Internet Anthropologist Think Tank: 9/19/10 - 9/26/10

  • Search our BLOG


  • HOME
    Terrorist Names SEARCH:
    Loading

    Saturday, September 25, 2010

    Stuxnet Non-Proliferation Treaty rootkit Enforcer


    Stuxnet Maybe the first Non-Proliferation Treaty rootkit
    Enforcer, not meant only for Iran either.

    Hello N. Korea, Syria etc.

    So far everything points to a universal 
    "Trust but verify, and turn it off if it violates
    Non-Proliferation Treaty" rule set.

    It monitors reactor production and
    radiation levels, gathers size, location
    and other identifying and quantitative data
    and periodical sends this data through one
    of the backdoors thru a maze of IPs
    till it delivers said data to a repository.
    ( To be clear, it is a bot, they talk to each
    other P2P. G )

    And the production of that reactor
    is tracked in detail, and reports same.

    Now even if the worm/rootkit is cut
    off from the web it still operates.

    With its own artificial intelligence it
    tracks the data and if given limits are
    crossed, production of weapon grade
    material then the actions are tripped.

    A big disaster would be if it caused
    a Chernobyl, so it has been tested
    and has paradigms to keep out
    put as safe levels. It will take over
    a out of control hot reactor and shut
    it down if need be.

    But its main defense against violations
    of the non-proliferation treaty is to
    corrupt the material rendering it incapable
    of further processing. Destroy the product
    for weapons but safely.

    It in no way will damage a system,
    as it is capable of taking over a reactor
    and running it. Any civilian collateral
    damage would be catastrophic  for
    the policy.

    But it can on its own stop the violation.
    In the case of a nuclear member, it
    can just watch, with no interference.
    Its artificial Intelligence working to
    id the location and identifying data.

    Of the 30,000 or 300,000 computers
    it has penetrated in Iran it only has
    to survive  on 'one' to pick up new
    instructions and or new infection
    vectors to re infect Iran's entire net
    work again.

    How detailed and extensive is the
    monitoring the worm does?
    Here are some details.
    http://www.symantec.com/connect/blogs/exploring-stuxnet-s-plc-infection-process
    Very extensive monitoring and
    control abilities. Plus an artificial Intelligence.
    If it looses contact.
    If Iran isn't sure of 100% eradication
    then they might want to leave it connected.
    I would prefer real humans to artificial Intelligence
    running a reactor any time.

    But all this depends on Iran's regime.
    And Irans IT experts.
    With a switch of pay loads this could
    go after the banks or power plants,
    manufacturing lots of options.

    Iran may have been check mated here.
    This one was easy to find.
    Are there others Invisible persistent
    Rootkits? also on those PCs?

    I would be hard put to say no
    with any assurance or certainty.





    Remarkable concept.
    Paradigm Intel says it has artificial Intelligence
    craft, so it would know difference between China's
    reactor and Iran's reactor.

    This display will also serve as a big deterrent, 
    and warning shot to any other cyber Pirates.

    Next demonstration maybe to take down
    an entire bot net in seconds.

    There is little doubt about who is behind
    this, but there will be NO evidence either.
    Lots of knowledge but no Proof.

    And a very powerful deterrent against
    cyber strikes on US.

    Like when USA had the only nukes.
    Then Russia got them.

    Ok who is next to hit Iran, prove
    they have the Cyber Power?


    Gerald
    Tactical Internet Systems analyst.

    .

    Terrorist Names SEARCH:
    Loading

    Stuxnet development Paradigm Intel



    Stuxnet Paradigm Intel
    Stuxnet is a joint effort.




    An extraordinary piece of professional craft.
    Multi State craft.

    The expertise required for this effort is remarkable.
    Just assembling the required experts was a huge effort.
    We have identified outside Uber hackers,
    State hackers, nuclear experts, and using state of the art
    programing/exploits/hacking.

    This worm is based on past well tested and proven
    malware fitted with unknown zero day exploits four of them.
    One would have been sufficient.

    It required experts with intimate knowledge of the nuclear systems.

    The Teams were organized around these tasks.

    #1) Penetration methods and vectors 4 
    #2) Worm, security, backdoors and reporting
    #3) Controlling nuclear processes
    #4) Fingerprinting exact targets
    #5) Rootkit paradigms
    #6) Security team for counter strike
    #7) ARTIFICIAL INTELLIGENCE ENGINE

    And NSA used outside Uber Hackers, 
    other State experts, Nuclear Scientists,
    and pre-tested it over and over.
    And maintained Opsec.

