Category Archives: cyberwarfare

The Pentagon’s expanding cyberwarfare capabilities

The Washington Post reports: The Pentagon has approved a major expansion of its cybersecurity force over the next several years, increasing its size more than fivefold to bolster the nation’s ability to defend critical computer systems and conduct offensive computer operations against foreign adversaries, according to U.S. officials.

The move, requested by the head of the Defense Department’s Cyber Command, is part of an effort to turn an organization that has focused largely on defensive measures into the equivalent of an Internet-era fighting force. The command, made up of about 900 personnel, will expand to include 4,900 troops and civilians.

Details of the plan have not been finalized, but the decision to expand the Cyber Command was made by senior Pentagon officials late last year in recognition of a growing threat in cyberspace, said officials, who spoke on the condition of anonymity because the expansion has not been formally announced. The gravity of that threat, they said, has been highlighted by a string of sabotage attacks, including one in which a virus was used to wipe dat a from more than 30,000 computers at a Saudi Arabian state oil company last summer.

The plan calls for the creation of three types of forces under the Cyber Command: “national mission forces” to protect computer systems that undergird electrical grids, power plants and other infrastructure deemed critical to national and economic security; “combat mission forces” to help commanders abroad plan and execute attacks or other offensive operations; and “cyber protection forces” to fortify the Defense Department’s networks. [Continue reading…]

Facebooktwittermail

Cyberwar: the arms and disarmament races

Tim Maurer writes: On October 11, Defense Secretary Leon Panetta gave a speech on cyber threats — “an issue at the very nexus of business and national security,” he said. “Ultimately, no one has a greater interest in cybersecurity than the businesses that depend on a safe, secure, and resilient global digital infrastructure.” He’s right: Businesses are interested and engaged — but some in a different way he meant. A new front is emerging in cyber-warfare: Multinational corporations are standing up to governments that use the Internet for military purposes.

Last month, in an unprecedented move, the U.S.-based company Symantec, Russia-based Kaspersky Lab, the German CERT-Bund/BSI, and ITU-IMPACT published the results of their joint analysis of the cyber-espionage tool Flame that infected primarily computer systems in the Middle East. They show that parts of Flame had been active as early as 2006, collecting data in more than a dozen countries, and that it was likely produced by a government. According to Kaspersky Lab, “in June, we definitely confirmed that Flame developers communicated with the Stuxnet development team, which was another convincing fact that Flame was developed with nation-state backing,” whereas Symantec more cautiously states that “this is the work of a highly organized and sophisticated group.”

“For us to know that a malware campaign lasted this long and was flying under the radar for everyone in the community, it’s a little concerning…. It’s a very targeted attack, but it’s a very large-scale attack,” Vikram Thakur at Symantec points out. The discoveries over the last two years of Stuxnet, Duqu, Flame, and Gauss — computer malware designed to spy and destroy — provided a glimpse of how far states have advanced in using cyberspace for military purposes, shedding light on a cyber campaign that seems to have been waged largely unnoticed for years. Perhaps the embarrassment was a wake-up call — some members of the industry now seem determined to step up their game.

It’s clear that governments across the world are bolstering their cyberwarfare capabilities. “What we’re looking at is a global cyber arms race,” said Rear Admiral Samuel Cox, director of intelligence at U.S. Cyber Command. Earlier this year, Forbes reported that governments are buying key components of cyber-weapons from hackers on a shadow market. The New York Times reporting on Operation Olympic Games shed light on Stuxnet, the most sophisticated cyber-attack known to date, and fueled the debate about potential backlashes.

But there is a counterforce to the global cyber arms race: an entire industry built on identifying and neutralizing malware. In fact, two races are taking place simultaneously — an arms and a disarmament race. [Continue reading…]

Facebooktwittermail

The perfect crime: Is Wiper malware connected to Stuxnet, Duqu?

Ars Technica reports: Mysterious malware that reportedly attacked Iran’s oil ministry in April shared a file-naming convention almost identical to those used by the state-sponsored Stuxnet and Duqu operations, an indication it may have been related, security researchers said.

The highly destructive malware known as Wiper has never been recovered, but its devastating effects are confirmed in a report published on Wednesday from researchers at Russia-based antivirus provider Kaspersky Lab. It struck as early as last December and used an advanced algorithm to permanently purge large portions of hard drives from computers it infected. Because it struck the same geographic region targeted by Stuxnet, researchers have spent months searching for evidence that links Wiper to the operation, which reportedly was sponsored by the US and Israeli militaries to disrupt Iran’s nuclear program.

Researchers have also looked for links between Wiper and the malware titles dubbed Flame, Duqu, and Gauss, which more recently were found to be spawned by the same software developers as Stuxnet. Flame was discovered by Kaspersky researchers only after they were asked by the International Telecommunications Union to look into incidents involving Wiper. During the course of the investigation, they soon zeroed in on Flame. They’re only now returning their attention to the original probe. [Continue reading…]

Facebooktwittermail

Russia’s top cyber sleuth foils U.S. spies, helps Kremlin pals

Noah Shachtman writes: It’s early February in Cancun, Mexico. A group of 60 or so financial analysts, reporters, diplomats, and cybersecurity specialists shake off the previous night’s tequila and file into a ballroom at the Ritz-Carlton hotel. At the front of the room, a giant screen shows a globe targeted by crosshairs. Cancun is in the center of the bull’s-eye.

