symantec. The earlier iteration, which was in the wild no later than November 2007, wielded an alternate attack strategy that disrupted Iran's nuclear program by surreptitiously closing valves in that country's Natanz uranium enrichment facility. Later versions scrapped that attack in favor of one that caused centrifuges to spin erratically. The timing and additional attack method are a testament to the technical sophistication and dedication of its developers, who reportedly developed Stuxnet under a covert operation sponsored by the US and Israeli governments. It was reportedly personally authorized by Presidents Bush and Obama.

Also significant, version 0.5 shows that its creators were some of the same developers who built Flame, the highly advanced espionage malware also known as Flamer that targeted sensitive Iranian computers. Although researchers from competing antivirus provider Kaspersky Lab previously discovered a small chunk of the Flame code in a later version of Stuxnet, the release unearthed by Symantec shows that the code sharing was once so broad that the two covert projects were inextricably linked.

Read 24 remaining paragraphs | Comments

0
Your rating: None

DavidGilbert99 writes "Eugene Kaspersky and Mikko Hypponen have been watching the cyber security world every since happy hackers were writing viruses for nothing more than their own entertainment. Today however things are very much different. At the DLD 2013 conference, the pair debated the current state of cyber warfare and cyber weapons. Kaspersky said that while cyber weapons may be much 'cleaner' than traditional missiles, guns and bombs, they are 'much worse' as they can be used by just about anyone who has some level of computer proficiency. Both agreed that it was very difficult to protect against the highly-complex nation-state developed malware like Stuxnet, Flame and Gauss. Hypponen said that we are in the 'first stages of a cyber-arms race' warning: 'I think we've only seen the very beginning of these problems.'"

Share on Google+

Read more of this story at Slashdot.

0
Your rating: None

burning fire computerHe's unassuming, even a little dweebish, but nonetheless Adriel Desautels represents a new breed of Internet mercenary that wields terrifying power across the world.

Desautels is a hacker, and he trades in Zero Day exploits. Zero Days are bits of code that can penetrate, manipulate and/or incapacitate normal functions on a computer, and, most importantly, they have not yet been seen by the internet community.

Their lack of history makes them incredibly difficult to defend against, and so they're incredibly lucrative—both to state and non-state actors.

A post by Ryan Gallagher on Slate today outlines how companies or individuals peddling Zero Days in black and gray markets make a killing at the cost of societal stability.

From the post:

“As technology advances, the effect that zero-day exploits will have is going to become more physical and more real,” [Desautels] says. “The software becomes a weapon. And if you don’t have controls and regulations around weapons, you’re really open to introducing chaos and problems.”

Desautels' company, Netragard, Inc., could be considered one of the good guys: They've pledged to only sell their exploits within the U.S., to the government and properly-vetted private entities.

Others though, are not so well-meaning—the primary motivator in most unregulated markets is money. As Gallagher notes, one post by the hacker group Anonymous outlined how the company Endgame sold 25 exploits for $2.5 million—a package Bloomberg called "cyber warfare in a box."

Of other concern is that the market has little to no oversight, allowing groups to decide exactly whom they direct their wares to:

Desautels says he knows of “greedy and irresponsible” people who “will sell to anybody,” to the extent that some exploits might be sold by the same hacker or broker to two separate governments not on friendly terms.

In a time when American defense secretaries await the first "cyber pearl harbor," the idea that organizations can sell exploits to shady individuals with nefarious agendas makes the idea all the more realizable.

Also, it puts into the spotlight the burgeoning cyber arms race taking place across the globe, really since the U.S. announced with pride that it was responsible for Stuxnet, thus inviting itself to become victim to attacks (and promptly realizing its defenses were insufficient).

What often goes without mentioning, though, especially when infrastructure is so often the target, is what the moral implications are for the "manufacturers" of these weapons of war: An exploit that takes out water treatment plants or exposes the names of covert operatives could be the digital equivalent of a cluster bomb.

Equally the moral equivalent.

We've covered mercenary Zero Day exploits at Business Insider, most recently that of "Red October," but the lengthy, in-depth post on Slate today is also definitely worth a read.

OR CHECK OUT: The 18 things SEALs never leave home without >

Please follow Military & Defense on Twitter and Facebook.

Join the conversation about this story »

0
Your rating: None

mikko

Mikko Hyppönen is the Chief Research Officer at F-Secure, where he’s spent the last two decades tracking, dissecting, and disabling malware, from viruses to trojans to worms to botnets. His long time in the field gives him a sense of history: last year he documented his search for the minds behind Brain, released in 1986 and considered the first MS-DOS based computer virus. Via email he discussed how malware has changed over the last twenty years, the future of smartphone viruses, and just whether antivirus companies are outmatched in a world of government-sponsored malware such as Stuxnet and Flame.

Continue reading…

0
Your rating: None