Stuxnet

An Unprecedented Look at Stuxnet, the World’s First Digital Weapon


Stuxnet is a malicious computer worm believed to be a jointly built AmericanIsraeli cyber weapon.[1] Although neither state has confirmed this openly,[2] anonymous US officials speaking to the Washington Post claimed the worm was developed during the Obama administration to sabotage Iran’s nuclear program with what would seem like a long series of unfortunate accidents.[3]

Stuxnet specifically targets PLCs, which allow the automation of electromechanical processes such as those used to control machinery on factory assembly lines, amusement rides, or centrifuges for separating nuclear material. Exploiting four zero-day flaws,[4] Stuxnet functions by targeting machines using the Microsoft Windows operating system and networks, then seeking out Siemens Step7 software. Stuxnet reportedly compromised Iranian PLCs, collecting information on industrial systems and causing the fast-spinning centrifuges to tear themselves apart.[5] Stuxnet’s design and architecture are not domain-specific and it could be tailored as a platform for attacking modern SCADA and PLC systems (e.g., in automobile or power plants), the majority of which reside in Europe, Japan and the US.[6] Stuxnet reportedly ruined almost one-fifth of Iran’s nuclear centrifuges.[7]

Stuxnet has three modules: a worm that executes all routines related to the main payload of the attack; a link file that automatically executes the propagated copies of the worm; and a rootkit component responsible for hiding all malicious files and processes, preventing detection of the presence of Stuxnet.[8]

Stuxnet is typically introduced to the target environment via an infected USB flash drive. The worm then propagates across the network, scanning for Siemens Step7 software on computers controlling a PLC. In the absence of either criterion, Stuxnet becomes dormant inside the computer. If both the conditions are fulfilled, Stuxnet introduces the infected rootkit onto the PLC and Step7 software, modifying the codes and giving unexpected commands to the PLC while returning a loop of normal operations system values feedback to the users.[9][10]

In 2015, Kaspersky Labs‘ research findings on another highly sophisticated espionage platform created by what they called the Equation Group, noted that the group had used two of the same zero-day attacks used by Stuxnet, before they were used in Stuxnet, and their use in both programs was similar. The researchers reported that “the similar type of usage of both exploits together in different computer worms, at around the same time, indicates that the EQUATION group and the Stuxnet developers are either the same or working closely together”.[11]:13

Continue reading “Stuxnet”

DVDFab

DVDFab Passkey 8.2.1.7

This is why DVDFab.com is down – the actual injunction

Posted at 12 March 2014 15:44 CET by Jan Willem Aldershoff

Recently we reported that the DVDFab.com domain was shutdown due to an injunction sought by the AACS LA (Advanced Access Content System Licensing Administrator). The AACS LA is the developer and licensee of  AACS , a copy protection part of the Blu-ray specification. Their interest in DVDFab is not surprising, DVDFab contains functionality to circumvent the AACS copy protection, rendering it useless.

As DVDFab is in China the company is currently coping well, their website is still available through other domain names and orders are processed as usual.


DVDFab sees Facebook page removed, launchesIlikeDVDFab.com

Posted at 12 March 2014 17:41 CET by Jan Willem Aldershoff

While Facebook removed their  page today, DVDFab started a website explaining what happened and asking people for their support. On the website IlikeDVDFab.com the company asks people to tweet the message; “love this software and I need DVDFab come back! #DVDFabComeBack”.


http://en.dvdfab.cn/download.htm

the Stuxnet computer worm

When first discovered in 2010, the Stuxnet computer worm posed a baffling puzzle. Beyond its sophistication loomed a more troubling mystery: its purpose. Ralph Langner and team helped crack the code that revealed this digital warhead’s final target. In a fascinating look inside cyber-forensics, he explains how — and makes a bold (and, it turns out, correct) guess at its shocking origins.

Ralph Langner’s Stuxnet Deep Dive is the definitive technical presentation on the PLC attack portion of Stuxnet. He did a good job of showing very technical details in a readable and logical presentation that you can follow in the video if you know something about programming and PLC’s.

