• Thanks for stopping by. Logging in to a registered account will remove all generic ads. Please reach out with any questions or concerns.

Cyber attacks/defence/incdents (merged)

GAP

Army.ca Legend
Subscriber
Donor
Mentor
Reaction score
24
Points
380
An update on Christian Science Monitor earlier article

This might also become another facet of the Global Terror War, not by Russia, but by others. Once the door is open and they see how successful they can be.......
Estonia accuses Russia of 'cyberattack'
By Arthur Bright | csmonitor.com
Article Link

NATO is investigating siege on Estonian government, media, and banking websites, but Russia denies involvement.

Estonia accused Russia of launching a barrage of "cyberattacks" that are shutting down Estonian government, newspaper, and banking websites.

The Guardian reports that the attacks began in late April, coinciding with Estonia's decision to move a Soviet World War II memorial, the Bronze Soldier, from a central location in Tallinn, the Baltic nation's capital. Though Estonians saw the memorial as a reminder of Soviet oppression, Russia viewed the decision to move it as an affront, prompting riots by ethnic Russians in Tallinn and condemnations and sanctions from Moscow. The cyberattacks have continued since then.

The crisis unleashed a wave of so-called DDoS, or Distributed Denial of Service, attacks, where websites are suddenly swamped by tens of thousands of visits, jamming and disabling them by overcrowding the bandwidths for the servers running the sites. The attacks have been pouring in from all over the world, but Estonian officials and computer security experts say that, particularly in the early phase, some attackers were identified by their internet addresses - many of which were Russian, and some of which were from Russian state institutions. ...

The attacks have come in three waves: from April 27, when the Bronze Soldier riots erupted, peaking around May 3; then on May 8 and 9 - a couple of the most celebrated dates in the Russian calendar, when the country marks Victory Day over Nazi Germany, and when President Vladimir Putin delivered another hostile speech attacking Estonia and indirectly likening the Bush administration to the Hitler regime; and again this week.

The Guardian notes that Estonia is a pioneer of "e-government" and one of the most wired countries in Europe, making it that much more vulnerable to cyberattacks. In order to stop the attacks, Estonia has shut down foreign access to the sites under siege.

Estonian Foreign Minister Urmas Paet accused the Kremlin of direct involvement in the cyberattacks, saying they were an attempt to paralyze Estonian businesses and government offices, writes The Times of London.

"When there are attacks coming from official IP addresses of Russian authorities and they are attacking not only our websites but our mobile phone network and our rescue service network, then it is already very dangerous," Mr Paet said.

"It can cost lives. I hope they will stop it but the attacks are continuing. They are sending huge levels of stuff through the networks so that our different servers will crash.

"The largest part of these attacks are coming from Russia and from official servers of the authorities of Russia."
More on link
 
Not surprising, specially taking into consideration how ethnic Russians that live outside the Rus. Federation have become in a major interest for the foreing policy-makers in Moscow. First Georgia, now the Baltics. Actually I beleive that was a big source for confrontation in the last EU - Russia summit.
 
When you consider the history of these regions - it is no wonder Baltic, Black Sea region, Central European countries are not exactly enamored of Russia... whether it be the Russian Empire, or the USSR. Basically the residual effect of 18th-19th century power politics. It certainly does make one appreciate being bordered by the Eagle rather than the Bear... Actions as shown here also - i think - portray national characteristics. Live in Europe long enough and you'd see that a United Europe is a Utopian dream. It is quite tribal.
 
these cyber attacks were, for all intents and purposes, "denial of service" assaults on the major servers of this small country.

Did the Russians do it? possible = but it could easily be the work of the proletariat.
North America has certainly suffered through some small localised denial of service attacks before.....
Doing it on a national scale (albeit a small coutry) is a simple progression...
 
geo said:
these cyber attacks were, for all intents and purposes, "denial of service" assaults on the major servers of this small country.

Did the Russians do it? possible = but it could easily be the work of the proletariat.
North America has certainly suffered through some small localised denial of service attacks before.....
Doing it on a national scale (albeit a small coutry) is a simple progression...
I'd have to agree it was likely the citizenry who conducted this. However, I would not put it off the table that the Russians may have funded (purchased) this attack. It has been done many times and will be done again.
 
<a href="http://news.bbc.co.uk/2/hi/europe/7401260.stm">BBC NEWS</a>

Estonian cyber defence hub set up

Seven Nato nations have backed a new cyber defence centre in Estonia, which last year blamed Russia for weeks of attacks on its internet structure.

