4chan anonymous copyright counterculture culture democracy digital digital america digital culture digital divide Education Facebook Google Government hackers hacking Information Please Innovation internet IPhone Julian Assange Mark Poster Mexico Netizen new media NSA Obama Occupy Online Activism politics Privacy snowden social awareness social media SOPA Stuxnet Tec de Monterrey technology Ted Talks Turkle Twitter USA WikiLeaks wired youtube
// Posted by Lois on 05/28/2015 (4:40 PM)
I forgot to include this interesting YouTube video on Stuxnet as part of my post!
I forgot to include this interesting YouTube video on Stuxnet as part of my post!
// Posted by Lois on 05/28/2015 (4:36 PM)
“Stuxnet wasn’t just aimed at attacking a specific type of Siemens controller, it was a precision weapon bent on sabotaging a specific facility.” This is a direct quote from the article we read this week “How Digital Detectives Deciphered Stuxnet,… Read more
“Stuxnet wasn’t just aimed at attacking a specific type of Siemens controller, it was a precision weapon bent on sabotaging a specific facility.” This is a direct quote from the article we read this week “How Digital Detectives Deciphered Stuxnet, The Most Menacing Malware In History.” Wow! The most menacing malware in history are strong words. But Stuxnet was a sophisticated and difficult to detect malicious malware program. One characteristic (there were many) that surprised the computer security experts was that the malware was not aimed at the U.S. but targeted foreign countries – Iran, Indonesia and India. We read that computer security has grown into a multibillion-dollar industry just due to keeping pace with the hackers, viruses and spyware programs that are constantly being created. Is this an example of negative digital progress? Yes! Along with progress that is good and propels the world forward in computer skills and abilities comes the negative aspect of hackers and those who are set on making money utilizing the very tools that are being developed. It’s a catch 22 – while we aim to steadily increase our digital knowledge to streamline and be more efficient, we are also up against hackers who’s goal is to take down what has been created and make money in the process.
Stuxnet was unique in that it used “zero-days” to spread the malware. Zero days, are the ”hacking world’s most potent weapons: they exploit vulnerabilities in software that are yet unknown to the software maker or antivirus vendors.” With this method the virus can spread from computer to computer through a contaminated USB. Something as normal as inserting a flash drive was the catalyst for Stuxnet. The shear sophistication of this malware was a puzzle to be solved by computer experts. What was it, how did it come to be and how to fix it? All critical questions for computer experts. The term zero days is new to me. It seems that if a computer virus can be initiated in vulnerabilities of software that a software maker isn’t even aware of, then how can the software maker protect their product? It’s definitely a difficult situation. I don’t think it’s going away either. Thought leaders are constantly developing new and improved hardware and software and criminals are constantly developing malicious viruses to hack in to computers and do damage or steal information.
I’ve had malware on my work office computer and my work laptop. It was a nightmare to fix! Hours of clean up time were spent to repair the damage. And, now we see the same thing happening with our tablets, iPads, and cell phones. After all, what is a cell phone but a small computer. How can we be careful that our personal information is not stolen and that our digital devices remain safe? As a consumer I trust the antiviral software that I use will protect me but I truly think you’re just lucky if you don’t experience a virus at some time with some piece of your digital world.
It’s scary to think that a company like Siemans can be targeted so specifically. Think of the money the company spends to detect the virus and fix the problem. I think most every business is vulnerable to such an attack. When I work from home I log in via a VPN (virtual private network) and I feel secure working from home, but am I? I often use my remote desktop connection and it’s as if I’m sitting in my office working and I feel protected by the Sophos software the University uses. I think it’s a false sense of security but I’ve got to trust it anyway. It seems like with big brother watching our every move and invasions of our private information and digital devices, one has to be so careful what one shares on the Internet or via digital communication. I would not share anything that I would not want exposed because you don’t know who is looking!
In reading about Stuxnet I imagined that there are many malware viruses created by our government for spying on other countries or for use in the military for the purpose of trying to prevent terrorism in the U.S. If this is actually true, I guess I don’t have a problem with what our government might be doing to “protect” us. But, on the other hand, how much data does our government have the right to have on us? It’s not an easy question to answer.