The main purpose of Ralph’s talk was to convince the audience with “100% certainty” that Stuxnet was designed specifically to attack the Natanz facility. He does this at least four different ways, and I have to agree there is no doubt.

Ralph Langner is a German control system security consultant. He has received worldwide recognition for his analysis of the Stuxnet malware.

  • Stuxnet worm hits Iranian centrifuges – from mid-2009 to late 2010
  • Iran complains facilities hit by Stars malware – April 2011
  • Duqu trojan hits Iran’s computer systems – November 2011
  • Flame virus targets computers in PCs across the Middle East, including Iran and Israel – June 2012
  • Iran says Stuxnet worm returns – December 2012

Continue reading “the Stuxnet computer worm”

STEM degrees

Every year U.S. schools grant more STEM degrees than there are available jobs. When you factor in H-1B visa holders, existing STEM degree holders, and the like, it’s hard to make a case that there’s a STEM labor shortage.” Even in the IT industry, which employs the most tech workers and is expected to experience the most growth over the next decade, not everyone who wants a job can find one. Anecdotal evidence, the article points out, is piled high on the side of there being a glut instead of a shortage. “If there was really a STEM labor market crisis, you’d be seeing very different behaviors from companies,” Ron Hira, an associate professor of public policy at the Rochester Institute of Technology, in New York state told IEEE Spectrum. “You wouldn’t see companies cutting their retirement contributions, or hiring new workers and giving them worse benefits packages. Instead you would see signing bonuses, you’d see wage increases. You would see these companies really training their incumbent workers.” In a related opinion piece, “Is a Career in STEM Really for Me?” an 8th grader ponders her options, and finds science and engineering far down on the list.

anonimized run

The Amnesic Incognito Live System or Tails is a Debian based Linux distribution aimed at preserving privacy and anonymity.[1] Actually, it is the next iteration of development on the previous Gentoo based Incognito Linux distribution.[2] All its outgoing connections are forced to go through Tor,[3] and direct (non-anonymous) connections are blocked. The system is designed to be booted as a live CD or USB, and leaves no trace on the machine unless explicitly told to do so. The Tor Project has provided most of the financial support for development.[4]

Tails is a live system that aims at preserving your privacy and anonymity. It helps you to use the Internet anonymously almost anywhere you go and on any computer but leave no trace using unless you ask it explicitly.

It is a complete operating-system designed to be used from a DVD or a USB stick independently of the computer’s original operating system. It is Free Software and based on Debian GNU/Linux.

Tails comes with several built-in applications pre-configured with security in mind: web browser, instant messaging client, email client, office suite, image and sound editor, etc.

Continue reading “anonimized run”

the Stuxnet computer worm

When first discovered in 2010, the Stuxnet computer worm posed a baffling puzzle. Beyond its sophistication loomed a more troubling mystery: its purpose. Ralph Langner and team helped crack the code that revealed this digital warhead’s final target. In a fascinating look inside cyber-forensics, he explains how — and makes a bold (and, it turns out, correct) guess at its shocking origins.

Ralph Langner’s Stuxnet Deep Dive is the definitive technical presentation on the PLC attack portion of Stuxnet. He did a good job of showing very technical details in a readable and logical presentation that you can follow in the video if you know something about programming and PLC’s.

The main purpose of Ralph’s talk was to convince the audience with “100% certainty” that Stuxnet was designed specifically to attack the Natanz facility. He does this at least four different ways, and I have to agree there is no doubt.

Ralph Langner is a German control system security consultant. He has received worldwide recognition for his analysis of the Stuxnet malware.

  • Stuxnet worm hits Iranian centrifuges – from mid-2009 to late 2010
  • Iran complains facilities hit by Stars malware – April 2011
  • Duqu trojan hits Iran’s computer systems – November 2011
  • Flame virus targets computers in PCs across the Middle East, including Iran and Israel – June 2012
  • Iran says Stuxnet worm returns – December 2012

Continue reading “the Stuxnet computer worm”