Germany, Slovakia, Latvia, Lithuania, Italy and Spain will staff and fund the hub in the Estonian capital Tallinn.

Estonia came under cyber attack in 2007 after its decision to remove the bronze statue of a Red Army soldier from the centre of Tallinn.

Moscow denied involvement in the flood of data which crashed computers.

"We have seen in Estonia that a cyber attack can swiftly become an issue of national security," Nato spokesman James Appathurai said after a signing ceremony in Brussels.

"Cyber attacks can cripple societies."

The US will initially send an observer to the project, which will have some 30 staff when fully operational in August.

The centre will provide research, consultation and training on the development of cyber defences for participating national governments.

Story from BBC NEWS:
http://news.bbc.co.uk/go/pr/fr/-/2/hi/europe/7401260.stm

Published: 2008/05/14 16:00:57 GMT

© BBC MMVIII
 
Considering that the Internet has become a major part of how we communicate with each other, it's time has come.

Will be interesting to see how far they manage to take this initiative.
 
Reminds me of that anti-corruption agency that Singapore already has.

Singapore to Form National Cyber-security Agency

http://tech.yahoo.com/news/pcworld/20090930/tc_pcworld/singaporetoformnationalcybersecurityagency

Singapore will set up a government agency, the Singapore Infocomm Technology Security Authority (SITSA), to handle technology-related threats to the city-state's national security, a government minister said Wednesday.

"It will be the specialist authority to deal with threats to national security, especially external threats such as cyber-terrorism and cyber-espionage," said K. Shanmugam, Singapore's minister for law and second minister for home affairs, according to a transcript of his speech.

SITSA will be under the Internal Security Department of Singapore's Ministry of Home Affairs, which has handled security for government IT systems, Shanmugam said.

"SITSA is being formed at a time when the world has witnessed the Estonian cyberwar in 2007 and the Georgian cyberwar in 2008. In July this year, we witnessed yet another widespread cyber attack. This time, it was targeted against government and banking websites in South Korea and the United States," he said.

The newly formed unit will initially focus on securing the country's critical IT infrastructure in the finance, energy, water and transportation sectors. It will also work to raise the level of readiness for a cyber attack against the country and create a process for reporting, escalating and monitoring security incidents.

From next year, SITSA will hold regular exercises to practice its response to a cyber attack, Shanmugam said.
 
Interesting concept, from Marine Corps Times:
Marines pride themselves on being expeditionary, but a new career path could keep some of them at home, in front of a computer, for their entire time in the Corps.

Plans are in the works for a potential slate of new careers and enticements that would build a cadre of specialized computer warfare technicians who wouldn’t necessarily need to branch out to get promoted, the top general responsible for cyberwarfare told House lawmakers Sept. 23.

Lt. Gen. George Flynn, deputy commandant for combat development and integration, told a House Armed Services Committee panel that tomorrow’s cyber-Marines could essentially spend their entire careers without deploying, instead taking recruiting duty or other jobs.

“One thing that we have to take a look at is, once you get somebody schooled in this area and they become an effective operator, they need to stay in it. And so we’re going to have to take a look at career progression [in which it] isn’t going to be acceptable to somebody not to have to go out of occupational specialty assignment to get promoted,” Flynn said. “This may be the case where, once you’re in cyber, you never leave the cyber, something like we do with some of our special operations units.”

Although Flynn had few specifics for what Marine officials could be cooking up, he did mention that cyber-Marines could have longer enlistments, of which about two years would be spent just in training, and there may be special bonuses or other lures to keep them in the force ....
If they're supporting Marines, shouldn't they have to know how Marines do their jobs outside CONUS?  Maybe I'm a dinosaur, but I can't see how it wouldn't create a two-tier Corps.
 
TimBit said:
Out of curiosity, would you support it more for any of the three other services?
For the same reason, I'm leery about the idea elsewhere, too.  While the service rendered may be just as valuable (hell, could even be a one alternative for wounded warriors who can't deploy), those who would have to deploy wouldn't be wild about it.  That said....
TimBit said:
The only other option, really, is to heed the advice from some US Cyber Command senior officers and create a 5th service:
http://www.homelandsecuritynewswire.com/us-cyber-command-will-not-go-operational-today-planned
.... I guess the alternative would be even more unruly, given the (at least potential) duplication of top-end stuff that I'm guessing comes with creation of new services.
 
