Getbig.com: American Bodybuilding, Fitness and Figure
Getbig Main Boards => Politics and Political Issues Board => Topic started by: Fury on October 01, 2010, 07:47:16 AM
-
CS Monitor Cyber security experts say they have identified the world’s first known cyber super weapon designed specifically to destroy a real-world target – a factory, a refinery, or just maybe a nuclear power plant.
The cyber worm, called Stuxnet, has been the object of intense study since its detection in June. As more has become known about it, alarm about its capabilities and purpose have grown. Some top cyber security experts now say Stuxnet’s arrival heralds something blindingly new: a cyber weapon created to cross from the digital realm to the physical world – to destroy something.
At least one expert who has extensively studied the malicious software, or malware, suggests Stuxnet may have already attacked its target – and that it may have been Iran’s Bushehr nuclear power plant, which much of the world condemns as a nuclear weapons threat.
The appearance of Stuxnet created a ripple of amazement among computer security experts. Too large, too encrypted, too complex to be immediately understood, it employed amazing new tricks, like taking control of a computer system without the user taking any action or clicking any button other than inserting an infected memory stick. Experts say it took a massive expenditure of time, money, and software engineering talent to identify and exploit such vulnerabilities in industrial control software systems.
Unlike most malware, Stuxnet is not intended to help someone make money or steal proprietary data. Industrial control systems experts now have concluded, after nearly four months spent reverse engineering Stuxnet, that the world faces a new breed of malware that could become a template for attackers wishing to launch digital strikes at physical targets worldwide. Internet link not required.
“Until a few days ago, people did not believe a directed attack like this was possible,” Ralph Langner, a German cyber-security researcher, told the Monitor in an interview. He was slated to present his findings at a conference of industrial control system security experts Tuesday in Rockville, Md. “What Stuxnet represents is a future in which people with the funds will be able to buy an attack like this on the black market. This is now a valid concern.”
A gradual dawning of Stuxnet’s purpose
It is a realization that has emerged only gradually.
Stuxnet surfaced in June and, by July, was identified as a hypersophisticated piece of malware probably created by a team working for a nation state, say cyber security experts. Its name is derived from some of the filenames in the malware. It is the first malware known to target and infiltrate industrial supervisory control and data acquisition (SCADA) software used to run chemical plants and factories as well as electric power plants and transmission systems worldwide. That much the experts discovered right away.
But what was the motive of the people who created it? Was Stuxnet intended to steal industrial secrets – pressure, temperature, valve, or other settings –and communicate that proprietary data over the Internet to cyber thieves?
By August, researchers had found something more disturbing: Stuxnet appeared to be able to take control of the automated factory control systems it had infected – and do whatever it was programmed to do with them. That was mischievous and dangerous.
But it gets worse. Since reverse engineering chunks of Stuxnet’s massive code, senior US cyber security experts confirm what Mr. Langner, the German researcher, told the Monitor: Stuxnet is essentially a precision, military-grade cyber missile deployed early last year to seek out and destroy one real-world target of high importance – a target still unknown.
“Stuxnet is a 100-percent-directed cyber attack aimed at destroying an industrial process in the physical world,” says Langner, who last week became the first to publicly detail Stuxnet’s destructive purpose and its authors’ malicious intent. “This is not about espionage, as some have said. This is a 100 percent sabotage attack.”
A guided cyber missile
On his website, Langner lays out the Stuxnet code he has dissected. He shows step by step how Stuxnet operates as a guided cyber missile. Three top US industrial control system security experts, each of whom has also independently reverse-engineered portions of Stuxnet, confirmed his findings to the Monitor.
“His technical analysis is good,” says a senior US researcher who has analyzed Stuxnet, who asked for anonymity because he is not allowed to speak to the press. “We’re also tearing [Stuxnet] apart and are seeing some of the same things.”
Other experts who have not themselves reverse-engineered Stuxnet but are familiar with the findings of those who have concur with Langner’s analysis.
“What we’re seeing with Stuxnet is the first view of something new that doesn’t need outside guidance by a human – but can still take control of your infrastructure,” says Michael Assante, former chief of industrial control systems cyber security research at the US Department of Energy’s Idaho National Laboratory. “This is the first direct example of weaponized software, highly customized and designed to find a particular target.”