A ruddy-faced, unshaven man bounds onstage. Wearing a wrinkled white polo shirt with a pair of red sunglasses perched on his head, he looks more like a beach bum who’s lost his way than a business executive. In fact, he’s one of Russia’s richest men — the CEO of what is arguably the most important Internet security company in the world. His name is Eugene Kaspersky, and he paid for almost everyone in the audience to come here. “Buenos dias,” he says in a throaty Russian accent, as he apologizes for missing the previous night’s boozy activities. Over the past 72 hours, Kaspersky explains, he flew from Mexico to Germany and back to take part in another conference. “Kissinger, McCain, presidents, government ministers” were all there, he says. “I have panel. Left of me, minister of defense of Italy. Right of me, former head of CIA. I’m like, ‘Whoa, colleagues.’”

He’s bragging to be sure, but Kaspersky may be selling himself short. The Italian defense minister isn’t going to determine whether criminals or governments get their hands on your data. Kaspersky and his company, Kaspersky Lab, very well might. Between 2009 and 2010, according to Forbes, retail sales of Kaspersky antivirus software increased 177 percent, reaching almost 4.5 million a year — nearly as much as its rivals Symantec and McAfee combined. Worldwide, 50 million people are now members of the Kaspersky Security Network, sending data to the company’s Moscow headquarters every time they download an application to their desktop. Microsoft, Cisco, and Juniper Networks all embed Kaspersky code in their products — effectively giving the company 300 million users. When it comes to keeping computers free from infection, Kaspersky Lab is on its way to becoming an industry leader.

But this still doesn’t fully capture Kaspersky’s influence. Back in 2010, a researcher now working for Kaspersky discovered Stuxnet, the US-Israeli worm that wrecked nearly a thousand Iranian centrifuges and became the world’s first openly acknowledged cyberweapon. In May of this year, Kaspersky’s elite antihackers exposed a second weaponized computer program, which they dubbed Flame. It was subsequently revealed to be another US-Israeli operation aimed at Iran. In other words, Kaspersky Lab isn’t just an antivirus company; it’s also a leader in uncovering cyber-espionage. [Continue reading…]

Facebooktwittermail

Stuxnet will come back to haunt us

Misha Glenny writes: The decision by the United States and Israel to develop and then deploy the Stuxnet computer worm against an Iranian nuclear facility late in George W. Bush’s presidency marked a significant and dangerous turning point in the gradual militarization of the Internet. Washington has begun to cross the Rubicon. If it continues, contemporary warfare will change fundamentally as we move into hazardous and uncharted territory.

It is one thing to write viruses and lock them away safely for future use should circumstances dictate it. It is quite another to deploy them in peacetime. Stuxnet has effectively fired the starting gun in a new arms race that is very likely to lead to the spread of similar and still more powerful offensive cyberweaponry across the Internet. Unlike nuclear or chemical weapons, however, countries are developing cyberweapons outside any regulatory framework.

There is no international treaty or agreement restricting the use of cyberweapons, which can do anything from controlling an individual laptop to disrupting an entire country’s critical telecommunications or banking infrastructure. It is in the United States’ interest to push for one before the monster it has unleashed comes home to roost.

Stuxnet was originally deployed with the specific aim of infecting the Natanz uranium enrichment facility in Iran. This required sneaking a memory stick into the plant to introduce the virus to its private and secure “offline” network. But despite Natanz’s isolation, Stuxnet somehow escaped into the cyberwild, eventually affecting hundreds of thousands of systems worldwide.

This is one of the frightening dangers of an uncontrolled arms race in cyberspace; once released, virus developers generally lose control of their inventions, which will inevitably seek out and attack the networks of innocent parties. Moreover, all countries that possess an offensive cyber capability will be tempted to use it now that the first shot has been fired. [Continue reading…]

Facebooktwittermail

U.S., Israel developed Flame computer virus to slow Iranian nuclear efforts, officials say

The Washington Post reports: The United States and Israel jointly developed a sophisticated computer virus nicknamed Flame that collected intelligence in preparation for cyber-sabotage aimed at slowing Iran’s ability to develop a nuclear weapon, according to Western officials with knowledge of the effort.

The massive piece of malware secretly mapped and monitored Iran’s computer networks, sending back a steady stream of intelligence to prepare for a cyber­warfare campaign, according to the officials.

The effort, involving the National Security Agency, the CIA and Israel’s military, has included the use of destructive software such as the Stuxnet virus to cause malfunctions in Iran’s nuclear-enrichment equipment.

The emerging details about Flame provide new clues to what is thought to be the first sustained campaign of cyber-sabotage against an adversary of the United States.