The Marines operate on the premise that all Marines are Grunts first and are taught that right from basic....so, some exposure to the various combat branches, in addition to their initial training and requals every year, should give enough exposure to allow the cyber guys/gals operating assistance capability....along with experienced command for touchy situations....
 
milnews.ca said:
For the same reason, I'm leery about the idea elsewhere, too.  While the service rendered may be just as valuable (hell, could even be a one alternative for wounded warriors who can't deploy), those who would have to deploy wouldn't be wild about it.  That said........ I guess the alternative would be even more unruly, given the (at least potential) duplication of top-end stuff that I'm guessing comes with creation of new services.

The wounded warrior is exactly why this won't work. Cyber warfare is complicated and takes years to learn even for compu sci graduates. You can't just take a grunt and pop him in front of a computer and expect he will excel. Would you have an injured infantry soldier fly rescue helicopters because he can't run with a backpack anymore? Different jobs, different skill sets, different recruits. You can be re-trained, sure, but the future of cyber means you need to attract a special type who is computer literate and attracted to this job. I work in cyber, and I sure as hell don't want someone who dreams of shooting pop-up targets all day long when we talk shop. I agree 100% that there needs to be a specialist trade. Now, should they be deployable? Why? But then, were ICBM crews deployable? No. I think the Air Force is the way to go with Space Ops and Missile Ops already pretty much a ConUS environment.
 
TimBit said:
The wounded warrior is exactly why this won't work. Cyber warfare is complicated and takes years to learn even for compu sci graduates. You can't just take a grunt and pop him in front of a computer and expect he will excel. Would you have an injured infantry soldier fly rescue helicopters because he can't run with a backpack anymore? Different jobs, different skill sets, different recruits.
True dat - that's why it may be one alternative for some (especially, as you say, given the nature of the training beast).

TimBit said:
Now, should they be deployable? Why? But then, were ICBM crews deployable? No. I think the Air Force is the way to go with Space Ops and Missile Ops already pretty much a ConUS environment.
Never thought of that as an analogy....  Based on that, the USAF could be the place to put it, given its experience in (what I'm guessing would be) similar working environments.
 
I'm pretty sure the cyber threat mentioned applies here also ::)
One only has to look at
Symantec Threat Monitor, powered by DeepSight
to have an idea of what is going on out there :nod:
                  _____________________________________________________________

article link

WASHINGTON - The United States faces a major threat in the future from cyber technologies that will require civil-military co-ordination to shield networks from attack, Defense Secretary Robert Gates said on Tuesday.

"I think there is a huge future threat. And there is a considerable current threat," Gates told The Wall Street Journal CEO Council. "And that's just the reality that we all face."

The U.S. Defense Department estimates that over 100 foreign intelligence organizations have attempted to break into U.S. networks. Every year, hackers also steal enough data from U.S. government agencies, businesses and universities to fill the U.S. Library of Congress many times over, officials say.

The Pentagon's biggest suppliers — including Lockheed Martin Corp., Boeing Co and Northrop Grumman Corp. — are investing in the growing market for cyber technology, estimated at up to $140 billion a year worldwide.

Gates said the U.S. military had made considerable progress protecting its own sites and was working with its private-sector partners "to bring them under that umbrella."

But how to allow Pentagon know-how to be applied to protecting domestic infrastructure can be tricky for legal reasons, including fear of violating civil liberties.

"The key is the only defense that the United States has against nation-states and other potential threats in the cyber-world is the National Security Agency," Gates said, referring to the super-secretive Defense Department arm that shields national security information and networks, and intercepts foreign communications.

"You cannot replicate the National Security Agency for domestic affairs. There isn't enough money. There isn't enough time. And there isn't enough human talent."

Last month, President Barack Obama's administration announced steps to allow greater co-operation between the NSA and the Department of Homeland Security. That includes stationing the DHS' privacy, civil liberties and legal personnel at the NSA.

"So you have the domestic security agency, DHS, being able to reach into NSA in a real-time way to get the kind of protection we need," Gates said.

"And my hope is that over time that will lead to better protections for both '.gov' and '.com.'"

                          (Reproduced under the Fair Dealings provisions of the Copyright Act)



 
NATO mobilizes for cyber warfare

BRUSSELS - In 1989, before the Internet revolution, Suleyman Anil was the lone man in charge of the security of NATO’s IT system, armed with a single computer.

Two decades later, with the threat of cyber attacks on the rise, Anil oversees two teams tasked with protecting the networks of the alliance’s political headquarters in Brussels and operations command in Mons, Belgium.

