Announcement

Collapse

New Site - PLEASE READ

Hello All,
My name is Ashley and I am the one that moved the forum to its new hosting location. This was done for security reasons and try to keep the forum from going down every other day. I understand that the new forum looks very different from the old one but I promise almost everything you had before you still have it might just be in a different place.

Items that are gone due to a limitation of the new hosting/ forum update:
- Awards
- Flags

As I was going thought your posts I was able to fix a lot fo the issues you were listing. Below is kind of a running list of issues an what is fixed and what I am still working on.

Items that I have fixed from your comments:
- Smilie are now working.
- Color/Theme changes
- Signature are now showing up. (Here is how to edit them https://screencast.com/t/OJHzzhiV1)
- Ranking is now showing up.
- Private messaging is now working.

Some issues I am still working on are:
- Missing items from the Calendar
- Like button the posts is giving an error.

One other note I have seen a lot is theme/color related items. I know this is important to all of you but at the moment the most important thing was getting you back a functioning forum with as many features I can get you back from before.

Theme/color is something we can change but it the moment I do not have the time and resources to fix all of the issue and design the site. I did do some theme updates yesterday but it is very time consuming. Please just be patient with the forum as we get it back to as close as I can to what you had before.

If anyone has any issues that they are running in to please let me know in the post below. Please give me as much detail as possible .
https://forums.armchairgeneral.com/forum/world-history-group-welcomes-you/armchair-general-magazine/5034776-new-site-please-read
See more
See less

The continuing evolution of Cyber warfare

Collapse
This is a sticky topic.
X
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • The continuing evolution of Cyber warfare



    Stuxnet Designed To Sabotage Iran Nuclear Facilities

    technical paper available here --
    http://www.symantec.com/content/en/u...et_dossier.pdf

    How big a change is this? How will it affect future conflicts?

    Your thoughts?
    Any metaphor will tear if stretched over too much reality.

    Questions about our site? See the FAQ.

  • #2
    I'm curious, who's leading the way in the 4th Dimension of Warfare? I heard that Russia is really embracing it.
    A wild liberal appears! Conservative uses logical reasoning and empirical evidence! It's super effective! Wild liberal faints.

    Comment


    • #3
      First of all, Stuxnet is a really complex bit of code that's partially dependent on hardware. If you look at the infection rates and breadth of exposure, it's pretty good in terms of the developer. The fact that it primarily attacks Siemens ICS and uses PLCs (Programmable Logic Controllers) as targets means it's a pretty sophisticated tool. Definitely not script kiddies at work. The fact that it's designed to bypass external network requirements is really nice (so to speak). It's definitely effective since it got beyond its main target, the Iranians.

      Second, since Stuxnet is targeted at Siemens ICS and PLCs attached, by itself Stuxnet doesn't mean much to most everyone here directly. However, since this tools been out, you can be sure that everyone who is anyone in the blackhat world is busy designing something to attack someone elses infrastructure whether it's Siemens or not using the same methodology or slight variations. It's kind of the nightmare scenario if you're running nuke plants or electrical distribution or comms of any sort because they all use PLCs somewhere in their network. Pretty much any industry that has hardware is vulnerable. Even your typical AC or refrigeration has PLCs or one kind or another.

      Now whether or not they actually get exposed is a good question. Since a typical nuke plant is usually pretty secure and the Iranians aren't entirely stupid, we can say that Stuxnet was introduced through some pretty clever means through spywork probably. Definitely some human/social engineering. Did it get delivered through Siemens or did someone find a vulnerable engineer in Iran and load it to his work machine or portable drives somehow? Maybe even a bureaucrat delivered it accidently. Very interesting and problematic. The fact that it got beyond the nuke plant and to so many other sites is very interesting too.

      How would it affect the normal everyday person? Probably not much unless it was at a higher level of infrastructure (power, comms, traffic control, etc. etc.) Would any US equipment get exposed? Yes, they did already based on the infection graphs. I would be interested to see who got hit and what their cleanup methodology is/was. But we'll probably never know as no one in their right mind would want the public to know that their business got hit.

