stuxnet

Internet freedom and digital privacy will come about only through the design of better tools for civil disobedience and direct action. 

Do you agree or disagree?

Watch tonight’s Design and Violence Debate live on YouTube at 6:30 pm EST. 

Debate motions will be delivered by Gabriella Coleman (the Wolfe Chair in Scientific and Technological Literacy at McGill University, and author of Hacker, Hoaxer, Whistleblower, Spy: The Many Faces of Anonymous) and Larry Lessig (the Roy L. Furman Professor of Law and Leadership at Harvard Law School, and director of the Edmond J. Safra Center for Ethics at Harvard University). 

In case you were wondering, here’s how infamous Iran-infrastructure-damaging bug Stuxnet worked. And to answer your question, the U.S. was involved in what was intended as an act of cyberwar … but the virus (which only got its name after it broke out online) was never intended it to break out onto the larger Internet. But Stuxnet, which broke out in 2010, is old news. A newer virus, Flame, is currently causing major online trauma in the Middle East.

http://arstechnica.com/security/2015/02/how-omnipotent-hackers-tied-to-the-nsa-hid-for-14-years-and-were-found-at-last/


A long list of almost superhuman technical feats illustrate Equation Group’s extraordinary skill, painstaking work, and unlimited resources. They include:

The use of virtual file systems, a feature also found in the highly sophisticated Regin malware. Recently published documents provided by Ed Snowden indicate that the NSA used Regin to infect the partly state-owned Belgian firm Belgacom.


The stashing of malicious files in multiple branches of an infected computer’s registry. By encrypting all malicious files and storing them in multiple branches of a computer’s Windows registry, the infection was impossible to detect using antivirus software.


Redirects that sent iPhone users to unique exploit Web pages. In addition, infected machines reporting to Equation Group command servers identified themselves as Macs, an indication that the group successfully compromised both iOS and OS X devices.


The use of more than 300 Internet domains and 100 servers to host a sprawling command and control infrastructure.


USB stick-based reconnaissance malware to map air-gapped networks, which are so sensitive that they aren’t connected to the Internet. Both Stuxnet and the related Flame malware platform also had the ability to bridge air gaps.


An unusual if not truly novel way of bypassing code-signing restrictions in modern versions of Windows, which require that all third-party software interfacing with the operating system kernel be digitally signed by a recognized certificate authority. To circumvent this restriction, Equation Group malware exploited a known vulnerability in an already signed driver for CloneCD to achieve kernel-level code execution.


Taken together, the accomplishments led Kaspersky researchers to conclude that Equation Group is probably the most sophisticated computer attack group in the world, with technical skill and resources that rival the groups that developed Stuxnet and the Flame espionage malware.

“It seems to me Equation Group are the ones with the coolest toys,” Costin Raiu, director of Kaspersky Lab’s global research and analysis team, told Ars.

 "Every now and then they share them with the Stuxnet group and the Flame group, but they are originally available only to the Equation Group people. Equation Group are definitely the masters, and they are giving the others, maybe, bread crumbs. From time to time they are giving them some goodies to integrate into Stuxnet and Flame.“

Flame Most Likely Created By Israel/U.S. Government

The sophisticated espionage toolkit known as Flame is directly tied to the Stuxnet superworm that attacked Iran’s centrifuges in 2009 and 2010, according to researchers who recently found that the main module in Flame contains code that is nearly identical to a module that was used in an early version of Stuxnet.

Researchers at Russia-based Kaspersky Lab discovered that a part of the module that allows Flame to spread via USB sticks using the autorun function on a Windows machine contains the same code that was used in a version of Stuxnet that was unleashed on computers in Iran in 2009, reportedly in a joint operation between the United States and Israel. The module, which was known as Resource 207 in Stuxnet, was removed from subsequent versions of Stuxnet, but it served as a platform for what would later develop into the full-fledged Flame malware that is known today.

The researchers believe the attackers may have used the Flame module to kickstart their Stuxnet project before taking both pieces of malware into different and separate directions. They’ve detailed the similarities between the modules in Flame and Stuxnet in a blog post.

This could be in my opinion, together with the MD5 collision attack, maybe the biggest discoveries to date about Flame,” said  Roel Schouwenberg, senior antivirus researcher at Kaspersky Lab. The MD5 collision attack refers to a discovery last week that Flame used a previously unknown variant of a collision attack in its efforts to sign a malicious file with a fraudulent digital certificate to trick victim machines into thinking the file was legitimate and trusted code from Microsoft.

