Announcement

Collapse
No announcement yet.

Stuxnet

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Stuxnet

    I wasn't really sure where to put this, but I find this absolutely fascinating.

    http://frank.geekheim.de/?p=1189

    stuxnet is a so far not seen publicly class of nation-state weapons-grade attack software. It is using four different zero-day exploits, two stolen certificates to get proper insertion into the operating system and a really clever multi-stage propagation mechanism, starting with infected USB-sticks, ending with code insertion into Siemens S7 SPS industrial control systems. One of the Zero-Days is a USB-stick exploit named LNK that works seamlessly to infect the computer the stick is put into, regardless of the Windows operating system version – from the fossile Windows 2000 to the most modern and supposedly secure Windows 7.

    The stuxnet software is exceptionally well written, it makes very very sure that nothing crashes, no outward signs of the infection can be seen and, above all, it makes pretty sure that its final payload, which manipulates parameters and code in the SPS computer is only executed if it is very certain to be on the right system. In other words: it is extremly targeted and constructed and build to be as side-effect free as humanly possible. Words used by reverse engineers working on the the thing are “After 10 years of reverse-engineering malware daily, I have never ever seen anything that comes even close to this”, and from another “This is what nation states build, if their only other option would be to go to war”.
    This is simply incredible. Google stuxnet and read up on it, especially if you're familiar/interested with industrial processes and cybersecurity.
    Code:
    As of 9/21/10:         As of 9/13/10:
    College Hockey 6       College Football 0
    BTHC 4                 WCHA FC:  1
    Originally posted by SanTropez
    May your paint thinner run dry and the fleas of a thousand camels infest your dead deer.
    Originally posted by bigblue_dl
    I don't even know how to classify magic vagina smoke babies..
    Originally posted by Kepler
    When the giraffes start building radio telescopes they can join too.
    He's probably going to be a superstar but that man has more baggage than North West

  • #2
    Re: Stuxnet

    IMO, the NSA is our first line in a computer war, and for all the computer sins of our armed forces, I'd still trust "us" over "them". So, yeah, either us or the Israelis and frankly, I don't care either way.

    I don't think that nation states really want to get into such warfare and tactics, but frankly this is better than killing tens of thousands. Obviously, we may get other input on this... I remember reading something somewhere about the NSA being 10 years up on the general public in terms of things technological and programming.
    BS UML '04, PhD UConn '09

    Jerseys I would like to have:
    Skating Friar Jersey
    AIC Yellowjacket Jersey w/ Yellowjacket logo on front
    UAF Jersey w/ Polar Bear on Front
    Army Black Knight logo jersey


    NCAA Men's Division 1 Simulation Primer

    Comment


    • #3
      Re: Stuxnet

      WHat scares me is the fact that they're targeting PLCs now. I don't know what everyone's background is, but I work at an engineering firm and work with PLCs all the time. Even the most rinky-dink semi-automated processes use PLCs (not exclusively PLCs but whatever). The biggest processes use the Emerson-Rosemounts (Delta V) and Siemens control systems. If someone has found a way to control those via computer virus, bad things can and WILL happen.

      These computers haven't been targeted like this until now. Like most large companies and plants, electronic security is based almost entirely on ignorance. Comeuppance? I think so.

      Edit: Plus the sheer complexity of this virus. It's such a huge evolutionary step. THis is like jumping from a musket to Tomahawk missile overnight.
      Last edited by dxmnkd316; 09-23-2010, 10:42 PM.
      Code:
      As of 9/21/10:         As of 9/13/10:
      College Hockey 6       College Football 0
      BTHC 4                 WCHA FC:  1
      Originally posted by SanTropez
      May your paint thinner run dry and the fleas of a thousand camels infest your dead deer.
      Originally posted by bigblue_dl
      I don't even know how to classify magic vagina smoke babies..
      Originally posted by Kepler
      When the giraffes start building radio telescopes they can join too.
      He's probably going to be a superstar but that man has more baggage than North West

      Comment


      • #4
        Re: Stuxnet

        Speculated to be U.S.-generated and targeted at the Iranian nuclear facility (although I wouldn't be shocked if it came from Israel instead); apparently, it's got a lot of penetration in that part of the world.

        The jump to PLCs is seriously worrisome.
        Northeastern Huskies Class of 1998 / BS Chemical Engineering
        Notre Dame Fighting Irish Class of 2011 / PhD Chemical Engineering

        But then again, isn't holding forth on an extreme opinion from a position of complete ignorance what these boards are all about? -- from a BigSoccer post by kerrunch

        Britney can't sing. At all. She sounds like a cross between a crackhead chipmunk that had more than a couple beers and a drowning cat. -- DHG on the MTV VMAs

        Comment


        • #5
          Re: Stuxnet

          Originally posted by Craig P. View Post
          Speculated to be U.S.-generated and targeted at the Iranian nuclear facility (although I wouldn't be shocked if it came from Israel instead); apparently, it's got a lot of penetration in that part of the world.

