hack

865 Words2 Pages

METHODS, DISTRIBUTION, TRIGGERS In order to infect the uranium enrichment facility, STUXNET had to be introduced in the targeted non-network based environment manually. This probably was done by infecting either a third party’s system that had access to the facility, social engineering or there was an insider. The delivery of STUXNET was done via removable device, USB. Once STUXNET had got into a computer it hid itself using so-called root-kit functionality, and here where the two compromised certificates came into play, they make it look as a legit file and goes invisible. Then it began scanning the local network looking for specific computer that has the Siemens “STEP7”, “WINCC” or “PCS7” software suites to spread into it and take control over it. STEP7 software is essential to program the control system and for STUXNET to do its job. Since most of these computers are non-networked, STUXNET would first try to spread to other computers on the LAN through a zero-day vulnerability. According to Kaspersky, The LNK [a file shortcut in Microsoft Windows] vulnerability is used to spread via USB sticks. The shared print-spooler vulnerability is used to spread in networks with shared printers, which is extremely common in Internet Connection Sharing networks. The other two vulnerabilities have to do with privilege escalation, designed to gain system-level privileges even when computers have been thoroughly locked down. After finding the target computer, STUXNET replaced S7 communication library (DLLs) so it can completely take control of the data flow between the Supervisory Control And Data Acquisition (SCADA) systems built by Siemens and the PLC. It pretty much played Man-In-The-Middle attack. The graphics below show the control sys... ... middle of paper ... ... only one but four zero-day exploits. It took advantage of the vulnerabilities that existed and that they complemented each other perfectly. It is also hard to understand how the malware knew where to go and how to look for its target without interception or command from anybody. STUXNET was built with all the components need to spread in an isolated network just by itself, it was very sophisticated offline attack (sneaker net attack). It also kept itself hidden as legit file using fake certificates while gathering information. As a result of the attack, the worm destroyed Tehran’s 1000 nuclear centrifuges and set back the country’s atomic program by at least two years, as it spread beyond the plant and infected over 60,000 computers as well. Pretty much the attackers reached their goals, and sustained their power in the area. STUXNET timeline according to Symantec

More about hack

Open Document