Digital first strike

[Skybird]

Here are two links two articles about stuxnet - and how it now is believed to be a massive digital attack in order to strike out at the Iranian nuclear weapons program. It is thoght that in early 2009 this trojan attack was responsible for the reduction of operational centrigues in Iran although at that time the Iranians installed more and more of such centrifuges. It is also said that such a highly cojmplex trojan cannot be just the tool of some hobby criminal, but must be formed and used with the ressources that only national states have.

The better, very detailed essay is the German one, for which I was not able to find an English equivalent somewehre. The second and third English links are just a brief summary of some features of the story. If you have a good essay on it, add it to the list. Please note that the conclusions are no Iranian propagandistic conspiracy theory, but are the results of examinations by professional German digital security experts and -analysts.

http://www.faz.net/s/RubCEB3712D41B64C3094E31BDC1446D18E/Doc~E8A0D43832567452FBDEE07AF579E893C~ATpl~Ecommon ~Scontent.html

http://www.daemonnews.org/2010/09/21...n-nuclear.html

http://planet-iran.com/index.php/news/24138

Quote:

Originally Posted by FAZ

„So etwas bauen große Staaten zusammen, wenn die Alternative bei einem Misserfolg wäre, einen Krieg anzufangen.“

"Stuff like that (struxnet) gets built by national states if the only alternative would be to start a war."

[Skybird]

BBC now has a longer essay in English, too.

http://www.bbc.co.uk/news/technology-11388018

[Skybird]

The plot is thickening. It already was said that Stuxnet'S developement was beyond the financial reach of just any private hacker organisation, and that background knowledge on the installations was needed that a hacker would not have if not being a specialist for the attacked installations himself.

The NYT now reports that Stuxnet is a cooperation between the two most likely suspects, Israel and the US, and that Israel tested the software, which is said to have been incredibly complex and clever, in an installation where they have copied the to-be-attacked hardware of the Iranian installations.

http://www.nytimes.com/2011/01/16/wo...16stuxnet.html

I admit I somewhat admire the competence level being shown in the design and developement of this cyber-weapon.

Edit: it seems the Times blocks access to the site somehow. Enter this search term at Google:


Israeli Test on Worm Called Crucial in Iran Nuclear Delay

Then find one of the first entries that is on the NYT website. This workaround works fo me. You should get an article with that healdine and 4 pages

[the_tyrant]

you know, John Boyd in The Strategic Game of ? and ? says that there are 3 levels of conflict:
physical, mental, and moral

we can use computers in the mental and moral parts of conflict, but now with this virus, computers are also useful in the physical part too

I have a feeling that pearl harbor 2.0 would be JSDF hackers attacking us navy computers and detonating weapons before they are launched, followed up by injecting malware in the firmware upgrades of american fire control systems

[TLAM Strike]

Quote:

Originally Posted by the_tyrant

I have a feeling that pearl harbor 2.0 would be JSDF hackers attacking us navy computers and detonating weapons before they are launched, followed up by injecting malware in the firmware upgrades of american fire control systems

That kind of stuff is really easy to prevent. Software updates by disk only hard coded in to our computer systems. Then guard those disks like the launch codes. It would slow down response time to problems but it would practically remove a problem at the same time.

A few years ago they banned USB drives from the Pentagon because that was how Chinese made viruses were getting in. (That is also how Suxnet got in) That was a step in the right direction.

(BTW I doubt it would be JSDF guys doing it)

[Skybird]

The updates you store on your precious discs, get created in some place. And that is the attack target, that is how I would take aim. Which makes the discs themselves already being infested. Also, there is the human factor. You will always have individuals who are prone to enemy blackmailing, and persuasions.

[TLAM Strike]

Quote:

Originally Posted by Skybird

The updates you store on your precious discs, get created in some place. And that is the attack target, that is how I would take aim. Which makes the discs themselves already being infested. Also, there is the human factor. You will always have individuals who are prone to enemy blackmailing, and persuasions.

Again simple countermeasures...

Facilities to code new patches are not linked to the outside world. Personnel are searched for items such as thumb drives and CDs and have those confiscated and checked.

All software engineers work in randomly assigned pairs each day, each software engineer has access to each others code to insure one is not adding malicious code to the patch.

Patch disks are formatted and burned in triple redundancy on separate systems then sealed in their shipping box before leaving the facility. Before installation the disks are checked for consistency between the three.

[the_tyrant]

Quote:

Originally Posted by TLAM Strike

Again simple countermeasures...

Facilities to code new patches are not linked to the outside world. Personnel are searched for items such as thumb drives and CDs and have those confiscated and checked.

All software engineers work in randomly assigned pairs each day, each software engineer has access to each others code to insure one is not adding malicious code to the patch.

Patch disks are formatted and burned in triple redundancy on separate systems then sealed in their shipping box before leaving the facility. Before installation the disks are checked for consistency between the three.

you just gave me an idea!
its quite possible that it was a mossad agent plugging in the usb drive in the first place

[TLAM Strike]

Quote:

Originally Posted by the_tyrant

you just gave me an idea!
its quite possible that it was a mossad agent plugging in the usb drive in the first place

I heard rumors that it was a Russian worker bribed in to doing it at one of the sites in Iran under construction.

[CaptainHaplo]

TLAM - just out of curiosity - do you have your CISSP cert?

Because you think like one. Most network security folks concentrate on the backbone - few remember physical access as one of the biggest "open doors".

[the_tyrant]

Quote:

Originally Posted by CaptainHaplo

Most network security folks concentrate on the backbone - few remember physical access as one of the biggest "open doors".

i suppose its getting better
in my comptia security + plus guide there is a whole chapter on the subject
and in my CEH exam guide there is a chapter on it (I haven't taken the test though)

[TLAM Strike]

Quote:

Originally Posted by CaptainHaplo

TLAM - just out of curiosity - do you have your CISSP cert?

Because you think like one. Most network security folks concentrate on the backbone - few remember physical access as one of the biggest "open doors".

No I don't.

I'm not even in that field of study.

[Gargamel]

Quote:

Originally Posted by TLAM Strike

No I don't.

I'm not even in that field of study.

Sometimes outsiders have the best point of view. Forest for the trees sort of thing.

[Skybird]

Russians warn that Stuxnet may have damaged Busher, too, causing a risk of turning it into a second Chernobyl if it enters service.

http://www.telegraph.co.uk/news/worl...Chernobyl.html