#stuxnet — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #stuxnet, aggregated by home.social.
-
Hörempfehlung.
They Talk Tech – mit Eckert und @evawolfangel Teure KI und Schwachstellen-Hype - mit Cybersicherheitsforscherin Haya Schulmann
🕸️ https://frauen-technik.podigee.io/82-new-episode
My 2ct:
Toller Beitrag! Etwas fragwürdig imo der Versuch #Stuxnet zu legitimieren: Stuxnet war genauso Verstoß gegen Hacker-Ethik wie #APT28-Angriffe. Mir fehlen Hinweise auf "friendly Cyber-Sabotage" und moralische Scheuklappen - gerade bei Despoten wie #Trump, #Thiel & #Musk. LLMs & 0Days sind imho Teil digitaler #Geopolitik
-
Hörempfehlung.
They Talk Tech – mit Eckert und @evawolfangel Teure KI und Schwachstellen-Hype - mit Cybersicherheitsforscherin Haya Schulmann
🕸️ https://frauen-technik.podigee.io/82-new-episode
My 2ct:
Toller Beitrag! Etwas fragwürdig imo der Versuch #Stuxnet zu legitimieren: Stuxnet war genauso Verstoß gegen Hacker-Ethik wie #APT28-Angriffe. Mir fehlen Hinweise auf "friendly Cyber-Sabotage" und moralische Scheuklappen - gerade bei Despoten wie #Trump, #Thiel & #Musk. LLMs & 0Days sind imho Teil digitaler #Geopolitik
-
Hörempfehlung.
They Talk Tech – mit Eckert und @evawolfangel Teure KI und Schwachstellen-Hype - mit Cybersicherheitsforscherin Haya Schulmann
🕸️ https://frauen-technik.podigee.io/82-new-episode
My 2ct:
Toller Beitrag! Etwas fragwürdig imo der Versuch #Stuxnet zu legitimieren: Stuxnet war genauso Verstoß gegen Hacker-Ethik wie #APT28-Angriffe. Mir fehlen Hinweise auf "friendly Cyber-Sabotage" und moralische Scheuklappen - gerade bei Despoten wie #Trump, #Thiel & #Musk. LLMs & 0Days sind imho Teil digitaler #Geopolitik
-
Hörempfehlung.
They Talk Tech – mit Eckert und @evawolfangel Teure KI und Schwachstellen-Hype - mit Cybersicherheitsforscherin Haya Schulmann
🕸️ https://frauen-technik.podigee.io/82-new-episode
My 2ct:
Toller Beitrag! Etwas fragwürdig imo der Versuch #Stuxnet zu legitimieren: Stuxnet war genauso Verstoß gegen Hacker-Ethik wie #APT28-Angriffe. Mir fehlen Hinweise auf "friendly Cyber-Sabotage" und moralische Scheuklappen - gerade bei Despoten wie #Trump, #Thiel & #Musk. LLMs & 0Days sind imho Teil digitaler #Geopolitik
-
Hörempfehlung.
They Talk Tech – mit Eckert und @evawolfangel Teure KI und Schwachstellen-Hype - mit Cybersicherheitsforscherin Haya Schulmann
🕸️ https://frauen-technik.podigee.io/82-new-episode
My 2ct:
Toller Beitrag! Etwas fragwürdig imo der Versuch #Stuxnet zu legitimieren: Stuxnet war genauso Verstoß gegen Hacker-Ethik wie #APT28-Angriffe. Mir fehlen Hinweise auf "friendly Cyber-Sabotage" und moralische Scheuklappen - gerade bei Despoten wie #Trump, #Thiel & #Musk. LLMs & 0Days sind imho Teil digitaler #Geopolitik
-
Uusimpana Ylen Vakoojat-sarjassa kybersodankäyntiä, https://areena.yle.fi/1-77447371
-
Fast16 Malware Exposes Pre-Stuxnet Cyber Warfare Roots
Meet fast16, a sneaky malware framework that's been around since 2005 - five years before the infamous Stuxnet - and is designed to quietly sabotage high-precision software by subtly altering numerical results. This stealthy approach can cause systems to fail, wear out faster, or produce false conclusions, making it a chilling…
#IndustrialControlSystems #MalwareOperations #NationState #CyberWarfare #Stuxnet
-
Researchers Uncover 'fast16' Malware Targeting Engineering Software Years Before Stuxnet
Researchers have uncovered a long-forgotten malware, fast16, that was designed to sabotage engineering software, beating even the infamous Stuxnet by at least five years. This ancient cyber threat, dating back to 2005, was engineered to spread rapidly and produce inaccurate calculations…
#IndustrialControlSystems #LuapoweredMalware #SabotageFramework #Stuxnet #MalwareOperations
-
fast16: il framework di cybersabotaggio pre-Stuxnet riemerso dai tool segreti NSA dei ShadowBrokers
SentinelLABS ha scoperto fast16, un framework di cybersabotaggio datato 2005 che precede Stuxnet di cinque anni. Il tool altera sottilmente i calcoli floating-point nei software di simulazione come LS-DYNA, target del programma nucleare iraniano, e appare nei leak NSA dei ShadowBrokers come strumento "da non toccare". -
This article does not mention common sense stuff -- like making printed copies of important documents, storing data on external hard drives, or having a Ham radios and/or walkie talkies or mesh networks!