“I’d agree with the classification of this as a weapon,” Jonathan Pollet, CEO of Red Tiger Security and an industrial control system security expert, says in an e-mail.
One researcher’s findingsLangner’s research, outlined on his website Monday, reveals a key step in the Stuxnet attack that other researchers agree illustrates its destructive purpose. That step, which Langner calls “fingerprinting,” qualifies Stuxnet as a targeted weapon, he says.
Langner zeroes in on Stuxnet’s ability to “fingerprint” the computer system it infiltrates to determine whether it is the precise machine the attack-ware is looking to destroy. If not, it leaves the industrial computer alone. It is this digital fingerprinting of the control systems that shows Stuxnet to be not spyware, but rather attackware meant to destroy, Langner says.
Stuxnet’s ability to autonomously and without human assistance discriminate among industrial computer systems is telling. It means, says Langner, that it is looking for one specific place and time to attack one specific factory or power plant in the entire world.
“Stuxnet is the key for a very specific lock – in fact, there is only one lock in the world that it will open,” Langner says in an interview. “The whole attack is not at all about stealing data but about manipulation of a specific industrial process at a specific moment in time. This is not generic. It is about destroying that process.”
So far, Stuxnet has infected at least 45,000 industrial control systems around the world, without blowing them up – although some victims in North America have experienced some serious computer problems, Eric Byres, a Canadian expert, told the Monitor. Most of the victim computers, however, are in Iran, Pakistan, India, and Indonesia. Some systems have been hit in Germany, Canada, and the US, too. Once a system is infected, Stuxnet simply sits and waits – checking every five seconds to see if its exact parameters are met on the system. When they are, Stuxnet is programmed to activate a sequence that will cause the industrial process to self-destruct, Langner says.
Langner’s analysis also shows, step by step, what happens after Stuxnet finds its target. Once Stuxnet identifies the critical function running on a programmable logic controller, or PLC, made by Siemens, the giant industrial controls company, the malware takes control. One of the last codes Stuxnet sends is an enigmatic “DEADF007.” Then the fireworks begin, although the precise function being overridden is not known, Langner says. It may be that the maximum safety setting for RPMs on a turbine is overridden, or that lubrication is shut off, or some other vital function shut down. Whatever it is, Stuxnet overrides it, Langner’s analysis shows.
“After the original code [on the PLC] is no longer executed, we can expect that something will blow up soon,” Langner writes in his analysis. “Something big.”
For those worried about a future cyber attack that takes control of critical computerized infrastructure – in a nuclear power plant, for instance – Stuxnet is a big, loud warning shot across the bow, especially for the utility industry and government overseers of the US power grid.
“The implications of Stuxnet are very large, a lot larger than some thought at first,” says Mr. Assante, who until recently was security chief for the North American Electric Reliability Corp. “Stuxnet is a directed attack. It’s the type of threat we’ve been worried about for a long time. It means we have to move more quickly with our defenses – much more quickly.”
Has Stuxnet already hit its target?It might be too late for Stuxnet’s target, Langner says. He suggests it has already been hit – and destroyed or heavily damaged. But Stuxnet reveals no overt clues within its code to what it is after.
A geographical distribution of computers hit by Stuxnet, which Microsoft produced in July, found Iran to be the apparent epicenter of the Stuxnet infections. That suggests that any enemy of Iran with advanced cyber war capability might be involved, Langner says. The US is acknowledged to have that ability, and Israel is also reported to have a formidable offensive cyber-war-fighting capability.
Could Stuxnet’s target be Iran’s Bushehr nuclear power plant, a facility much of the world condemns as a nuclear weapons threat?
Langner is quick to note that his views on Stuxnet’s target is speculation based on suggestive threads he has seen in the media. Still, he suspects that the Bushehr plant may already have been wrecked by Stuxnet. Bushehr’s expected startup in late August has been delayed, he notes, for unknown reasons. (One Iranian official blamed the delay on hot weather.)
But if Stuxnet is so targeted, why did it spread to all those countries? Stuxnet might have been spread by the USB memory sticks used by a Russian contractor while building the Bushehr nuclear plant, Langner offers.