    As we have said "the new
    paradigms will be discovered
    with in new contexts.

    This opens a new era in
    warfare in a new domain.

    Hope they are ready for 
    the counter strike.
    Its coming.

    Iran doesn't have the craft
    and won't have for years.

    But there are others who
    do.
    But this shows that NSA is at the
    top of the Game world wide,
    and they learn from every attack 
    on US systems. 
    This deluxe combo relies on
    old stand-bys and cutting edge
    craft, and even 4 unknown zero 
    day exploits. The data they have
    collected on this would fill several
    blogs already, and there is a lot
    more to reverse engineer.


    There are Gov. guys out there
    that are buying unknown zero
    day exploits, I've talked to
    one. He was interested in 
    our BSU's.


    We are scanning for the application
    of the "Law of Untended Consequence."


    We may not see that until a counter
    strike.


    One nice "LUC" maybe the expulsion
    of Abberjonny as Iranian President
    from the discovery of Stuxnet.
    Some of the file names are
    very illuminating.


    This surprised me, I knew it was
    possible, but didn't think NSA
    had the imagination, originality
    or Guts to do it.
    VERY IMPRESSIVE.
     true masters of their craft,
    on every level, well thought
    out Paradigm, GENIUS.
    This isn't the first one they've
    done just the first discovered.
    And they may have meant for it to
    be found? At this point, most common 
    malware detection tools will detect this.)


    Iran can get FUCKED very hard
    if they mishandle this Nuke thing.






    Gerald
    Tactical Internet Systems analyst.


    Terrorist Names SEARCH:
    Loading

    "TEHRAN Times" NOT sucessfull




    Iran successfully battling cyber attack
    Tehran Times Political Desk
    TEHRAN - Iranian information technology officials have confirmed that some Iranian industrial systems have been targeted by a cyber attack, but added that Iranian engineers are capable of rooting out the problem.

    NOT you can't view the page.

    GUESS THEY WERE NOT SO SUCCESSFULL.

    See for your self.


    http://www.tehrantimes.com/index_View.asp?code=227332


    "Microsoft OLE DB Provider for SQL Server error '80004005'

    Transaction (Process ID 110) was deadlocked on lock resources with another process and has been chosen as the deadlock victim. Rerun the transaction.

    /NCMS/1004.asp, line 12"


    jEEZE one problem after another.
    tisk tisk tisk


    Gerald
    Tactical Internet Systems analyst.



    .

    Terrorist Names SEARCH:
    Loading

    Iran's future Nuclear program. NOT

    Iran's future Nuclear program.



    Ahmadinejad is done, total epic failure on every
    front.



    Iran's nuke program has been turned on its
    head with the discovery of Stuxnet in 300,000


    of its PC's and associated control mechanisms.

    While they are scrambling for methods to dis-infect
    these machines and digging to see just how deep this
    infection goes and running damage assessments and
    checking the depth of the Top Secret leaks they stopped
    trusting their info/data comms. 60% of Iranian computers
    are compromised. Expect to see another 20% over next
    week.

    This is a huge embarrassment for Ahmadinejad and
    his Revolutionary Guard, MOIS and  Qods.
    It means their PC are compromised also.



    Ahmadinejad actions has resulted in the exposure
    of all of Iran's Secrets at least to NSA. This may be
    enough to bring the Iranian President down.

    In the mean time they have reverted to "Russian Rules".
    Hard copy only and hand delivery. Which will slow the
    entire Intelligence structure to almost a crawl.

    The damage assessment will take years to complete,
    heads will roll and numerous unexplained deaths from
    regime assassinations for sloppy opsec.

    Look for many more defections as key people try and
    avoid the purge. 

    Iran's imported cyber engineers may be able to remove
    the bug from PCs, but the control consuls is a different
    matter, there are a myriad or places to hide code.
    They can never be sure every one of the 300,000 are clean.

    And then there is the matter of undisclosed methods of  
    infection, unknown vectors.

    And then there is the risk of Iranian success in removing
    the bug, If the world doesn't really know what Iran is doing
    on its nuke program they are going to be attacked.
    Nuke facilities and leadership taken out.
    A suicide action for Ahmadinejad,  a sure method of
    changing Iranian presidents.




    But they haven't got to this paradigm yet, they
    are still busy scrambling dealing with the BUG,
    and their embarrassment and civilian retribution.



    Gerald
    Anthropologist

    The bones of the Bug that brought down Ahmadinejad.
    Iran wins one, Almost



    Google did an undo for "discard" God Bless Google.


    .