Experts Warn The #Internet Will Go Down In A Big Way — And You'd Better Be Ready
Story by Geoff Williams, 9/23/2025
"It’s bad enough when the internet goes down for a few hours because your power went out after a storm, but what if the internet went down indefinitely, sort of everywhere? What if your state or an entire region of the country lacked the internet or electricity because of a cyberattack or something innocuous, like problems with an aging grid or the federal government forgot to pay a bill?"
Read more (pretty lame -- reads like a #Starlink advert):
https://www.msn.com/en-us/news/technology/experts-warn-the-internet-will-go-down-in-a-big-way-and-you-d-better-be-ready/ar-AA1N8R1x?ocid=winp2fptaskbarhoverent&cvid=68d30a5c5f7c45d5a5daae8e70321664&ei=24#InternetOutages #KesslerSyndrome #CarringtonEvent #cyberattacks #1000SIMCards #CyberAttacks #SystemVulnerabilities #ConnectedGrids #TechDisruption #DisruptiveTechnology
#Landlines #TechVulnerability #OneThousandSIMCards #Malware #Stuxnet -
20 Jahre #Melani: Die grössten Fälle - inside-it.ch https://www.inside-it.ch/20-jahre-melani-die-groessten-faelle-20241219 #Hacking #CyberCrime #Malware #Ransomware #DDoS #log4j #HeartBleed #Emotet #NotPetya #Stuxnet #WannaCry
-
Still the case in 2024!!!
6 Things You Won't Believe Still Run #WindowsXP
By Sydney Butler
Published Jul 20, 2024"Industrial control systems operate and monitor large systems like #NuclearPower plants, automated production lines, #WaterPurification plants, and so on. Windows XP might still be used in some of these large systems for a few reasons. For one, many of these systems can't be taken offline for long, since they provide critical services or goods. There may also be a massive loss of income if they go offline to be updated. Especially given how there are likely to be bugs in new software and operating systems. It might also be necessary to replace perfectly working hardware to work with new software.
"Upgrade plans for major industrial systems can take years to plan and execute, and if everything is working just fine, there's little incentive to do it. Many of these systems aren't even connected to outside networks.
"This is why it was necessary to sneak #USBDrives into facilities to infect them with #malware like Stuxnet. This is a practice known as '#AirGapping' and if your system doesn't need to be online, it shouldn be seen as a basic security measure."
https://www.howtogeek.com/things-you-wont-believe-still-run-windows-xp/
#Stuxnet #CyberWarfare #CriticalInfrastructure #NoNukes #RethinkNotRestart
-
Of course, now we know who was behind #Stuxnet -- #Israel and the #CIA -- thanks!
Why the #StuxnetWorm is like nothing seen before
By Paul Marks
27 September 2010"Stuxnet is the first worm of its type capable of attacking #CriticalInfrastructure like #PowerStations and #ElectricityGrids: those in the know have been expecting it for years. On 26 September, #Iran’s state news agency reported that computers at its #Bushehr #NuclearPowerPlant had been infected.
Why the fuss over Stuxnet?