Tags: digital america, Stuxnet
// Posted by David on 05/28/2015 (4:20 PM)
I found the articles we read for this assignment to be particularly fascinating and thought-provoking. In all of my climate-related classes, research, and study, water and water resources are often cited as the likely catalysts for… Read more
I found the articles we read for this assignment to be particularly fascinating and thought-provoking. In all of my climate-related classes, research, and study, water and water resources are often cited as the likely catalysts for the next great wars, and their arguments are all terribly logical and believable. The experts all say that we’re starting to see signs of this now. For example, “last summer, Isis accused the Turkish government in Ankara, headed by Recep Tayyip Erdogan, of deliberately holding back the Euphrates through a series of dams on its territory, lowering water levels in Lake Assad by a record six metres. Isis was apoplectic.”
However, after reading “How Digital Detectives Deciphered Stuxnet, the Most Menacing Malware in History,” I really started thinking that maybe wars over water will be undermined by directed malware wars. With Stuxnet, as noted in “The Code War,” the way it worked was “not unlike the enriched uranium the Iranians were working on, but in software form: expensive, highly refined munitions that formed the core of an extremely sophisticated weapons system.”
Attacks like these could very well lead to the next great wars. They are “unobtrusive, can be constant, and they’re invasive. “As the reading shows, these attacks have already started. If Iran had retaliated, or retaliates, what will it look like? Developers designed malware with the ability to tap into Iran’s nuclear centrifuges and alter the speed at which they work. What’s keeping someone or a government from exploiting that ability to an apocalyptic end? Why not? If we can, we should, right? If malware this mischievous can be created and unleashed it in the name of data gathering, sabotage, spying, whatever – and something goes wrong, what kind of collateral damage will there be? As we read, with Stuxnet, there were some friendly fire (assuming that there were some infections in the country(ies) responsible for the attack) accidents. Computers worldwide were infected – even some in the US. “The victims bleed personal data and intellectual property.”
What sectors in the US have unique vulnerabilities like the one exploited in Iran? Likely a lot! Everything is automated these days. Everything is a computer or has a computer. Even the business card dropped off by a bulk water sales rep today had a computer in it.
The image doesn’t do it justice, so here:
Could Diamond Springs unleash malware into this guy’s business card and sabotage his operation? It has a USB port. This item likely has a variety of weaknesses.
Additionally, should the U.S. be using these methods for domestic data gathering? Whether or not they should be, they do. In the example laid out in “The Code War,” with Freedom Hosting, they acquired a warrant and implanted surveillance software. In doing so, broke up a huge child pornography operation. This is good. However, if the FBI, CIA, NSA, ABCDEFG want to do the same to my computer because I visited a site of an organization critical of the American government, is that right? No. To answer my above question, no, just because we can doesn’t mean we should. These attacks aren’t going anywhere. In fact, Edward Snowden reveled that “the NSA budget included $25.1 million for “additional covert purchases of software vulnerabilities,” suggesting that they both buy zero-days and roll out their own internally.”
// Posted by Shirley on 05/26/2015 (10:32 PM)
Former government employees, hackers and journalist are educating American citizens who have a false since of security regarding government activities and their personal data. Similarly to how Brand and Brilliant provided The Whole Earth Catalog and the WELL, an… Read more
Former government employees, hackers and journalist are educating American citizens who have a false since of security regarding government activities and their personal data. Similarly to how Brand and Brilliant provided The Whole Earth Catalog and the WELL, an online meeting place for their followers (hackers, journalist and other professionals), people could log onto WikiLeaks.org and obtain classified government information unattainable elsewhere. The activities being uncovered include illegal, immoral and murderous practices, and are costing tax payers billions of dollars.
As written in the article, The NSA is building the country’s biggest spy center, billions are dollars being spent on secret facilities such as Bluffdale (a facility that will be five times the size of the US Capitol) filled with servers, computer intelligence experts, and armed guards. The author indicates “Its purpose to intercept, decipher, analyze, and store vast swaths of the WORLD’s communication obtained from satellites, underground and over the ground wiring”. Not just pertinent information needed for national security but all information.