The threat is constant, with as many as 100 attempted cyber attacks on NATO every day, but it could take just "one in a day to be dangerous," said Anil, a Turkish IT expert who heads NATO’s Cyber Defence and Countermeasures Branch.

NATO leaders meeting at a summit in Lisbon on Friday and Saturday will enshrine cyber security as one of the 28-nation alliance’s priorities when they endorse a "strategic concept" to guide its strategy for the next decade.

A message seen on a computer in a NATO office makes the threat clear: "Computer viruses pose a risk to our organisation, varying from anonymous to outright dangerous."

The warning seeks to discourage employees from using USB keys, which can serve as a Trojan horse to plant viruses. But such worms are not the only threat.

The vulnerability of its servers to "professional" and "amateur" hackers was highlighted in 1999 when Serbs flooded NATO with thousands of emails to protest the alliance’s bombing campaign in Kosovo, Anil said.

The turning point for NATO came at a summit in Prague in 2002, when leaders asked NATO to improve the security of its computer networks, he told AFP in an interview.

Cyber warfare is one of five sections within a new NATO division against emerging security threats that was created in August.

A costly cyber strike against Estonia in 2007 and the Stuxnet computer worm attack in Iran this year gave new urgency to the need to protect networks.

Following the attack on the Baltic NATO member, the alliance established a research and development centre in Tallin called the Cooperative Cyber Defence Centre of Excellence.

It also decided to establish a rapid reaction team that would be deployed to help any NATO member following a cyber attack.

Although NATO has taken huge strides towards cyber security, it still has work to do.

The transatlantic military organisation will have to wait until 2013 to have 100 percent protection coverage for all its structure following a programme that was launched five years ago.

"We are not yet at the level where we would like to be," Anil said.

There are also legal challenges to linking up cyber defences between allied nations.

Since last year, NATO has signed a memorandum of understanding with seven alliance members on data sharing and procedures to follow in case of a cyber attack. Four other nations will follow suit.

US Admiral James Stavridis, the Supreme Allied Commander Europe, noted earlier this year the difficulty of governing cyberspace, comparing it to the 10 years it took to establish an international law of the sea.

Meanwhile, the alliance is gearing up for cyberwarfare.

Last year, the United States created its own Cyber Command to respond to computer threats and launch its own offensives.

NATO is in the midst of its third cyber defence exercise since 2008 which began Tuesday and ends Thursday. It involves 24 of 28 alliance members plus Austria.

The "Cyber Coalition 2010" exercise simulates "multiple simultaneous cyber attacks" against NATO and alliance members to test their strategic decision-making process.
article link
                          (Reproduced under the Fair Dealings provisions of the Copyright Act)
 
China 'hijacked' Internet to divert government and military data

China "hijacked" 15 per cent of the world's Internet traffic earlier this year, according to a report to the U.S. Congress, in what could be a new form of cyber terrorism.

A state-run telecoms firm is accused of diverting traffic including data from U.S. military and government websites, and some in Britain, via Chinese servers.

Experts fear that the authorities could have carried out "severe malicious activities" as a result of the 18-minute operation, even harvesting sensitive data from emails or implanting viruses in computers worldwide.

The report by the U.S.-China Economic and Security Review Commission says it raises the prospect that China might seek to "assert some level of control over the Internet".

Carolyn Bartholomew, vice-chairman of the commission, said Chinese efforts to penetrate U.S. networks were becoming more sophisticated, adding: "The massive scale and the extensive intelligence and reconnaissance components of recent high-profile, China-based computer exploitations suggest that there continues to be some level of state support for these activities."

It is the latest sign that governments are apparently seeking to attack computer networks or defend themselves from such attacks.

The U.S. military has a Cyber Command, while Israel is suspected of being behind a computer worm that may have damaged Iran's nuclear facilities. Earlier this year, Google said that Chinese hackers had tried to access the email accounts of human rights activists in the country, while the government has blocked popular websites such as Wikipedia and BBC News.

The new report provides previously unpublished details about a suspected "hijack" of almost one-seventh of Internet traffic. The report said it was unclear whether the incident was intentional, but added that "computer security researchers have noted that the capability could enable severe malicious activities".

The attack took advantage of the way that data are sent via computer servers. When an Internet user in, for example, California wants to look at a website based in Texas, the data make several "hops" on the way via servers.

Data are meant to travel by the most efficient route, but this can be manipulated as servers in China can suddenly announce that they provide the quickest route.