"#ComputerViruses, worms and #trojans have until now mainly infected PCs or the servers that keep e-businesses running. They may delete key system files or documents, or perhaps prevent website access, but they do not threaten life and limb.
"The Stuxnet worm is different. It is the first piece of #malware so far able to break into the types of computer that control machinery at the heart of industry, allowing an attacker to assume control of critical systems like #pumps, #motors, #alarms and #valves in an industrial plant.
"In the worst case scenarios, safety systems could be switched off at a nuclear power plant; fresh water #contaminated with effluent at a #SewageTreatmentPlant, or the valves in an #OilPipeline opened, contaminating the land or sea.
“'Giving an attacker control of industrial systems like a #dam, a sewage plant or a power station is extremely unusual and makes this a serious threat with huge real world implications,' says Patrick Fitzgerald, senior threat intelligence officer with Symantec. 'It has changed everything.'
Why is a different type of worm needed to attack an industrial plant?
"Industrial machinery is not controlled directly by the kind of computers we all use. Instead, the equipment used in an industrial process is controlled by a separate, dedicated system called a programmable logic controller (#PLC) which runs supervisory control and data acquisition software (#SCADA).
"Running the SCADA software, the PLC controls the process at hand within strict safety limits, switching motors on and off, say, and emptying vessels, and feeding back data which may safely modify the process without the need for human intervention – the whole point of industrial automation.
So how does a worm get into the system?
"It is not easy because they do not run regular PC, Mac or Linux software. Instead, the firms who sell PLCs each have their own programming language – and that has made it tricky for hackers to break it.
"However there is a way in via the Windows PC that oversees the PLC’s operations. Stuxnet exploited four vulnerabilities in Microsoft Windows to give a remote hacker the ability to inject malicious code into a market-leading PLC made by German electronics conglomerate Siemens.
"That’s possible because PLCs are not well-defended devices. They operate for many years in situ and electronic access to them is granted via well-known passwords that are rarely changed. Even when Stuxnet was identified, Siemens opposed password changes on the grounds that it could cause chaos as older systems tried to communicate using old passwords.
Where did the initial Stuxnet infection come from?
"It appears to have first arrived in Iran on a simple #USBMemoryStick, says Fitzgerald. His team in Dublin, Ireland has been analysing Stuxnet since it was first identified by a security team in Belarus in June.
"The first of the four Windows vulnerabilities allowed executable code on a USB stick to spread to a PC. The USB may have been given to an Iranian plant operative – or simply left somewhere for an inquisitive person to insert into their terminal.
"Says Fitzgerald: 'It then spreads from machine to machine on the network, exploiting a second vulnerability to do so, and reports back to the attacker on the internet when it finds a PC that’s running Siemens SCADA software. The attacker can then download a diagram of the industrial system set-up the SCADA controls.'
"The next two Windows vulnerabilities lets the worm escalate its privilege levels to allow the attacker to inject Siemens PLC format computer code – written in a language called STL – into the PLC. It’s that code which is capable of performing the skulduggery: perhaps turning off alarms, or resetting safe temperature levels.
How do we know where Stuxnet is active?
"Symantec monitored communications with the two internet domains that the worm swaps data with. By geotagging the IP addresses of Stuxnet-infected computers in communication with the attacker, Fitzgerald’s team found that 58.8 per cent of infections were in Iran, 18.2 per cent in #Indonesia, 8.3 per cent in #India, 2.6 per cent in #Azerbaijan and 1.6 per cent in the US.
Who is behind the worm?
"No one knows. It is however very professionally written, requiring what Fitzgerald calls 'a broad spectrum of skills' to exploit four new vulnerabilities and develop their own SCADA/PLC set-up to test it on.
"This has some commentators suggesting that a #NationState with plenty of technical resources may have been behind Stuxnet. But computer crime is a billion dollar business so such an effort is not beyond extortionists.
"Stuxnet comprises a 600-kilobyte file and it has not yet been fully analysed."
Read more:
https://www.newscientist.com/article/dn19504-why-the-stuxnet-worm-is-like-nothing-seen-before/ -
Of course, now we know who was behind #Stuxnet -- #Israel and the #CIA -- thanks!