Oddly enough, these informants work unaccompanied or in small groups which brings to mind the biblical story of David and Goliath with Goliath representing the bureaucracy. Captured from the article, Edward Snowden: the whistleblower behind the NSA surveillance revelations Edward Snowden believed that the public deserved to know about the “threat to democracy” occurring with hidden government actions which included a “federation of secret law, unequal pardon and irresistible executive powers” that exist in a “world that I love” even though he has now become a fugitive from this world. I think he felt if he did not act quickly the abuse of power would have continued its downward spiral.
Snowden understood that he will be ridiculed by the media and punished including put to death by government in the event he is caught but this martyr seems to put the good of others first when he states that “The only thing I fear is the harmful effects on my family, who I won’t be able to help any more”. His fears were justified as he lives in isolation, fearful for his life and of his loved ones. I have always been more of a follower than a leader and doubt I would have the same courage to antagonize a hunger lion as Snowden. The hunger lion referenced would be the sometimes embarrassed, overly incompetent and overly zealous NSA who seemed to stand idly by during 9-11, World Trade Center and other terrorist attacks successfully executed.
United States government employees and agencies are participating in unwarranted, secretive, and illegal activity against its citizens and citizens of other countries via the internet and phone conversations which are being uncovered and share with a very naïve public under the guise of our own safety. In the article, No Secrets Julian Assange’s mission for total transparency, Assange “shared confidential information and publish it on a Web site called WikiLeaks.org and in a manner that it could not be erased”. These illegal activities are not limited to the USA but others have threatened legal actions include unscrupulous Kenyan politicians, the Swiss banks, Russian offshore stem-cell centers, former African kleptocrats, or the Pentagon.”
Do the ends justify the means? I think it does when the purpose is as noble and self-less as has been documented in these articles. Especially when the end result brings about the kind of enlightenment that both Snowden and Assange’s have shared. In the article, How digital detectives deciphered stuxnet, the most menacing malware in history the reader is introduced to how the zero-day code can infect thousands of computers in high usage countries and extracting confidential information and return this information to multiple locations. The data stored by the worm used to track down the source and can be fixed or sold.
I get the sense that few are truly against US surveillance when it is properly regulated and those who abuse the power are quickly punished. I am grateful to reports like Glen Greenwald who work to uncover the truth exposing the antagonist and the protagonist, all while being unafraid of the blowback. I think this type of work encourages the leaders to take positive action regardless of the cost.
// Posted by Mia on 02/23/2014 (8:04 PM)
In previous weeks, we’ve discussed how technology and the internet provides a global “third space,” an amorphous sphere for interaction between strangers from all over the world, without any real recognition of traditional nation state boundaries. We’ve discussed how the… Read more
In previous weeks, we’ve discussed how technology and the internet provides a global “third space,” an amorphous sphere for interaction between strangers from all over the world, without any real recognition of traditional nation state boundaries. We’ve discussed how the use of technology can challenge traditional nation states and their governments through hacking, leaking information and fueling IRL assembles, such as the Occupy Wall Street movement. We’ve also discussed the developing news surrounding Edward Snowden, and how this reflects the limited control that nation states have over the “third space.” With this new age tension between nation states and the “third space,” there comes yet another question: who will users/citizens align themselves with?
In Mark Poster’s Information Please, Poster describes a new kind of citizen; a citizen to the “third space”; a netizen. Using such a governmentally influenced term to describe an internet user sets up a clear divide between an individual’s relationship to the internet, and his or her relationship to a country. It implies a certain dichotomy, that a person can only align themselves with one entity or the other.
This idea is further emphasized with our reading on Stuxnet this week. As Symantec was trying to decode the complex and sophisticated malware that is Stuxnet, technical directors began to realize that the malware could be much more than just a technological nuisance. “Stuxnet could be the work of a government cyberarmy,” Kim Zetter writes in her Wired article. “The researchers risked tampering with a covert U.S. government operation.”
