Important article on "Stuxnet and the Year of the Geek"

--“I think Stuxnet the prime example of the modern, targeted cybermunition,” says (Rodney) Joffe. “It’s capable of being unleashed anonymously somewhere in the world, finding its way to a highly specific set of targets and then destroying them without risk to the attacker. In this case, if generating systems were to explode, people could easily be hurt in the process. It's a very short step for there to be loss of life in the future.” --Rodney Joffe, computer security specialist --“There's a blurring of the lines between criminals and nation states. It’s no longer easy or even important to differentiate between a criminal attack and a politically motivated attack, because more and more they're going to blur. The political attacks will employ criminals to develop and generate them.” --Rodney Joffe; --Last week, the cascade of cyberthreats led Gen. Keith B. Alexander, the military’s new commander of cyberwarfare operations, to call for a secure computer network to protect critical civilian and government infrastructure from attack. Back to me: Notice how this has gone over from private, commercial security issues, problems and people to a military general? Also, I should think this may well mean the end of Microsoft's ubiquity. --“I don't consider myself to be an evil person at all—but I will tell you that if it was me and I was evil, I absolutely know how I could kill hundreds of thousands of people, and cause damage to millions; and if I could do that, why would I possibly think that a world that could give us Hitler couldn’t give us someone else who would make that same decision?” --Rodney Joffe. Herein lies your Sci-fi movie---if we last that long as functioning nation-states. The entire article is here: http://www.thedailybeast.com/blogs-and-stories/2010-09-27/stuxnet-and-the-year-of-geek-terror/

The latest, best "educated guess" on the Stuxnet malware

As I said, the latest, best "educated guess" is out this morning on the Stuxnet malware program that seems to have been created to attack Iran's nuclear infrastructure: Computer attacks linked to wealthy group or nation WASHINGTON – A powerful computer code attacking industrial facilities around the world, but mainly in Iran, probably was created by experts working for a country or a well-funded private group, according to an analysis by a leading computer security company. The malicious code, called Stuxnet, was designed to go after several "high-value targets," said Liam O Murchu, manager of security response operations at Symantec Corp. But both O Murchu and U.S. government experts say there's no proof it was developed to target nuclear plants in Iran, despite recent speculation from some researchers. Creating the malicious code required a team of as many as five to 10 highly educated and well-funded hackers. Government experts and outside analysts say they haven't been able to determine who developed it or why. More: U.S. officials said last month that the Stuxnet was the first malicious computer code specifically created to take over systems that control the inner workings of industrial plants. The Energy Department has warned that a successful attack against critical control systems "may result in catastrophic physical or property damage and loss." Symantec's analysis of the code, O Murchu said, shows that nearly 60 percent of the computers infected with Stuxnet are in Iran. An additional 18 percent are in Indonesia. Less than 2 percent are in the U.S. "This would not be easy for a normal group to put together," said O Murchu. He said "it was either a well-funded private entity" or it "was a government agency or state sponsored project" created by people familiar with industrial control systems. A number of governments with sophisticated computer skills would have the ability to create such a code. They include China, Russia, Israel, Britain, Germany and the United States. But O Murchu said no clues have been found within the code to point to a country of origin. What would be fascinating to know throughout all this is what's going on behind the scenes, in the intelligence agencies of countries around the world--here in the US, in Europe, in Russia, China, everywhere. Additionally, it would be fascinating to know if all the "Western" or "free" countries are cooperating on this or if each is attacking the situation for knowledge about Stuxnet purely individually and secretly, away from the other countries. Naturally, they would, possibly, be able to learn more, quicker if cooperating but since this has so much to do with both internal national security for each country and because this Stuxnet problem has been described as a "missile" fired into the networks of computers worldwide, as it turns out. Finally, it will also be fascinating to find out, one day soon, hopefully, just what this malware has done, if anything, to computers and programs in Iran, specifically as it relates to their new nuclear reactor and/or other infrastructure. It would be great to know if it's done it's job already or not and, if it has, how effective and maybe devastating the program has been on the reactor. And for the Siemens company, it raises the question of if you get off Microsoft's software, I should think, if it's an option, since that lead to the weakness that could be exploited. I guarantee you, a whole lot of people worldwide have been spending a great deal of hours, around the clock, working on this and paying attention to what happened or what possibly happened. It will be a great story to keep an eye out for more details--real international computer espionage. Maybe the next movie out of Hollywood, if they can keep up with the story. Link to original post: http://news.yahoo.com/s/ap/20100927/ap_on_hi_te/us_computer_attacks;_ylt=AoEm_H4JUDDdS24Iv5GEm58k5I94;_ylu=X3oDMTNvaGMwbnA2BGFzc2V0Ay9zL2FwLzIwMTAwOTI3L2FwX29uX2hpX3RlL3VzX2NvbXB1dGVyX2F0dGFja3MEY2NvZGUDbXBfZWNfOF8xMARjcG9zAzEwBHBvcwMxMARzZWMDeW5fdG9wX3N0b3JpZXMEc2xrA2NvbXB1dGVyYXR0YQ--