Why the #StuxnetWorm is like nothing seen before
By Paul Marks
27 September 2010"Stuxnet is the first worm of its type capable of attacking #CriticalInfrastructure like #PowerStations and #ElectricityGrids: those in the know have been expecting it for years. On 26 September, #Iran’s state news agency reported that computers at its #Bushehr #NuclearPowerPlant had been infected.
Why the fuss over Stuxnet?
"#ComputerViruses, worms and #trojans have until now mainly infected PCs or the servers that keep e-businesses running. They may delete key system files or documents, or perhaps prevent website access, but they do not threaten life and limb.
"The Stuxnet worm is different. It is the first piece of #malware so far able to break into the types of computer that control machinery at the heart of industry, allowing an attacker to assume control of critical systems like #pumps, #motors, #alarms and #valves in an industrial plant.
"In the worst case scenarios, safety systems could be switched off at a nuclear power plant; fresh water #contaminated with effluent at a #SewageTreatmentPlant, or the valves in an #OilPipeline opened, contaminating the land or sea.
“'Giving an attacker control of industrial systems like a #dam, a sewage plant or a power station is extremely unusual and makes this a serious threat with huge real world implications,' says Patrick Fitzgerald, senior threat intelligence officer with Symantec. 'It has changed everything.'
Why is a different type of worm needed to attack an industrial plant?
"Industrial machinery is not controlled directly by the kind of computers we all use. Instead, the equipment used in an industrial process is controlled by a separate, dedicated system called a programmable logic controller (#PLC) which runs supervisory control and data acquisition software (#SCADA).
"Running the SCADA software, the PLC controls the process at hand within strict safety limits, switching motors on and off, say, and emptying vessels, and feeding back data which may safely modify the process without the need for human intervention – the whole point of industrial automation.
So how does a worm get into the system?
"It is not easy because they do not run regular PC, Mac or Linux software. Instead, the firms who sell PLCs each have their own programming language – and that has made it tricky for hackers to break it.
"However there is a way in via the Windows PC that oversees the PLC’s operations. Stuxnet exploited four vulnerabilities in Microsoft Windows to give a remote hacker the ability to inject malicious code into a market-leading PLC made by German electronics conglomerate Siemens.
"That’s possible because PLCs are not well-defended devices. They operate for many years in situ and electronic access to them is granted via well-known passwords that are rarely changed. Even when Stuxnet was identified, Siemens opposed password changes on the grounds that it could cause chaos as older systems tried to communicate using old passwords.
Where did the initial Stuxnet infection come from?
"It appears to have first arrived in Iran on a simple #USBMemoryStick, says Fitzgerald. His team in Dublin, Ireland has been analysing Stuxnet since it was first identified by a security team in Belarus in June.
"The first of the four Windows vulnerabilities allowed executable code on a USB stick to spread to a PC. The USB may have been given to an Iranian plant operative – or simply left somewhere for an inquisitive person to insert into their terminal.
"Says Fitzgerald: 'It then spreads from machine to machine on the network, exploiting a second vulnerability to do so, and reports back to the attacker on the internet when it finds a PC that’s running Siemens SCADA software. The attacker can then download a diagram of the industrial system set-up the SCADA controls.'
"The next two Windows vulnerabilities lets the worm escalate its privilege levels to allow the attacker to inject Siemens PLC format computer code – written in a language called STL – into the PLC. It’s that code which is capable of performing the skulduggery: perhaps turning off alarms, or resetting safe temperature levels.
How do we know where Stuxnet is active?
"Symantec monitored communications with the two internet domains that the worm swaps data with. By geotagging the IP addresses of Stuxnet-infected computers in communication with the attacker, Fitzgerald’s team found that 58.8 per cent of infections were in Iran, 18.2 per cent in #Indonesia, 8.3 per cent in #India, 2.6 per cent in #Azerbaijan and 1.6 per cent in the US.
Who is behind the worm?
"No one knows. It is however very professionally written, requiring what Fitzgerald calls 'a broad spectrum of skills' to exploit four new vulnerabilities and develop their own SCADA/PLC set-up to test it on.
"This has some commentators suggesting that a #NationState with plenty of technical resources may have been behind Stuxnet. But computer crime is a billion dollar business so such an effort is not beyond extortionists.
"Stuxnet comprises a 600-kilobyte file and it has not yet been fully analysed."
