Modern cyberwarfare

[Kal (Andrew)]

I was reading this article about how a worm specifically targeted Iran's uranium enrichment plant to sabotage operations, and it reminded me of the siberian pipeline sabotage that the CIA orchestrated. Fascinating stuff, it astounds me at how sophisticated modern warfare is.

I just wonder about how much unknown cyberwarfare activity is currently going on

[multiweb (Marc)]

Quote:

Originally Posted by Kal

I was reading this article about how a worm specifically targeted Iran's uranium enrichment plant to sabotage operations, and it reminded me of the siberian pipeline sabotage that the CIA orchestrated. Fascinating stuff, it astounds me at how sophisticated modern warfare is.

I just wonder about how much unknown cyberwarfare activity is currently going on

Wow! Skynet kind of stuff hey? ABADABADAHH! Cool. Now we just need to facebook their a$$.

[Kal (Andrew)]

So the million dollar question is who could have pulled this off? CIA? Mossad?

Quote:

Langer argues that no single Western intelligence agency had the skills to pull this off alone. The most likely answer, he says, is that a consortium of intelligence agencies worked together to build the cyber bomb. And he says the most likely confederates are the United States, because it has the technical skills to make the virus, Germany, because reverse-engineering Siemen’s product would have taken years without it, and Russia, because of its familiarity with both the Iranian nuclear plant and Siemen’s systems.

There is one clue that was left in the code that may tell us all we need to know.

Embedded in different section of the code is another common computer language reference, but this one is misspelled. Instead of saying “DEADFOOT,” a term stolen from pilots meaning a failed engine, this one reads “DEADFOO7.”

Yes, OO7 has returned -- as a computer worm.

[AdrianF (Adrian)]

That where they went wrong they use Win7 to control the plant.

Very sophisticated virus.


Adrian

[multiweb (Marc)]

Quote:

Stuxnet. Shaken, not stirred.

[Ric]

That's awesome Andrew, thanks for the link.

As you say I wonder what else is lurking out there in cyberspace.

Cheers

[gary]

Hi Kal,

Quote:

Originally Posted by Ed Barnes

There is one clue that was left in the code that may tell us all we need to know.

Embedded in different section of the code is another common computer language reference, but this one is misspelled. Instead of saying “DEADFOOT,” a term stolen from pilots meaning a failed engine, this one reads “DEADFOO7.”

Yes, OO7 has returned -- as a computer worm.

In the paragraph quoted above, I think the journalist, Ed Barnes, will simply
be taking a chunk of artistic license. Specifically, at best, the writer will not have been
reading the source code but simply a hex dump. It won't be DEADFOO7 but
DEADF007 which is simply a hexadecimal number string and purely coincidental,
just as strings such as CAFEF00D now and then can be found in an arbitrarily
long binary.

As for the suggestion that DEADFOOT is a "common computer language reference",
that is certainly a new one on me and I have been associated with computing
and embedded systems since 1975 and a member of the IEEE for 33 years.
(I still have a copy of the Intel 4004 databook on the bookshelf as a keepsake
to remind me now and then of how it all began.)

[Octane (Humayun)]

8008135.

H

[AstralTraveller (David)]

I passed the story on to a couple of experts I know. The first one is an OS expert and he found the story creditable except that the journalist doesn't know what a 'zero day attack' is and that the anagrams are ridiculus. The second one works in data security and backup. He knew about Stuxnet but not this story. He found it plausible.

My problem is the route of infection. If that had an 'air gap' to protect the system why did they allow memory sicks? The few outbreaks of malware we've had on campus were caused by infected memory sticks not by anything getting past the firewall (actually malware hasn't been seen here for years - fingers crossed). A friend works for Geoscience Australia and memory sticks are banned there. I believe they are actually locked out of the system (would that be at BIOS or OS level?). Anyway allowing memory sticks on site in a place where they are so careful is amateurish to say the least.

Could it be that Stuxnet is real but the story if a fake to sow confusion in Iran's nuclear program??

[RickS (Rick)]

Bruce Schneier's take on Stuxnet: http://www.schneier.com/blog/archive...0/stuxnet.html

[mithrandir (Andrew)]

Quote:

Originally Posted by Octane

8008135.

You're missing a 5. But it's supposed to be on a 7 segment display and viewed upside down:

55378008

Quote:

Originally Posted by gary

As for the suggestion that DEADFOOT is a "common computer language reference", ...

The usual one is DEADBEEF.

[multiweb (Marc)]

Quote:

Originally Posted by mithrandir

You're missing a 5. But it's supposed to be on a 7 segment display and viewed upside down:

55378008

Which translates to 917741115

[Octane (Humayun)]

That's just down the road from where I work.

It's at the OS (third party software) level. There's software available which blocks all kinds of devices being plugged in and alerting the relevant authority if someone does try.

They were going to implement that at my workplace but a bunch of directors kicked up a stink and so it was never implemented.

H

Quote:

Originally Posted by AstralTraveller

A friend works for Geoscience Australia and memory sticks are banned there. I believe they are actually locked out of the system (would that be at BIOS or OS level?). Anyway allowing memory sticks on site in a place where they are so careful is amateurish to say the least.

[Kal (Andrew)]

Quote:

Originally Posted by RickS

Bruce Schneier's take on Stuxnet: http://www.schneier.com/blog/archive...0/stuxnet.html

Thanks Rick, that is a solid, reasoned evaluation there.

[mithrandir (Andrew)]

Quote:

Originally Posted by RickS

Bruce Schneier's take on Stuxnet: http://www.schneier.com/blog/archive...0/stuxnet.html

Schneier's take on just about anything security related is worth reading. I love the annual "Movie Plot Threat" contests, and the way he takes the mickey out of the Department of Homeland Insecurity.

I also have a signed copy of his "Cryptography Engineering" for when I feel the need to bang my head on a brick wall. The book doesn't leave grazes, cuts and bruises.