Shadowrun IRL: Stuxnet, Calling Echo Mirage... Options

[Demonic357]

And we're one step closer to February 8th 2029. I don't know if anyone else has read about this yet, but it damn near gave me the shivers when I saw it.

Stuxnet malware is a weapon

Given the vagueness and secrecy surrounding the US Cyber Command I'm surprised they announced anything at all.

[Chance359]

It could be Skynet...

[tete]

Nothing to see here, move along citizen!

[Christian Lafay]

I like the "available on the black market" part. How much for this Black Hammer, I wonder.

[vladthebad]

And we're one step closer to February 8th 2029. I don't know if anyone else has read about this yet, but it damn near gave me the shivers when I saw it.

Stuxnet malware is a weapon

Given the vagueness and secrecy surrounding the US Cyber Command I'm surprised they announced anything at all.

It sounds more like it was designed to destroy skynet's robot factories in space.

[KarmaInferno]

The cynical bastard in me wonders if this isn't a bit of social engineering by the hackers at US Cybercommand.

If you wanted to delay someone from turning a device on, convince them it might blow up it they do.

I have to imagine there are codemonkeys in Iran right now feverishly poring over millions of lines of code trying to determine if their nuclear plant is infected.



-karma

[Doc Chase]

I'm sort of thinking this kind of thing wouldn't be USCYBCOM's purview.

Mossad, on the other hand...

[tete]

The cynical bastard in me wonders if this isn't a bit of social engineering by the hackers at US Cybercommand.

If you wanted to delay someone from turning a device on, convince them it might blow up it they do.

I have to imagine there are codemonkeys in Iran right now feverishly poring over millions of lines of code trying to determine if their nuclear plant is infected.



-karma

I'd have to recheck the security announcement but I'm pretty sure the only thing odd on this one was it was using 6 zero day exploits to infect (most use 1). It also only directly attacks a micro-controler made my Siemens. The zero days were just used as transport across windows systems.

[KarmaInferno]

Sorry, I'll clarify.

By , "social engineering", I mean, "a lie".

Even if you suspect it's a lie, you are operating a nuclear power plant. Would you want to take that risk?


-karma

[Doc Chase]

Sorry, I'll clarify.

By , "social engineering", I mean, "a lie".




-karma

No no, I know what you 're sayin'. Maybe it's me just being naive, but I don't see CYBCOM being capable of that kind of flim-flam.

[tete]

I'm still not sure where your going with that, Langner Communications I believe has credit for decrypting the intent of the malware I believe. They are a German company.

[Doc Chase]

I'm still not sure where your going with that, Langner Communications I believe has credit for decrypting the intent of the malware I believe. They are a German company.

So we have a worm that attacks German controllers, discovered by a German company...

...Who hates ze Germans so much? (IMG:style_emoticons/default/nyahnyah.gif)

[tete]

My guess would be Germans based on this http://www.itnews.com.au/News/232831,us-hu...ogle-fibre.aspx

[Doc Byte]

Toying around with nuclear facilities is genially a poor idea. Fallout doesn't stop at your border. We Europeans do remember Chernobyl very vividly. - Damn, I couldn't play in the sandbox back then! (IMG:style_emoticons/default/sarcastic.gif)

[hobgoblin]

Whats next, fake radar signals to trigger crashes in the firmware of a SAM site?

[Nifft]

So we have a worm that attacks German controllers, discovered by a German company...

...Who hates ze Germans so much? (IMG:style_emoticons/default/nyahnyah.gif)

The French.

This is clearly a marketing move: don't buy German nukes, buy French!

[Sengir]

...Who hates ze Germans so much? (IMG:style_emoticons/default/nyahnyah.gif)

Damn, I knew those Bavarians were up to something...


@Nifft: We dont sell nukes. Just labratories, delivery and guidance systems and whatever else your average tin-pot dictator needs to build his on WMDs...and then protective equipment to the other side.

[Daddy's Litt...]

I just read about it. Here http://www.bbc.co.uk/news/technology-11388018 the BBc is speculating it was aimed at the Iranians and among the things it does is turn systems on an off. I do not like the Iranians but that seems like a pretty good way to maybe have a severe melt down. They also say it targets systems not usually attached to the net which also implies it goes after those secret facilities rather than just swarming the whole net.

[Doc Chase]

Judging by how it's spread around other secure systems in other countries, it makes an excellent tracking device for contractors doing what they shouldn't be.

[tete]

Judging by how it's spread around other secure systems in other countries, it makes an excellent tracking device for contractors doing what they shouldn't be.

Well some secure systems are certainly secure from use. The main reason governments hire contractors is to circumnavigate their own regulations...

[Doc Chase]

Well some secure systems are certainly secure from use. The main reason governments hire contractors is to circumnavigate their own regulations...

Sure, but they've been tracking this thing from a USB key a contractor's been using while going from place to place. Give each iteration of the virus a specific signature, and you can track where he's been and what he's been working on.

One quick waterboard debriefing later, and ta-da! Intel.

[Neurosis]

Welp this is fucking terrifying.

[nezumi]

The original article seems to be missing some details which perhaps downplayed the pants-wetting fear for me. A lot of the 'new technologies' seem not so new to me. Certainly the idea of using viruses to attack SCADA systems is not a new idea (and oftentimes SCADA systems have unusual requirements which prevent them from being properly secured - for instance a piece of software which runs only on Windows 98). The directed attack is new, but not novel. Spear-phishing already does this. The impressive part is that a government actually got the resources together to take advantage of an emerging technology like this (which makes me suspect this isn't the US government).

We will see in this in the future. Fortunately, it has been predicted, and at least SOME people have been paying attention, so the process of defense is already started.

(The part that would make me really impressed in this case would be if the virus exploited a vulnerability that the owners of the software were not aware of. At that point we're getting a bit more pants-wetting.)

[Sengir]

The impressive part is that a government actually got the resources together to take advantage of an emerging technology like this (which makes me suspect this isn't the US government).

Bear in mind that both the origin and the target of this malware are highly speculative. Off the top of my head, blackmail would be another explaination - pay us, or the next version won't have an expiry date. The targeted company of course did not make it public (because shareholders and authorities would panic), and at some point a company representative inadvertedly took it with him on a business trip.

(The part that would make me really impressed in this case would be if the virus exploited a vulnerability that the owners of the software were not aware of. At that point we're getting a bit more pants-wetting.)

Uhm, that's more or less the definition of a zero-day exploit: A vulnerability the software's manufacturer only becomes aware of when analyzing an already existing attack (IMG:style_emoticons/default/wink.gif)


And on a semi-related note: The unexiting truth behind many claims about "cyberwar". As a German commentator wrote, it's like a twelve year old claiming he was mauled by a gang of Mafia hitmen, because he doesn't want to admit the little girl next door gave him that black eye.

[nezumi]

I know what a zero-day exploit is, and that isn't so unusual. The fact that it's still a concern so long AFTER day 0 which would make it surprising.