Read more:
https://www.newscientist.com/article/dn19504-why-the-stuxnet-worm-is-like-nothing-seen-before/ -
Of course, now we know who was behind #Stuxnet -- #Israel and the #CIA -- thanks!
Why the #StuxnetWorm is like nothing seen before
By Paul Marks
27 September 2010"Stuxnet is the first worm of its type capable of attacking #CriticalInfrastructure like #PowerStations and #ElectricityGrids: those in the know have been expecting it for years. On 26 September, #Iran’s state news agency reported that computers at its #Bushehr #NuclearPowerPlant had been infected.
Why the fuss over Stuxnet?
"#ComputerViruses, worms and #trojans have until now mainly infected PCs or the servers that keep e-businesses running. They may delete key system files or documents, or perhaps prevent website access, but they do not threaten life and limb.
"The Stuxnet worm is different. It is the first piece of #malware so far able to break into the types of computer that control machinery at the heart of industry, allowing an attacker to assume control of critical systems like #pumps, #motors, #alarms and #valves in an industrial plant.
"In the worst case scenarios, safety systems could be switched off at a nuclear power plant; fresh water #contaminated with effluent at a #SewageTreatmentPlant, or the valves in an #OilPipeline opened, contaminating the land or sea.
“'Giving an attacker control of industrial systems like a #dam, a sewage plant or a power station is extremely unusual and makes this a serious threat with huge real world implications,' says Patrick Fitzgerald, senior threat intelligence officer with Symantec. 'It has changed everything.'
Why is a different type of worm needed to attack an industrial plant?
"Industrial machinery is not controlled directly by the kind of computers we all use. Instead, the equipment used in an industrial process is controlled by a separate, dedicated system called a programmable logic controller (#PLC) which runs supervisory control and data acquisition software (#SCADA).
"Running the SCADA software, the PLC controls the process at hand within strict safety limits, switching motors on and off, say, and emptying vessels, and feeding back data which may safely modify the process without the need for human intervention – the whole point of industrial automation.
So how does a worm get into the system?
"It is not easy because they do not run regular PC, Mac or Linux software. Instead, the firms who sell PLCs each have their own programming language – and that has made it tricky for hackers to break it.
"However there is a way in via the Windows PC that oversees the PLC’s operations. Stuxnet exploited four vulnerabilities in Microsoft Windows to give a remote hacker the ability to inject malicious code into a market-leading PLC made by German electronics conglomerate Siemens.
"That’s possible because PLCs are not well-defended devices. They operate for many years in situ and electronic access to them is granted via well-known passwords that are rarely changed. Even when Stuxnet was identified, Siemens opposed password changes on the grounds that it could cause chaos as older systems tried to communicate using old passwords.
Where did the initial Stuxnet infection come from?
"It appears to have first arrived in Iran on a simple #USBMemoryStick, says Fitzgerald. His team in Dublin, Ireland has been analysing Stuxnet since it was first identified by a security team in Belarus in June.
"The first of the four Windows vulnerabilities allowed executable code on a USB stick to spread to a PC. The USB may have been given to an Iranian plant operative – or simply left somewhere for an inquisitive person to insert into their terminal.
"Says Fitzgerald: 'It then spreads from machine to machine on the network, exploiting a second vulnerability to do so, and reports back to the attacker on the internet when it finds a PC that’s running Siemens SCADA software. The attacker can then download a diagram of the industrial system set-up the SCADA controls.'
"The next two Windows vulnerabilities lets the worm escalate its privilege levels to allow the attacker to inject Siemens PLC format computer code – written in a language called STL – into the PLC. It’s that code which is capable of performing the skulduggery: perhaps turning off alarms, or resetting safe temperature levels.
How do we know where Stuxnet is active?
"Symantec monitored communications with the two internet domains that the worm swaps data with. By geotagging the IP addresses of Stuxnet-infected computers in communication with the attacker, Fitzgerald’s team found that 58.8 per cent of infections were in Iran, 18.2 per cent in #Indonesia, 8.3 per cent in #India, 2.6 per cent in #Azerbaijan and 1.6 per cent in the US.
Who is behind the worm?
"No one knows. It is however very professionally written, requiring what Fitzgerald calls 'a broad spectrum of skills' to exploit four new vulnerabilities and develop their own SCADA/PLC set-up to test it on.
