METHODS, DISTRIBUTION, TRIGGERS In order to infect the uranium enrichment facility, STUXNET had to be introduced in the targeted non-network based environment manually. This probably was done by infecting either a third party’s system that had access to the facility, social engineering or there was an insider. The delivery of STUXNET was done via removable device, USB. Once STUXNET had got into a computer it hid itself using so-called root-kit functionality, and here where the two compromised certificates came into play, they make it look as a legit file and goes invisible. Then it began scanning the local network looking for specific computer that has the Siemens “STEP7”, “WINCC” or “PCS7” software suites to spread into it and take control over it. STEP7 software is essential to program the control system and for STUXNET to do its job. Since most of these computers are non-networked, STUXNET would first try to spread to other computers on the LAN through a zero-day vulnerability. According to Kaspersky, The LNK [a file shortcut in Microsoft Windows] vulnerability is used to spread via USB sticks. The shared print-spooler vulnerability is used to spread in networks with shared printers, which is extremely common in Internet Connection Sharing networks. The other two vulnerabilities have to do with privilege escalation, designed to gain system-level privileges even when computers have been thoroughly locked down. After finding the target computer, STUXNET replaced S7 communication library (DLLs) so it can completely take control of the data flow between the Supervisory Control And Data Acquisition (SCADA) systems built by Siemens and the PLC. It pretty much played Man-In-The-Middle attack. The graphics below show the control sys... ... middle of paper ... ... only one but four zero-day exploits. It took advantage of the vulnerabilities that existed and that they complemented each other perfectly. It is also hard to understand how the malware knew where to go and how to look for its target without interception or command from anybody. STUXNET was built with all the components need to spread in an isolated network just by itself, it was very sophisticated offline attack (sneaker net attack). It also kept itself hidden as legit file using fake certificates while gathering information. As a result of the attack, the worm destroyed Tehran’s 1000 nuclear centrifuges and set back the country’s atomic program by at least two years, as it spread beyond the plant and infected over 60,000 computers as well. Pretty much the attackers reached their goals, and sustained their power in the area. STUXNET timeline according to Symantec
According to authorities, with the use of the worm and it’s code named “teekids.exe”, he was able to infect at least seven thousand computers upon releasing it to the internet. Using the “Lithium” file within the worm, he accessed the infected computers. He used those computers to launch and even larger attack called a DDos Attack (a target computer is inundated with requests from a overwhelming number of sources causing a computer to be overwhelmed and shut down). After he gained control, those seven thousand computers were used to launch the attack that contacted approximately 41,000 computers. Those were instructed to do an attack on the Microsoft web site. Federal investigators have estimated the cost of destruction to be around $1.
I found this article in the GCC database. I found it extremely helpful because I found direct numbers of the devastation. All other articles could not conform the area that was effected and I have found it in this article.
Dillon Beresford saw Stuxnet as a challenge because he wanted to see if it was possible for a single individual to pull off an attack on a similar scale as Stuxnet that could disrupt industrial control systems. Due to the sophisticated nature of the attack, which used four separate zero-day vulnerabilities, and stolen digital certificates to craft and disguise a complex piece of malware that targeted Siemens SIMATIC Step 7 PLCs, Stuxnet was assumed to be the work of a nation-state. Surely a nation-state might have at its disposal the time and money needed to discover, or otherwise acquire these zero-day vulnerabilities, as well as the man power needed to use these flaws to compile and disguise such a clever cyberattack. An individual on the other hand would never be able to accomplish such an attack, or have such a high level understanding of the interworking of the control systems at the Natanz uranium enrichment facilities. Or so it was thought. Dillon Beresford was intrigued by the assumption that only a nation-state could pull off such a
THE HACKER CRACKDOWN Law and Disorder on the Electronic Frontier CONTENTS Preface to the Electronic Release of *The Hacker Crackdown* Chronology of the Hacker Crackdown Introduction Part 1: CRASHING THE SYSTEM A Brief History of Telephony / Bell's Golden Vaporware / Universal Service / Wild Boys and Wire Women / The Electronic Communities / The Ungentle Giant /
In “Are Colleges Worth the Price of Admission?” Andrew Hacker and Claudia Dreifus argue that colleges are not doing a sufficient job of “challeng[ing] the minds of young people” and propose ways in which the necessary “reform” could be executed (Hacker and Dreifus, 2010, para. 4). After studying and interviewing higher education policymakers and staff, as well as students, the researchers concluded that colleges are attempting to do a lot, but not adequately accomplishing any of it. As a result, the students are being left with massive amounts of debt and no real long-term benefits, indicate Hacker and Dreifus.