      How would it effect military gear? Pretty much everything mechanical that has electrical controls has PLCs. Dunno if anyone has noticed but MS came out with a slew of big security updates recently some of which addressed this issue. The question is how PLCs get designed and updated in the future and how we secure equipment like that. Very very complex.

      As a warfighting tool, umm, it's very useful to harass and disable and as an indirect method of causing trouble. Not sure how good it would be as far as modifying code on aircraft, tanks, or ships (unless they use MS Windows as a utility tool set a la the French or anyone else silly enough to use MS Win in a combat role). Personally, if I were doing anything on gear like PLCs, I would use Linux or Unix instead. It's not that they are invulnerable to things like Stuxnet but it's a bit more difficult to engineer attacks through root privileges. Stuxnet is just the beginning though.
      Last edited by boomer400; 17 Nov 10, 12:16.

      Comment


      • #4
        Chinese Cyber Test

        This from another discussion board. I'm curious if the artical is good or BS?

        ****************************
        http://arstechnica.com/security/news...18-minutes.ars

        In a 300+ page report (PDF) today, the US-China Economic and Security Review Commission provided the US Congress with a detailed overview of what's been happening in China—including a curious incident in which 15 percent of the world's Internet traffic suddenly passed through Chinese servers on the way to its destination.

        Here's how the Commission describes the incident, which took place earlier this year:

        For about 18 minutes on April 8, 2010, China Telecom advertised erroneous network traffic routes that instructed US and other foreign Internet traffic to travel through Chinese servers. Other servers around the world quickly adopted these paths, routing all traffic to about 15 percent of the Internet’s destinations through servers located in China. This incident affected traffic to and from US government (‘‘.gov’’) and military (‘‘.mil’’) sites, including those for the Senate, the army, the navy, the marine corps, the air force, the office of secretary of Defense, the National Aeronautics and Space Administration, the Department of Commerce, the National Oceanic and Atmospheric Administration, and many others. Certain commercial websites were also affected, such as those for Dell, Yahoo!, Microsoft, and IBM.

        The culprit here was "IP hijacking," a well-known routing problem in a worldwide system based largely on trust. Routers rely on the Border Gateway Protocol (BGP) to puzzle out the best route between two IP addresses; when one party advertises incorrect routing information, routers across the globe can be convinced to send traffic on geographically absurd paths.

        Comment


        • #5
          Well, the article is ok but neglects to specifically mention exactly what gear was affected and how. Now, BGP is somewhat of an arcane interface and quite often is problematic (aside from being not particularly secure). It's employed on virtually every highend edge and core switch/router out there. But it is still well understood by most well-trained network engineers so it's not a total mystery.

          For instance, here's a document to ignite any paranoids fears : it's from China, authored by some Chinese network engineers and outline exactly the insecurities within BGP (as well as some ways to secure it too). Even is within the timeline (2009 just before the failure). It pretty much leads you to exactly where that routing failure occurred. Whether that 18 minutes was a deliberate "attack" is sort of a good question.

          But I would say that :
          1) if it was, it was a pretty poor way to get some data out of the supposed mountains they might've been able to stockpile,
          2) it was a good way to practice a mass attack for messing with the Web but poorly planned and executed,
          3) Don't assume that it was necessarily from the Chinese. The Webs' nature can mean that attacks can be generated anywhere and launched somewhere else some other time. You can be sure that every government with a cyber team/division/ministry has ways to get things done somewhere else.
          4)the Chinese use a lot of Russian expertise, they're very good. Israelis might be a smidge better but there aren't as many of them.
          5) lots of network engineers make mistakes, even the good ones. There's a lot of stuff to remember and a hell of a lot of different brands of gear.
          Attached Files

          Comment


          • #6
            Some questions...

            Still this Stuxnet thing doesn't quite ring true to me. My one main assumption. It's very sophisticated and is aimed at one particular Iranian target. Now that brings some questions to mind:

            1. Why did the thing spread to thousands of computers? Supposedly it was made to attack some specific set-up of PLCs? Reports said it attacked thousands of PCs in multiple countries? Why attack a PC; they have no PLCs? Also I thought the thing was introduced via a memory stick.