For 18 minutes on April 8, the state-owned China Telecom advertised "erroneous" network routes which led to traffic for 15 per cent of all Internet destinations being sent via servers in China.

These involved U.S. websites covering the Senate, army, navy, marine corps and Nasa as well as companies such as Microsoft, IBM and Yahoo. A handful of websites based in Britain were also affected.

Wang Yongzhen, a senior press official with China Telecom, said: "China Telecom has never done such an act."

                          (Reproduced under the Fair Dealings provisions of the Copyright Act)






 
Iran Suspends Nuclear Enrichment;Stuxnet Virus Suspected

Major technical problems in Iran's nuclear program have forced the temporary shutdown of thousands of centrifuges enriching uranium at Iran's Natanz plant, diplomats told The Associated Press on Monday.

The diplomats said the problems have caused Iranian experts to “briefly power down” the machines they use for enrichment.

The sources said they did not have further details but suspicions focused on the Stuxnet worm, the computer virus which has recently plagued Iran's nuclear program, and is believed by many observers to have been unleashed by the US or Israel.

Experts said last week that the Stuxnet worm was designed to destroy centrifuges by sending them spinning out of control.

“There have been hints that the program is beset by technical problems,” AP reported. “Even a brief shutdown of the thousands of enriching machines would be the strongest documentation to date that the program – Iran's nuclear cornerstone and a source of national pride – is in trouble.”
article continues here
            _________________________________________________________________


The Stuxnet worm at war in Iran


The intrigue and mystery read like the stuff of a spy novel, updated for the digital age.

There’s theories of state-sponsored sabotage, coded biblical messages, and a real computer worm called Stuxnet.

Security experts around the globe have unearthed evidence that Stuxnet was able to penetrate industrial plants in Iran and may have been deliberately crafted to destabilize that country’s controversial nuclear-enrichment operations.
                    __________________________________________________________

And in China: (other thread link, reply 1506)
Malware that infected Iran's nuclear industry has now infected Chinese industry as well.
              __________________________________________________________________
What is the Stuxnet worm?

Stuxnet (wikipedia)
Stuxnet is a Windows-specific computer worm first discovered in June 2010 by VirusBlokAda, a security firm based in Belarus. Stuxnet does not affect GNU/Linux or Unix operating systems such as BSD. It is the first discovered worm that spies on and reprograms industrial systems,[1] the first to include a programmable logic controller (PLC) rootkit,[2] and the first to target critical industrial infrastructure.[3] It was specifically written to attack Supervisory Control And Data Acquisition (SCADA) systems used to control and monitor industrial processes.[4] Stuxnet includes the capability to reprogram the PLCs and hide its changes.[5]

The worm's probable target has been said to have been high value infrastructures in Iran using Siemens control systems.[6][7] According to news reports the infestation by this worm might have damaged Iran's nuclear facilities in Natanz[8][9] and eventually delayed the start up of Iran's Bushehr Nuclear Power Plant.[10] Siemens has stated, however, that the worm has not in fact caused any damage.[11]

Russian digital security company Kaspersky Labs released a statement that described Stuxnet as "a working and fearsome prototype of a cyber-weapon that will lead to the creation of a new arms race in the world." Kevin Hogan, Senior Director of Security Response at Symantec, noted that 60% of the infected computers worldwide were in Iran, suggesting its industrial plants were the target.[12] Kaspersky Labs concluded that the attacks could only have been conducted "with nation-state support", making Iran the first target of real cyberwarfare
                __________________________________________________________
                        (Reproduced under the Fair Dealings provisions of the Copyright Act)
 
More on the worm and the alleged damage it has done to the Iranian nuclear program:

http://nextbigfuture.com/2010/11/stuxnet-is-game-changing-weaponized.html#more

Stuxnet is a game changing weaponized computer virus

Intelligence agencies, computer security companies and the nuclear industry have been trying to analyze the worm since it was discovered in June by a Belarus-based company that was doing business in Iran. And what they've all found, says Sean McGurk, the Homeland Security Department's acting director of national cyber security and communications integration, is a “game changer.”

UPDATE: Iran admits that there was cyber attack and there was an effect on their centrifuges. Iran is trying to downplay the effects Also, car bombs killed a top Iranian nuclear scientist in Tehran and wounded another.

    The construction of the worm was so advanced, it was “like the arrival of an F-35 into a World War I battlefield,” says Ralph Langner, the computer expert who was the first to sound the alarm about Stuxnet. Others have called it the first “weaponized” computer virus.