"This has some commentators suggesting that a #NationState with plenty of technical resources may have been behind Stuxnet. But computer crime is a billion dollar business so such an effort is not beyond extortionists.
"Stuxnet comprises a 600-kilobyte file and it has not yet been fully analysed."
Read more:
https://www.newscientist.com/article/dn19504-why-the-stuxnet-worm-is-like-nothing-seen-before/ -
Of course, now we know who was behind #Stuxnet -- #Israel and the #CIA -- thanks!
Why the #StuxnetWorm is like nothing seen before
By Paul Marks
27 September 2010"Stuxnet is the first worm of its type capable of attacking #CriticalInfrastructure like #PowerStations and #ElectricityGrids: those in the know have been expecting it for years. On 26 September, #Iran’s state news agency reported that computers at its #Bushehr #NuclearPowerPlant had been infected.
Why the fuss over Stuxnet?
"#ComputerViruses, worms and #trojans have until now mainly infected PCs or the servers that keep e-businesses running. They may delete key system files or documents, or perhaps prevent website access, but they do not threaten life and limb.
"The Stuxnet worm is different. It is the first piece of #malware so far able to break into the types of computer that control machinery at the heart of industry, allowing an attacker to assume control of critical systems like #pumps, #motors, #alarms and #valves in an industrial plant.
"In the worst case scenarios, safety systems could be switched off at a nuclear power plant; fresh water #contaminated with effluent at a #SewageTreatmentPlant, or the valves in an #OilPipeline opened, contaminating the land or sea.
“'Giving an attacker control of industrial systems like a #dam, a sewage plant or a power station is extremely unusual and makes this a serious threat with huge real world implications,' says Patrick Fitzgerald, senior threat intelligence officer with Symantec. 'It has changed everything.'
Why is a different type of worm needed to attack an industrial plant?
"Industrial machinery is not controlled directly by the kind of computers we all use. Instead, the equipment used in an industrial process is controlled by a separate, dedicated system called a programmable logic controller (#PLC) which runs supervisory control and data acquisition software (#SCADA).
"Running the SCADA software, the PLC controls the process at hand within strict safety limits, switching motors on and off, say, and emptying vessels, and feeding back data which may safely modify the process without the need for human intervention – the whole point of industrial automation.
So how does a worm get into the system?
"It is not easy because they do not run regular PC, Mac or Linux software. Instead, the firms who sell PLCs each have their own programming language – and that has made it tricky for hackers to break it.
"However there is a way in via the Windows PC that oversees the PLC’s operations. Stuxnet exploited four vulnerabilities in Microsoft Windows to give a remote hacker the ability to inject malicious code into a market-leading PLC made by German electronics conglomerate Siemens.
"That’s possible because PLCs are not well-defended devices. They operate for many years in situ and electronic access to them is granted via well-known passwords that are rarely changed. Even when Stuxnet was identified, Siemens opposed password changes on the grounds that it could cause chaos as older systems tried to communicate using old passwords.
Where did the initial Stuxnet infection come from?
"It appears to have first arrived in Iran on a simple #USBMemoryStick, says Fitzgerald. His team in Dublin, Ireland has been analysing Stuxnet since it was first identified by a security team in Belarus in June.
"The first of the four Windows vulnerabilities allowed executable code on a USB stick to spread to a PC. The USB may have been given to an Iranian plant operative – or simply left somewhere for an inquisitive person to insert into their terminal.
"Says Fitzgerald: 'It then spreads from machine to machine on the network, exploiting a second vulnerability to do so, and reports back to the attacker on the internet when it finds a PC that’s running Siemens SCADA software. The attacker can then download a diagram of the industrial system set-up the SCADA controls.'
"The next two Windows vulnerabilities lets the worm escalate its privilege levels to allow the attacker to inject Siemens PLC format computer code – written in a language called STL – into the PLC. It’s that code which is capable of performing the skulduggery: perhaps turning off alarms, or resetting safe temperature levels.
How do we know where Stuxnet is active?
"Symantec monitored communications with the two internet domains that the worm swaps data with. By geotagging the IP addresses of Stuxnet-infected computers in communication with the attacker, Fitzgerald’s team found that 58.8 per cent of infections were in Iran, 18.2 per cent in #Indonesia, 8.3 per cent in #India, 2.6 per cent in #Azerbaijan and 1.6 per cent in the US.