            2. Did it actually carry off the attack that it was designed for? Certainly no major part of the Iranian nuke program seems to have been seriously impacted.

            3. Why was it allowed to be "found"? It seems that if you could make a program this sophisticated, then you could make the sucker "self destruct" after it carried out its attack. Instead it goes on a typical (for computer bad things) PC chomping, very public; rampage.

            I guess those questions cover my basic doubts. Overall it seems that whoever made this wanted it found and dissected. Why? Is it a massive misinformation campaign? Will this force changes in the target system that will then allow it to actually be attacked? Etc.

            The basic story just doesn't ring true to me. Granted I'm a computer novice. maybe some of you who have a better understanding could dispel some of my doubts.
            Save America!! Impeach Obama!!

            Comment


            • #7
              Well a couple of things are sure: the Russians and east-Asians are really good at this stuff; it has already been used as an attack vehicle (to cyber-attack Estonia, etc?); they will get even better at it and there will be more attacks (probably more commercial than military) in the future.


              Philip
              "The whole problem with the world is that fools and fanatics are always so certain of themselves, and wiser people so full of doubts."— Bertrand Russell

              Comment


              • #8
                Originally posted by Sino Invasion View Post
                Still this Stuxnet thing doesn't quite ring true to me. My one main assumption. It's very sophisticated and is aimed at one particular Iranian target. Now that brings some questions to mind:

                1. Why did the thing spread to thousands of computers? Supposedly it was made to attack some specific set-up of PLCs? Reports said it attacked thousands of PCs in multiple countries? Why attack a PC; they have no PLCs? Also I thought the thing was introduced via a memory stick.

                2. Did it actually carry off the attack that it was designed for? Certainly no major part of the Iranian nuke program seems to have been seriously impacted.

                3. Why was it allowed to be "found"? It seems that if you could make a program this sophisticated, then you could make the sucker "self destruct" after it carried out its attack. Instead it goes on a typical (for computer bad things) PC chomping, very public; rampage.

                I guess those questions cover my basic doubts. Overall it seems that whoever made this wanted it found and dissected. Why? Is it a massive misinformation campaign? Will this force changes in the target system that will then allow it to actually be attacked? Etc.

                The basic story just doesn't ring true to me. Granted I'm a computer novice. maybe some of you who have a better understanding could dispel some of my doubts.
                Sorry, I did this earlier but my session got dropped and my comments lost, so here's try #2.

                1. Why did the thing spread to thousands of computers? Supposedly it was made to attack some specific set-up of PLCs? Reports said it attacked thousands of PCs in multiple countries? Why attack a PC; they have no PLCs? Also I thought the thing was introduced via a memory stick.

                Answer : Stuxnet was designed to be delivered mainly by USB sticks (I suspect that in the future it will address further methods other than its initial attack modes). It can also attack via internal network connections (intranets to some). Normally, it is not designed to attack over web connections (which probably will change in the future). Most people use USB sticks to carry things like docs, project info, etc. but also music, video, media of all sorts. And that is where the exposure problem is when someone takes their files, makes them portable and brings them to work or home. If you're the delivery man, you will bring your USB drive to work and plug it somewhere on a PC or laptop. Now you've introduced it to the worksite. It doesn't matter if Siemens WinCC or PCS7 or a PLC is even there, the malware is ready to go. It will search for WinCC or PCS7 on the local machine in order to wait for someone to connect to a PLC. Otherwise, it's waiting for another available network device or a USB stick to show up in order to propagate. If Joe Blow shows up, unaware and uninfected, logs onto the network and starts working, he will likely pick up that infection quite instantly. Same thing goes for plugging in his USB drive with the latest hackwarz or "free" download of Celine Dion. This is an example of the typical "zero-day infection" where an unsecured security lapse will allow malware to explode everywhere because there is no way to detect it yet.
                If you access/deliver the malware code at work, you will bring the malware to home. If you have any kind of home network or share a machine with your family members, you will propagate the code to their machine or their USB drive that they may use in their work, school, etc. From there, it will spread out further. Here in the US, most everyone I know in defense industries, aren't allowed to use USB flash drives anywhere and their machines are typically crippled so they can't use USB ports.
                The PC is infected as a host, the target is the PLC. So your USB drive is the delivery method where the malware uses your PC as the conduit or physical method to access the PLC since the PLC does not have a USB port normally.

