Stuxnet
Latest
Russian hackers target the US nuclear industry
The New York Times and Bloomberg both claim that Russian hackers have been attempting to infiltrate America's nuclear power industry. The infiltrations themselves have been public knowledge since last week, but now fingers are being pointed towards the usual suspects. Unlike Stuxnet, a worm that specifically targeted nuclear facilities, this program was not intended to take down the plants themselves. Instead, malware was used in an attempt to infiltrate the corporate networks of the companies that run the power plants.
Report: Obama authorized a secret cyber operation against Russia
President Barack Obama learned of Russia's attempts to hack US election systems in early August 2016, and as intelligence mounted over the following months, the White House deployed secrecy protocols it hadn't used since the 2011 raid on Osama bin Laden's compound, according to a report by The Washington Post. Apparently, one of the covert programs Obama, the CIA, NSA and other intelligence groups eventually put together was a new kind of cyber operation that places remotely triggered "implants" in critical Russian networks, ready for the US to deploy in the event of a pre-emptive attack. The downed Russian networks "would cause them pain and discomfort," a former US official told The Post.
Obama pardons Stuxnet leak source James Cartwright
Chelsea Manning isn't the only source of online leaks to get a new lease on life. President Obama has pardoned General James Cartwright, who pleaded guilty to lying to the FBI when it investigated leaks that revealed details of Stuxnet, the US-backed malware that sabotaged Iran's nuclear program. He had denied slipping out classified details to two New York Times reporters (including book author David Sanger) in a 2012 interview with the Bureau, only to be caught out later on. He had been facing up to 5 years in prison and was due to be sentenced the same day as the pardon.
Researchers discover advanced cyber-espionage malware
Both Kaspersky and Symantec have unearthed a new type of malware so advanced, they believe it could have links to a country's intelligence agency. They're calling it "Remsec," "Strider" (Aragorn's nickname in LOTR) and "ProjectSauron," because it has several references to the Necromancer in Tolkien's series. According to Symantec, it has been used for what could be state-sponsored attacks to infiltrate 36 computers across at least seven organizations around the world since 2011. Its targets include several individuals in Russia, a Chinese airline, an unnamed organization in Sweden and an embassy in Belgium. Kaspersky says you can add various scientific research centers, military installations, telecommunications companies and financial institutions to that list.
Alex Gibney on Stuxnet and why we need to talk about cyberwar
It's been six years since we discovered Stuxnet, the worm that infected Windows PCs worldwide and was eventually traced to the United States and Israel as a way to attack Iran's nuclear program. It was the first time a cyberweapon was used to attack a physical location (it disabled uranium enriching centrifuges by causing them to spin out of control), and it sparked the use of cyberattacks from governments all over the world, including Russia, Iran and North Korea. Alex Gibney, the acclaimed documentarian behind films like Taxi to the Dark Side, Enron: The Smartest Guys in the Room, and the recent Steve Jobs: The Man in the Machine, decided to dive into Stuxnet's legacy with his latest film, Zero Days. I sat down to chat with him about the film, together with Symantec researchers Eric Chien and Liam O'Murchu.
Feds indict seven Iranians for hacking banks, NY state dam
Just days after accusing Syrian hackers of a wide range of crimes, US Attorney General Loretta Lynch unsealed an indictment against seven Iranian nationals on Wednesday, charging that the men launched dozens of denial of service attacks against targets beginning in 2011. These included the cybersystems of numerous US banks including JP Morgan, PNC and Capital One, as well as the NYSE and AT&T. They are even accused of trying to take control of a small dam in Rye, NY at one point.
America accuses Iran of hacking the dam, cyber-squirrels rejoice
As cyber-geddon stories go, Middle Eastern countries hacking into US dams or power grids and making stuff go haywire sounds like the plot for a not-so-subtly racist Hollywood scare flick. But that's the story we got when news outlets, citing unnamed sources, recently reported the Obama administration would be calling out Iranian hackers as the culprits behind a malicious 2013 breach at a New York dam.