Like the atomic bomb in the waning days of World War II, the computer virus known as Stuxnet, discovered in 2010, seemed to usher in a new era of warfare. In the era of cyberwar, experts warned, silent, software-based attacks will take the place of explosive ordinance, tanks, and machine guns, or at least set the stage for them. Or maybe not. Almost four years after it was first publicly identified, Stuxnet is an anomaly: the first and only cyberweapon ever known to have been deployed. Now some experts in cybersecurity and critical infrastructure want to know why. Are there fewer realistic targets than suspected? Are such weapons more difficult to construct than realized? Or is the current generation of cyberweapons simply too well hid? Such questions were on the minds of the world’s top experts in the security of industrial control systems last week at the annual S4 conference outside Miami. S4 gathers the world’s top experts on the security of nuclear reactors, power grids, and assembly lines.
vimeo

Can malware ever be used for good, not evil? Lev Manovich examines computer virus Stuxnet for our Design and Violence blog

[Patrick Clair. Co-produced by: Australian Broadcasting Corporation (Est. 1932) & Zapruder’s Other Film (Est. 1989). Stuxnet: Anatomy of a Virus. 2011. Motion Graphics, video. (3:21 min). Image courtesy of the artist]

vimeo

Stuxnet: Anatomy of a Computer Virus

From his first months in office, President Obama secretly ordered increasingly sophisticated attacks on the computer systems that run Iran’s main nuclear enrichment facilities, significantly expanding America’s first sustained use of cyberweapons, according to participants in the program.

Mr. Obama decided to accelerate the attacks — begun in the Bush administration and code-named Olympic Games — even after an element of the program accidentally became public in the summer of 2010 because of a programming error that allowed it to escape Iran’s Natanz plant and sent it around the world on the Internet. Computer security experts who began studying the worm, which had been developed by the United States and Israel, gave it a name: Stuxnet.

At a tense meeting in the White House Situation Room within days of the worm’s “escape,” Mr. Obama, Vice President Joseph R. Biden Jr. and the director of the Central Intelligence Agency at the time, Leon E. Panetta, considered whether America’s most ambitious attempt to slow the progress of Iran’s nuclear efforts had been fatally compromised.

» via The New York Times (Subscription may be required for some content)

The new malware 'Flame' may have been created by the Obama Administration

Internet security company Kaspersky Lab announced last Monday that it had uncovered a ‘cyber-espionage worm’ designed to collect and delete sensitive information, primarily in Middle Eastern countries.

Kaspersky called the malware, named “Flame,” the “most sophisticated cyber-weapon yet unleashed.” It said the bug had infected computers in Iran, the West Bank, Sudan, Syria, Lebanon, Saudi Arabia and Egypt.

The company also said that Flame contained a specific element that was used in the Stuxnet worm and which had not been seen in any other malware since.

Kaspersky’s chief malware expert Vitaly Kamluk said he believed the malware had been operating at least since August 2010, and probably earlier, adding that there was “no doubt” that it was developed by a state actor.

“Flame” was announced by Kaspersky just days before it was revealed that the Stuxnet worm was created by President Obama. Symantec, another Internet security firm, said that certain file names in Flame were identical to those described in a hacking incident in April involving the Iranian oil ministry.

In 2009, President Barack Obama declared America’s digital infrastructure to be a “strategic national asset,” and made cyberspace the 'fifth domain of warfare’.

It seems like Obama is waging America’s first Cyberwar against Iran.

vimeo

Stuxnet: Anatomy of a Computer Virus

A leading computer security firm has linked some of the software code in the powerful Flame virus to the Stuxnet cyber weapon, which is believed to have been used by the United States and Israel to attack Iran’s nuclear program a few years ago.

Eugene Kaspersky, chief executive of Moscow-based Kaspersky Lab, which uncovered Flame last month, said his researchers have since found that part of the Flame program code is nearly identical to code found in a 2009 version of Stuxnet.

READ MORE: Components of Flame found in Stuxnet virus 

Confirmed: US and Israel created Stuxnet, lost control of it

It’s not à cyberpunk story, it’s RL and it’s better.

In 2011, the US government rolled out its “International Strategy for Cyberspace,” which reminded us that “interconnected networks link nations more closely, so an attack on one nation’s networks may have impact far beyond its borders.” An in-depth report today from the New York Times confirms the truth of that statement as it finally lays bare the history and development of the Stuxnet virus—and how it accidentally escaped from the Iranian nuclear facility that was its target.

