DIGITAL AMERICA

Tag: malware


4chan anonymous copyright counterculture culture democracy digital digital america digital culture digital divide Education Facebook Google Government hackers hacking Information Please Innovation internet IPhone Julian Assange Mark Poster Mexico Netizen new media NSA Obama Occupy Online Activism politics Privacy snowden social awareness social media SOPA Stuxnet Tec de Monterrey technology Ted Talks Turkle Twitter USA WikiLeaks wired youtube

The Cyberwar is Coming

// Posted by on 05/28/2015 (4:20 PM)

 

I found the articles we read for this assignment to be particularly fascinating and thought-provoking. In all of my climate-related classes, research, and study, water and water resources are often cited as the likely catalysts for… Read more

+
2

 

I found the articles we read for this assignment to be particularly fascinating and thought-provoking. In all of my climate-related classes, research, and study, water and water resources are often cited as the likely catalysts for the next great wars, and their arguments are all terribly logical and believable. The experts all say that we’re starting to see signs of this now. For example, “last summer, Isis accused the Turkish government in Ankara, headed by Recep Tayyip Erdogan, of deliberately holding back the Euphrates through a series of dams on its territory, lowering water levels in Lake Assad by a record six metres. Isis was apoplectic.”

However, after reading “How Digital Detectives Deciphered Stuxnet, the Most Menacing Malware in History,” I really started thinking that maybe wars over water will be undermined by directed malware wars. With Stuxnet, as noted in “The Code War,” the way it worked was “not unlike the enriched uranium the Iranians were working on, but in software form: expensive, highly refined munitions that formed the core of an extremely sophisticated weapons system.”

Attacks like these could very well lead to the next great wars. They are “unobtrusive, can be constant, and they’re invasive. “As the reading shows, these attacks have already started. If Iran had retaliated, or retaliates, what will it look like? Developers designed malware with the ability to tap into Iran’s nuclear centrifuges and alter the speed at which they work. What’s keeping someone or a government from exploiting that ability to an apocalyptic end? Why not? If we can, we should, right? If malware this mischievous can be created and unleashed it in the name of data gathering, sabotage, spying, whatever – and something goes wrong, what kind of collateral damage will there be? As we read, with Stuxnet, there were some friendly fire (assuming that there were some infections in the country(ies) responsible for the attack) accidents. Computers worldwide were infected – even some in the US. “The victims bleed personal data and intellectual property.”

What sectors in the US have unique vulnerabilities like the one exploited in Iran? Likely a lot! Everything is automated these days. Everything is a computer or has a computer. Even the business card dropped off by a bulk water sales rep today had a computer in it.

The image doesn’t do it justice, so here:

https://www.youtube.com/watch?v=BlayQjxDm0I&feature=youtu.be

Could Diamond Springs unleash malware into this guy’s business card and sabotage his operation? It has a USB port. This item likely has a variety of weaknesses.

Additionally, should the U.S. be using these methods for domestic data gathering? Whether or not they should be, they do. In the example laid out in “The Code War,” with Freedom Hosting, they acquired a warrant and implanted surveillance software.  In doing so, broke up a huge child pornography operation. This is good. However, if the FBI, CIA, NSA, ABCDEFG want to do the same to my computer because I visited a site of an organization critical of the American government, is that right? No. To answer my above question, no, just because we can doesn’t mean we should. These attacks aren’t going anywhere. In fact, Edward Snowden reveled that “the NSA budget included $25.1 million for “additional covert purchases of software vulnerabilities,” suggesting that they both buy zero-days and roll out their own internally.”


Categories: Uncategorized
Tags: , , , , , , , , ,
+

Cyberwarfare

// Posted by on 05/28/2015 (12:41 PM)

When I think about the culture that envisioned the Internet they essentially developed it as an information-sharing system and in essence devoted little thought to securing the network. Their focus was on functionality, reliability, and information transfer and not on… Read more

+
2

When I think about the culture that envisioned the Internet they essentially developed it as an information-sharing system and in essence devoted little thought to securing the network. Their focus was on functionality, reliability, and information transfer and not on the potential misdeeds of criminals and terror organizations that might seize control of computers and direct them to nefarious purposes.