Once the governments of traditional nation states were possibly involved, the directors of Symantec had to question their allegiance between a specific country, or the global “third space” that technology provides. This has become a bigger and bigger issue as technology has developed. Both the nation state and the “third space” pose an inherent threat to one another, and a huge part of the threat stems from that fact that an individual can chose which sphere he or she wants to devote themselves to. In the case of Symantec, they “felt no patriotic duty to preserves [Stuxnet’s] activity. ‘We’re not beholden to a nation,” [technical director of Symantec Eric Chien] said. ‘We’re a multinational, private company protecting customers.’”
Tags: malware, Netizen, Stuxnet, third space
// Posted by Jorien on 02/25/2013 (8:38 PM)
Thinking back about a discussion in class about the modern age and warfare. We read an article on Stuxnet which showed us that there was a cyberattack on Iran by the US government. Also, reading back on different WikiLeaks… Read more
Thinking back about a discussion in class about the modern age and warfare. We read an article on Stuxnet which showed us that there was a cyberattack on Iran by the US government. Also, reading back on different WikiLeaks articles it made me think more about if countries go into war with each other, what will the war look like, is it old fashioned fought by the military or is it maybe more fought online?
The Stuxnet article showed that nowadays people can actually get into machine systems by the internet. Both have different coding, however people found a way to get into the system by a virus which used a zero-day exploit to spread. So, if it is possible to manipulate a working machine, in this case centrifuges that were enriching uranium, do we still need physical troops to go to the country? In the case of Stuxnet they did have an insider in Iran which delivered the virus via USB. Then still it would be possible to just send one guy undercover instead of troops.
Even if it might be possible that wars will be fought via the Net, there is still the terorrism threat. The Internet is nowadays also often used by extremist groups who starts forums in which they can express their opinions and hope to find other extremists. One of these forums, the Shumukh forum, which is one of the major jihadist forums, say that there is a conspiracy to destroy Syria. The countries involved in this will be the US, Iran and Israel. It predicts that everyone will be exhausted, all weapons will be destroyed and civilization will go back to the time of Stone Age. If this is true, it means that instead of a cyber war the alliance of US, Iran and Israel will actually have an intervention to destroy Assad’s regime.
Interesting to see is that the Stuxnet mission was from the US government who tried to stop Iran’s nuclear plant, and this mission was actually intervened by different antivirus experts who worked together to actually stop the virus and thereby going against the US government. Thus on a cyberlevel, different countries can work together easily by getting experts to work out of their home, which also shows that boundaries actually vanish in this cyberworld. Now it was against one government, but what if on both side multiple countries join..
The article about the intervention in Syria, shows that even though there is the use of the internet by these different extremist groups, countries still think about getting their physical troops involved. I would think that maybe in the modern age the internet or just computers in general will be a way in which countries will be able to intervene in their local politics. Looking back at WikiLeaks, government secrets leaked so other countries knew about their plans, their secrets and other issues that were going on. If every country knows about the government plans and ideas of other countries it seems like there will be a world in which everybody knows what will happen.
Will this increase a threat of global warfare, or will it remove any threats. Governments know then that whatever they plan, will be out in the open..
Tags: Cyber attack, Stuxnet, Terrorism, War, WikiLeaks
// Posted by Andrew on 02/24/2013 (10:14 PM)
After our discussion about Wired Magazine’s Stuxnet story, I became interested in the new piece of malware that was discovered in Stuxnet’s wake. It’s called Flame, and its size and complexity dwarfs its news-making predecessor. Read more
After our discussion about Wired Magazine’s Stuxnet story, I became interested in the new piece of malware that was discovered in Stuxnet’s wake. It’s called Flame, and its size and complexity dwarfs its news-making predecessor. According to Wired, the program’s ”complexity, the geographic scope of its infections and its behavior indicate strongly that a nation-state is behind Flame, rather than common cyber-criminals.” For those who followed news about Stuxnet, this should come as no surprise since the United States is an alleged creator of that malware (among other suspects). Flame’s main mission is to infect targeted computers and to spy on them, extracting specific bits of data that is useful for the creators. Because of its incredible size and complexity, cracking the puzzle could take years. Among the many functions of flame, these are the ones that stand out:
“…one that turns on the internal microphone of an infected machine to secretly record conversations that occur either over Skype or in the computer’s near vicinity; a module that turns Bluetooth-enabled computers into a Bluetooth beacon, which scans for other Bluetooth-enabled devices in the vicinity to siphon names and phone numbers from their contacts folder; and a module that grabs and stores frequent screenshots of activity on the machine, such as instant-messaging and e-mail communications, and sends them via a covert SSL channel to the attackers’ command-and-control servers.”
