Help - Search - Members - Calendar
Full Version: Shadowrun IRL: Stuxnet
Dumpshock Forums > Discussion > Shadowrun
Demonic357
And we're one step closer to February 8th 2029. I don't know if anyone else has read about this yet, but it damn near gave me the shivers when I saw it.

Stuxnet malware is a weapon

Given the vagueness and secrecy surrounding the US Cyber Command I'm surprised they announced anything at all.
Chance359
It could be Skynet...
tete
Nothing to see here, move along citizen!
Christian Lafay
I like the "available on the black market" part. How much for this Black Hammer, I wonder.
vladthebad
QUOTE (Demonic357 @ Sep 22 2010, 09:07 AM) *
And we're one step closer to February 8th 2029. I don't know if anyone else has read about this yet, but it damn near gave me the shivers when I saw it.

Stuxnet malware is a weapon

Given the vagueness and secrecy surrounding the US Cyber Command I'm surprised they announced anything at all.


It sounds more like it was designed to destroy skynet's robot factories in space.
KarmaInferno
The cynical bastard in me wonders if this isn't a bit of social engineering by the hackers at US Cybercommand.

If you wanted to delay someone from turning a device on, convince them it might blow up it they do.

I have to imagine there are codemonkeys in Iran right now feverishly poring over millions of lines of code trying to determine if their nuclear plant is infected.



-karma
Doc Chase
I'm sort of thinking this kind of thing wouldn't be USCYBCOM's purview.

Mossad, on the other hand...
tete
QUOTE (KarmaInferno @ Sep 22 2010, 09:08 PM) *
The cynical bastard in me wonders if this isn't a bit of social engineering by the hackers at US Cybercommand.

If you wanted to delay someone from turning a device on, convince them it might blow up it they do.

I have to imagine there are codemonkeys in Iran right now feverishly poring over millions of lines of code trying to determine if their nuclear plant is infected.



-karma



I'd have to recheck the security announcement but I'm pretty sure the only thing odd on this one was it was using 6 zero day exploits to infect (most use 1). It also only directly attacks a micro-controler made my Siemens. The zero days were just used as transport across windows systems.
KarmaInferno
Sorry, I'll clarify.

By , "social engineering", I mean, "a lie".

Even if you suspect it's a lie, you are operating a nuclear power plant. Would you want to take that risk?


-karma
Doc Chase
QUOTE (KarmaInferno @ Sep 22 2010, 09:52 PM) *
Sorry, I'll clarify.

By , "social engineering", I mean, "a lie".




-karma


No no, I know what you 're sayin'. Maybe it's me just being naive, but I don't see CYBCOM being capable of that kind of flim-flam.
tete
I'm still not sure where your going with that, Langner Communications I believe has credit for decrypting the intent of the malware I believe. They are a German company.
Doc Chase
QUOTE (tete @ Sep 22 2010, 09:58 PM) *
I'm still not sure where your going with that, Langner Communications I believe has credit for decrypting the intent of the malware I believe. They are a German company.


So we have a worm that attacks German controllers, discovered by a German company...

...Who hates ze Germans so much? nyahnyah.gif
tete
My guess would be Germans based on this http://www.itnews.com.au/News/232831,us-hu...ogle-fibre.aspx
Doc Byte
Toying around with nuclear facilities is genially a poor idea. Fallout doesn't stop at your border. We Europeans do remember Chernobyl very vividly. - Damn, I couldn't play in the sandbox back then! sarcastic.gif
hobgoblin
Whats next, fake radar signals to trigger crashes in the firmware of a SAM site?
Nifft
QUOTE (Doc Chase @ Sep 22 2010, 05:04 PM) *
So we have a worm that attacks German controllers, discovered by a German company...

...Who hates ze Germans so much? nyahnyah.gif

The French.

This is clearly a marketing move: don't buy German nukes, buy French!
Sengir
QUOTE (Doc Chase @ Sep 22 2010, 10:04 PM) *
...Who hates ze Germans so much? nyahnyah.gif

Damn, I knew those Bavarians were up to something...


@Nifft: We dont sell nukes. Just labratories, delivery and guidance systems and whatever else your average tin-pot dictator needs to build his on WMDs...and then protective equipment to the other side.
Daddy's Little Ninja
I just read about it. Here http://www.bbc.co.uk/news/technology-11388018 the BBc is speculating it was aimed at the Iranians and among the things it does is turn systems on an off. I do not like the Iranians but that seems like a pretty good way to maybe have a severe melt down. They also say it targets systems not usually attached to the net which also implies it goes after those secret facilities rather than just swarming the whole net.
Doc Chase
Judging by how it's spread around other secure systems in other countries, it makes an excellent tracking device for contractors doing what they shouldn't be.
tete
QUOTE (Doc Chase @ Sep 23 2010, 02:51 PM) *
Judging by how it's spread around other secure systems in other countries, it makes an excellent tracking device for contractors doing what they shouldn't be.



Well some secure systems are certainly secure from use. The main reason governments hire contractors is to circumnavigate their own regulations...
Doc Chase
QUOTE (tete @ Sep 24 2010, 02:03 AM) *
Well some secure systems are certainly secure from use. The main reason governments hire contractors is to circumnavigate their own regulations...


Sure, but they've been tracking this thing from a USB key a contractor's been using while going from place to place. Give each iteration of the virus a specific signature, and you can track where he's been and what he's been working on.

One quick waterboard debriefing later, and ta-da! Intel.
Neurosis
Welp this is fucking terrifying.
nezumi
The original article seems to be missing some details which perhaps downplayed the pants-wetting fear for me. A lot of the 'new technologies' seem not so new to me. Certainly the idea of using viruses to attack SCADA systems is not a new idea (and oftentimes SCADA systems have unusual requirements which prevent them from being properly secured - for instance a piece of software which runs only on Windows 98). The directed attack is new, but not novel. Spear-phishing already does this. The impressive part is that a government actually got the resources together to take advantage of an emerging technology like this (which makes me suspect this isn't the US government).

We will see in this in the future. Fortunately, it has been predicted, and at least SOME people have been paying attention, so the process of defense is already started.

(The part that would make me really impressed in this case would be if the virus exploited a vulnerability that the owners of the software were not aware of. At that point we're getting a bit more pants-wetting.)
Sengir
QUOTE (nezumi @ Sep 24 2010, 01:09 PM) *
The impressive part is that a government actually got the resources together to take advantage of an emerging technology like this (which makes me suspect this isn't the US government).

Bear in mind that both the origin and the target of this malware are highly speculative. Off the top of my head, blackmail would be another explaination - pay us, or the next version won't have an expiry date. The targeted company of course did not make it public (because shareholders and authorities would panic), and at some point a company representative inadvertedly took it with him on a business trip.

QUOTE
(The part that would make me really impressed in this case would be if the virus exploited a vulnerability that the owners of the software were not aware of. At that point we're getting a bit more pants-wetting.)

Uhm, that's more or less the definition of a zero-day exploit: A vulnerability the software's manufacturer only becomes aware of when analyzing an already existing attack wink.gif


And on a semi-related note: The unexiting truth behind many claims about "cyberwar". As a German commentator wrote, it's like a twelve year old claiming he was mauled by a gang of Mafia hitmen, because he doesn't want to admit the little girl next door gave him that black eye.
nezumi
I know what a zero-day exploit is, and that isn't so unusual. The fact that it's still a concern so long AFTER day 0 which would make it surprising.
Sengir
Corporate systems often are extremely static affairs, being a few months behind on patches is still comparatively good.
Method
Yikes! That is scary!
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Dumpshock Forums © 2001-2012