I have to admit that much of these articles were beyond my understanding of computer language and code talk. The phrase Cyberwarfare, is a new term for me. I am familiar with computer viruses and malware and their use to hijack computers and steal information. But the use of viruses to physically destroy something in the real world sounds like something out of a sci-fi thriller.

After reading about all the surveillance that is going on to garner knowledge about everything, it is really not that surprising that the information is being used in this way. I am curious to know if this was the intention of the surveillance or a side effect. It is astounding to think about the amount of work and information that was needed to create these digital weapons and the potential impact of this type of Cyberwarfare is shocking and a bit terrifying.

The capacity to assault important systems exists everywhere and could possibly cripple our whole society, as it is extremely reliant on cyber information.  A vicious cyber attack on the civilian population would certainly be devastating and could potentially include the corruption of data, supply chain corruption leading to shortages of food, water, and fuel. This could and most likely would cripple Americans and send us back into the dark ages where there is no electricity, money, communication, TV, Internet, or transportation. While this type of warfare means that no bombs will be going off, in terms of disrupting societies, the impact of this type of conflict does have the potential to be more devastating.

So with all the surveillance that is going on, should the government play some role in preventing cyber attacks? Should they help to prevent, trace, or repel the attacks? Should they take retaliatory measures? Or is this a private matter left up to the companies that are affected? When do the cyber attacks cross into the realm of diplomacy or national security?


Categories: Uncategorized
Tags: , , ,
+

I Pledge Allegiance to the Internet

// Posted by on 02/23/2014 (8:04 PM)

In previous weeks, we’ve discussed how technology and the internet provides a global “third space,” an amorphous sphere for interaction between strangers from all over the world, without any real recognition of traditional nation state boundaries. We’ve discussed how the… Read more

+
1

In previous weeks, we’ve discussed how technology and the internet provides a global “third space,” an amorphous sphere for interaction between strangers from all over the world, without any real recognition of traditional nation state boundaries. We’ve discussed how the use of technology can challenge traditional nation states and their governments through hacking, leaking information and fueling IRL assembles, such as the Occupy Wall Street movement. We’ve also discussed the developing news surrounding Edward Snowden, and how this reflects the limited control that nation states have over the “third space.” With this new age tension between nation states and the “third space,” there comes yet another question: who will users/citizens align themselves with?

In Mark Poster’s Information Please, Poster describes a new kind of citizen; a citizen to the “third space”; a netizen. Using such a governmentally influenced term to describe an internet user sets up a clear divide between an individual’s relationship to the internet, and his or her relationship to a country. It implies a certain dichotomy, that a person can only align themselves with one entity or the other.

This idea is further emphasized with our reading on Stuxnet this week. As Symantec was trying to decode the complex and sophisticated malware that is Stuxnet, technical directors began to realize that the malware could be much more than just a technological nuisance. “Stuxnet could be the work of a government cyberarmy,” Kim Zetter writes in her Wired article. “The researchers risked tampering with a covert U.S. government operation.”

Once the governments of traditional nation states were possibly involved, the directors of Symantec had to question their allegiance between a specific country, or the global “third space” that technology provides. This has become a bigger and bigger issue as technology has developed. Both the nation state and the “third space” pose an inherent threat to one another, and a huge part of the threat stems from that fact that an individual can chose which sphere he or she wants to devote themselves to. In the case of Symantec, they “felt no patriotic duty to preserves [Stuxnet’s] activity. ‘We’re not beholden to a nation,” [technical director of Symantec Eric Chien] said. ‘We’re a multinational, private company protecting customers.’”


Categories: Uncategorized
Tags: , , ,
+

Updates on Stuxnet

// Posted by on 02/28/2012 (3:26 PM)

Last week, we read a Wired article about Stuxnet and the havoc that it wreaked on Iran’s nuclear program. Although Stuxnet was found over a year ago and has since been removed from these computers, new information has come… Read more

+
0

Last week, we read a Wired article about Stuxnet and the havoc that it wreaked on Iran’s nuclear program. Although Stuxnet was found over a year ago and has since been removed from these computers, new information has come out about it within just the past couple weeks.