Who is behind the worm?
"No one knows. It is however very professionally written, requiring what Fitzgerald calls 'a broad spectrum of skills' to exploit four new vulnerabilities and develop their own SCADA/PLC set-up to test it on.
"This has some commentators suggesting that a #NationState with plenty of technical resources may have been behind Stuxnet. But computer crime is a billion dollar business so such an effort is not beyond extortionists.
"Stuxnet comprises a 600-kilobyte file and it has not yet been fully analysed."
Read more:
https://www.newscientist.com/article/dn19504-why-the-stuxnet-worm-is-like-nothing-seen-before/ -
Of course, now we know who was behind #Stuxnet -- #Israel and the #CIA -- thanks!
Why the #StuxnetWorm is like nothing seen before
By Paul Marks
27 September 2010"Stuxnet is the first worm of its type capable of attacking #CriticalInfrastructure like #PowerStations and #ElectricityGrids: those in the know have been expecting it for years. On 26 September, #Iran’s state news agency reported that computers at its #Bushehr #NuclearPowerPlant had been infected.
Why the fuss over Stuxnet?
"#ComputerViruses, worms and #trojans have until now mainly infected PCs or the servers that keep e-businesses running. They may delete key system files or documents, or perhaps prevent website access, but they do not threaten life and limb.
"The Stuxnet worm is different. It is the first piece of #malware so far able to break into the types of computer that control machinery at the heart of industry, allowing an attacker to assume control of critical systems like #pumps, #motors, #alarms and #valves in an industrial plant.
"In the worst case scenarios, safety systems could be switched off at a nuclear power plant; fresh water #contaminated with effluent at a #SewageTreatmentPlant, or the valves in an #OilPipeline opened, contaminating the land or sea.
“'Giving an attacker control of industrial systems like a #dam, a sewage plant or a power station is extremely unusual and makes this a serious threat with huge real world implications,' says Patrick Fitzgerald, senior threat intelligence officer with Symantec. 'It has changed everything.'
Why is a different type of worm needed to attack an industrial plant?
"Industrial machinery is not controlled directly by the kind of computers we all use. Instead, the equipment used in an industrial process is controlled by a separate, dedicated system called a programmable logic controller (#PLC) which runs supervisory control and data acquisition software (#SCADA).
"Running the SCADA software, the PLC controls the process at hand within strict safety limits, switching motors on and off, say, and emptying vessels, and feeding back data which may safely modify the process without the need for human intervention – the whole point of industrial automation.
So how does a worm get into the system?
"It is not easy because they do not run regular PC, Mac or Linux software. Instead, the firms who sell PLCs each have their own programming language – and that has made it tricky for hackers to break it.
"However there is a way in via the Windows PC that oversees the PLC’s operations. Stuxnet exploited four vulnerabilities in Microsoft Windows to give a remote hacker the ability to inject malicious code into a market-leading PLC made by German electronics conglomerate Siemens.
"That’s possible because PLCs are not well-defended devices. They operate for many years in situ and electronic access to them is granted via well-known passwords that are rarely changed. Even when Stuxnet was identified, Siemens opposed password changes on the grounds that it could cause chaos as older systems tried to communicate using old passwords.
Where did the initial Stuxnet infection come from?
"It appears to have first arrived in Iran on a simple #USBMemoryStick, says Fitzgerald. His team in Dublin, Ireland has been analysing Stuxnet since it was first identified by a security team in Belarus in June.
"The first of the four Windows vulnerabilities allowed executable code on a USB stick to spread to a PC. The USB may have been given to an Iranian plant operative – or simply left somewhere for an inquisitive person to insert into their terminal.
"Says Fitzgerald: 'It then spreads from machine to machine on the network, exploiting a second vulnerability to do so, and reports back to the attacker on the internet when it finds a PC that’s running Siemens SCADA software. The attacker can then download a diagram of the industrial system set-up the SCADA controls.'
"The next two Windows vulnerabilities lets the worm escalate its privilege levels to allow the attacker to inject Siemens PLC format computer code – written in a language called STL – into the PLC. It’s that code which is capable of performing the skulduggery: perhaps turning off alarms, or resetting safe temperature levels.