                2. Did it actually carry off the attack that it was designed for? Certainly no major part of the Iranian nuke program seems to have been seriously impacted.
                Answer : I think it definitely worked; it's not like a JDAMS here the a target will physically be destroyed. This thing will screw up your network and damage your PLCs. I'm sure for quite some time, they were having fits trying to figure why their gear wasn't working right. They may not even have been aware they were fighting a malware infestation. This type of damage is indirect, you damage and slow down their resources and confuse so normal day-to-day activities are impaired. For the deployer, a 4-6 month continuous diversion would probably be considered a great success.

                3. Why was it allowed to be "found"? It seems that if you could make a program this sophisticated, then you could make the sucker "self destruct" after it carried out its attack. Instead it goes on a typical (for computer bad things) PC chomping, very public; rampage.
                Answer : malware like this doesn't self-destruct, it's designed to live forever. So we will have to worry about Stuxnet and future variants forever. Pretty much all malware/rootkits aren't designed to self-destruct; it's not in their nature. They are designed to annoy us perpetually and therefore consume resources.

                4) I guess those questions cover my basic doubts. Overall it seems that whoever made this wanted it found and dissected. Why? Is it a massive misinformation campaign? Will this force changes in the target system that will then allow it to actually be attacked? Etc.

                Because of the way malware can be delivered, it is always forensically traceable. It may take longer and more resources but it can always be done. Most of us just don't bother and (should) install anti-virus, anti-malware, anti-spyware, anti-rootkit tools and (should) run scans with them religiously on our machines, keep them updated continuously, and not visit questionable websites. But that to some extent goes against human nature. Good admins will do all of the above and worry all the time about these kinds of things. Which is probably what the Iranians are doing right now.

                Comment


                • #9
                  Anyone here examine in depth the intrusive programs entering their machine from any outside source? that is any cookies, ect... other than what is legitmately part of software you approved for down loading. I'am a bit curious what sort of stuff can be specifically identified. I hear all these second hand stories, or complaints from people about 'something' that messed with their PC. Can anyone here address specifics they have solid information on with equipment they use?

                  Comment


                  • #10
                    Boomer400...

                    Thanks for the answers!
                    Save America!! Impeach Obama!!

                    Comment


                    • #11
                      Originally posted by Carl Schwamberg View Post
                      Anyone here examine in depth the intrusive programs entering their machine from any outside source? that is any cookies, ect... other than what is legitmately part of software you approved for down loading. I'am a bit curious what sort of stuff can be specifically identified. I hear all these second hand stories, or complaints from people about 'something' that messed with their PC. Can anyone here address specifics they have solid information on with equipment they use?
                      Actually, it is fairly easy if you have any decent software firewall or even a hardware firewall with logging. Normally, firewalls will log all info (if set up to do this) ad infinitum until you're out of disk. The trick to analyzing is to have a good tool, knowledge, and time to parse it all out. Using a typical software firewall, set it so it logs all activity to disk for a long period of typical use. For instance, when you power on, log on in the AM and turn it off at night. Save your logs then run it again when you're not actively doing anything on your system but are logged on and the PC has access to the net.

                      You can take your log dumps and then analyze them with a network packet tool and you can compare the 2 to see exactly what's going on when you're working and when you're not. You will be surprised to see how much activity occurs when you're not even touching the machine. Most authorized programs generate a lot of traffic just trying to update or send a sense packet to the OEM. It can really be annoying sometimes to have to troll through that kind of activity. Then when you actually start a web session it gets even worse with all the cookie activity running all over the place. Finally, you'll probably see quite a few network and portscans running to see what's open on your network.

