Ever since Flame, a gigantic piece of malware that lifts data from infected computers, was uncovered by security researchers three weeks ago, people have been wondering who could have built such a thing. Its powers, and the fact that it had apparently been operating in secret for years, shocked experts, who called it “one of the most complex threats ever discovered.”
More revelations followed: World-class mathematicians had worked on it, doing new science to develop its attacks. At first it was thought that Flame had nothing in common with Stuxnet, the US and Israeli-built virus that targeted Iran’s nuclear program and has become synonymous with the new age of cyberwarfare. Closer analysis, however, revealed that an early module of Flame had identified and exploited a then-unknown weakness in Microsoft Windows. The same capability showed up later in Stuxnet. The two pieces of malware had apparently communicated at least once, with Flame, which primarily gathers information, passing data to Stuxnet, which used that data to inflict damage.
A massive piece of malware, nicknamed “Flame” by security researchers at Kaspersky Lab, has been discovered attacking computers in Iran and the rest of the Middle East. The scale and sophistication of the malware suggests that it was commissioned by a nation-state, perhaps by the same parties that built StuxNet, which destroyed Iranian uranium centrifuges several years ago, and Duqu, a related Trojan that culled information from infected computers.
Flame doesn’t share any code with StuxNet or Duqu. But it is much larger—Duqu, for instance, was just 500 kilobytes, while Flame is 20 megabytes—and it impressed the Kaspersky researchers with its array of functions, which make it a kind of giant Swiss Army knife of malware.
We’ve written before about hapless business owners practically handing hackers customers’ information by failing to observe basic computer security (Subway, we’re looking at you). But this is a security fail on a whole different level. A researcher has just revealed that about ten thousand systems controlling water plants, sewage plants, and other infrastructure are online, mostly unprotected and findable with a simple search.
On October 14, security company Symantec got word from a research lab that they’d discovered a piece of malware that looked a lot like Stuxnet, the sophisticated computer virus that made headlines last year after its anonymous designers used it to attack Iran’s nuclear program. This new malware, called Duqu by the researchers who discovered it, shares much of Stuxnet’s code, suggesting that it came from the same people who built the first virus, or at least people who had access to the source code. Read More
Unmanned drones like this Predator are now central to US warfare—but they are also vulnerable to cyberattacks.
What’s the News: A computer virus that records the keystrokes of US military operators has infected two classes of American military drones. “We keep wiping it off, and it keeps coming back,” a military source told Wired’s Danger Room, which broke the story. “We think it’s benign. But we just don’t know.”
What’s the News: Cyber attacks undertaken by another nation can be considered an act of war, according to a new Pentagon policy to be released in the next month. If you mess with the US online, the Pentagon has decided, it may retaliate offline, in the form of bombs, missiles, and other very real attacks. One military official sums it up thusly to the Wall Street Journal, which broke the story: “If you shut down our power grid, maybe we will put a missile down one of your smokestacks.” How exactly this stance will be put into practice, though, isn’t clear.
Stuxnet seems to become scarier every time you hear about it. The sophisticated piece of malware came to the world’s attention in September; shortly thereafter we heard that it was perfectly designed to attack nuclear centrifuges, and in fact had disrupted some nuclear research in Iran. Now comes more news about how it works, and who might be using it next.
The security group Symantec has been trying to analyze and understand the waves of Stuxnet attacks against Iran, and now its researchers have found the base of the attacks, according to Symantec’s Orla Cox.
The new research, which analysed 12,000 infections collected by various anti-virus firms, shows that the worm targeted five “industrial processing” organisations in Iran. “These were the seeds of all other infections,” said Ms Cox. The firm was able to identify the targets because Stuxnet collected information about each computer it infected, including its name, location and a time stamp of when it was compromised. [BBC News]
Though Symantec isn’t naming the five targets in Iran, another security expert studying Stuxnet’s code, Ralph Langner, told CNET the likely target of the whole attack was the Natanz nuclear enrichment plant.
Between murders and leaked documents, there’s disarray and intrigue all around Iran’s burgeoning nuclear program.
Yesterday, two prominent nuclear scientists in Iran were attacked in car bombings.
According to [Iranian new service] Fars, scientists Majid Shahriari and Fereydoun Abbasi were parking their cars in separate locations near the university campus about 7:45 a.m. local time when they were attacked.Witnesses said each car was approached by a group of men on motorcycles, who attached explosives to the vehicles and detonated them seconds later, the news agency reported. Shahriari was killed instantly. Abbasi was wounded. Both men were with their wives, who were also wounded. [Washington Post]
Unsurprisingly, Iranian President Mahmoud Ahmadinejad quickly pointed the finger of blame at the West and Israel. Both of the targeted scientists are reportedly connected to the Iranian nuclear program, which the government maintains is for the purpose of energy, but the United States and other nations oppose out of fear of an Iranian bomb.
Abbasi-Davani, whose handful of publications on neutron physics are mainly in Iranian journals, is a key figure in Iran’s nuclear programme. He is reported to be a scientist at the country’s defence ministry, and a member of Iran’s revolutionary guards since the 1979 Islamic Revolution. He was also named as being among “Persons involved in nuclear or ballistic missile activities” in the 2007 UN Security Council Resolution 1747, which imposed sanctions on Iran over its refusal to stop enrichment of uranium. [Nature]
It was late September when the world got wind of Stuxnet, the complex piece of malware that appeared to specifically target Iranian nuclear sites. Now, analysis of Stuxnet suggests it was almost perfectly designed to corrupt nuclear centrifuges, according to David Albright of the Institute for Science and International Security.
On Wednesday, Mr. Albright and a colleague, Andrea Stricker, released a report saying that when the worm ramped up the frequency of the electrical current supplying the centrifuges, they would spin faster and faster. The worm eventually makes the current hit 1,410 Hertz, or cycles per second — just enough, they reported, to send the centrifuges flying apart. In a spooky flourish, Mr. Albright said in the interview, the worm ends the attack with a command to restore the current to the perfect operating frequency for the centrifuges — which, by that time, would presumably be destroyed. [The New York Times]
Computer experts don’t know Stuxnet’s origin for sure, though the Times’ story drops a few cryptic hints of Israeli involvement. And further study of the attack shows that although Stuxnet appears calibrated to disrupt centrifuges, it could be easily adapted to seize the reins of other systems.
The widespread interconnection of corporate networks and use of SCADA systems [supervisory control and data acquisition] means that industrial infrastructure is increasingly vulnerable to software attack. Such control systems are used in virtually every industry—food production, vehicle assembly, chemical manufacturing—and are commonly exposed to insecure networks. This leaves them vulnerable to tampering, such as with Stuxnet, as well as intellectual property theft. [Ars Technica]
A virus has been popping up in industrial plants and personal computers worldwide, and is now posing a looming threat over Iran, where more than 60 percent of the computers infected with the virus are located.
Some experts believe that virus, first discovered in June, was developed by high-level government programmers (possibly from the US, Israel, or Germany), and is directed toward a specific target, most likely Iran’s Bushehr nuclear power plant. It is believed to have been around for over a year.
The virus was written to exploit five security vulnerabilities (four of which were previously unknown, and only two of which have been patched) in a piece of software used in many different industrial systems. The virus is inserted into the system using a thumbdrive, then spreads from computer to computer.
The malware was so skillfully designed that computer security specialists who have examined it were almost certain it had been created by a government and is a prime example of clandestine digital warfare. While there have been suspicions of other government uses of computer worms and viruses, Stuxnet is the first to go after industrial systems. [The New York Times]