Cyber war finally made it to reality

Discussion in 'The Fire For Effect and Totally Politically Incorr' started by jack404, Oct 1, 2010.

  1. jack404

    jack404 Former Guest

    Joined:
    Jan 11, 2010
    Messages:
    17,607
    Location:
    Australia
    http://www.guardian.co.uk/technology/2010/sep/30/stuxnet-worm-new-era-global-cyberwar



    Stuxnet worm heralds new era of global cyberwarAttack aimed at Iran nuclear plant and recently revealed 2008 incident at US base show spread of cyber weapons


    The memory sticks were scattered in a washroom at a US military base in the Middle East that was providing support for the Iraq war.

    They were deliberately infected with a computer worm, and the undisclosed foreign intelligence agency behind the operation was counting on the fallibility of human nature. According to those familiar with the events, it calculated that a soldier would pick up one of the memory sticks, pocket it and – against regulations – eventually plug it into a military laptop.

    It was correct.

    The result was the delivery of a self-propagating malicious worm into the computer system of the US military's central command – Centcom – which would take 14 months to eradicate.

    That attack took place in 2008 and was acknowledged by the Pentagon only this August. It was strikingly similar to the recently disclosed cyber attack on Iran's nuclear facilities using the Stuxnet worm, which also appears to have used contaminated hardware in an attempt to cripple Iran's nuclear programme.

    Like the attack on Centcom's computers, the Stuxnet worm, which Iran admits has affected 30,000 of its computers, was a sophisticated attack almost certainly orchestrated by a state. It also appears that intelligence operatives were used to deliver the worm to its goal.

    Its primary target, computer security experts say, was a control system manufactured by Siemens and used widely by Iran, not least in its nuclear facilities.

    Yesterday, Iran confirmed that the worm had been found on laptops at the Bushehr nuclear reactor, which had been due to go online next month but has now been delayed. It denied the worm had infected the main operating system or caused the delay.

    "I say firmly that enemies have failed so far to damage our nuclear systems through computer worms, despite all of their measures, and we have cleaned our systems," Ali Akbar Salehi, the head of Iran's atomic energy agency, told the Iranian Students News Agency.

    If the Stuxnet attack on Iran was a limited act of cyber sabotage, on Tuesday the US attempted to imagine what an all-out cyber war might look like and whether it was equipped to deal with it.

    In an exercise named Cyber Storm III, involving government agencies and 60 private sector organisations including the banking, chemical, nuclear energy and IT sectors, it presented a scenario where America was hit by a co-ordinated cyber shock-and-awe campaign, hitting 1,500 different targets. The results of the exercise have not been released.

    One of those who believes that cyber war has finally come of age is James Lewis of the Centre for Strategic and International Studies in Washington. Lewis said that while previous large-scale hacking attacks had been an annoyance, Stuxnet and the attack on Centcom represented the use of malicious programmes as significant weapons. "Cyber war is already here," said Lewis. "We are in the same place as we were after the invention of the aeroplane. It was inevitable someone would work out how to use planes to drop bombs. Militaries will now have a cyber-war capability in their arsenals. There are five already that have that capacity, including Russia and China."

    Of those, Lewis said he believed only three had the motivation and capability to mount the Stuxnet attack on Iran: the US, Israel and the UK.

    He added that a deliberate hack of an electric generator at the Idaho National Laboratory, via the internet, had previously demonstrated that infrastructure could be persuaded to destroy itself.

    "There is growing concern that there has already been hostile reconnaissance of the US electricity grid," he said.

    Last year, the Wall Street Journal quoted US intelligence officials describing how cyber spies had charted the on-off controls for large sections of the US grid and its vulnerability to hacking.

    The head of the Pentagon's newly inaugurated US Cyber Command, General Keith Alexander, has recently said that it is only a matter of time before America is attacked by something like the Stuxnet worm.

    In recent testimony to Congress, Alexander underlined how the cyber war threat had rapidly evolved in the past three years, describing two of the most high-profile attacks on countries: a 2007 assault on Estonia, and a 2008 attack on Georgia during its war with Russia, both blamed on Moscow.

    Those were "denial of service" attacks that disabled computer networks. But it is destructive attacks such as Stuxnet that frighten Alexander the most.