Malware used Foxconn digital certificate to spy on Iran nuclear talks
Russian security firm Kaspersky Lab has looked deeper into the malware that attacked its network and found that it used a digital certificate stolen from Foxconn. That's the same Taiwanese company frequently associated with big names in electronics, since its factories manufacture everything from iPhones and iPads to PS4s and Xbox Ones. The malware, known as Duqu 2.0 due to its shared programming with an older spyware called Duqu, also infected the networks of hotels where the UN Security Council held meetings about Iran's nuclear development. Duqu 1.0 and its predecessor, the Stuxnet worm, also redirected traffic through digital certificates stolen from Taiwanese companies, presumably to make it appear like the attacks came from China.
State-backed spyware targets antivirus maker, Iranian nuclear talks
The threat posed by state-sponsored malware might be even larger than first thought. Antivirus developer Kaspersky Lab says it discovered an attack on its network by allegedly government-made spyware that appears to be an upgraded version of Duqu, the Stuxnet-based worm used by Israel and the US to derail Iran's nuclear efforts. This "Duqu 2.0" not only tried to obtain details about Kaspersky's investigations and detection abilities, but remained remarkably stealthy. Pre-release software was necessary to catch it, and there were attempts to throw researchers off the scent by suggesting that China or Eastern Europe was to blame.
Reuters: US launched a failed Stuxnet-like attack on North Korea
Iran wasn't the only country that had its nuclear ambitions targeted by a sneaky US cyberattack. It turns out the American government also tried to take down North Korea's nuclear programs with the Stuxnet worm five years ago, Reuters reports. But there was one major difference: That attack ultimately flamed out. While the US managed to get Stuxnet into Iran's nuclear facilities (reportedly by hacking suppliers), which ultimately led to the destruction of more than a thousand uranium enriching centrifuges, it never managed to get it into North Korea's core systems. It turns out having an extremely isolated network worked in North Korea's favor. That's particularly ironic since Stuxnet quickly made its way out of Iran and wreaked havoc across the web.
Stuxnet worm entered Iran's nuclear facilities through hacked suppliers
You may have heard the common story of how Stuxnet spread: the United States and Israel reportedly developed the worm in the mid-2000s to mess with Iran's nuclear program by damaging equipment, and first unleashed it on Iran's Natanz nuclear facility through infected USB drives. It got out of control, however, and escaped into the wild (that is, the internet) sometime later. Relatively straightforward, right? Well, you'll have to toss that version of events aside -- a new book, Countdown to Zero Day, explains that this digital assault played out very differently.
Recommended Reading: Stuxnet's more dangerous precursor, fake memories and more
Recommended Reading highlights the best long-form writing on technology in print and on the web. Some weeks, you'll also find short reviews of books dealing with the subject of technology that we think are worth your time. We hope you enjoy the read. Stuxnet's Secret Twin (4,176 words) by Ralph Langner, Foreign Policy Pocket Stuxnet is a pretty nasty nasty customer, especially if you happen to be a centrifuge used in the enrichment of uranium. Amazingly, the story of the first publicly acknowledged cyber weapon keeps getting more and more interesting. Ralph Langner has spent the last several years poring over code and other details of Stuxnet's history and discovered there was an earlier version of the virus, that was even more destructive than the one unleashed on Iran's nuclear facilities. Instead of putting the centrifuge's motors in overdrive, it over pressurized them by closing valves designed to allow gas out. It sounds like a perfectly logical avenue of attack, until you realize that the potential for truly catastrophic failure would have quickly blown Stuxnet's cover.
Symantec: work on Stuxnet worm started two years earlier than first thought
Most of us think we know the tale of Stuxnet: it's a possibly government-sponsored worm that played havoc with Iranian centrifuges in 2009, setting back the country's uranium enrichment program without involving any traditional weapons. Researchers at Symantec, however, now claim there's an untold narrative. They've discovered a Stuxnet 0.5 version that may have been in development or active as soon as November 2005, two years before the commonly accepted timeline. It first surfaced on trackers in November 2007, and would have created wider-ranging chaos at Iran's Natanz nuclear facility by closing vital pressure valves instead of using the subtler centrifuge technique. Symantec also noticed that this pre-1.0 malware shares traits with the Flamer code base, putting it in the context of an even larger effort than seen so far. Moreover, it would have required extensive knowledge of the Natanz infrastructure -- this was no casual attack, according to the researchers. While we may never know exactly what prompted the revamp, IAEA evidence suggests that Stuxnet wasn't truly effective until the better-known version came into play. We mostly know that modern cyberwarfare had its fair share of growing pains -- and that it's not as fresh-faced as we assumed.