The same contractor has jobs in several countries where the attackware has been uncovered.
“This will all eventually come out and Stuxnet’s target will be known,” Langner says. “If Bushehr wasn’t the target and it starts up in a few months, well, I was wrong. But somewhere out there, Stuxnet has found its target. We can be fairly certain of that.”
http://www.csmonitor.com/USA/2010/0921/Stuxnet-malware-is-weapon-out-to-destroy-Iran-s-Bushehr-nuclear-plant
Hahahahahaha! Did a cyber worm nearly destroy Iran's nuke program?
-
DEBKA: Iran admitted it was under full-scale cyber terror attack. The official IRNA news agency quoted Hamid Alipour, deputy head of Iran’s government Information Technology Company, as saying that the Stuxnet computer worm “is mutating and wreaking further havoc on computerized industrial equipment.”
Stuxnet was no normal worm, he said: “The attack is still ongoing and new versions of this virus are spreading.”
Revolutionary Guards deputy commander Hossein Salami declared his force had all the defensive structures for fighting a long-term war against “the biggest and most powerful enemies” and was ready to defend the revolution with more advanced weapons than the past.
He stressed that defense systems have been designed for all points of the country, and a special plan devised for the Bushehr nuclear power plant. DEBKAfile’s military sources report that this indicates that the plant – and probably other nuclear facilities too – had been infected, although Iranian officials have insisted it has not, only the personal computers of its staff.
The Stuxnet spy worm has been created in line with the West’s electronic warfare against Iran,” said Mahmoud Liayi, secretary of the information technology council of the Industries Minister.
As for the origin of the Stuxnet attack, Hamid Alipour said: The hackers who enjoy “huge investments” from a series of foreign countries or organizations, designed the worm, which has affected at least 30,000 Iranian addresses, toexploit five different security vulnerabilities. This confirmed the impressions of Western experts that Stuxnet invaded Iran’s Supervisory Control and Data Acquisition systems through “zero-day” access.
Alipour added the malware, the first known worm to target large-scale systems and industrial complexes control systems, is also a serious threat to personal computers.
DEBKAfile’s Iranian and intelligence sources report that these statements are preparing the ground for Tehran to go beyond condemning the states or intelligence bodies alleged to have sponsored the cyber attack on Iranian infrastructure and military industries and retaliate against them militarily. Iran is acting in the role of victim of unprovoked, full-scale, cyber terror aggression.
http://www.debka.com/article/9048/
-
Iran begs for help with the rampaging StuxNet Cyber Worm
Tehran this week secretly appealed to a number of computer security experts in West and East Europe with offers of handsome fees for consultations on ways to exorcize the Stuxnet worm spreading havoc through the computer networks and administrative software of its most important industrial complexes and military command centers.
DEBKA: DEBKAfile’s intelligence and Iranian sources report Iran turned for outside help after local computer experts failed to remove the destructive virus.
The impression DEBKAfile sources gained Wednesday, Sept. 29 from talking to European computer experts approached for aid was that the Iranians are getting desperate. Not only have their own attempts to defeat the invading worm failed, but they made matters worse: The malworm became more aggressive and returned to the attack on parts of the systems damaged in the initial attack.
None of the foreign experts has so far come forward because Tehran refuses to provide precise information on the sensitive centers and systems under attack and give the visiting specialists the locations where they would need to work. They were not told whether they would be called on to work outside Tehran or given access to affected sites to study how they function and how the malworm managed to disable them.
Iran also refuses to give out data on the changes its engineers have made to imported SCADA (Supervisory Control and Data Acquisition) systems, mostly from Germany.
One expert said: “The Iranians have been forced to realize that they would be better off not ‘irritating’ the invader because it hits back with a bigger punch.”
Looking beyond Iran’s predicament, he wondered whether the people responsible for planting Stuxnet in Iran – and apparently continuing to offload information from its sensitive systems – have the technology for stopping its rampage. “My impression,” he said, “is that somebody outside Iran has partial control at least on its spread. Can this body stop malworm in its tracks or kill it? We don’t have that information at present, he said.
As it is, the Iranian officials who turned outside for help were described by another of the experts they approached as alarmed and frustrated. It has dawned on them that the trouble cannot be waved away overnight but is around for thelong haul. Finding a credible specialist with the magic code for ridding them of the cyber enemy could take several months. After their own attempts to defeat Stuxnet backfired, all the Iranians can do now is to sit back and hope for the best, helpless to predict the worm’s next target and which other of their strategic industries will go down or be robbed of its secrets next.
While Tehran has given out several conflicting figures on the systems and networks struck by the malworm - 30,000 to 45,000 industrial units - DEBKAfile’s sources cite security experts as putting the figure much higher, in the region of millions. If this is true, then this cyber weapon attack on Iran would be the greatest ever.
http://www.debka.com/article/9050/
It keeps getting better! Hahahahaha!
-
DEBKA: As Tehran gropes in the dark for a solution to the crisis caused by the malignant Stuxnet cyber worm to its vital strategic systems, Iranian President Mahmoud Ahmadinejad is reported by DEBKA-Net-Weekly’s Iranian sources as having warned Syrian PresidentBashar Assad when they met last in Damascus that he is gearing up for military revenge.
Tehran’s allies Syria, Hizballah in Lebanon and Hamas in Gaza should get ready, he said. for Israel to take it as an opportunity to attack them. Their conversation took place Saturday, Sept. 18, three days after word of the software invasion surfaced.
Our sources add that the Iranian president admitted he did not know who was responsible for the cyber attack – andmay never find out – but he is certain that either Israel or the United States, or both, launched it to stop Iran’s nuclear program in its tracks. Even if it was Israel, he said, Washington would have known and approved.
Ahmadinejad described the damage to Iran’s nuclear and military resources as more devastating than the Israel raid on Syria’s plutonium reactor at A-Zur exactly three years ago.
He reminded Assad that then, too, Israel and the US had worked together to destroy the Syrian-Iranian nuclear plant under construction by North Korea. Israeli cyber commando units, he said, simultaneously raided additional Syrian nuclear facilities and made off with nuclear materials, equipment and software which they passed to the United States.
This, said Ahmadinejad, was the second time in three years that the US and Israel have jointly attacked Iran’s nuclear program – and that is one time too many. Tehran is resolved this time not to let them get away with fighting the Islamic republic without even declaring war.
He told Assad that although the form the Iranian attack on Israel had not been finally worked out, it would probably take place during the first half of October at around the dates of his scheduled state visit to Lebanon on Oct. 13-14.
Less than a week after this conversation, the Iranian president stood up at the UN General Assembly and said, “Most people believe the US government was responsible for the attacks of September 11, 2001.”
Another theory, he said, was that “some segments within the US government orchestrated the attack to reverse the declining American economy and [strengthen] its grip on the Middle East in order to save the Zionist regime.”
In Tehran, our sources disclose, these outrageous remarks were later presented to political and military circles as Iran’s first response to the cyber attack. Twenty-four hours later Tehran came clean about it – and not by chance.
NOT thousands, but MILLIONS of computer systems affected!
DEBKA At the end of last week, the Iranians reported 30,000 of their computers had been affected. Monday, September 27, some Iranian sources were talking about 45,000, including 30,000 in the Bushehr nuclear reactor and military facilities alone.
According to DEBKA-Net-Weekly, Tehran issued these low figures to downplay the scale of the damage for the benefit of the public. In reality, Western intelligence calculates that millions of computer systems and personal computers were struck. A Stuxnet invasion of just one sector, such as the military industry or banks, could disable three million computers in less than half an hour.
Now, if this was done by Israel as suspected, this is the reason why:
Tired of being strong-armed by the Obama administration into holding back on a military strike against Iran, Jerusalem accepted a military intelligence recommendation to substitute a cyber offensive for military action, a course Washington has never vetoed.
Israeli planners figured that paralyzing Iran’s nuclear program, defusing its military prowess and disabling Revolutionary Guards resources with a single electronic worm, would finally burst the balloon of Iran’s pretensions as a mighty regional power. Its innate vulnerabilities would be paraded, making even its Arab neighbors and allies, Syria, Hizballah and Hamas, sit up and note their iconic champion’s downfall.
http://www.debka.com/article/9052/
-
.