    He favours agreements similar to nuclear weapons treaties with countries such as Russia to limit the retention and use of cyber-war technology.

    One of the problems that will confront states in this new era is identifying who is behind an attack. Some analysts believe Israel is the most likely culprit in the Stuxnet attack on Iran – perhaps through its cyber war "unit 8200", which has been given greater resources. They point to a file in the worm called Myrtus – perhaps an oblique reference to the book of Esther and Jewish pre-emption of a plot to kill them. But it could also be a red herring designed to put investigators off the scent.

    Dave Clemente, a researcher into conflict and technology at the International Security Programme at Chatham House in London, argues that where once the threat from cyber war was "hyped … reality has quickly caught up".

    "You look at the Stuxnet worm. It is of such complexity it could only be a state behind it," he said.

    Clemente points to the fact that the attack used four separate, unpublicised flaws in the operating system of the Bushehr plant to infect it. Other experts note that Stuxnet used genuine verification code stolen from a Taiwanese company, and that the worm's designers built in safeguards to limit the amount of collateral damage it would cause.

    "The US and the UK are now putting large amounts of resources into cyber warfare, in particular defence against it," said Clemente, pointing out that there is now a cyber security operations centre in GCHQ and a new office of cyber security in the Cabinet Office. He added: "What I think you can say about Stuxnet is that cyber war is now very real. This appears to be the first instance of a destructive use of a cyber war weapon."


    i think we'll be seeing more reports like this ( maybe delayed a few years ) in the future ..
  2. The_Rifleman

    The_Rifleman New Member

    Joined:
    Feb 10, 2010
    Messages:
    873
    Location:
    Ohio
    Actually, before we attacked Iraq in the 3 day, "Mother of All Battles," the US disrupted many of Saddam's defensive computers with a virus contained in printers we sold them.
  3. jack404

    jack404 Former Guest

    Joined:
    Jan 11, 2010
    Messages:
    17,607
    Location:
    Australia
    you mean the HP lazerjet? these where disruptive not destructive ..

    and limited to 6 jumps (big enough) but only stopped em one way , the jammers took care of the radio command net's and they where the main comm's needed to be taken out

    i've read this new one in Iran is limited too , not PC based but the mini mainfram control systems specific , nice... ;)
  4. The_Rifleman

    The_Rifleman New Member

    Joined:
    Feb 10, 2010
    Messages:
    873
    Location:
    Ohio
    In the article they claim a virus as being "destructive" even though nothing is actually destroyed.
    Semantics.
  5. jack404

    jack404 Former Guest

    Joined:
    Jan 11, 2010
    Messages:
    17,607
    Location:
    Australia
    The estonian one i know a bit about , it was basically lots of requests for estonian web pages and big files accessible by Internet , because the ammount of requests totally overwhelmed the system it crashed everything, including telephone services , but when the requests stopped after a few days, stuff worked again

    this is new

    The Iranian attack and the US attack destroyed info , the US had backup's ..

    apparently the Iranian ones destroyed the backups too ..

    first place it replicated was the onboard memory on specific devices

    detected backup's and made ready to be copied onto the back up

    once this has happened a few times then it lets loose on the system

    so the past few months of backup would be useless too

    then it starts to detect numbers in files and changing them

    if some system files are changed data cannot be processed

    if hardware support files ( drivers etc) are changed the hardware wont work and can short the boards and other hardware

    whoever did it knows the system design backwards and has really thought about how to do long term damage with a one drop attack

    its a big leap
  6. The_Rifleman

    The_Rifleman New Member

    Joined:
    Feb 10, 2010
    Messages:
    873
    Location:
    Ohio
    Unsubscribes from post; I'm not going to argue semantics endlessly.
Similar Threads
Forum Title Date
The Fire For Effect and Totally Politically Incorr Cyber Warriors for Obama Feb 17, 2013
The Fire For Effect and Totally Politically Incorr Cyber Security - New Obama end run Feb 10, 2013
The Fire For Effect and Totally Politically Incorr Cyberwar - Collateral damage Oct 21, 2012
The Fire For Effect and Totally Politically Incorr CYBERSECURITY Mar 6, 2010
The Fire For Effect and Totally Politically Incorr Finally, a judge we can appreciate...... Dec 11, 2013