Kaspersky Labs preps its own OS to guard vital industry against cyberwarfare
Kaspersky Labs' namesake Eugene Kaspersky is worried that widely distributed and potentially state-sponsored malware like Flame and Stuxnet pose dire threats to often lightly protected infrastructure like communication and power plants -- whatever your nationality, it's clearly bad for the civilian population of a given country to suffer even collateral damage from cyberattacks. To minimize future chaos and literally keep the trains running, Kaspersky and his company are expanding their ambitions beyond mere antivirus software to build their own, extra-secure operating system just for large-scale industry. The platform depends on a custom, minimalist core that refuses to run any software that isn't baked in and has no code outside of its main purposes: there'll be no water supply shutdowns after the night watch plays Solitaire from an infected drive. Any information shared from one of these systems should be completely trustworthy, Kaspersky says. He doesn't have details as to when the OS will reach behind-the-scenes hardware, but he stresses that this is definitely not an open-source project: some parts of the OS will always remain confidential to keep ne'er-do-well terrorists (and governments) from undermining the technology we often take for granted.
Security researchers dissect Flame's handling program, find three new viruses 'at large'
It seems Stuxnet and Flame aren't the only out-of-control cyber-weapons roaming around the Middle East. Security researchers from Symantec and Kaspersky have found that the Flame malware had the electronic equivalent of a "handler," a program called NEWSFORYOU, which is also in charge of three further viruses that are code-named SP, SPE and IP. The trio have yet to be analyzed, because although a cache of data has been discovered on a command-and-control server, decoding it has proved "virtually impossible." While both security companies have declined to point a finger as to the viruses' origin, Reuters' sources suggest they're from the United States, while The Washington Post has been told that the project was a joint-enterprise with Israel -- in keeping with the existing narrative that this is the pair behind Stuxnet.
Stuxnet pinned on US and Israel as an out-of-control creation
Ever since Stuxnet was discovered, most of the accusing fingers have been pointed at the US, Israel or both, whether or not there was any evidence; it was hard to ignore malware that seemed tailor-made for wrecking Iranian centrifuges and slowing down the country's nuclear development. As it turns out, Occam's Razor is in full effect. An exposé from the New York Times matter-of-factly claims that the US and Israel coded Stuxnet as part of a cyberwar op, Olympic Games, and snuck it on to a USB thumb drive that infected computers at the Natanz nuclear facility. The reason we know about the infection at all, insiders say, is that it got out of control: someone modified the code or otherwise got it to spread through an infected PC carried outside, pushing Obama to either double down (which he did) or back off. Despite all its connections, the newspaper couldn't confirm whether or not the new Flame malware attack is another US creation. Tipsters did, however, deny that Flame is part of the Olympic Games push -- raising the possibility that there are other agencies at work. [Image credit: David Holt, Flickr]
Flame malware snoops on PCs across the Middle East, makes Stuxnet look small-time
Much ado was made when security experts found Stuxnet wreaking havoc, but it's looking as though the malware was just a prelude to a much more elaborate attack that's plaguing the Middle East. Flame, a backdoor Windows trojan, doesn't just sniff and steal nearby network traffic info -- it uses your computer's hardware against you. The rogue code nabs phone data over Bluetooth, spreads over USB drives and records conversations from the PC's microphone. If that isn't enough to set even the slightly paranoid on edge, it's also so complex that it has to infect a PC in stages; Flame may have been attacking computers since 2010 without being spotted, and researchers at Kaspersky think it may be a decade before they know just how much damage the code can wreak. No culprit has been pinpointed yet, but a link to the same printer spool vulnerability used by Stuxnet has led researchers to suspect that it may be another instance of a targeted cyberwar attack given that Iran, Syria and a handful of other countries in the region are almost exclusively marked as targets. Even if you live in a 'safe' region, we'd keep an eye out for any suspicious activity knowing that even a fully updated Windows 7 PC can be compromised.
