Catching up, given last week's Flame stories, and this bit jumped out: http://www.wired.com/threatlevel/2011/07/how-digital-detectives-deciphered-stuxnet/all/1
The sophistication of the code, plus the fraudulent certificates, and now Iran at the center of the fallout made it look like Stuxnet could be the work of a government cyberarmy — maybe even a United States cyberarmy.
This made Symantec’s sinkhole an audacious move. In intercepting data the attackers were expecting to receive, the researchers risked tampering with a covert U.S. government operation. Asked recently if they were concerned about this, Chien replied, “For us there’s no good guys or bad guys.” Then he paused to reconsider. “Well, bad guys are people who are writing malicious code that infects systems that can cause unintended consequences or intended consequences.”
http://www.wired.com/threatlevel/2012/05/flame/all/1
― Milton Parker, Saturday, 2 June 2012 22:14 (eleven years ago) link
lol at "Joseph R. Biden Jr." in the nyt article
― een, Sunday, 3 June 2012 01:05 (eleven years ago) link
“For us there’s no good guys or bad guys.” Then he paused to reconsider. “Well, bad guys are people who are writing malicious code that infects systems that can cause unintended consequences or intended consequences.”
nice
― BIG HOOS aka the steendriver, Sunday, 3 June 2012 04:28 (eleven years ago) link
thought this was an interesting point
There are some odd coincidences with Flame that have nothing to do with its alleged sophistication. The International Telecommunications Union, a U.N. body that wants to play a dominant role in cybersecurity and Internet governance, asked Kaspersky, a Russian firm, to help find an unknown piece of malware that was deleting sensitive information across the Middle East. The ITU issued a confidential warning, now plastered all over the Internet. These are unprecedented actions.How did the ITU learn of this? Why did it go to Kaspersky? There is a political context here, since Russia is pushing the ITU to play a bigger role in order to undercut what it perceives as American control of the Internet. Where the Flame story fits into this political battle is unclear, but there are alternative hypotheses to serendipity when it comes to explaining Flame that we might want to test.That might be the most interesting part of this story.Flame is not a weapon, it's not the most sophisticated, it's not really that new, but it might be part of a large battle shaping up over the future of the Internet.
How did the ITU learn of this? Why did it go to Kaspersky? There is a political context here, since Russia is pushing the ITU to play a bigger role in order to undercut what it perceives as American control of the Internet. Where the Flame story fits into this political battle is unclear, but there are alternative hypotheses to serendipity when it comes to explaining Flame that we might want to test.
That might be the most interesting part of this story.
Flame is not a weapon, it's not the most sophisticated, it's not really that new, but it might be part of a large battle shaping up over the future of the Internet.
http://security.blogs.cnn.com/2012/05/31/flame-malware-does-bigger-mean-better/
― BIG HOOS aka the steendriver, Sunday, 3 June 2012 04:31 (eleven years ago) link
i mean "why did it go to kaspersky" is sorta like "why did it go to halliburton," clearly some political nonsense in play but also you go with who you know, and afaik kaspersky is the big boy in the room
― BIG HOOS aka the steendriver, Sunday, 3 June 2012 04:33 (eleven years ago) link
also this is an old video but i fuckin love it kind of
https://www.youtube.com/watch?v=scNkLWV7jSw
― BIG HOOS aka the steendriver, Sunday, 3 June 2012 04:43 (eleven years ago) link
60 Minutes' ran a story on Stuxnet several months ago and the smile from the former CIA guy they interviewed confirmed it for me. Forget exactly who it was, but he was on the Richard Clarke level of insiderness.
― Elvis Telecom, Sunday, 3 June 2012 22:56 (eleven years ago) link
http://www.wired.com/threatlevel/2012/06/flame-microsoft-certificate/
It’s a scenario security researchers have long worried about, a man-in-the-middle attack that allows someone to impersonate Microsoft Update to deliver malware — disguised as legitimate Microsoft code — to unsuspecting users.
And that’s exactly what turns out to have occurred with the recent Flame cyberespionage tool that has been infecting machines primarily in the Middle East and is believed to have been crafted by a nation-state.
According to Microsoft, which has been analyzing Flame, along with numerous antivirus researchers since it was publicly exposed last Monday, researchers there discovered that a component of Flame was designed to spread from one infected computer to other machines on the same network. When uninfected computers update themselves, Flame intercepts the request to Microsoft Update server and instead delivers a malicious executable to the machine that is signed with a rogue, but technically valid, Microsoft certificate.
― Milton Parker, Monday, 4 June 2012 22:14 (eleven years ago) link
anyone else seen the gibney doc?
― sktsh, Thursday, 30 June 2016 08:16 (seven years ago) link
Watched Zero Days last night - thought it was well done, although on the long side. I've personally had my fill of "diving into cyberspace" graphic visualizations so most of my nitpicking is just that. Bias from someone who watches all the hacker documentaries.
Would wholeheartedly recommend it to anyone who hasn't followed the story closely.
― Elvis Telecom, Wednesday, 27 July 2016 22:11 (seven years ago) link
apparently all the whizzy code visualisations were at least actually the real stuxnet code
― sktsh, Thursday, 28 July 2016 10:39 (seven years ago) link
(I liked it too!)
― sktsh, Thursday, 28 July 2016 10:40 (seven years ago) link
https://www.wired.com/story/crash-override-malware
― sktsh, Monday, 12 June 2017 15:31 (six years ago) link