    Simply put, Stuxnet is an incredibly advanced, undetectable computer worm that took years to construct and was designed to jump from computer to computer until it found the specific, protected control system that it aimed to destroy: Iran’s nuclear enrichment program.

    The worm was designed not to destroy the plants but to make them ineffective. By changing the rotation speeds, the bearings quickly wear out and the equipment has to be replaced and repaired. The speed changes also impact the quality of the uranium processed in the centrifuges creating technical problems that make the plant ineffective,” he explained.

    In other words the worm was designed to allow the Iranian program to continue but never succeed, and never to know why.

    At Natanz, for almost 17 months, Stuxnet quietly worked its way into the system and targeted a specific component -- the frequency converters made by the German equipment manufacturer Siemens that regulated the speed of the spinning centrifuges used to create nuclear fuel. The worm then took control of the speed at which the centrifuges spun, making them turn so fast in a quick burst that they would be damaged but not destroyed. And at the same time, the worm masked that change in speed from being discovered at the centrifuges' control panel.

    At Bushehr, meanwhile, a second secret set of codes, which Langner called “digital warheads,” targeted the Russian-built power plant's massive steam turbine.

    Here's how it worked, according to experts who have examined the worm:

    --The nuclear facility in Iran runs an “air gap” security system, meaning it has no connections to the Web, making it secure from outside penetration. Stuxnet was designed and sent into the area around Iran's Natanz nuclear power plant -- just how may never be known -- to infect a number of computers on the assumption that someone working in the plant would take work home on a flash drive, acquire the worm and then bring it back to the plant.

    --Once the worm was inside the plant, the next step was to get the computer system there to trust it and allow it into the system. That was accomplished because the worm contained a “digital certificate” stolen from JMicron, a large company in an industrial park in Taiwan. (When the worm was later discovered it quickly replaced the original digital certificate with another certificate, also stolen from another company, Realtek, a few doors down in the same industrial park in Taiwan.)

    --Once allowed entry, the worm contained four “Zero Day” elements in its first target, the Windows 7 operating system that controlled the overall operation of the plant. Zero Day elements are rare and extremely valuable vulnerabilities in a computer system that can be exploited only once. Two of the vulnerabilities were known, but the other two had never been discovered. Experts say no hacker would waste Zero Days in that manner.

    --After penetrating the Windows 7 operating system, the code then targeted the “frequency converters” that ran the centrifuges. To do that it used specifications from the manufacturers of the converters. One was Vacon, a Finnish Company, and the other Fararo Paya, an Iranian company. What surprises experts at this step is that the Iranian company was so secret that not even the IAEA knew about it.

    --The worm also knew that the complex control system that ran the centrifuges was built by Siemens, the German manufacturer, and -- remarkably -- how that system worked as well and how to mask its activities from it.

    --Masking itself from the plant's security and other systems, the worm then ordered the centrifuges to rotate extremely fast, and then to slow down precipitously. This damaged the converter, the centrifuges and the bearings, and it corrupted the uranium in the tubes. It also left Iranian nuclear engineers wondering what was wrong, as computer checks showed no malfunctions in the operating system.

    Estimates are that this went on for more than a year, leaving the Iranian program in chaos. And as it did, the worm grew and adapted throughout the system. As new worms entered the system, they would meet and adapt and become increasingly sophisticated.

    During this time the worms reported back to two servers that had to be run by intelligence agencies, one in Denmark and one in Malaysia. The servers monitored the worms and were shut down once the worm had infiltrated Natanz. Efforts to find those servers since then have yielded no results.

    This went on until June of last year, when a Belarusan company working on the Iranian power plant in Beshehr discovered it in one of its machines. It quickly put out a notice on a Web network monitored by computer security experts around the world. Ordinarily these experts would immediately begin tracing the worm and dissecting it, looking for clues about its origin and other details.

    But that didn’t happen, because within minutes all the alert sites came under attack and were inoperative for 24 hours.

    “I had to use e-mail to send notices but I couldn’t reach everyone. Whoever made the worm had a full day to eliminate all traces of the worm that might lead us them,” Eric Byers, a computer security expert who has examined the Stuxnet. “No hacker could have done that.”

    Experts, including inspectors from the International Atomic Energy Agency, say that, despite Iran's claims to the contrary, the worm was successful in its goal: causing confusion among Iran’s nuclear engineers and disabling their nuclear program.