    Terrorist Names SEARCH:
    Loading

    Friday, September 24, 2010

    Iran wins one, Almost

    Iran wins one, Almost





    It turns out Iran's paranoia is justified.

    They search the world over for a cyber security
    company, to run Computer security/forensics for its Nuclear 
    facilities.



    NO American or European cos.
    The old Russian KGB network recommends
    VirusBlokAda experienced in cyber
    security headquartered in Belarus.



    The sell a anti-virus program that they say
    is very good on Malware.

    But Iran wants their top level engineers,
    hackers to check their PCs in the Nuclear
    facilities. 

    They had big problems with the previous
    production from their program.
    It was corrupted, impure, useless.
    Running their product thru the centrifuges
    destroyed them. And at the current level
    the product isn't nuclear bomb material.

    Iran took it out and effectively dumped it
    and started all over.
    Abberjonneys hench men couldn't pin 
    the problem on any thing or person.
    It just seemed to have been contaminated
    thru some unknown method.

    tortured some and threatened every
    one else. 

    And were welcomed. 

    They determined it wasn't any of their
    own people, that sabotaged the material.
    To late for the ones they assassinated.
    And the finger pointed to hacking.

    Eventually they went to the Russians
    for cyber forensics as they don't have 
    this skill set at the level Iran needed in house.

    For VirusBlokAda this was an important
    but routine job. They have offices in 9 countries.
    Mostly non-Western block.

    They are trusted by the former Soviet block,
    and do similar work on call for many of the 
    other countries. Important because
    if they do find something in Iran it will
    put them on the Security Vendor map.
    And trigger some nice Iranian bonuses for
    corp and individuals.

    They didn't find much in the computers,
    and then some how got an ok and payment
    to check the programmable controls for the
    nuclear reactors.

    And they hit it big.
    They watched the OS lie to them,
    detract code from programs they read,
    and add code to programs they were
    reinstalling.

    And they found Stuxnet:
    Mahmoud Alyaie told Mehr that the Iranian industrial control systems are made by Siemens and the Stuxnet is designed to attack exactly these systems and transfer classified data abroad.
    An IT official of Iran's mines and metals ministry told the Mehr news agency that 30,000 computers belonging to industrial units have already been infected by the virus.

    These guys are good and are tenacious.
    But can they remove it and be sure?
    What surprises await them.
    Note they just discovered it, 
    did not say they removed it.
    ISNA news agency, however, reported that the Iranian Atomic Organization held a seminar this week to improve the organization's cyberdata, especially against Stuxnet, and 'explore ways to remove it.' THEY HAVE NOT BEEN ABLE TO REMOVE IT, g


    Target rich environment.


    On September 22, Russia’s President Dmitry Medvedev signed a decree which bans deliveries of S-300 missile systems to Iran. Called “On Measures to Implement Resolution 1929 of June 9, 2010 of the UN Security Council,” the document prohibits any transit across Russia and the transfer to Iran of all types of combat tanks, armored personnel carriers, large-caliber artillery systems, warplanes, helicopter gunships, warships, missiles or missile systems as defined in the UN Register of Conventional Arms.

    But it didn't ban cyber security services.
    Hmmm.


    Iran is considering replacing all 30,000 infected units.
    That is probably the best way to go.
    The Nuke program would be on hold for 2 yrs
    during the replacements.
    Or they can continue with USA watching everything in their nuke program.
    Iran's nuke program is an open book to NSA.
    This is why US has had such patience in negotiating with Iran. And how US has 
    convinced Israel not to strike at Iran's
    nuke reactors.
    And note it took Ruskies to find it, the
    regime couldn't do it.






    Gerald
    Tactical Internet Systems analyst.






    Quiz: who said "Trust but Verify" ? good for 3 pts. G
    “new era of engagement” that is the trademark of Obama’s foreign policy. 
    “Engagement” looks like this: Total Engagement...New def for
    "Total Engagement"  ...tee hee G
    Hats off to NSA. Salute. 
    Update:


    He also announced that a working group composed of representatives from the Communications and Information Technology Ministry, the Industries and Mines Ministry, and the Passive Defense Organization has been set up to find ways to combat the spyware. WELL IF ITS ONLY THE REGIMES EXPERTS WORKING ON THIS, IT WILL CONTINUE TO SPREAD. G

    Communications and Information Technology Minister Reza Taqipour stated that Iranian engineers possess the expertise to create the required anti-virus software to clean the malware-infected systems. BUT THEY DIDN'T HAVE THE EXPERTISE TO FIND IT. g