Page 3 of 3 FirstFirst 123
Results 41 to 55 of 55

Thread: Stuxnet: Target Bushehr?

  1. #41
    Council Member
    Join Date
    Jun 2007
    Location
    Southport NC
    Posts
    48

    Default

    Duqu most likely is more of an information gathering virus that saves files on the infected machine for further use later. It is also a keylogger.

    https://infosecisland.com/blogview/1...er-Weapon.html

  2. #42
    Council Member AdamG's Avatar
    Join Date
    Dec 2005
    Location
    Hiding from the Dreaded Burrito Gang
    Posts
    2,597

    Default

    The U.S. and Israel are widely assumed to be responsible for the Stuxnet computer worm that hit Iran’s nuclear facilities. But Moscow has just as good a motive.
    http://the-diplomat.com/2011/12/10/w...ehind-stuxnet/
    A scrimmage in a Border Station
    A canter down some dark defile
    Two thousand pounds of education
    Drops to a ten-rupee jezail


    http://i.imgur.com/IPT1uLH.jpg

  3. #43
    Council Member
    Join Date
    Mar 2009
    Posts
    11,075

    Default Stuxnet was Work of U.S. and Israeli Experts

    Stuxnet was Work of U.S. and Israeli Experts

    Entry Excerpt:



    --------
    Read the full post and make any comments at the SWJ Blog.
    This forum is a feed only and is closed to user comments.

  4. #44
    Council Member AdamG's Avatar
    Join Date
    Dec 2005
    Location
    Hiding from the Dreaded Burrito Gang
    Posts
    2,597

    Default

    Iranian nuclear facilities have reportedly been attacked by a “music” virus, turning on lab PCs at night and blasting AC/DC’s “Thunderstruck.”
    http://www.rt.com/news/iran-computer-virus-acdc-940/

    A scrimmage in a Border Station
    A canter down some dark defile
    Two thousand pounds of education
    Drops to a ten-rupee jezail


    http://i.imgur.com/IPT1uLH.jpg

  5. #45
    Council Member
    Join Date
    Mar 2009
    Location
    Florida
    Posts
    44

    Default

    I got a chuckle out of this news item, too, but that article--particularly the title--is crap. Mikko's original blog post is much more informative. There's really two issues. There's a report of some other worm, and the Iranian believes Metasploit is at use. Metasploit is not a virus; it's an exploitation framework. Download it here if you're curious.

    HD Moore, Metasploit's creator, tweeted two responses to articles like this one:

    "definitely a confused individual, Metasploit isn't a worm and doesn't ship with AC/DC's Thunderstruck " (source)
    He also added a bit on how you use the framework to load MP3s:

    "you can do it today (msf> load sounds) & copy mp3" (source)
    If the e-mail to Mikko is truthful and accurate, this strikes me as the act of an amateur--not a state, much less the U.S. Moreover, the fact that there is no effort to be covert makes me think this is a grand middle finger to US and other intelligence agencies. It is as if the perpetrator is saying, "You developed developed malware and cryptographic attacks over the course of years to penetrate computers relevant to the Iranian nuclear program; I did it downloading an app freely available to anyone." They probably even used a commonly available exploit, too. I can't see someone burning a 0-day to blast "Thunderstruck" to some Iranian engineers just for, as the kids say, "the lulz."

    If I had to ‘profile’ the perpetrator, I would suggest a lone male with a grudge or grievance with one or more US intelligence agencies (perhaps a past applicant). If there is a political motive, I would suggest someone affiliated with Anonymous or other like-minded group who might think disrupting Iranian networks would mean disrupting any ongoing US intelligence operation. Either way, the objective in my view is disrupting or discrediting US efforts rather than Iran's nuclear program. That’s pure speculation, but that is the impression I get.
    Last edited by Erich G. Simmers; 07-25-2012 at 06:13 AM. Reason: m0ar l33tness
    Erich G. Simmers
    www.weaponizedculture.org

  6. #46
    Council Member AdamG's Avatar
    Join Date
    Dec 2005
    Location
    Hiding from the Dreaded Burrito Gang
    Posts
    2,597

    Default

    Quote Originally Posted by Erich G. Simmers View Post
    If I had to ‘profile’ the perpetrator, I would suggest a lone male with a grudge or grievance with one or more US intelligence agencies (perhaps a past applicant). If there is a political motive, I would suggest someone affiliated with Anonymous or other like-minded group who might think disrupting Iranian networks would mean disrupting any ongoing US intelligence operation. Either way, the objective in my view is disrupting or discrediting US efforts rather than Iran's nuclear program. That’s pure speculation, but that is the impression I get.
    That'd make a good movie script. Seriously.
    A scrimmage in a Border Station
    A canter down some dark defile
    Two thousand pounds of education
    Drops to a ten-rupee jezail


    http://i.imgur.com/IPT1uLH.jpg

  7. #47
    Council Member
    Join Date
    Mar 2009
    Location
    Florida
    Posts
    44

    Default

    Quote Originally Posted by AdamG View Post
    That'd make a good movie script. Seriously.
    Have you played with Metasploit? Typing commands in to msfconsole is a little hard to dramatize on screen. About the closest we've come to making the command line sexy was having Trinity from The Matrix run an nmap scan and a fictitious SSH exploit, and Trinity did it wearing a leather outfit (article and YouTube clip*). The real perpetrator may be doing it unshaven and in a bathrobe.