 

Here is a video demonstration on how Stuxnet works:

While many, including this article in Computerworld, called Stuxnet the best malware ever, new research has come out to say that this may not be the case for much longer. In a recent article in the Christian Science Monitor, recent research demonstrates that Stuxnet was just the beginning of a long line of malware that has specific targets and missions and can bypass all forms of detection. According to the article, there are going to be more examples of malware that have the possibility of being much more dangerous than Stuxnet was.

Just a couple of weeks ago, Fox News reported that Iran stated that 16,000 computers were attacked. Although it is unclear whether this was worldwide or just in Iran, either way, that is a large number of computers that were attacked and no one knew for a long time.

Don’t get me wrong, I think Stuxnet is awesome in the way that it is specifically targeted and can evade detection. It has been a break-through piece of malware that is incredible in its capabilities and ability to avoid detection and in the hands of people using it for good, it can be so beneficial. However, I can’t help but think what could happen if people start using this kind of attack for not-so-altruistic missions. A specific, pointed attack could be dangerous and cause serious harm to a number of vital industries in just the United States. An attack on the power grid, on air traffic controllers, or any number of other industries would not only be dangerous, but detrimental to our economy and our way of life. While I trust that these industries are protected as much as they can be (maybe I’m just being naive), I bet that the Iranians felt that their systems were secure. I believe it is the fact that I feel so defenseless against such an attack that makes me worried.

Are you worried about a possible attack on America? Do you think this is a possibility or am I just worried for nothing?


Categories: Uncategorized
Tags: , , , , , ,
+

Stuxnet and the New Forms of Cyberattacks

// Posted by on 02/25/2012 (2:18 PM)

After reading this article on wired.com about Stuxnet, the most sophisticated malware ever produced, I started to consider the ways in which this type of attack is novel and why it has gotten so much attention. First, the people… Read more

+
0

After reading this article on wired.com about Stuxnet, the most sophisticated malware ever produced, I started to consider the ways in which this type of attack is novel and why it has gotten so much attention. First, the people investigating Stuxnet were shocked at what exactly was being attacked. One of the researchers, Eric Chien, said, “We were expecting something to be espionage, we were expecting something to steal credit card numbers; that’s what we deal with every single day. But we weren’t expecting this.” The shock and awe had shifted from what was being attacked or stolen to how the attacks were being implemented. Below is a TedTalk by Ralph Langner, a German researcher who was heavily involved in decoding the virus of Stuxnet:

 

 

What shocks me the most is the process of discovering what exactly Stuxnet was setting out to do: a virus that had been specifically programmed to attack only certain computers in certain areas. The article from wired.com that details where Stuxnet was prevalent along with how it was choosing which computers to infect; essentially, it proves that specific, potentially extremely harmful attacks can be waged on just a simple USB stick. Still, however, the most shocking part about the article was the way in which Stuxnet accomplished its goal-- it was a slow, deliberate attack on certain physical components of Iran’s plant. Stuxnet was not only the most sophisticated malware yet (four zero-days? two stolen certificates??), but it was performing the most sophisticated cyber attack seen yet. It was introducing a hard-to-detect virus into certain computers, controlling certain functions, so certain physical components would malfunction over time. This clearly is much more than “stealing credit card numbers.” This malware had the ability to slow down the production of nuclear weapons. It slowed the nuclear arms race. All from a few lines of code.

 

This new form of attack has caused me to re-think not only the forms of cyber attacks, but also what exactly is becoming a target of attack. Are you shocked by what Stuxnet was attacking, as well as the impressive forms of attack it employed to get there? How do you feel this new form of attack fits in with the much-discussed globalization of technology? Do you think that putting a specific virus that is meant to attack a specific computer or set of computers has opened up a new form of warfare across the world?


Categories: Uncategorized
Tags: , , ,
+