“This is about preparing the battlefield for another type of covert action,” said one former high-ranking U.S. intelligence official, who added that Flame and Stuxnet were elements of a broader assault that continues today. “Cyber-collection against the Iranian program is way further down the road than this.”

Flame came to light last month after Iran detected a series of cyberattacks on its oil industry. The disruption was directed by Israel in a unilateral operation that apparently caught its American partners off guard, according to several U.S. and Western officials who spoke on the condition of anonymity.

There has been speculation that Washington had a role in developing Flame, but the collaboration on the virus between the United States and Israel has not been previously confirmed. Commercial security researchers reported last week that Flame contained some of the same code as Stuxnet. Experts described the overlap as DNA-like evidence that the two sets of malware were parallel projects run by the same entity.

Facebooktwittermail

A few thoughts on Stuxnet, leaks, and cyberwarfare

After reading posts by Philip Weiss and Marcy Wheeler on the Stuxnet-Sanger story, I want to make a few comments to add some perspective.

In David Sanger’s report, this, supposedly, was one of the key revelations:

In the summer of 2010, shortly after a new variant of the worm had been sent into Natanz, it became clear that the worm, which was never supposed to leave the Natanz machines, had broken free, like a zoo animal that found the keys to the cage. It fell to Mr. Panetta and two other crucial players in Olympic Games — General Cartwright, the vice chairman of the Joint Chiefs of Staff, and Michael J. Morell, the deputy director of the C.I.A. — to break the news to Mr. Obama and Mr. Biden.

An error in the code, they said, had led it to spread to an engineer’s computer when it was hooked up to the centrifuges. When the engineer left Natanz and connected the computer to the Internet, the American- and Israeli-made bug failed to recognize that its environment had changed. It began replicating itself all around the world. Suddenly, the code was exposed, though its intent would not be clear, at least to ordinary computer users.

“We think there was a modification done by the Israelis,” one of the briefers told the president, “and we don’t know if we were part of that activity.”

Mr. Obama, according to officials in the room, asked a series of questions, fearful that the code could do damage outside the plant. The answers came back in hedged terms. Mr. Biden fumed. “It’s got to be the Israelis,” he said. “They went too far.”

In fact, both the Israelis and the Americans had been aiming for a particular part of the centrifuge plant, a critical area whose loss, they had concluded, would set the Iranians back considerably. It is unclear who introduced the programming error.

In the report, Sanger is summarizing the prologue of his book and rendering his pulp fiction prose into the stodgy English the New York Times prefers.

In Confront and Conceal: Obama’s Secret Wars and Surprising Use of American Power, he writes:

In the background, everyone could hear someone sucking air through his teeth. It was Joe Biden, the vice president, whose occasional outbursts were often a tension-relieving contrast with Obama’s typically impassive reaction to bad news.

“Oh, goddam,” he said, according to the account of one participant. “Sonofabitch. It’s got to be the Israelis. They went too far.”

Based on Biden’s understanding of the code running a programmable logic controller, it must have seemed obvious that the Israelis had tweaked the code so the worm would jump the fence. (Sorry, but I can’t help but get tangled in Sanger’s mixed zoological metaphors.)

But let’s be serious. Sanger describes Obama as “a new president with little patience for technological detail”. And I expect Obama’s “patience” with such detail probably exceeds Biden’s.

I imagine the Olympic Games briefings in the White House Situation Room to have involved a cascade of dumbing down as technical information got translated into a narrative that the principles could understand.

Biden’s certainty about the role of the Israelis in the worm breaking loose most likely reveals much more about what he thinks about the Israelis than it reveals about his understanding of Stuxnet.

Ralph Langner understands Stuxnet — he and his colleagues cracked the code — and he compliments Sanger as “by far the best informed journalist on the Iranian nuclear program that I have talked to.”

But Langner doesn’t buy the story about the Israelis going too far.

One technical detail that makes little sense is the theory that Stuxnet broke out of Natanz rather than into due to a software bug introduced by the Isrealis; this sounds like an attempt (of one of the sources) to put the blame for a non-anticipated side effect of a design feature on somebody else.

It also sounds like an element in a wider political narrative: that Obama needs to keep Netanyahu on a tight leash because without American restraint the Israelis are bound to launch a military strike on Iran.

This image suits both the U.S. and Israel. It provides a plausible explanation for why Israel hasn’t attacked Iran already (for Netanyahu, imminent is an amazingly elastic concept) and it supposedly gives the U.S. leverage as it tentatively negotiates with Iran. The threat forever looms of Israel getting unleashed. Obama retains his position as the aloof statesman in the foreground with Mad Dog Netanyahu lurking in the shadows.

As for the leak story, Senator Dianne Feinstein seems to have volunteered herself as a prime suspect. When she talks about the cunning of “very sophisticated journalists” she seems to be claiming she got conned:

[Sanger] assured me that what he was publishing he had worked out with various agencies and he didn’t think that anything was revealed that wasn’t known already.

