It was quite picky on its target. It went through several checks and when those checks failed, it would not implement the attack. It was obviously probing for a very specific target…you have to put this in context - this was the most sophisticated piece of malware that we have ever seen. So, its kind of strange that someone makes this huge effort to hit one specific target…well, that must be quite a significant target:
Whoever was behind Stuxnet hasn’t admitted they were behind it.
Even after the cyberweapon had penetrated computers all over the world, no one was willing to admit that it was loose, or talk about the dangers that it posed.
Stuxnet first surfaced with a Belarusian security company servicing Iran.
“Had you ever seen anything quite so sophisticated before?”
“Not with this kind of ‘zero-day’ capacity…......... it was the first time in my practice.”
... a third kind of hactivist is sponsored by state governments…
It went beyond our worst fears… our worst nightmares ..and this continued the more we analyzed….
The first time we opened up Stuxnet there was just bad things everywhere.
Just to give you some context, we can go through and understand every line of code for the average threat in minutes… and here we are one month into this threat and we are just beginning to discover what we call its payload, or its whole purpose…
When looking at the Stuxnet code, its twenty times the size of the average piece of code but contains almost no bugs inside of it, which is extremely rare, code always has bugs inside of it. It’s dense and everything does something or does something right in order to conduct its attack.
One of the things that surprised us was that Stuxnet utilized what is called a zero day exploit.
...its a piece of code allows it to spread without you having to do anything…
A zero day is an exploit which nobody knows about except for the attacker; so there’s no protection against it, there’s been no patch released.
There’s been zero days protection against it. That’s what attackers value because they know 100 percent that if they have this zero day that they can get in whenever they want
They’re actually very valuable - you can sell them for hundreds of thousands of dollars.
Then we became worried because immediately we discovered we had more zero days, and again, these zero days are extremely rare.
Inside Stuxnet we had four zero days, and for the entire rest of the year we only saw twelve zero days used.
It blows everything else out of the water ..we’ve never seen this before and never seen it since, either.
Seeing one in a malware you could understand because the malware offers a means to make money, they’re stealing people’s credit cards so its worth their while to use it, but seeing four zero days…could be worth half a million dollars right there in one piece of malware ..this is not your ordinary criminal gang doing this, this is someone bigger.
It’s definitely not traditional crime. Not hacktivists.
It was evident early on, just given the sophistication of this malware that there must have been a nation state involved - at least one nation state involved in the development.
However, there were “breadcrumbs” left…they had to have some human assets steal certificates, which they did, traceable from two companies in close proximity in a business park in Taiwan.
Eventually we were able to see that Iran was the number one infected country in the world.
That immediately raised our eyebrows.
...we’d never seen a threat before where it was predominantly in Iran.
So we began to follow what was going on in the geopolitical world, what was happening in the general news.
At that time there were actually multiple explosions of pipelines going in and out of Iran.
And we noticed that there had been assassinations of nuclear scientists
More breadcrumbs showed that Stuxnet was targeting Siemans progammable logic controllers.
The PLC is like a very small computer attached to physical equipment like pumps, like valves, like motors.
So, this little box is running a digital program and the actions of this program turns that motor on, off, or sets the specific speed.
They control things like power plants, power grids… things in factories… in critical infrastructure ...critical infrastructure is everywhere around us ...transportation, telecommunication, financial services, health care..
So the payload of Stuxnet was designed to attack some very important part of our world.
The payload was going to be very important..
We knew that Stuxnet could have very dire consequences.
Stuxnet caused the centrifuges (of Iranian nuclear reactors) to spin much faster (than programmed for, to the point where they would explode).
Posted by Irish Savant on Fri, 25 May 2018 08:26 | #
DanielS....
Probably should add “Internet-Computer Technology” to the list of seven power niches….
Thus:
1) Money 2) Religion 3) Academia 4) Media/Internet-Computer Technology 5) Politics 6) Law & Courts 7) Business….