There are a lot of lines in that quote. However, the main takeaway is that an incredibly skilled group of individuals has the ability to completely take over a computer from thousands of miles away, and the complexity of their code can take people wanting to fight it years to solve. This sort of espionage is taking place all around the world, and it represents a new type of war that is being fought: an invisible war that is not necessarily resulting in bloodshed, but rather the theft and capture of digital data. While there may not be any losses of life on either side of the conflict at the moment, the real danger lies in how the stolen data can, and will, be used.
According to Mashable, “Flame is a covert operation in cyber-space and without a doubt, it’s been commissioned by a nation-state or nation-states…global governments are investing more and more money in so-called offensive capabilities, and it’s a lot easier and cheaper than traditional espionage and warfare.” Is this the way that wars will be fought in years to come? Although regular computer users are not the intended targets by any means, should we as consumers and United States citizens choose to condemn or praise this kind of behavior? Even though we, personally, are not affected by Flame, it is possible that our permissiveness is what leads to governments (like our own) that support this kind of cyber espionage.
Tags: cybersecurity, Flame, Stuxnet, wired
// Posted by Kelsey on 03/24/2012 (9:37 PM)
Renee’s post on dishwasher spying got me thinking about how secure we are versus how secure we think we are. It seems to be that we always think we are more secure than reality. The ability of… Read more
Renee’s post on dishwasher spying got me thinking about how secure we are versus how secure we think we are. It seems to be that we always think we are more secure than reality. The ability of the CIA to spy on us through our dishwasher, the Patriot Act, Stuxnet, webcam hacks, right on down to our bank accounts and even the information we provide to download apps on our iphones.
These examples only scratch the surface of all the ways that people can be spied on or have their information stolen and yet, it never seems to cross our mind. It feels like we are in a culture that is based on mistrust of people and of government but we trust our online banking and we trust our iphones. As can be seen in the comments on Renee’s post, among others,we are not deeply concerned with being hacked or stolen from. How is it that we can’t trust people but we can trust the machines and programs built by them to keep us safe?
Especially when it is so easy to hack into things. The kinect hack videos we see on youtube are harmless but if it’s that easy then what are people with malicious intent getting into?
There are companies out there that are working to make security better so that our confidence in wireless protection is well placed. And based on the cracking of the Stuxnet virus, large corporations are making good progress but it will be truly effective when average folk like us with nothing to hide can still have access to good security. In the mean time changing your passwords might be a good idea.
Tags: CIA, hacking, IPhone, iphone apps, kinect hack, Patriot Act, Stuxnet, Webcam
// Posted by Cameron on 03/18/2012 (8:42 PM)
I recently read an article from the Washington Post about the United States ramping up its efforts to create more cyberweapons. Not only does this give us an idea as to how the US values this type of… Read more
I recently read an article from the Washington Post about the United States ramping up its efforts to create more cyberweapons. Not only does this give us an idea as to how the US values this type of weapon and its efforts to grow this program, it also provides more insight into how long a weapon such as Stuxnet could take to develop.
The article mentioned that the government is working on how to attack computers that are not even connected to the Internet, which to me is difficult to imagine, but apparently quite possible.
Many military officials are not satisfied with the current status of cyberweaponry because of the lack of control and potential widespread effects, the current inability to wipe out an entire system instead of just disabling certain parts, and the potential for it to be altered and used to attack the United States.
Do you believe that cyberweaponry is something into which the US government should be investing? Or should we continue with more of the normal types of attacks, with physical weapons?