                      I've used Cisco, early Checkpoint netapps, Sonicwall, and Watchguard and generally they're all pretty similar. It's only when you start specifically designing your network where it gets difficult. For instance, you start subnetting and creating VLANs, it can get really confusing. In a large network, it's a lot of data to handle. Personally, if one is interested, Snort IDS/IPS is a great place to start, especially for small offices or hardcore personal offices. It's free, not excessively difficult to setup, and you can learn a huge amount from it. There's even a Win version of it. Plus, the Snort folks have some really awesome tools for examining your data and network, really really good stuff. If you have a spare 2 yr old PC, it's very doable, just Google it and fiddle away.

                      Another thing to try out is a "honeypot" which acts as a decoy on your network attracting undue attention. It's useful as well.
                      Last edited by boomer400; 29 Nov 10, 13:40.

                      Comment


                      • #12
                        boomer400.... thanks. A lot of that was above my expertise, but I probablly caught the essentials. Perhaps a honey pot was what my stepson had set up when he was living with us. He gave me a heads up to several sites that were attempting attaching crap I could do without to my machine. Unfortunatly for me his business is security & he wont discuss details about what he runs across. "Install good quality protection, & update passwords regularly" is his stock answer.

                        "Snort IDS/IPS is a great place to start.."

                        The stepson spent a lot of time fussing with 'Snort' a few years ago when he was doing bank cyber security.

                        Comment


                        • #13
                          Hehe, security is a big business and bank security is really big and evolving fast. One thing I recommend (aside from firewalls, antivirus, antispyware) is to never set your web sessions to save your passwords or even logons. It's a pain in the ass to remember but it makes it more difficult for somebody to pull the data off and run it through a password analyzer. And resetting your passwords regularly makes it much tougher for somebody to hack them as well. Again, it's a bit of a pain (especially if you truly vary your passwords a lot as opposed to add a digit like going from cs001 to cs002) but what would you rather have to deal with, someone infiltrating your banking online?

                          PS, never let your wireless network broadcast its SSID, always secure it with appropriate passwords, and never bank wirelessly or from a free location.
                          Last edited by boomer400; 29 Nov 10, 21:09.

                          Comment


                          • #14
                            Originally posted by boomer400 View Post
                            Hehe, security is a big business and bank security is really big and evolving fast. One thing I recommend (aside from firewalls, antivirus, antispyware) is to never set your web sessions to save your passwords or even logons. It's a pain in the ass to remember but it makes it more difficult for somebody to pull the data off and run it through a password analyzer. And resetting your passwords regularly makes it much tougher for somebody to hack them as well. Again, it's a bit of a pain (especially if you truly vary your passwords a lot as opposed to add a digit like going from cs001 to cs002) but what would you rather have to deal with, someone infiltrating your banking online?

                            PS, never let your wireless network broadcast its SSID, always secure it with appropriate passwords, and never bank wirelessly or from a free location.
                            Reminds me, I need to change my password here.

                            Stepson sold or gave away the bank security thing. Now its not clear what he does, but the FBI calls often, and he travels to exotic foreign lands regularly as well as in the US.

                            So, with all that what sort of the garbage do you see washing up against your machine from the cyber sea?

                            Comment


                            • #15
                              I try to avoid aimless surfing as it just gets you into trouble. Research is another thing and I try to be extremely judicious about URLs and where they point. The biggest problem I see nowadays is when my kids go online and I have to protect them against trojan droppers like fake antivirus ads. It's mostly an educational thing and training for situational awareness on websurfing for them. It helps for me to have system images for their machines and for me to regularly wipe their disks and reload (although I have to refresh the images more often than I would like).
                              The other big thing is preventing netscans from getting through the occasional open port I might have. That's mainly a nuisance though. No real troubles at home. At work, ugh. Constant cleaning, refreshing, purging, etc. etc. But I haven't been hit yet by anything serious (cross my fingers, count my beads).

                              Comment

                              Latest Topics

                              Collapse

                              Working...
                              X