The Hacker Crackdown: Law and Disorder on the Electronic Frontier by Bruce Sterling is a book that focuses on the events that occurred on and led up to the AT&T long-distance telephone switching system crashing on January 15, 1990. Not only was this event rare and unheard of it took place in a time when few people knew what was exactly going on and how to fix the problem. There were a lot of controversies about the events that led up to this event and the events that followed because not only did it happen on Martin Luther King Day, but few knew what the situation truly entailed. There was fear, skepticism, disbelief and worry surrounding the people that were involved and all of the issues that it incorporated. After these events took place the police began to crackdown on the law enforcement on hackers and other computer based law breakers. The story of the Hacker Crackdown is technological, sub cultural, criminal, and legal. There were many raids that took place and it became a symbolic debate between fighting serious computer crime and protecting the civil liberties of those involved.
Multi-platform computer worms are a tool that computer hackers use to infect computers to gain control access. Computer worms are a dangerous virus because they are self-replicating, meaning that they multiply themselves and spread onto other computer networks seeking a lapse in internet security. Computer worms do not need to attach themselves onto an existing computer program to gain access to the victim computer files. The computer worm was created on accident by a Cornell student named Robert Morris; he was seeking a way of managing the internet in 1988. “Morris had no malicious intent, but a bug in his program caused many of the computers the worm landed on to crash. … but worms had come of age and have since evolved into an effective way of attacking systems connected to the internet” (Barwise). Today, hackers use the Morris worm to infect computers. “Five men believed to be responsible for spreading a notorious computer worm on Facebook and other social networks — and pocketing several million dollars from online schemes — are hiding in plain sight in St. Petersburg, Russia …” (Richmond). Since the good intended creation of the worm it has only been used maliciously as a computer virus by money seeking computer hackers such as the Koobface gang in Russia.
Many people through out the world use the internet in way you can’t imagine. Hacktivism being a virtual way to make a statement for the world to see is only the beginning. A recent demonstration of hacktivism followed the death of a Chinese airman when his jet fighter collided with a U.S. surveillance plane in April 2001. Chinese and American hacktivist from both countries hacked Web sites and used them as "blackboards" for their statements. This is only an example of what hacktivist are capable of. This in my opinion is not ethical. I do understand they are making a point but the way to make the point is all wrong.
The malware propagated mainly through the use of email attachments. The attackers utilized social engineering by posing as legitimate business partners or touting security updates. Once the employees opened the email’s attachment their computer would be infected. After a computer became infected, the attacker had the ability to perform a wide range of actions. Poison Ivy utilizes a client/server architecture that turns the infected machines into “servers” that the attackers can access from anywhere there is an Internet connection (Prince). Investigations by Symantec and law enforcement identified that the attacker’s actions were different in each case. In addition to having the ability to browse, copy, and upload documents from an infected computer the att...
It was later deduced that the tools were designed in a fashion to bypass any security or firewall using the same NSA leaked tools named as EternalBlue and EternalLove. When the incident was over, The Shadow Broker spread, threatening messages all over the world that they will provide more of these tools every month, giving access to cybercriminals and other government around the globe
government. This virus was then converted in the form of a thumb drive. The government investigated other businesses associated with the uranium plants helping develop nuclear weapons, through this they were able to transmit the virus into their computers which later spread through to the uranium plants. In a matter of weeks, almost all of Iran's uranium plants were infected. The Stuxnet virus was created to spin centrifuges out of control in the uranium plants and it did just that setting Iran’s nuclear development back and costing a lot of
Advanced Persistent Threat (APTs) is one of the most difficult challenges faced by the anti-virus community. APTs have made headlines in the last few years for breaching some of the most well-known enterprise networks (Gamer, 2009). The term Advanced Persistent Threat was first coined by United States Air force in 2006 to describe the complex cyber-attacks against specific target over a long period of time (Bejtlich, 2010). It was employed by nation states to penetrate other nation’s network for security secrets and other defense data, it is unlike the previous cyber-attacks that went after credit card and other personal identify information.
Computer hackers in today's world are becoming more intelligent. They are realizing that people are constantly developing more hack-proof systems. This presents the hackers with a bigger challenge and a bigger thrill. The government is realizing this and is working on making harsher laws to, hopefully, scare the potential hackers. With the increase in hacking and hacker intelligence, governmental regulation of cyberspace hasn't abolished the fact that it's nearly impossible to bring a hacker to justice.
In 2012, the U.S. Department of Homeland Security cybersecurity had reported 52% more. They had 198 attacks that were brought to attention that were successful. A natural gas pipeline was targeted by a group of hackers, and they gained access to steal data on how their system works. The United States infrastructure is very vulnerable. The image below shows 7200 locations of industrial locations that are vulnerable to attack.