How do we know where Stuxnet is active?
"Symantec monitored communications with the two internet domains that the worm swaps data with. By geotagging the IP addresses of Stuxnet-infected computers in communication with the attacker, Fitzgerald’s team found that 58.8 per cent of infections were in Iran, 18.2 per cent in #Indonesia, 8.3 per cent in #India, 2.6 per cent in #Azerbaijan and 1.6 per cent in the US.
Who is behind the worm?
"No one knows. It is however very professionally written, requiring what Fitzgerald calls 'a broad spectrum of skills' to exploit four new vulnerabilities and develop their own SCADA/PLC set-up to test it on.
"This has some commentators suggesting that a #NationState with plenty of technical resources may have been behind Stuxnet. But computer crime is a billion dollar business so such an effort is not beyond extortionists.
"Stuxnet comprises a 600-kilobyte file and it has not yet been fully analysed."
Read more:
https://www.newscientist.com/article/dn19504-why-the-stuxnet-worm-is-like-nothing-seen-before/ -
When I saw this on the news, the first thing I thought was #Israel. Any country who has no problems unleashing #Stuxnet (with help from the #CIA), and bombing #HumanitarianAidWorkers and civilians has no problems with making pagers blow up, injuring innocents and children!
Pager detonations wound thousands, majority Hezbollah members, in suspected #cyberattack
Lebanon's Health Ministry said that over 2,750 people have been wounded, 200 critically, and eight killed in the explosions.
By Yonah Jeremy Bob, September 17, 2024
"A Hezbollah official cited by the Wall Street Journal (WSJ) said that hundreds of [Hezbollah] members had such #pager devices, and speculated that #malware could have caused the device to heat up and explode. The same official cited by the WSJ reported that some people felt the pagers heat up, disposing of them before they exploded."
#Iranian ambassador #MojtabaAmani was reportedly injured in the explosion, according to state-owned Mehr News.
"Hezbollah said that the detonations of pagers used by the group killed two of its fighters and one girl, without directly accusing Israel of being behind the operation.
"It said that it was carrying out an investigation to determine the causes of the blasts."
https://www.jpost.com/breaking-news/article-820536#google_vignette
-
Вирусы с яйцами. Какие сюрпризы скрывают вредоносные программы
Программистам тоже иногда бывает скучно. Если ты трудишься в какой-нибудь серьезной софтверной компании, можно немного развлечься, запрятав куда-нибудь в недра разрабатываемой тобой программы пасхалку, причем так, чтобы ее случайно не обнаружили на code review. Судя по всему, именно так появилась на свет знаменитая «бродилка» под названием The Hall of Tortured Souls в Microsoft Excel 95, «леталка» в Excel 97, или прикол с запросом «Do a barrel roll» в поисковике Google. Вирусописатели, оказывается, тоже не брезгуют подобными развлечениями: истории известно множество вредоносных программ с припрятанными «пасхальными яйцами». Вот самые известные из них.
https://habr.com/ru/companies/serverspace/articles/837074/
#вирусы #Elk_Cloner #Stuxnet #ILOVEYOU #Melissa #Sasser #Lovesan #TDSS #TDL
-
232: Half The Story
This week’s news and music.
#ccmusic #CultureWarRadio #foreignpolicy #LiberalValues #news #Pakistan #Stuxnet #Tower22 #uspol #Vault7
-
[THS] TheHackerStyle #19 con Rek2 (hispagatos) | Anarquista, hacker y pentester ...
- https://video.hardlimit.com/w/8u2vXehdWq69bHPeKCwpZd #HackerCulture #CulturaHacker #THS #Hacker #hacking #hispagatos @hacking #usenet #riscv #indymedia #stuxnet #defcon #hope #2600 -
Portrait of a Digital Weapon - Over the years, artists have been creating art depicting weapons of mass destructi... - https://hackaday.com/2021/04/15/portrait-of-a-digital-weapon/ #portraitofadigitalweapon #militaryportraiture #countdowntozeroday #weaponsportraiture #16segmentdisplay #microcontrollers #adafruitfeather #segmentdisplay #securityhacks #electronics #3dprinting #cyberart #cyberwar #portrait #arduino #concept #guilded #stuxnet #build #virus #leds #usbc #art