    Because of the secrecy surrounding the Iranian program, no one can be certain of the full extent of the damage. But sources inside Iran and elsewhere say that the Iranian centrifuge program has been operating far below its capacity and that the uranium enrichment program had “stagnated” during the time the worm penetrated the underground facility. Only 4,000 of the 9,000 centrifuges Iran was known to have were put into use. Some suspect that is because of the critical need to replace ones that were damaged.

    The efforts by the Iranians to cleanse Stuxnet from their system “will probably take another year to complete,” and during that time the plant will not be able to function anywhere normally.
 
'Cry Stuxnet And Let Slip The Dogs Of War?' The Potentially Deadly Viruses Of Cyber Warfare

The most recent battle in the New Cold War is being waged as you read this. It is a battle over nuclear weapons.

Claiming that more than 30,000 of their computers have been compromised by a nasty piece of malware dubbed Stuxnet, the Iranians say that electronic warfare is being waged against their state. Considered by many experts to be the best cyber virus ever, the Stuxnet virus plaguing Iran is a complex piece of malware-a short term for "malicious software," created to infiltrate surreptitiously and take control of certain aspects of a computer system.

Michael Scheidell, Chief Technology Officer of SECNAP Network Security and a nationally recognized expert on cyber-infrastructure security, acknowledges that "Stuxnet's complexity, multi-layered design, and range of technically disparate elements suggest that a large, well-funded team is responsible for its creation-possibly a nation-state. Some analysis also points to a highly specific target-a nuclear plant in Iran. So you could conclude that a powerful entity, organization or country created Stuxnet in retaliation against Iran. We may find another scenario at the end of the day, but this one looks good, given what we know now."

As the world becomes increasingly interconnected and reliant on computers to run everything from our coffeemakers to our nuclear plants, cyberspace has emerged as the fifth domain of warfare, after Land, Sea, Air, and Space.

A cyberattack launched by one nation against another raises many questions. After a cyberattack, will there be retaliation? In what form: Another cyberattack? A more traditional military attack or an asymmetrical terror attack?

What of treaties? NATO's lynchpin is that an attack on one member is an attack on all members. If a member of NATO is harmed via cyber-attack, does it trigger the obligation of fellow NATO members to declare war? The implications of cyber warfare are grave.

STUXNET: A POWERFUL, INDUSTRIAL-GRADE VIRUS

Stuxnet focuses on Supervisory Control and Data Acquisition (SCADA) systems which control the processes in many industrial and factory settings. Though it was first developed more than a year ago, Stuxnet was discovered in July 2010, when a Belarus-based security company found the worm on computers belonging to an Iranian client.

The Stuxnet virus is initially installed on a Microsoft workstation via the use of a USB memory stick, after which it immediately begins to search for a workstation running Siemens SIMATIC WinCC software.

Siemens, which boasts on its website that it is a "global powerhouse in the industry, energy and healthcare sectors," is the manufacturer of the software that Stuxnet targets. Siemens will not confirm how many customers it has in Iran. However, earlier this year, Siemens said it planned to wind down its Iran

ian business-a 290-employee unit that netted $562.9 million in 2008, according to the Wall Street Journal. Critics say the company's trade there has helped feed Iran's nuclear development effort in spite of the U.S. embargo on Iran.

Stuxnet is highly complex malware that is capable of infecting equipment isolated from the Internet and which targets industrial processes employed in the energy, transportation and healthcare sectors. It specifically, targets the systems of a single manufacturer criticized for assisting Iran in its nuclear development efforts.

The suspicions of a pre-emptive military fifth domain attack may or may not be true, but they are certainly not far-fetched.

THE CONVERGENCE OF TECHNOLOGY

Two decades ago, in an attempt to save money in the growing software-based process control and automation industry, companies began to explore the logistics, implications and benefits of converging the pathways that control desktops, servers and industrial equipment. Stuxnet takes advantage of the inherent flaws in this convergence strategy.

One of the flaws in convergence is the introduction of USB Memory Sticks (the same ones you may carry on your keychain) to the factory floor. Industrial equipment rarely has USB ports, but because of convergence these devices, which now share networks with office-grade equipment, are integrated (knowingly or unknowingly) with desktop computers. As a result of this convergence, power plants, pipeline networks, refineries, mass transit, high-rise HVAC, elevator systems, water and sewage plants, grain elevators, communications networks and other large-scale SCADA applications are susceptible to USB stick-borne viruses, even if the network is completely isolated from the Internet.