Tags: cyberweapon, Stuxnet, Washington Post
// Posted by Cameron on 03/12/2012 (8:58 PM)
After doing some research on Stuxnet, I have begun to wonder how secure we really are. Now, I’m not talking about physical security, like the possibility of a nuclear war or getting mugged on the street, I am talking about… Read more
After doing some research on Stuxnet, I have begun to wonder how secure we really are. Now, I’m not talking about physical security, like the possibility of a nuclear war or getting mugged on the street, I am talking about security on cyberspace, cybersecurity. If hackers can spread a virus that can wreak havoc on nuclear reactors, they can also hack into thousands upon thousands of websites and steal information. As our world continues to increase in the amount of and dependence on technology, the amount of information about ourselves that is entrusted to corporations through the Internet or is stored in the cloud, is also increasing. And it all makes me wonder, how secure am I?
A recent opinion piece on Wired states that with the exponential increase in cyber attacks within the past few years, something must change. These attacks have grown to being much larger than simply stealing a person’s credit card number, but stealing the information of thousands of customers or hacking the power grid may be more realistic threats, depending on whom you ask.
In this video, there are clips of President Obama saying that these threats are serious and possible, yet Jim Harper from the CATO Institute, states that these are not serious threats because they are not probable and even if they did occur, they would not last too long.
Which leads me to the question, do you feel safe? When I think about cybersecurity, I am not too worried about my information. I try to be responsible about choosing which sites I give my information to and ensuring that they are reputable and secure. Some websites have my credit card number so that I can check out quicker and not have to put it down each time (Amazon, Barnes & Noble, etc.), but am I naive to think that I am safe? Is there any way that we can truly be safe or are we all susceptible to an attack?
Categories: Assignments, Blog
Tags: Amazon, Barnes & Noble, CATO Institute, cybersecurity, Obama, Stuxnet, wired
// Posted by Abbey on 02/28/2012 (9:46 PM)
In a recent interview that CNet conducted with an (get this) anonymous member of the group Anonymous, dubbed “Anon,” the reasons behind their organization and movement was revealed: it is the “will of the people.” Elinor… Read more
In a recent interview that CNet conducted with an (get this) anonymous member of the group Anonymous, dubbed “Anon,” the reasons behind their organization and movement was revealed: it is the “will of the people.” Elinor Mills, the interviewer, was questioning Anon about their collaboration with WikiLeaks to publish emails from the company Stratfor, identified as a “global intelligence firm that seems to have paid informants to monitor, among other things, human rights and environmental activists on behalf of Dow Chemical after the Bhopal disaster, and that allegedly considered using the intelligence it gathers from insiders to grow a strategic investment fund.”
When asked why take they take the risk of going to jail to uncover types of information like the Stratfor scandal, Anon replied, “There is a moral obligation for those who see injustices being committed by individuals who are purely driven by greed.” This type of hacking is completely different, in my opinion, from the malware Stuxnet. This type of hacking is meant to shed light on information or a hole in security that Anonymous felt compelled to unveil, while Stuxnet’s function was to slowly destroy from within a nuclear program in Iran. Anonymous’s goal was to move forward, while Stuxnet’s was to make someone take a step back. The corruption that Anonymous sees in companies like Stratfor is why they hack into their systems; they believe they are not the security company they say they are, and in the United States working with them, it becomes an issue of national security. A correspondent from London discusses this issue on Russia Today in this video:
I think Anon is correct in the interview when he says, “I’d argue that the people are beginning to wake up and realize the strength of their unified peaceful protests, both behind a computer, in the streets, or personal protest. Whether it’s the Arab Spring, Wall Street or BART, there needs to be someone saying ‘this is not OK.’” I believe that is exactly what Anonymous is doing. While reading the interview and watching commentaries on the Stratfor WikiLeaks, I found myself debating the positives and negatives of the type of hacking that Anonymous engages in vs. the type Stuxnet was. I believe in the “will of the people” and standing up for a cause (in the form of hacking) if you believe it to be a potential threat to national security. However, I’m not sure I’m totally sold on the idea of malware introduced so silently and specifically targeted at setting back a nation. I think my hesitation might lie in the fact that I’m feeling like it is only a matter of time before the United States is a target of something like Stuxnet.
What do you think about the motivations of Anonymous? What about the differences between the types of hacking? Do you agree or disagree with either cause for any particular reason?
