Stuxnet Evolves:
More of our INTEL
The evolution of Stuxnet has been announced.
The capibilitues of the Stuxnet, worm, rootkit malware
are remarkable.
We have seen its Rootkit facet in hiding the
truth of what is actually going on with
the centrifuges. They malfunction by
order of Stuxnet and it forces the computer
to report every thing is fine.
Stuznet could do the opposite.
Report a machine or part is malfunctioning
when its fine. Forcing the shut down of that
component or section till it can be replaced,
again and again.
Internet Anthropologist Think Tank: Smoking Gun, Stuxnet architect.
JohnBumgarner the suspected Stuxnet architect.
Has already done that in an exercise setting.
Deceiving the system operator (or whomever) into thinking that
the system (e.g. transactional server) is experiencing some type of
mechanical failure is a very viable attack.
Back in 2000, he wrote a program that simulated a hardware failure
on well-known UNIX platform as part of a security/system
administrator test for a LARGE organization. his code contained
valid support numbers, e-mails and error codes. The "failure"
notices were randomize and the system "complained" that it was in
various levels of "panic." The vendor sent engineers from around
the US to repair the system. They replace CPUs, memory chips,
motherboards and encryption boards. Sadly nothing corrected the
"ghost in the machine" problem and the system was offline for two
weeks (that is when he remove the code). The security/system teams
failed the exercise.
Our paradigm intel has spotted this activity in
the wild and for Opsec reasons will not be posting
about it.
Iran is still fighting with Stuxnet a IPR ( Invisible Persistent Rootkits )
We wrote about them 5 mos before Stuxnet was discovered.
http://warintel.blogspot.com/2010/09/yes-there-are-invisible-persistent.html
Just as confliker's paradigm allows it to persist even with
years of efforts to kill it, So to does Stuxnet's paradigm allow
it to persist regardless of Iran's efforts to remove it.
JohnBumgarner also outlined how a modified Stuxnet
could take control of key systems in Russian tanks.
( John Bumgarner, Chief Technology Officer of the U.S. Cyber Consequences Unit.
Our research and sources have confirmed vulnerabilities
in the American Electrical infrastructure to Stuxnet type
cyber attacks.
And just as Irans centrifuges are susceptible to Stuxnet
so are all nuclear cooling vulnerable to a Stuxnet type
attack.
More of John's unclassified study on the Russian/Georgian
Cyber Conflict of 2008 was published publicly. This research is
being used throughout the world in military universities as a case
study.
Below are some of the articles from 2009 that mentioned this
research:
http://online.wsj.com/article/SB124701806176209691.html
http://www.informationweek.com/news/government/security/showArticle. jhtml?articleID=219400248
http://www.darkreading.com/security/cybercrime/showArticle.jhtml?art icleID=219400367
http://www.fcw.com/Articles/2009/08/24/WEEK-International-cyber- attack-fears.aspx
http://www.businessweek.com/blogs/russia_oil_politics/
http://cnews.ru/news/top/print.shtml?2009/08/17/357988
http://georgiandaily.com/index.php?option=com_content&task=view&id=14121&Itemid=125
http://www.telegraph.co.uk/technology/6048978/Russia-helped-co- ordinate-attacks-on-Georgian-websites.html
http://www.federalnewsradio.com/?nid=56&sid=1747752
http://edition.cnn.com/2009/US/08/17/cyber.warfare/index.html
http://www.nationalpost.com/blogs/story.html?id=2125907
http://www.guardian.co.uk/world/2009/jul/08/south-korea-cyber-attack
http://stage-v2.wtopnews.com/?nid=778&sid=1803720
http://www.foreignpolicyjournal.com/2009/11/15/brazils-next- battlefield-cyberspace/
worm....outlined how to improve the exploit code from Xfocus and HD
Moore. The worm author(s) used the paper to write the
worm.
Gerald
War Anthropologist
Tactical Internet Systems analyst.
.
The evolution of Stuxnet has been announced.
The capibilitues of the Stuxnet, worm, rootkit malware
are remarkable.
We have seen its Rootkit facet in hiding the
truth of what is actually going on with
the centrifuges. They malfunction by
order of Stuxnet and it forces the computer
to report every thing is fine.