What’s that supposed to mean? In conversation with Feinstein, Sanger refers to some classified information, Feinstein has some reservations in talking about it but Sanger assures her it’s all kosher, that’s he’s got the thumbs up from the NSA and the CIA and it’s all information that’s already in the public domain. Having thus been briefed on how to handle classified information by a very sophisticated journalist from the New York Times, Feinstein then tells Sanger a few things he hasn’t heard before.

At the same time, what Feinstein and most of Sanger’s other sources probably understood was that the book he was researching was as he puts it, “the story of a presidency in midstream” — which makes the upcoming election sound, at least in Sanger’s mind, like a formality. They weren’t just talking to a very sophisticated journalist but also a very friendly journalist.

Sanger’s Stuxnet story is part of a portrait of a president he’s presenting as bold and daring yet also cautious and diligent in oversight. Obama the hot shot replaced Bush the klutz. In that context Stuxnet is described as a limited success.

Rather than assess that claim based on reports about numbers of centrifuges disabled, it would however make more sense to view the operation’s success in terms of its aims. And rather than assess those aims based on the claims made by Sanger’s government sources after the fact, it actually makes more sense to look at the objectives of the malware as revealed directly by its design. The operation’s objectives are literally written in the code.

In a technical presentation, Langner highlights two principal features of the design:

1. The attackers are obsessed with disguise
2. Death by a thousand cuts rather than a clean shot between the eyes.

For instance, while Sanger describes centrifuges being run faster and slower so suddenly that they self destruct, Langner says Stuxnet would, at the appointed time, make the centrifuges run at speeds that would cause metal fatigue. A malfunction might then follow only one or two weeks later. It wasn’t just about trying to make centrifuges break but just as crucially controlling how and when they broke.

In other words, the goal of Stuxnet was not to destroy Iran’s enrichment facility but to frustrate the Iranian’s efforts to make it operate effectively. To that end, the attacks would not cause spectacular damage but they would never end — so long as they could continue undetected. The key was to make a succession of centrifuge problems all look like mechanical problems. Detection meant failure.

Sanger waits right until the very end of his report to add this caution:

[N]o country’s infrastructure is more dependent on computer systems, and thus more vulnerable to attack, than that of the United States. It is only a matter of time, most experts believe, before it becomes the target of the same kind of weapon that the Americans have used, secretly, against Iran.

Langner makes a similar warning:

It does not require the resources of a nation state to develop cyber weapons. I could achieve that by myself with just a handful of freelance experts. Any U.S. power plant, including nuclear, is much easier to cyberattack than the heavily guarded facilities in Iran. An attacker who is not interested in engaging in a long-term campaign with sophisticated disguise (which rogue player would be?) needs to invest only a tiny fraction of effort compared to Stuxnet.

He also warns that the danger Stuxnet unleashed does not derive from the code itself but simply the concepts enshrined in the cyberweapon’s design. We still don’t know the scope of the Stuxnet failure.

Facebooktwittermail

Cyber-weapons are a very very bad idea

Karl Vick writes: Eugene Kaspersky, the Russian cyber sleuth who last week revealed the most sophisticated virus yet targeting Iran, was greeted as a hero at the Tel Aviv University conference on digital security Wednesday. He didn’t pretend not to know why, any more than the Israeli audience that played along with the coy remarks its officials have made about the country’s role in the digital espionage bedeviling the Iranian program.

“Maybe there are some people here who are not happy with work I was doing with Stuxnet and Flame,” he told an audience of more than 1,000 at the university’s annual International Conference on Cyber Security. (Stuxnet was the previous virus that hit Iran, targeting its nuclear program; Flame hit the petroleum industry.) Then the keynote speaker, clad in jeans and an untucked linen shirt, leaned forward and said in a stage whisper, “I’m really sorry.” Waves of laughter and applause followed. “It’s not personal,” Kaspersky went on, drawing out the laughter, which had a quality of mutual congratulation. “It’s my job…. So next time, be more careful.”

But when the room quieted down, the guru got serious. Cyber-weapons, Kaspersky advised, “are a very very bad idea.” Whatever advanced knowledge allowed engineers to fashion the malicious software targeted at Iran’s nuclear program will, in short order, become known to other nations, he said, and next time could well be directed back at the originators — the very worry President Obama reportedly voiced in approving the digital espionage in a joint program with Israel. “I’m afraid that in the future there will be other countries in this game,” Kaspersky said. “It’s only software. Maybe ‘hacktivists’ will become cyber-terrorists. And maybe the traditional terrorists will be in touch with the cyber-terrorists.

Facebooktwittermail

Mutually assured cyberdestruction?

David Sanger writes: In March the White House invited all the members of the Senate to a classified simulation on Capitol Hill demonstrating what might happen if a dedicated hacker — or an enemy state — decided to turn off the lights in New York City. In the simulation, a worker for the power company clicked on what he thought was an e-mail from a friend; that “spear phishing” attack started a cascade of calamities in which the cyberinvader made his way into the computer systems that run New York’s electric grid. The city was plunged into darkness; no one could find the problem, much less fix it. Chaos, and deaths, followed.