If a target person, agency or company orders a new computer or related accessories, for example, [NSA’s ‘Tailored Access Operations’ (TAO)] can divert the shipping delivery to its own secret workshops. The NSA calls this method interdiction. At these so-called ‘load stations,’ agents carefully open the package in order to load malware onto the electronics, or even install hardware components that can provide backdoor access for the intelligence agencies. All subsequent steps can then be conducted from the comfort of a remote computer. … These minor disruptions in the parcel shipping business rank among the ‘most productive operations’ conducted by the NSA hackers, one top secret document relates in enthusiastic terms. This method, the presentation continues, allows TAO to obtain access to networks ‘around the world.’
Stuxnet is an incredibly powerful computer worm that was created by the United States and Israel to attack Iran’s nuclear facilities. It initially spreads through Microsoft Windows and targets Siemens industrial control systems. It’s considered the first malware that both spies and subverts industrial systems. It’s even got a programmable logic controller rootkit for the automation of electromechanical processes. Let that last point sink in for just a second. This thing, with a little bit of coaxing, can actually control the operation of machines and computers it infects.

Stuxnet Worm’s New Cyberattack Reported By Iran Media

An Iranian semi-official news agency says there has been another cyberattack by the sophisticated computer worm Stuxnet, this time on the industries in the country’s south.

Tuesday’s report by ISNA quotes provincial civil defense chief Ali Akbar Akhavan as saying the virus targeted a power plant and some other industries in Hormozgan province in recent months.

Akhavan says Iranian computer experts were able to “successfully stop” the worm.

Iran has repeatedly claimed defusing cyber worms and malware, including Stuxnet and Flame viruses that targeted the vital oil sector, which provides 80 percent of the country’s foreign revenue.

Tehran has said both worms are part of a secret U.S.-Israeli program that seeks to destabilize Iran’s nuclear program.

The West suspects Iran is pursuing a nuclear weapons program, a charge Tehran denies.

Related: U.S. And Israel Developed Flame To Attack Iran

I spent Christmas with my parents and after dinner we all watched “The Interview.” I was surprised they wanted to see a crass comedy but being refugees from Communist oppression, I guess they wanted to do their part for FREEDOM. Me too of course, plus I wanted to see what GRRM’s been bleating on about on his livejournal for the past month.

I thought the movie was fairly entertaining, I laughed a few times. Its not nearly as offensive as Team America: World Police. The NYTimes review implied it super racist which made me eyeroll hard (and to quote my brother “white people have got to stop talking for us.”) Its benign in its predictable asian jokes and the actor that played Kim Jong-un put in a really great performance. 

Its difficult to believe the release of this movie became a geopolitical event with North Korea hacking into Sony and doxxing thousands of Sony employees and releasing embarrassing executive emails. Obama promised “proportional response” and now NK is experiencing internet outages. What a farce - the real story behind this movie is 10x more interesting than the film itself. 

I’m surprised though with all the talk of state sponsored hacking there is little discussion of Stuxnet. This was the first and most audacious act of cyberwarfare to date - the deployment of a computer virus that ruined 1/5 of Iran’s nuclear centrifuges. All the security experts have said that the sophistication of the malware points to it being developed with nation-state support and the programming fingerprints lead back to the US and Israel. Its no surprise to me that a new forms of military engagement start with and are perfected by America. Watching the news about “The Interview” and thinking of 2010’s stuxnet made me feel that I am witnessing the birth of a new age of warfare. 

Luckily, I have some stuff:

OBAMA ORDER SPED UP WAVE OF CYBERATTACKS AGAINST IRAN

HOW OBAMA WAS DANGEROUSLY NAIVE ABOUT STUXNET AND CYBERWARFARE | TECHNOLOGY REVIEW

Flame: Opening a New Weapons Cache

BEHIND THE US/ISRAELI CYBERATTACKS ON IRAN | INFORMED COMMENT

JUST HOW MANY CYBERATTACKS WILL IRAN TAKE SITTING DOWN? | FPIF

U.S., ISRAEL DEVELOPED FLAME COMPUTER VIRUS TO SLOW IRANIAN NUCLEAR EFFORTS, “OFFICIALS SAY” | THE WASHINGTON POST

STUXNET WILL COME BACK TO HAUNT US | MISHA GLENNY

And a better reading of Panetta’s recent speech on cyberwarfare:

Pentagon Chief Reveals ‘Classified’ Cyber Threats … That You Read in August

Researchers at Symantec Corp have uncovered a version of the Stuxnet computer virus that was used to attack Iran’s nuclear program in November 2007, two years earlier than previously thought.

Planning for the cyber weapon, the first publicly known example of a virus being used to attack industrial machinery, began at least as early as 2005, according to an 18-page report that the security software company published on Tuesday.

Stuxnet, which is widely believed to have been developed by the United States and Israel, was uncovered in 2010 after it was used to attack a uranium enrichment facility at Natanz, Iran. That facility has been the subject of intense scrutiny by the United States, Israel and allies, who charge that Iran is trying to build a nuclear bomb.

READ ON: Researchers say Stuxnet was deployed against Iran in 2007