Stuznet could do the opposite.
Report a machine or part is malfunctioning
when its fine. Forcing the shut down of that
component or section till it can be replaced,
again and again.
Internet Anthropologist Think Tank: Smoking Gun, Stuxnet architect.
JohnBumgarner the suspected Stuxnet architect.
Has already done that in an exercise setting.
Deceiving the system operator (or whomever) into thinking that
the system (e.g. transactional server) is experiencing some type of
mechanical failure is a very viable attack.
Back in 2000, he wrote a program that simulated a hardware failure
on well-known UNIX platform as part of a security/system
administrator test for a LARGE organization. his code contained
valid support numbers, e-mails and error codes. The "failure"
notices were randomize and the system "complained" that it was in
various levels of "panic." The vendor sent engineers from around
the US to repair the system. They replace CPUs, memory chips,
motherboards and encryption boards. Sadly nothing corrected the
"ghost in the machine" problem and the system was offline for two
weeks (that is when he remove the code). The security/system teams
failed the exercise.
Our paradigm intel has spotted this activity in
the wild and for Opsec reasons will not be posting
about it.
Iran is still fighting with Stuxnet a IPR ( Invisible Persistent Rootkits )
We wrote about them 5 mos before Stuxnet was discovered.
http://warintel.blogspot.com/2010/09/yes-there-are-invisible-persistent.html
Just as confliker's paradigm allows it to persist even with
years of efforts to kill it, So to does Stuxnet's paradigm allow
it to persist regardless of Iran's efforts to remove it.
JohnBumgarner also outlined how a modified Stuxnet
could take control of key systems in Russian tanks.
Computers As Weapons Of War
( John Bumgarner, Chief Technology Officer of the U.S. Cyber Consequences Unit.
Our research and sources have confirmed vulnerabilities
in the American Electrical infrastructure to Stuxnet type
cyber attacks.
And just as Irans centrifuges are susceptible to Stuxnet
so are all nuclear cooling vulnerable to a Stuxnet type
attack.
More of John's unclassified study on the Russian/Georgian
Cyber Conflict of 2008 was published publicly. This research is
being used throughout the world in military universities as a case
study.
Below are some of the articles from 2009 that mentioned this
research:
http://online.wsj.com/article/SB124701806176209691.html
http://www.informationweek.com/news/government/security/showArticle. jhtml?articleID=219400248
http://www.darkreading.com/security/cybercrime/showArticle.jhtml?art icleID=219400367
http://www.fcw.com/Articles/2009/08/24/WEEK-International-cyber- attack-fears.aspx
http://www.businessweek.com/blogs/russia_oil_politics/
http://cnews.ru/news/top/print.shtml?2009/08/17/357988
http://georgiandaily.com/index.php?option=com_content&task=view&id=14121&Itemid=125
http://www.telegraph.co.uk/technology/6048978/Russia-helped-co- ordinate-attacks-on-Georgian-websites.html
http://www.federalnewsradio.com/?nid=56&sid=1747752
http://edition.cnn.com/2009/US/08/17/cyber.warfare/index.html
http://www.nationalpost.com/blogs/story.html?id=2125907
http://www.guardian.co.uk/world/2009/jul/08/south-korea-cyber-attack
http://stage-v2.wtopnews.com/?nid=778&sid=1803720
http://www.foreignpolicyjournal.com/2009/11/15/brazils-next- battlefield-cyberspace/
The Wriggling Threat Targeted Attack Scenarios By John Bumgarner
Published one month prior to theworm....outlined how to improve the exploit code from Xfocus and HD
Moore. The worm author(s)
worm.
All of which points to the importance of harding civilian
network against cyber attacks and the importance of
an cyber offensive force to deter cyber attacks.
Gerald
War Anthropologist
Tactical Internet Systems analyst.
.
posted by gerald at
4/03/2011 05:40:00 AM
READ MORE
READ OR SUBSCRIBE, Our WAR OSINT on Twitter
Tweet
0 Comments:
Post a Comment
Subscribe to Post Comments [Atom]
<< Home