The administration ran the demonstration — which was far more watered-down than the Pentagon’s own cyberwar games — to press Congress to pass a bill that would allow a degree of federal control over protecting the computer networks that run America’s most vulnerable infrastructure. The real lesson of the simulation was never discussed: cyberoffense has outpaced the search for a deterrent, something roughly equivalent to the cold-war-era concept of mutually assured destruction. There was something simple to that concept: If you take out New York, I take out Moscow.

But there is nothing so simple about cyberattacks. Usually it is unclear where they come from. That makes deterrence extraordinarily difficult. Moreover, a good deterrence “has to be credible,” said Joseph S. Nye, the Harvard strategist who has written the deepest analysis yet of what lessons from the atomic age apply to cyberwar. “If an attack from China gets inside the American government’s computer systems, we’re not likely to turn off the lights in Beijing.” Professor Nye calls for creating “a high cost” for an attacker, perhaps by naming and shaming.

Deterrence may also depend on how America chooses to use its cyberweapons in the future. Will it be more like the Predator, a tool the president has embraced? That would send a clear warning that the United States was ready and willing to act. But as President Obama warned his own aides during the secret debates over Olympic Games [the Stuxnet operation], it also invites retaliatory strikes, with cyberweapons that are already proliferating. In fact, one country recently announced that it was creating a new elite “Cybercorps” as part of its military. The announcement came from Tehran.

Since cyberdeterrence looks like a non-starter, the U.S. should perhaps focus instead on a home truth: those who live in cyber houses shouldn’t throw cyber stones.

Facebooktwittermail

Nothing’s too highly classified to stop it serving Obama 2012

If Bradley Manning ever gets a chance to read two new books — Kill or Capture: The War on Terror and the Soul of the Obama Presidency, by Daniel Klaidman, and Confront and Conceal: Obama’s Secret Wars and Surprising Use of American Power, by David E Sanger — he’ll be wondering: how do these guys get away with it? In other words, how can top government officials reveal highly classified information to prominent journalists who then use this information to publish what will likely become best-selling books and these major breaches of secrecy take place without anyone even getting a slap on the wrists?

Of course Manning and everyone else already knows the answer: this administration like all its predecessors has no compunction about revealing secrets whenever these revelations serve the administration’s interests.

Obama’s secret wars and his comfort in the role of chief assassin aren’t secrets because these revelations will supposedly improve his chances of getting re-elected. The Obama 2012 campaign is determined that when it comes to national security issues, Mitt Romney and the GOP will never freely be provided with opportunities to cast this president as insufficiently tough. Neither is it conceivable that any Republican will ever accuse Obama of being too tough on terrorism or Iran.

So Klaidman and Sanger’s books seem to be coming out conveniently timed to help frame the general election. Earlier this week the New York Times presented the most detailed account thus far made available about Obama’s hands-on approach to drone warfare, and today we are getting a kind of companion piece on Obama’s hands-on approach to cyberwarfare.

The speculation about the Stuxnet computer worm is over: it was a U.S. operation with Israel as a junior partner — the operation was called Olympic Games. And when Stuxnet went out of control and started spreading around the world, some in the administration were swift to assign blame:

In the summer of 2010, shortly after a new variant of the worm had been sent into Natanz, it became clear that the worm, which was never supposed to leave the Natanz machines, had broken free, like a zoo animal that found the keys to the cage. It fell to Mr. Panetta and two other crucial players in Olympic Games — General Cartwright, the vice chairman of the Joint Chiefs of Staff, and Michael J. Morell, the deputy director of the C.I.A. — to break the news to Mr. Obama and Mr. Biden.

An error in the code, they said, had led it to spread to an engineer’s computer when it was hooked up to the centrifuges. When the engineer left Natanz and connected the computer to the Internet, the American- and Israeli-made bug failed to recognize that its environment had changed. It began replicating itself all around the world. Suddenly, the code was exposed, though its intent would not be clear, at least to ordinary computer users.

“We think there was a modification done by the Israelis,” one of the briefers told the president, “and we don’t know if we were part of that activity.”

Mr. Obama, according to officials in the room, asked a series of questions, fearful that the code could do damage outside the plant. The answers came back in hedged terms. Mr. Biden fumed. “It’s got to be the Israelis,” he said. “They went too far.”

The idea that the Israelis needed to be kept on a leash is really a side note in the general narrative here. The overarching story is that Obama took on two policies that had been initiated by George Bush — the use of drones to assassinate suspected terrorists, and the use of cyberwarfare to disable Iran’s nuclear program — and he showed more daring and imagination than Bush and proved himself not merely another wartime president, but a president dedicated to advancing America’s position as the most advanced war-fighting nation in the world.

At the same time, Obama is presented ambiguously as a commander disinclined to initiate. The portrait appears intended to convey an amalgam of boldness and caution.

Mr. Obama, according to participants in the many Situation Room meetings on Olympic Games, was acutely aware that with every attack he was pushing the United States into new territory, much as his predecessors had with the first use of atomic weapons in the 1940s, of intercontinental missiles in the 1950s and of drones in the past decade. He repeatedly expressed concerns that any American acknowledgment that it was using cyberweapons — even under the most careful and limited circumstances — could enable other countries, terrorists or hackers to justify their own attacks.

“We discussed the irony, more than once,” one of his aides said. Another said that the administration was resistant to developing a “grand theory for a weapon whose possibilities they were still discovering.” Yet Mr. Obama concluded that when it came to stopping Iran, the United States had no other choice.

If Olympic Games failed, he told aides, there would be no time for sanctions and diplomacy with Iran to work. Israel could carry out a conventional military attack, prompting a conflict that could spread throughout the region.

The problem with Obama’s lead-from-behind approach is that he is setting precedents in the use, for instance, of assassinations and cyberwarfare, where not in spite of but because they are not being enshrined in an Obama doctrine, these precedents seem even more likely to become standard practice — they will not be seen as Obama’s way but instead unquestioningly accepted as the American way.

Facebooktwittermail

Energy assets in front line of cyber war

Reuters reports: Global energy infrastructure is more vulnerable than ever in an escalating cyber war thanks to “sons of Stuxnet” electronic missiles, which can be created from the virus designed to sabotage Iran’s nuclear programme.

Cyber espionage is on the rise, with Chinese hackers stealing field data and cutting-edge technology from energy companies around the world since at least 2009, according to leading security firm McAfee (part of Intel Corp ).

But the biggest threat to everything from power grids to digital oilfields may come from malware based on the Stuxnet worm, widely thought to have been sponsored by western government agencies, security experts say.

Cyber weapons like Stuxnet that can take control of plants appear to be more of an operational danger than the recently-discovered Flame virus, which seems designed to gather data.

“Stuxnet really showed people you could do this, that is the problem. I cannot imagine any major government agency not developing an offensive capability,” Eric Byres, a leading authority on critical infrastructure security, told Reuters.

Byres, who advises governments and multinationals on cyber security, said government agencies could seek to infiltrate energy infrastructure in case of political tension. “That is one of the risks, that we are weaponizing our entire energy industry, or leaving weapons inside it, just in case.”

Governments are concerned that energy and communications networks would be the first victims of any conflict with a cyber-savvy aggressor.

“It is believed that would be part of any form of warfare – that they would take out private sector infrastructures as part of knocking out a country,” said Paul Dorey, who managed BP’s digital security until 2008 and is now professor of information security at the University of London.

The stable relationship between the United States, Russia and China, means there seems little chance of they will try to disrupt one another’s energy networks any time soon.

But Iran has been bombarded with cyber bugs during its intense nuclear standoff with the west, with the virus known as Flame detected in April and a worm called Duqu, designed to gather intelligence on industrial infrastructure for future attacks, found last year.

Facebooktwittermail

Was Flame virus that invaded Iran’s computer networks made in USA?

NBC News reports: As the United Nations and Iran warn that the newly discovered Flame computer virus may be the most potent weapon of its kind, U.S. computer security experts tell NBC News that the virus bears the hallmarks of a U.S. cyber espionage operation, specifically that of the super-secret National Security Agency.

The Flame virus, which is intended to gather intelligence — not destroy equipment or data, as was the case with the notorious Stuxnet virus — is too sophisticated to be the work of another country, said one U.S. official, speaking on condition of anonymity. “It was U.S.,” said the official, who acknowledged having no first-hand knowledge of how the virus operates or was introduced into the Iranian computers.

The U.S. was also believed to have a hand in the creation and insertion of the Stuxnet virus, which targeted Iran’s uranium-enriching centrifuges.

The newly discovered Flame virus essentially “colonizes” the targeted computers, giving hackers control over critical data stored on them, according to cybersecurity experts who spoke with NBC News.

U.S. intelligence officials declined to discuss the virus. “We have no comment,” said one. Israeli officials, suspected in previous attacks, denied involvement.

ABC News reports: Clues in the code, such as the names of processes like “Beetlejuice” and “Platypus,” led some experts to believe it could have been written by native English-speakers, but others pointed out that English is a common coding language in many countries.

Roel Schouwenberg, a senior researcher at Kasperky Labs, told ABC News today some monikers used in coding mean nothing at all or are just inside jokes among the programmers.

“We are talking about a very high stakes operation here, covert cyber ops, but that doesn’t mean these guys aren’t just having fun sometimes,” he said.

Another possible clue in the code, Schouwenberg said, is that even though the program’s structure and capabilities are very different, Flame shares some sophisticated techniques and geographical targets with another infamous cyber weapon, Stuxnet. Stuxnet was an offensive cyber weapon that was only discovered in 2010 after it had reportedly infected and caused physical damage to an Iranian nuclear facility.

Schouwenberg said Kaspersky Labs is operating under the theory that Stuxnet and Flame were created by different development teams but likely under the direction from the same backer and with access to each other’s work. A researcher with the U.S.-based cyber firm Symantec told ABC News that scenario was a “definite” possibility and in its report Crysys said it could not be ruled out.

Facebooktwittermail

Minister hints at Israeli role in ‘Flame’ virus

The Jerusalem Post reports: In comments that could be construed as suggesting that Israel is behind the “Flame” virus, the latest piece of malicious software to attack Iranian computers, Vice Premier Moshe Ya’alon on Tuesday said that “whoever sees the Iranian threat as a serious threat would be likely to take different steps, including these, in order to hurt them.”

Speaking in an interview with Army Radio, Ya’alon further hinted that Jerusalem was behind the cyber attack, saying “Israel is blessed to be a nation possessing superior technology. These achievements of ours open up all kinds of possibilities for us.”

The virus, dubbed “Flame,” effectively turns every computer it infects into the ultimate spy. It can turn on PC microphones to record conversations taking place near the computer, take screenshots, log instant messaging chats, gather data files and remotely change settings on computers.

Security experts from the Russian Kaspersky Lab, who announced Flame’s discovery on Monday, said it is found in its highest concentration in Iranian computers. It can also be found in other Middle Eastern locations, including Israel, the West Bank, Syria and Sudan.

The virus has been active for as long as five years, as part of a sophisticated cyber warfare campaign, the experts said.

It is the most complex piece of malicious software discovered to date, according to Kaspersky Lab’s senior security researcher Roel Schouwenberg, who said he did not know who built Flame.

Facebooktwittermail

Researchers find vulnerability that could allow spying in Chinese chips used by U.S. army

Update below.

The Next Web reports: A team of researchers from Cambridge University say they have found evidence that a Chinese-manufactured chip used by US armed forces contains a secret access point that could leave it vulnerable to third party tampering.

The researchers tested an unspecified US military chip — used in weapons, nuclear power plants to public transport – and found that a previously unknown ‘backdoor’ access point had been added, making systems and hardware open to attack, the team says.

Cambridge University researcher, Sergei Skorobogatov, explains:

We scanned the silicon chip in an affordable time and found a previously unknown backdoor inserted by the manufacturer. This backdoor has a key, which we were able to extract. If you use this key you can disable the chip or reprogram it at will, even if locked by the user with their own key.

This particular chip is prevalent in many systems from weapons, nuclear power plants to public transport. In other words, this backdoor access could be turned into an advanced Stuxnet weapon to attack potentially millions of systems. The scale and range of possible attacks has huge implications for National Security and public infrastructure.

While the initial research is a concern, a number of question marks remain over the findings before further conclusions can be drawn.

It is unclear if the access point is isolated to the chip that was tested or whether Skorobogatov and his colleagues have stumbled upon a larger trend. Likewise, it remains possible that the modified back door access could have been created by the US armed forces themselves.

Update: Robert David Graham says that while the Cambridge researchers “did find a backdoor in a popular FPGA chip, there is no evidence the Chinese put it there, or even that it was intentionally malicious.” He provides a detailed technical analysis explaining how he reaches this conclusion.

Facebooktwittermail

Meet ‘Flame’, the massive spy malware infiltrating Iranian computers

Wired reports: A massive, highly sophisticated piece of malware has been newly found infecting systems in Iran and elsewhere and is believed to be part of a well-coordinated, ongoing, state-run cyberespionage operation.

The malware, discovered by Russia-based anti-virus firm Kaspersky Lab, is an espionage toolkit that has been infecting targeted systems in Iran, Lebanon, Syria, Sudan, the Israeli Occupied Territories and other countries in the Middle East and North Africa for at least two years.

Dubbed “Flame” by Kaspersky, the malicious code dwarfs Stuxnet in size – the groundbreaking infrastructure-sabotaging malware that is believed to have wreaked havoc on Iran’s nuclear program in 2009 and 2010. Although Flame has both a different purpose and composition than Stuxnet, and appears to have been written by different programmers, its complexity, the geographic scope of its infections and its behavior indicate strongly that a nation-state is behind Flame, rather than common cyber-criminals — marking it as yet another tool in the growing arsenal of cyberweaponry.

The researchers say that Flame may be part of a parallel project created by contractors who were hired by the same nation-state team that was behind Stuxnet and its sister malware, DuQu.

“Stuxnet and Duqu belonged to a single chain of attacks, which raised cyberwar-related concerns worldwide,” said Eugene Kaspersky, CEO and co-founder of Kaspersky Lab, in a statement. “The Flame malware looks to be another phase in this war, and it’s important to understand that such cyber weapons can easily be used against any country.”

Early analysis of Flame by the Lab indicates that it’s designed primarily to spy on the users of infected computers and steal data from them, including documents, recorded conversations and keystrokes. It also opens a backdoor to infected systems to allow the attackers to tweak the toolkit and add new functionality.

The malware, which is 20 megabytes when all of its modules are installed, contains multiple libraries, SQLite3 databases, various levels of encryption — some strong, some weak — and 20 plug-ins that can be swapped in and out to provide various functionality for the attackers. It even contains some code that is written in the LUA programming language — an uncommon choice for malware.

Kaspersky Lab is calling it “one of the most complex threats ever discovered.”

“It’s pretty fantastic and incredible in complexity,” said Alexander Gostev, chief security expert at Kaspersky Lab.

Flame appears to have been operating in the wild as early as March 2010, though it remained undetected by antivirus companies. [Continue reading…]

Symantec adds: Based on the number of compromised computers, the primary targets of this threat are located in the Palestinian West Bank, Hungary, Iran, and Lebanon. However, we have additional reports in Austria, Russia, Hong Kong, and the United Arab Emirates. These additional reports may represent a targeted computer that was temporarily taken to another region–for example, a laptop. Interestingly, in addition to particular organizations being targeted, many of the compromised computers appear to be personal computers being used from home Internet connections.

Facebooktwittermail

What fearmongers get wrong about cyberwarfare

Evgeny Morozov writes: Should we worry about cyberwarfare? Judging by excessively dramatic headlines in the media, very much so. Cyberwarfare, the argument goes, might make wars easier to start and thus more likely.

Why so? First, cyberwarfare is asymmetric; being cheap and destructive, it may nudge weaker states to conflicts with stronger states — the kinds of conflicts that would have been avoided in the past. Second, since cyberattacks are notoriously difficult to trace, actors may not fear swift retaliation and behave more aggressively than usual. Third, as it’s hard to defend against cyberattacks, most rational states would prefer to attack first. Finally, since cyberweapons are surrounded by secrecy and uncertainty, arms control agreements are hard to implement. More cyberwarfare, in other words, means more wars.

Not so fast, cautions a new and extremely provocative article by Princeton doctoral candidate Adam Liff in the Journal of Strategic Studies. According to Liff, to assume that cyberwarfare has an inherent logic — a teleology — that would always result in more conflict is short-sighted. Furthermore, it fails to consider the subtleties of both military strategy and power relations. Instead of basing our cyber policy on outlandish scenarios from second-rate films, we have to remember that those who would deploy cyberweapons have real agendas and real interests—and would have to pay real costs if something goes awry.

Given today’s geopolitical situation, Liff sees no reason for the doom-and-gloom fearmongering of leading ambassadors of the cyber-industrial complex, most notoriously Richard Clarke and his best-selling 2010 book Cyberwar. Liff even spells out several scenarios where cyberwarfare would actually decrease armed conflict. That’s right: The advent of cyberweapons may eventually promote world peace. Hippies of the world unite — and learn how to mount cyberattacks! [Continue reading…]

Facebooktwittermail

Meet the hackers who sell spies the tools to crack your PC (and get paid six-figure fees)

Andy Greenberg writes: At a Google-run competition in ­Vancouver last month, the search giant’s famously secure Chrome Web browser fell to hackers twice. Both of the new methods used a rigged ­website to bypass Chrome’s security protections and completely hijack a target computer. But while those two hacks defeated the company’s defenses, it was only a third one that actually managed to get under Google’s skin.

A team of hackers from French security firm Vupen were playing by different rules. They declined to enter Google’s contest and instead dismantled Chrome’s security to win an HP-sponsored hackathon at the same conference. And while Google paid a $60,000 award to each of the two hackers who won its event on the condition that they tell Google every detail of their attacks and help the company fix the vulnerabilities they had used, Vupen’s chief executive and lead hacker, Chaouki Bekrar, says his company never had any intention of telling Google its secret techniques—certainly not for $60,000 in chump change.

“We wouldn’t share this with Google for even $1 million,” says Bekrar. “We don’t want to give them any knowledge that can help them in fixing this exploit or other similar exploits. We want to keep this for our customers.”

Those customers, after all, don’t aim to fix Google’s security bugs or those of any other commercial software vendor. They’re government agencies who ­purchase such “zero-day” exploits, or hacking techniques that use undisclosed flaws in software, with the ­explicit ­intention of invading or disrupting the computers and phones of crime suspects and intelligence targets.

In that shady but legal market for security vulnerabilities, a zero-day exploit that might earn a hacker $2,000 or $3,000 from a software firm could earn 10 or even 100 times that sum from the spies and cops who aim to use it in secret. Bekrar won’t detail Vupen’s exact pricing, but analysts at Frost & Sullivan, which named Vupen the 2011 Entrepreneurial Company of the Year in vulnerability research, say that Vupen’s clients pay around $100,000 annually for a subscription plan, which gives them the privilege of shopping for Vupen’s techniques. Those intrusion methods ­include ­attacks on software such as Micro­soft Word, Adobe Reader, Google’s ­Android, Apple’s iOS operating systems and many more—Vupen bragged at HP’s hacking competition that it had exploits ready for every major browser. And sources familiar with the company’s business say that a single technique from its catalog often costs far more than its six-figure subscription fee.

Facebooktwittermail