STUXNET

STUXNET is a computer program that may have been responsible for delaying Iranian nuclear development by disrupting several centrifuges at a uranium-enrichment facility.

The New York Times reported this weekend that the program may be American and Israeli in origin.

I think this is a pretty interesting story but as one reporter put it today, it seems to be becoming more and more like a movie plot.

wkiw mossad

The crazy thing is the way the virus would make the computer systems appear as if they're behaving normally. It was like that bank vault security tape in Ocean's Eleven or whatever.

Vanity Fair piece

http://www.sl-webs.com/custimages/dd395-worm%20(s).jpg

It's official

http://www.nytimes.com/2012/06/01/world/middleeast/obama-ordered-wave-of-cyberattacks-against-iran.html?_r=2&pagewanted=2&seid=auto&smid=tw-nytimespolitics&pagewanted=all

Catching up, given last week's Flame stories, and this bit jumped out: http://www.wired.com/threatlevel/2011/07/how-digital-detectives-deciphered-stuxnet/all/1

The sophistication of the code, plus the fraudulent certificates, and now Iran at the center of the fallout made it look like Stuxnet could be the work of a government cyberarmy — maybe even a United States cyberarmy.

This made Symantec’s sinkhole an audacious move. In intercepting data the attackers were expecting to receive, the researchers risked tampering with a covert U.S. government operation. Asked recently if they were concerned about this, Chien replied, “For us there’s no good guys or bad guys.” Then he paused to reconsider. “Well, bad guys are people who are writing malicious code that infects systems that can cause unintended consequences or intended consequences.”

http://www.wired.com/threatlevel/2012/05/flame/all/1

lol at "Joseph R. Biden Jr." in the nyt article

“For us there’s no good guys or bad guys.” Then he paused to reconsider. “Well, bad guys are people who are writing malicious code that infects systems that can cause unintended consequences or intended consequences.”

nice

thought this was an interesting point

There are some odd coincidences with Flame that have nothing to do with its alleged sophistication. The International Telecommunications Union, a U.N. body that wants to play a dominant role in cybersecurity and Internet governance, asked Kaspersky, a Russian firm, to help find an unknown piece of malware that was deleting sensitive information across the Middle East. The ITU issued a confidential warning, now plastered all over the Internet. These are unprecedented actions.

How did the ITU learn of this? Why did it go to Kaspersky? There is a political context here, since Russia is pushing the ITU to play a bigger role in order to undercut what it perceives as American control of the Internet. Where the Flame story fits into this political battle is unclear, but there are alternative hypotheses to serendipity when it comes to explaining Flame that we might want to test.

That might be the most interesting part of this story.

Flame is not a weapon, it's not the most sophisticated, it's not really that new, but it might be part of a large battle shaping up over the future of the Internet.

http://security.blogs.cnn.com/2012/05/31/flame-malware-does-bigger-mean-better/

i mean "why did it go to kaspersky" is sorta like "why did it go to halliburton," clearly some political nonsense in play but also you go with who you know, and afaik kaspersky is the big boy in the room

also this is an old video but i fuckin love it kind of

https://www.youtube.com/watch?v=scNkLWV7jSw

60 Minutes' ran a story on Stuxnet several months ago and the smile from the former CIA guy they interviewed confirmed it for me. Forget exactly who it was, but he was on the Richard Clarke level of insiderness.

http://www.wired.com/threatlevel/2012/06/flame-microsoft-certificate/

It’s a scenario security researchers have long worried about, a man-in-the-middle attack that allows someone to impersonate Microsoft Update to deliver malware — disguised as legitimate Microsoft code — to unsuspecting users.

And that’s exactly what turns out to have occurred with the recent Flame cyberespionage tool that has been infecting machines primarily in the Middle East and is believed to have been crafted by a nation-state.

According to Microsoft, which has been analyzing Flame, along with numerous antivirus researchers since it was publicly exposed last Monday, researchers there discovered that a component of Flame was designed to spread from one infected computer to other machines on the same network. When uninfected computers update themselves, Flame intercepts the request to Microsoft Update server and instead delivers a malicious executable to the machine that is signed with a rogue, but technically valid, Microsoft certificate.

anyone else seen the gibney doc?

Watched Zero Days last night - thought it was well done, although on the long side. I've personally had my fill of "diving into cyberspace" graphic visualizations so most of my nitpicking is just that. Bias from someone who watches all the hacker documentaries.

Would wholeheartedly recommend it to anyone who hasn't followed the story closely.

apparently all the whizzy code visualisations were at least actually the real stuxnet code

(I liked it too!)

https://www.wired.com/story/crash-override-malware