    Definitely strikes me as an amateur--although who knows. If the Iranians are shutting down key parts of their network (I don't know how vital the automation bits mentioned in Mikko's piece are) to do forensics to figure out how the attacker is getting in, maybe blasting "Thunderstruck" is the next best thing to some fancy exploit to ruin centrifuges. Or, perhaps, some group who wants to disrupt Iran's nuclear program is flooding them with garbage attacks to overwhelm Iranians attempts to analyze their more 'long-term,' targeted malware. That analysis takes time and personnel who are in short supply even in the U.S.

    However, these types of attacks seem every bit as likely to disrupt professional intelligence agencies' access as help them in some way. That's why I think there is another motive at work here. The reported worm and Metasploit hijinks may even be two separate actors.

    --

    * - Funny enough, that little 1:09 clip dramatizes pretty much every policy maker's fear of an infrastructure attack on the U.S.
    Last edited by Erich G. Simmers; 07-26-2012 at 05:04 PM.
    Erich G. Simmers
    www.weaponizedculture.org

  8. #48
    Council Member AdamG's Avatar
    Join Date
    Dec 2005
    Location
    Hiding from the Dreaded Burrito Gang
    Posts
    2,597

    Default

    Researchers said today they have identified part of the powerful Flame cyber espionage program as a stand-alone, “highly flexible” spy program that centered its attacks on computer systems in Lebanon and Iran.

    MiniFlame, as cyber experts at Moscow-based Kaspersky Labs dubbed the malware, is an “info-stealing” virus designed to hit only a few high-profile targets – perhaps just a few dozen computer systems. Kaspersky researchers said in a blog post they actually discovered MiniFlame in July but at the time believed it to be just a module within Flame.
    http://abcnews.go.com/blogs/headline...-lebanon-iran/
    A scrimmage in a Border Station
    A canter down some dark defile
    Two thousand pounds of education
    Drops to a ten-rupee jezail


    http://i.imgur.com/IPT1uLH.jpg

  9. #49
    Council Member AdamG's Avatar
    Join Date
    Dec 2005
    Location
    Hiding from the Dreaded Burrito Gang
    Posts
    2,597

    Default

    After the Stuxnet malware attacks that are thought to have caused several Iranian nuclear centrifuges to explode, Iran has been steadily boosting its ability to carry out attacks against computer networks, and is growing into “a force to be reckoned with.”

    That was the warning given by Gen. William Shelton (pictured in a file photo), head of the U.S. Air Force’s Space Command, which is also in charge of the Air Force’s cyber-war group, in a speech in Washington, D.C., yesterday, which was covered by Reuters.
    http://allthingsd.com/20130118/iran-...-general-says/
    A scrimmage in a Border Station
    A canter down some dark defile
    Two thousand pounds of education
    Drops to a ten-rupee jezail


    http://i.imgur.com/IPT1uLH.jpg

  10. #50
    Registered User
    Join Date
    Feb 2007
    Posts
    2

    Default Conflict of Interest

    If anyone really wants to know in detail how severe and what exactly the alleged Iranian cyber threat entails, the last place to look is to a US service representative. It is in his interest, in these budget constrained times, to hype the threat.

    I suppose what we really need is a trusted third party... operating as Kapersky is doing now with the Stuxnet threat-- to gauge threat sophistication, intended target, etc. UN? Sweden?

  11. #51
    Council Member davidbfpo's Avatar
    Join Date
    Mar 2006
    Location
    UK
    Posts
    12,200

    Default Stuxnet worm 'increased' Iran's nuclear potential

    A RUSI Journal article (behind paywall) that disputes the impact via a newspaper article:
    Iran's nuclear potential may have been significantly increased by the Stuxnet worm that is believed to have infected the country's uranium enrichment facility at Natanz in 2009 and 2010, new research claims.
    Link:http://www.telegraph.co.uk/technolog...potential.html
    davidbfpo

  12. #52
    Council Member davidbfpo's Avatar
    Join Date
    Mar 2006
    Location
    UK
    Posts
    12,200

    Default Nothing short of another Sputnik moment

    A detailed explanation of the two versions of Stuxnet; for a layman like moi, just about followed: 'Stuxnet's Secret Twin: The real program to sabotage Iran's nuclear facilities was far more sophisticated than anyone realized'.