Update on Stuxnet malware

From The New York Times today: The malware, known as Stuxnet, was discovered in mid July, at least several months after its creation, by VirusBlokAda, a Belarussian computer security company that was alerted by a customer. I thought that interesting--that a Belarussion computer security company was first alerted to it. Then there's a little more educated guess than what I wrote earlier, of just what Stuxnet is designed to do: Exactly what Stuxnet might command industrial equipment to do still isn’t known. But malware experts say it could have been designed to trigger such Hollywood-style bedlam as overloaded turbines, exploding pipelines and nuclear centrifuges spinning so fast that they break. Stuxnet’s remarkable sophistication has surprised many security professionals. Its authors had detailed knowledge of Siemens’ software and where its security weaknesses are. They discovered and used four unknown security flaws in Microsoft’s Windows operating system. And they masked their attack with the aid of sensitive intellectual property stolen from two hardware companies, Realtek and JMicron, which are located in the same office park in Taiwan. “It’s impossible this was created by some teenager in his basement,” Mr. Chien said. “The amount of resources and man hours to put this together,” he said, show “it has to be something that was state originated.” Once again, the ubiquity of Microsoft proves itself a great disadvantage and makes it far more likely one's computer would be attacked. It seems clear more computers will have to get off Microsoft, I should think, with this kind of ultra-sophisticated attack developing. Also, that this malware seems likely to have been created by a government is a fascinating, complicated and rather diabolical detail, too. It will be more fascinating to see how this develops. Link to original post: http://bits.blogs.nytimes.com/2010/09/24/malware-hits-computerized-industrial-equipment/?th&emc=th

Will the final WWIII we've always feared be without bombs?

It's a good question. The next phase of international war may have just become a little bit more clear and possible, what with a new "Stuxnet malware" that recently became known internationally. Well, sort of known, anyway. There is a fascinating story out today on this new Stuxnet malware and what it may portend for the future of international warfare--wars that are done on countries by, at and on computers and not with bombs, planes and guns: Stuxnet malware is 'weapon' out to destroy ... Iran's Bushehr nuclear plant? Cyber security experts say they have identified the world's first known cyber super weapon designed specifically to destroy a real-world target – a factory, a refinery, or just maybe a nuclear power plant. The cyber worm, called Stuxnet, has been the object of intense study since its detection in June. As more has become known about it, alarm about its capabilities and purpose have grown. Some top cyber security experts now say Stuxnet's arrival heralds something blindingly new: a cyber weapon created to cross from the digital realm to the physical world – to destroy something. The ways in which this is fascinating are numerous. First, it's likely not known the source--who, exactly created and released it. It used to be, in humankind's wars to date, you knew who was attacking you, where they were coming from, what they were doing and you could, hopefully, react. Not so with this new, still-debilitating type weapon. We won't know who's attacking us, where they're attacking us--at least not for a while--the extent of the damage they will do to us, etc., for some time, at least. The appearance of Stuxnet created a ripple of amazement among computer security experts. Too large, too encrypted, too complex to be immediately understood, it employed amazing new tricks, like taking control of a computer system without the user taking any action or clicking any button other than inserting an infected memory stick. Experts say it took a massive expenditure of time, money, and software engineering talent to identify and exploit such vulnerabilities in industrial control software systems. Unlike most malware, Stuxnet is not intended to help someone make money or steal proprietary data. Industrial control systems experts now have concluded, after nearly four months spent reverse engineering Stuxnet, that the world faces a new breed of malware that could become a template for attackers wishing to launch digital strikes at physical targets worldwide. And here's an additional rather big "kicker" to the whole thing: Internet link not required. "Until a few days ago, people did not believe a directed attack like this was possible," Ralph Langner, a German cyber-security researcher, told the Monitor in an interview. He was slated to present his findings at a conference of industrial control system security experts Tuesday in Rockville, Md. "What Stuxnet represents is a future in which people with the funds will be able to buy an attack like this on the black market. This is now a valid concern." By August, researchers had found something more disturbing: Stuxnet appeared to be able to take control of the automated factory control systems it had infected – and do whatever it was programmed to do with them. That was mischievous and dangerous. But it gets worse. Since reverse engineering chunks of Stuxnet's massive code, senior US cyber security experts confirm what Mr. Langner, the German researcher, told the Monitor: Stuxnet is essentially a precision, military-grade cyber missile deployed early last year to seek out and destroy one real-world target of high importance – a target still unknown. "Stuxnet is a 100-percent-directed cyber attack aimed at destroying an industrial process in the physical world," says Langner, who last week became the first to publicly detail Stuxnet's destructive purpose and its authors' malicious intent. "This is not about espionage, as some have said. This is a 100 percent sabotage attack." For those worried about a future cyber attack that takes control of critical computerized infrastructure – in a nuclear power plant, for instance – Stuxnet is a big, loud warning shot across the bow, especially for the utility industry and government overseers of the US power grid. "The implications of Stuxnet are very large, a lot larger than some thought at first," says Mr. Assante, who until recently was security chief for the North American Electric Reliability Corp. "Stuxnet is a directed attack. It's the type of threat we've been worried about for a long time. It means we have to move more quickly with our defenses – much more quickly." There are so many things to be said--and asked about this, it's nearly overwhelming. First, who made it? Second, why? Third, was it created--as looks entirely possible--by a country, in order to shut down Iran's nuclear facility? Fourth, could it have been done by formal agreement between two or more nations? Third, was it China? That would have huge implications for what, exactly, they're capable of, regarding computers and cyber warfare and we believe they've been busy with their computer homework, so to speak. Fourth, was it the US and we're acting dumb and innocent? Fifth, what's next in cyber warfare, since this is only, clearly the "next phase" of international war, cyber warfare and sabotage. Sixth, how does the world address this/these issue(s)? What do you do about this kind of attack? As pointed out on NPR, purely coincidentally, this morning, there is no international law regarding cyber warfare. That means there are no rules. What's lawful? What's unlawful? What shouldn't be accepted? For instance, shouldn't attacking another country's water infrastructure be unlawful and unacceptable? I could go on and on but won't. The last question I'll ask is, will mankind end in a bang or, like this, in a nearly silent, possibly starving and/or freezing whimper? Better start planting a garden and canning, folks, along with making your own clothes, etc. Links: http://news.yahoo.com/s/csm/327178; http://en.wikipedia.org/wiki/Stuxnet