          The jump to PLCs is seriously worrisome.
          Yeah, I'm guessing the same thing. SOunds like Iran had a serious accident around the time they suspect stuxnet was released.

          It's also being found most frequently in countries where the firm that is building Iran's nuke plant has the highest number of projects. Very interesting tidbit.
          Code:
          As of 9/21/10:         As of 9/13/10:
          College Hockey 6       College Football 0
          BTHC 4                 WCHA FC:  1
          Originally posted by SanTropez
          May your paint thinner run dry and the fleas of a thousand camels infest your dead deer.
          Originally posted by bigblue_dl
          I don't even know how to classify magic vagina smoke babies..
          Originally posted by Kepler
          When the giraffes start building radio telescopes they can join too.
          He's probably going to be a superstar but that man has more baggage than North West

          Comment


          • #6
            Re: Stuxnet

            Some background. Fascinating and scary.

            Once these things are deployed, how do we stop them from being reverse-engineered and used back against us?
            Last edited by Kepler; 09-24-2010, 07:45 AM.
            Cornell University
            National Champion 1967, 1970
            ECAC Champion 1967, 1968, 1969, 1970, 1973, 1980, 1986, 1996, 1997, 2003, 2005, 2010
            Ivy League Champion 1966, 1967, 1968, 1969, 1970, 1971, 1972, 1973, 1977, 1978, 1983, 1984, 1985, 1996, 1997, 2002, 2003, 2004, 2005, 2012, 2014, 2018, 2019, 2020

            Comment


            • #7
              Re: Stuxnet

              Originally posted by Kepler View Post
              Some background. Fascinating and scary.

              Once these things are deployed, how do we stop them from being reverse-engineered and used back against us?
              Well what is interesting is that this used four zero-day exploits (I believe had since been patched) and was targeted at only a very few (read: you can count on your hand) number of computers. The rest of the computers it infected were completely unaffected by it.

              It could be used to attack us, sure. But the programmers would need an intimate knowledge of the precise PLC/computer it intends to attack. Not very easy at all.

              Additionally, what made this so difficult to detect is that it was well-written and wasn't untended to spread through the wild. I read it actually limited the number of times it could replicate itself to keep the virus contained to q small number of computers. Even better, it didn't cause any crashes or hang ups on non-targeted computers making it even more difficult to detect.

              The more destructive a virus is, the quicker a solution is created.
              Code:
              As of 9/21/10:         As of 9/13/10:
              College Hockey 6       College Football 0
              BTHC 4                 WCHA FC:  1
              Originally posted by SanTropez
              May your paint thinner run dry and the fleas of a thousand camels infest your dead deer.
              Originally posted by bigblue_dl
              I don't even know how to classify magic vagina smoke babies..
              Originally posted by Kepler
              When the giraffes start building radio telescopes they can join too.
              He's probably going to be a superstar but that man has more baggage than North West

              Comment


              • #8
                Re: Stuxnet

                Originally posted by dxmnkd316 View Post
                It could be used to attack us, sure. But the programmers would need an intimate knowledge of the precise PLC/computer it intends to attack. Not very easy at all.
                It's keyed particularly to one PLC and one industrial process, so if you think of that as the "warhead," that's a one-off (although I'm sure there are lessons that can be learned from reviewing it). But there is also the "guidance and propulsion" part of the metaphor that I'd think is fairly generic and adaptable -- the logic it uses to select target, get past security, spread.

                At least this is the one last thing we're (presumably) way ahead in.
                Cornell University
                National Champion 1967, 1970
                ECAC Champion 1967, 1968, 1969, 1970, 1973, 1980, 1986, 1996, 1997, 2003, 2005, 2010
                Ivy League Champion 1966, 1967, 1968, 1969, 1970, 1971, 1972, 1973, 1977, 1978, 1983, 1984, 1985, 1996, 1997, 2002, 2003, 2004, 2005, 2012, 2014, 2018, 2019, 2020

                Comment


                • #9
                  Re: Stuxnet

                  Originally posted by Kepler View Post
                  Some background. Fascinating and scary.

                  Once these things are deployed, how do we stop them from being reverse-engineered and used back against us?
                  Strange that you should ask ...

                  http://www.informationweek.com/news/...leID=227500515

                  The specter of "cyberwar" is one that is generating intense debate and interest globally across industry, government and academia. One has the potential to wreak havoc on adversaries, and effectively destroy them, with a few keystrokes. Some suggest cyberwars are already taking place, with the US as one of the main proponents and aggressors.

                  Since a large part of my job has morphed from data privacy into data security, I find this stuff endlessly amazing, and scary.
                  "We in America do not have government by the majority. We have government by the majority who participate." -Thomas Jefferson

                  "I confess I enjoy democracy immensely. It is incomparably idiotic, and hence incomparably amusing." -H. L. Mencken

                  sigpic

                  Comment


                  • #10
                    Re: Stuxnet

                    Symantec shows us how it's done.
                    Cornell University
                    National Champion 1967, 1970
                    ECAC Champion 1967, 1968, 1969, 1970, 1973, 1980, 1986, 1996, 1997, 2003, 2005, 2010
                    Ivy League Champion 1966, 1967, 1968, 1969, 1970, 1971, 1972, 1973, 1977, 1978, 1983, 1984, 1985, 1996, 1997, 2002, 2003, 2004, 2005, 2012, 2014, 2018, 2019, 2020

                    Comment


                    • #11
                      Re: Stuxnet

                      Originally posted by ScottM View Post
                      Strange that you should ask ...

                      http://www.informationweek.com/news/...leID=227500515

                      The specter of "cyberwar" is one that is generating intense debate and interest globally across industry, government and academia. One has the potential to wreak havoc on adversaries, and effectively destroy them, with a few keystrokes. Some suggest cyberwars are already taking place, with the US as one of the main proponents and aggressors.

                      Since a large part of my job has morphed from data privacy into data security, I find this stuff endlessly amazing, and scary.
                      Its all interesting... but make no mistake, it is and has to be a front in a war. War is communication, even if that's communication to your weapons systems or other devices. And war is played at all levels... obtaining information from a sequence of businesses can tell you a lot about the interconnects... I wouldn't be shocked if the nuances of Chinese policy reflect around, say, hacked materials from company XYZ. I use them as an example since they seem to be our top tech competitors, but others cannot be ignored.

                      Tech makes information easier to gather... you have more information about a nation available during one google search than you could find during any time pre-1994. You can know who all the key players are in a small nation, many of their interconnects and such just by data mining. I think it would be naive to think that nation states won't be playing in these fields. Just knowing the supply routes in developing war strategies... hell, the entire US is practically an open book... and for the US... so is every other county. You could probably map out all kinds of networks between data mining and satellite info.

                      Its a scary world when you realize if the tools were mechanized for a certain purpose.
                      BS UML '04, PhD UConn '09

                      Jerseys I would like to have:
                      Skating Friar Jersey
                      AIC Yellowjacket Jersey w/ Yellowjacket logo on front
                      UAF Jersey w/ Polar Bear on Front
                      Army Black Knight logo jersey


                      NCAA Men's Division 1 Simulation Primer

                      Comment


                      • #12
                        Re: Stuxnet

                        Originally posted by Kepler View Post
                        Symantec shows us how it's done.
                        I can't believe I'm going to say this, but I'm actually excited to read the paper ty are publishing about Stuxnet on the 29th. Should be a very interesting read.
                        Code:
                        As of 9/21/10:         As of 9/13/10:
                        College Hockey 6       College Football 0
                        BTHC 4                 WCHA FC:  1
                        Originally posted by SanTropez
                        May your paint thinner run dry and the fleas of a thousand camels infest your dead deer.
                        Originally posted by bigblue_dl
                        I don't even know how to classify magic vagina smoke babies..
                        Originally posted by Kepler
                        When the giraffes start building radio telescopes they can join too.
                        He's probably going to be a superstar but that man has more baggage than North West

                        Comment


                        • #13
                          Re: Stuxnet

                          I have an old HS friend at Malwarebytes who I'm tempted to ask about this thing.
                          Northeastern Huskies Class of 1998 / BS Chemical Engineering
                          Notre Dame Fighting Irish Class of 2011 / PhD Chemical Engineering

                          But then again, isn't holding forth on an extreme opinion from a position of complete ignorance what these boards are all about? -- from a BigSoccer post by kerrunch

                          Britney can't sing. At all. She sounds like a cross between a crackhead chipmunk that had more than a couple beers and a drowning cat. -- DHG on the MTV VMAs

                          Comment


                          • #14
                            Re: Stuxnet

                            Originally posted by Craig P. View Post
                            I have an old HS friend at Malwarebytes who I'm tempted to ask about this thing.
                            I'd love to hear what he has to say. (MWB is one of the first tools I personally use when cleaning up a computer.)
                            Code:
                            As of 9/21/10:         As of 9/13/10:
                            College Hockey 6       College Football 0
                            BTHC 4                 WCHA FC:  1
                            Originally posted by SanTropez
                            May your paint thinner run dry and the fleas of a thousand camels infest your dead deer.
                            Originally posted by bigblue_dl
                            I don't even know how to classify magic vagina smoke babies..
                            Originally posted by Kepler
                            When the giraffes start building radio telescopes they can join too.
                            He's probably going to be a superstar but that man has more baggage than North West

                            Comment


                            • #15
                              Re: Stuxnet

                              Apparently, Iran is fighting the "good fight" against Stuxnet. I'm sure Photoshop will come in handy.

                              http://www.nytimes.com/2010/09/26/wo...n.html?_r=1&hp

                              I saw an article on Dark Reading yesterday, and there is speculation that the spread of Stuxnet outside of Iran was unintentional. Looks like the "law of unintended consequences" may come into play.
                              "We in America do not have government by the majority. We have government by the majority who participate." -Thomas Jefferson

                              "I confess I enjoy democracy immensely. It is incomparably idiotic, and hence incomparably amusing." -H. L. Mencken

                              sigpic

                              Comment

                              Working...
                              X