    There are some, different passages; the best is:
    The system might have keep Natanz's centrifuges spinning, but it also opened them up to a cyberattack that is so far-out, it leads one to wonder whether its creators might have been on drugs.
    It ends with:
    In other words, blowing the cover of this online sabotage campaign came with benefits. Uncovering Stuxnet was the end of the operation, but not necessarily the end of its utility. Unlike traditional Pentagon hardware, one cannot display USB drives at a military parade. The Stuxnet revelation showed the world what cyberweapons could do in the hands of a superpower. It also saved America from embarrassment. If another country -- maybe even an adversary -- had been first in demonstrating proficiency in the digital domain, it would have been nothing short of another Sputnik moment in U.S. history. So there were plenty of good reasons not to sacrifice mission success for fear of detection.

    We're not sure whether Stuxnet was disclosed intentionally. As with so many human endeavors, it may simply have been an unintended side effect that turned out to be critical. One thing we do know: It changed global military strategy in the 21st century.
    Link:http://www.foreignpolicy.com/article...tack?page=full
    davidbfpo

  13. #53
    Council Member davidbfpo's Avatar
    Join Date
    Mar 2006
    Location
    UK
    Posts
    12,200

    Default How Stuxnet was delivered?

    A new thesis about that, to be outlined Tuesday at a security conference in San Francisco, points to a vulnerability in the Iranian facility's supply chain – and may hold lessons for owners of critical infrastructure in the US concerning how to guard their own industrial equipment against cyberattack.
    Link:http://www.csmonitor.com/World/Secur...0rTtag.twitter
    davidbfpo

  14. #54
    Council Member davidbfpo's Avatar
    Join Date
    Mar 2006
    Location
    UK
    Posts
    12,200

    Default Stuxnet “this has the whiff of 1945. Someone just used a new weapon".

    Not a surprise - there is now a film / documentary on Stuxnet; Zero Days, by Oscar-winning director Alex Gibney and an article, written after a preview of the film, has the sub-title:
    A new documentary on “Stuxnet”, the joint U.S.-Israeli attack on Iran’s nuclear program, reveals it was just a small part of a much bigger cyber operation against the nation’s military and civilian infrastructure under the code name “NITRO ZEUS”.
    As a joint US-Israeli project it had some "issues" as one source claims:
    Our friends in Israel took a weapon that we jointly developed — in part to keep Israel from doing something crazy — and then used it on their own in a way that blew the cover of the operation and could’ve led to war.
    Citing Michael Hayden, ex-CIA & NSA:
    I know no operational details and don’t know what anyone did or didn’t do before someone decided to use the weapon, all right. I do know this: If we go out and do something, most of the rest of the world now thinks that’s a new standard, and it’s something they now feel legitimated to do as well. But the rules of engagement, international norms, treaty standards, they don’t exist right now.
    Link:http://www.buzzfeed.com/jamesball/us...ma#.hb5pVQAmPj

    Merged into the old thread on Stuxnet, with 52 posts and 20k views.
    Last edited by davidbfpo; 02-28-2016 at 09:56 AM. Reason: Thread had 1752 views until merged.
    davidbfpo

  15. #55
    Council Member
    Join Date
    Mar 2009
    Posts
    11,075

    Default Stuxnet “this has the whiff of 1945. Someone just used a new weapon".

    U.S. Had Cyberattack Planned if Iran Nuclear Negotiations Failed

    This is NYT report:
    In the early years of the Obama administration, the United States developed an elaborate plan for a cyberattack on Iran in case the diplomatic effort to limit its nuclear program failed and led to a military conflict, according to a forthcoming documentary film and interviews with military and intelligence officials involved in the effort. The plan, code named Nitro Zeus, was designed to disable Iran’s air defenses, communications systems and key parts of its power grid, and was shelved, at least for the foreseeable future, after the nuclear deal struck between Iran and six other nations last summer was fulfilled.

    Link:http://www.nytimes.com/2016/02/17/wo...iled.html?_r=0
    Last edited by davidbfpo; 02-16-2016 at 09:05 PM. Reason: Copied from SWJ Blog

Similar Threads

  1. Snipers Sniping & Countering them
    By DDilegge in forum Trigger Puller
    Replies: 224
    Last Post: 08-26-2017, 10:05 AM
  2. The Roles and Weapons with the Squad
    By Faceman in forum Trigger Puller
    Replies: 977
    Last Post: 05-25-2014, 01:49 AM

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •