Reply With Quote
cynical perhaps. Little evidence: wrong thread. The evidence is in the flouride thread. we shouldnt hijack this one any further.
That works, in theory. But the point is that this is a "hands-free" cyber attack, needing no zombot-like controller. That means the virus could probably be disseminated in various ways; memory module, CD, etc etc. All software needs updates eventually. What if such a weapon got snuck into an update? I think that's the point.
cynical perhaps. Little evidence: wrong thread. The evidence is in the flouride thread. we shouldnt hijack this one any further.
You're so NUANCED, DarrinS.
That's what I didn't get about the article. It kept saying
What industrial process? And if this "process" self-destructs, does that have real-world effects? This is the one part I'm skeptical about; it sounds like the author may not be understanding what the IT experts are talking about.
Once a system is infected, Stuxnet simply sits and waits – checking every five seconds to see if its exact parameters are met on the system. When they are, Stuxnet is programmed to activate a sequence that will cause the industrial process to self-destruct, Langner says.
Not all do.
But then, I would not expect, nor claim otherwise.
You are implying that science in general has been subverted by people with money, bent on purposefully manipulating it to their own ends, and that some portion of scientists are going along with it.
If that is the point you are trying to make, then you need to provide some level of proof for that assertion.
Please provide proof showing that a majority, or even a large percentage of scientists have unaltruistic intentions.
Otherwise, we must assume that the stated intent of scientists, i.e. that of an objective, testible measure of reality, is correct.
You could clarify: what percentage of scientists are lying about that?
To my memory you never provided proof of motive.
Do you have a do ent on the part of a floride proponent or manufacturer stating that they are solely advocating the use of floride for no other purpose than to dispose/sell their product?
youre taking it to an extreme. It doesnt have to involve more than a handful who are willing to present contradictory findings for $. just look at litigation...each side can pay for experts to bolster their case. Same with politics. Each party/each interest can find scientists willing to support their angle, or at least undermine the oppositions. Its the American way. No findings win undisputed.
lying = overbroad generalization. Percentage poking holes in the opposition, not telling the entire story, playing devils advocate for $ = that percentage who can be bought. What percentage of any profession can be bought? Science would probably fall about equal to other professions.
So staying on topic, PCWorld did an article on this:
http://www.pcworld.com/businesscente...r_program.html
And they seem to pinpoint the effects this rootkit can have more precisely:
Some other interesting stuff:
One of the things that Langner discovered is that when Stuxnet finally identifies its target, it makes changes to a piece of Siemens code called Organizational Block 35. This Siemens component monitors critical factory operations -- things that need a response within 100 milliseconds. By messing with Operational Block 35, Stuxnet could easily cause a refinery's centrifuge to malfunction, but it could be used to hit other targets too, Byres said. "The only thing I can say is that it is something designed to go bang," he said.
How it hides itself:Whoever created Stuxnet developed four previously unknown zero-day attacks and a peer-to-peer communications system, compromised digital certificates belonging to Realtek Semiconductor and JMicron Technology, and displayed extensive knowledge of industrial systems. This is not something that your run-of-the-mill hacker can pull off. Many security researchers think that it would take the resources of a nation state to accomplish.
http://www.symantec.com/connect/blog...-scada-devices
It's a pretty vicious piece of work, by all accounts.Previously, we reported that Stuxnet can steal code and design projects and also hide itself using a classic Windows rootkit, but unfortunately it can also do much more. Stuxnet has the ability to take advantage of the programming software to also upload its own code to the PLC in an industrial control system that is typically monitored by SCADA systems. In addition, Stuxnet then hides these code blocks, so when a programmer using an infected machine tries to view all of the code blocks on a PLC, they will not see the code injected by Stuxnet. Thus, Stuxnet isn’t just a rootkit that hides itself on Windows, but is the first publicly known rootkit that is able to hide injected code located on a PLC.
In particular, Stuxnet hooks the programming software, which means that when someone uses the software to view code blocks on the PLC, the injected blocks are nowhere to be found. This is done by hooking enumeration, read, and write functions so that you can’t accidentally overwrite the hidden blocks as well.
So staying on topic, PCWorld did an article on this:
http://www.pcworld.com/businesscente...r_program.html
And they seem to pinpoint the effects this rootkit can have more precisely:
Some other interesting stuff:
One of the things that Langner discovered is that when Stuxnet finally identifies its target, it makes changes to a piece of Siemens code called Organizational Block 35. This Siemens component monitors critical factory operations -- things that need a response within 100 milliseconds. By messing with Operational Block 35, Stuxnet could easily cause a refinery's centrifuge to malfunction, but it could be used to hit other targets too, Byres said. "The only thing I can say is that it is something designed to go bang," he said.
How it hides itself:Whoever created Stuxnet developed four previously unknown zero-day attacks and a peer-to-peer communications system, compromised digital certificates belonging to Realtek Semiconductor and JMicron Technology, and displayed extensive knowledge of industrial systems. This is not something that your run-of-the-mill hacker can pull off. Many security researchers think that it would take the resources of a nation state to accomplish.
http://www.symantec.com/connect/blog...-scada-devices
It's a pretty vicious piece of work, by all accounts.Previously, we reported that Stuxnet can steal code and design projects and also hide itself using a classic Windows rootkit, but unfortunately it can also do much more. Stuxnet has the ability to take advantage of the programming software to also upload its own code to the PLC in an industrial control system that is typically monitored by SCADA systems. In addition, Stuxnet then hides these code blocks, so when a programmer using an infected machine tries to view all of the code blocks on a PLC, they will not see the code injected by Stuxnet. Thus, Stuxnet isn’t just a rootkit that hides itself on Windows, but is the first publicly known rootkit that is able to hide injected code located on a PLC.
In particular, Stuxnet hooks the programming software, which means that when someone uses the software to view code blocks on the PLC, the injected blocks are nowhere to be found. This is done by hooking enumeration, read, and write functions so that you can’t accidentally overwrite the hidden blocks as well.
the motive is absolutely there. the introduction of flouride follows industrial practices starting in florida. industry that was about to go bankrupt over pollution lawsuits.
it follows a typical chain of events. A commercial interest paid to fund a lobby interest under the table, who bought endorsement of the ADA, and effectively fleeced/bought politicians/public for flouridation. The same group lobbied for asbesos as well (science for sale). early 20th century. check the other thread. If I had time I would get it for you.
Hey Parker, RG, you guys mind taking your stuff to the flouride thread? kthxbai
Motive: why go B/R for poisoning the public, when you can sell your industrial waste and offset the scrubbing operations in your production plants?
sorry mane. they called me out, I didnt start this. I asked them to take it over there a while back.
Discretion is the better part of valor.
The concerning part is that these rootkits TARGET the means by which any safety system would be able to respond. What good are procedures (dependent on human response) if the little bugger prevents access to the very systems that would enable a return to normal?
From my experience in a refinery setting, this type of attack would be severely crippling and devastating on many fronts (Environmentally, Economically, not to mention the Safety Hazards posed by the unplanned release of thousands of pounds of toxic chemicals, and flammable products).
If some 'State' did produce this kit as an attack on Iran's facilities... why would they arm them with such a weapon?... a stated by the article LnGrrrR posted above, the code can be reverse-engineered. Why wouldn't the creators realize that said tactic would backfire... someone out there has basically armed them with new weapons, weapons they can now use on us because it was delivered to their doorstep.
Public bliss would be better than having such articles enlighten whatever radicals are out there looking for new ways to exact their terrorism.
Eh, the security world has shown that public knowledge is by far much safer than keeping stuff private; that's roughly the whole idea of open-source docs, white-hat hackers, etc etc.
Better to get this knowledge out so people can check the systems currently infected now, and be on the lookout for future issues. This attack obviously hid itself quite well, but it was still discovered. Hopefully the cyber experts can use this info to track other variants. It was pretty sophisticated; anyone who isn't already heavily in the field probably isn't reading this article and becoming a hacker capable of writing this kind of code overnight.
That guy is dreaming or doesn't really know much about industrial systems. As pointed out in the Symantec article you quoted later, and another one I read a long time ago that had soundbites from both Symantec and Kapersky, the worm can reprogram a PLC in a industrial control hardware through the Siemens software. Due to the variety of installations that the Siemens software can control, it's really difficult, if not completely unlikely, that this was targeting more than one type of installation, if not a single installation entirely. That said, I'm pretty sure that if there's a big red button in the Siemens software, it's to shut down the entire system, not to blow it up.
Agreed. This raises awareness on Siemens that they cannot trust the security base provided by Windows and they probably need to roll their own.
Plus, it's not like attacks like this one are really new. Targeted attacks at very specific programs or processes have existed for a long, long time. They just weren't labeled terrorism back then, and they normally used a single unknown backdoor, instead of multiple unknown backdoors. What's fishy about this one is that it's quite precisely targeted as far as a geographical area. Most worms don't really restrict themselves from infection. And if they do, it's to avoid detection and normally stop at a certain infection count. This thing restricts the penetration depth, which makes it very specific (and odd).
Well, according to the article, it seemed that it wasn't designed like a normal "worm" in order to propagate widely, and that most of the infections were caused by a Russian contractor who worked as a consultant at many of these sites.
Also, in one of those articles, it does mentions that after three infections, it deletes itself, which would also help to stop propagation and keep it geographically limited. It is pretty curious.
This is bad news - let out of the bag way too early. Now Skynet will be able to adapt.
I agree that Seimens/PLC end users should be made aware of such threats... I just don't agree that we should have articles that give our enemies ideas on how to cripple our energy infrastructure... They basically told them what they needed to do to reprogram it, and why they should do it. , even some environmental extremist could use this type of attack as a highly short-sighted means to a way...
I just keep thinking of the movie Hackers. "row row row your boat...."
It would require some sophisticated Iranian programmers. I doubt that that they have many.
Using it on anyone else, would then require access to the versions of operating systems used by a target, something Iran would find difficult to obtain.
Iran was uniquely vulnerable, because it seems they were using pirated software.
Software makers don't give software pirates patches that fix known glitches.
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