// Posted by Cameron on 02/28/2012 (3:26 PM)
Last week, we read a Wired article about Stuxnet and the havoc that it wreaked on Iran’s nuclear program. Although Stuxnet was found over a year ago and has since been removed from these computers, new information has come… Read more
Last week, we read a Wired article about Stuxnet and the havoc that it wreaked on Iran’s nuclear program. Although Stuxnet was found over a year ago and has since been removed from these computers, new information has come out about it within just the past couple weeks.
Here is a video demonstration on how Stuxnet works:
While many, including this article in Computerworld, called Stuxnet the best malware ever, new research has come out to say that this may not be the case for much longer. In a recent article in the Christian Science Monitor, recent research demonstrates that Stuxnet was just the beginning of a long line of malware that has specific targets and missions and can bypass all forms of detection. According to the article, there are going to be more examples of malware that have the possibility of being much more dangerous than Stuxnet was.
Just a couple of weeks ago, Fox News reported that Iran stated that 16,000 computers were attacked. Although it is unclear whether this was worldwide or just in Iran, either way, that is a large number of computers that were attacked and no one knew for a long time.
Don’t get me wrong, I think Stuxnet is awesome in the way that it is specifically targeted and can evade detection. It has been a break-through piece of malware that is incredible in its capabilities and ability to avoid detection and in the hands of people using it for good, it can be so beneficial. However, I can’t help but think what could happen if people start using this kind of attack for not-so-altruistic missions. A specific, pointed attack could be dangerous and cause serious harm to a number of vital industries in just the United States. An attack on the power grid, on air traffic controllers, or any number of other industries would not only be dangerous, but detrimental to our economy and our way of life. While I trust that these industries are protected as much as they can be (maybe I’m just being naive), I bet that the Iranians felt that their systems were secure. I believe it is the fact that I feel so defenseless against such an attack that makes me worried.
Are you worried about a possible attack on America? Do you think this is a possibility or am I just worried for nothing?
Tags: Christian Science Monitor, Computerworld, Fox News, Iran, malware, Stuxnet, wired
// Posted by Abbey on 02/25/2012 (2:18 PM)
After reading this article on wired.com about Stuxnet, the most sophisticated malware ever produced, I started to consider the ways in which this type of attack is novel and why it has gotten so much attention. First, the people… Read more
After reading this article on wired.com about Stuxnet, the most sophisticated malware ever produced, I started to consider the ways in which this type of attack is novel and why it has gotten so much attention. First, the people investigating Stuxnet were shocked at what exactly was being attacked. One of the researchers, Eric Chien, said, “We were expecting something to be espionage, we were expecting something to steal credit card numbers; that’s what we deal with every single day. But we weren’t expecting this.” The shock and awe had shifted from what was being attacked or stolen to how the attacks were being implemented. Below is a TedTalk by Ralph Langner, a German researcher who was heavily involved in decoding the virus of Stuxnet:
What shocks me the most is the process of discovering what exactly Stuxnet was setting out to do: a virus that had been specifically programmed to attack only certain computers in certain areas. The article from wired.com that details where Stuxnet was prevalent along with how it was choosing which computers to infect; essentially, it proves that specific, potentially extremely harmful attacks can be waged on just a simple USB stick. Still, however, the most shocking part about the article was the way in which Stuxnet accomplished its goal-- it was a slow, deliberate attack on certain physical components of Iran’s plant. Stuxnet was not only the most sophisticated malware yet (four zero-days? two stolen certificates??), but it was performing the most sophisticated cyber attack seen yet. It was introducing a hard-to-detect virus into certain computers, controlling certain functions, so certain physical components would malfunction over time. This clearly is much more than “stealing credit card numbers.” This malware had the ability to slow down the production of nuclear weapons. It slowed the nuclear arms race. All from a few lines of code.
This new form of attack has caused me to re-think not only the forms of cyber attacks, but also what exactly is becoming a target of attack. Are you shocked by what Stuxnet was attacking, as well as the impressive forms of attack it employed to get there? How do you feel this new form of attack fits in with the much-discussed globalization of technology? Do you think that putting a specific virus that is meant to attack a specific computer or set of computers has opened up a new form of warfare across the world?