Stuxnet leveraged the widespread appeal of convergence to infiltrate factories and, perhaps, nuclear facilities.

IT'S ALL CONNECTED

The world is crisscrossed by networks of wires, cables, waves, pulses and signals. The computer systems that operate this world are all around us, yet just under the surface. Driven to design simplicity and ease of use into most systems, developers have learned to cleverly disguise the fact that you are even using a computer. But computers they are, in every imaginable size, supporting every conceivable application-and it is all connected. Just consider:
Smartphones, laptops, mobiles, desktops
ATMs, store barcode scanners, credit card swipe machines
Telephone systems, television systems
High-rise elevator and HVAC system controls
Ordering systems, payment systems, money moving systems
Factory production systems, assembly lines
Food processing and packaging systems
City water systems, sewage systems, rail lines, traffic signals
Electric and gas utility processing/production and distribution

Imagine these systems infiltrated by malware, crashing, rendered useless, at least temporarily. The data grid falls. The power grid falls. The communication grid fails. The transportation grid fails. Imagine the potential for panic-financial and otherwise-in the face of cascading network failures.

FIRST CYBERATTACK OF THE NEW COLD WAR

The first shots in the cyberspace Cold War were fired by the Russians against Estonia and Georgia in 2007 and 2008. At that time, the cyber infrastructure in Georgia was suffering from the type of cascading system failure described above. This took place as Russian tanks were advancing across the Caucasus in 2008.

Perhaps it was a coincidence. We have never been able to trace the cyber denial of service (DoS) attacks directly back to the Russians. Regardless, due to widespread system failure the established government in Georgia was unable to coordinate any defense, and was isolated from the rest of the world to gain assistance.

Destabilizing a nation's cyber-infrastructure is not an exact science. The results are not foreseeable or controllable necessarily. And neither is the potential for retaliation. However, forcing a nation-state into chaos without an identifiable adversary is a perfect tool for the asymmetric attacks of terrorists. There is little lead time. There is little chatter. Assembling the devices necessary rarely requires embargoed or highly regulated materials.

Was the United States or its allies behind the Stuxnet virus? We may never know. But we are no less a combatant in the New Cold War. The damage threatened in this war is tremendous to our country and way of life. We must continue to exert our influence in all domains-not only air, sea, land and space-but cyberspace as well.

U.S. DEFENSE AGAINST CYBER WARFARE

Our vulnerabilities are considerable in this country. But so are our defenses and our resilience. Despite economic woes, the Department of Homeland Security is spending significantly to bolster critical infrastructure. Rules regulating private industry are being revamped to require strong defenses of critical processes and data. These reforms are also being pushed by private industry, healthcare, the accounting and legal professions, and the financial industry. Federal regulation and those who enforce and interpret it are assisting our industries in bolstering their defenses.

As the most computer-reliant country in the world, the United States recognizes the threat posed by cyber warfare.

Twenty-five percent of all malware discovered this year is propagated through the use of USB sticks. Given the flaws of convergence, and the prevalence of USBs, it is not surprising that the Pentagon and Central Command were "hacked" via USB-borne malware in 2008. Since that time, the military has substantially bolstered its cyber defenses. The Federal Government has likewise taken giant steps in bolstering cyber security for non-military branches of government.

However, our government currently takes no official role in protecting private business and, outside of Homeland Security dollars, assumes no acknowledged role in protecting critical quasi-government infrastructure-such as power plants, pipeline networks, refineries, communications networks and other large-scale applications.

Cyber Command Chief General Keith Alexander has confirmed publicly that Cyber Command does not work with private industry. Recently, however, Alexander's position seems to be morphing toward a more robust government involvement in protecting strategic infrastructure such as water, gas and electricity. The Cyber Command Chief envisions a team approach to security involving the Department of Defense, the Department of Homeland Security and the FBI. The FBI would investigate computer hacking, Homeland Security would work with industry and other critical areas. Alexander has emphasized that it will be critical for private industry and contractors to be involved if the proposed program is to be effective.

History is rife with the stories of new technologies that turned the tide in favor of one side in warfare. You don't need to look back to the Longbow's effect on the Hundred Year's War in the 1400s for examples. You don't even need to look back to World War II. The technology-driven unmanned drone program currently in use in Iraq and Afghanistan is exceedingly effective. The best technology often wins wars. And we are a nation at war. The responsibility to defend our nation is ours, on all fronts.

                      (Reproduced under the Fair Dealings provisions of the Copyright Act)



 
Back
Top