Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Security

Regin Malware In EU Attack Linked To US and British Intelligence Agencies 131

Posted by samzenpus
from the guess-who dept.
Advocatus Diaboli writes The Regin malware, whose existence was first reported by the security firm Symantec on Sunday, is among the most sophisticated ever discovered by researchers. Symantec compared Regin to Stuxnet, a state-sponsored malware program developed by the U.S. and Israel to sabotage computers at an Iranian nuclear facility. Sources familiar with internal investigations at Belgacom and the European Union have confirmed to The Intercept that the Regin malware was found on their systems after they were compromised, linking the spy tool to the secret GCHQ and NSA operations.
Security

Highly Advanced Backdoor Trojan Cased High-Profile Targets For Years 143

Posted by samzenpus
from the protect-ya-neck dept.
An anonymous reader points out this story at Ars about a new trojan on the scene. Researchers have unearthed highly advanced malware they believe was developed by a wealthy nation-state to spy on a wide range of international targets in diverse industries, including hospitality, energy, airline, and research. Backdoor Regin, as researchers at security firm Symantec are referring to the trojan, bears some resemblance to previously discovered state-sponsored malware, including the espionage trojans known as Flame and Duqu, as well as Stuxnet, the computer worm and trojan that was programmed to disrupt Iran's nuclear program. Regin likely required months or years to be completed and contains dozens of individual modules that allowed its operators to tailor the malware to individual targets.
Security

First Victims of the Stuxnet Worm Revealed 39

Posted by Soulskill
from the patient-zero dept.
An anonymous reader writes: Analyzing more than 2,000 Stuxnet files collected over a two-year period, Kaspersky Lab can identify the first victims of the Stuxnet worm. Initially security researchers had no doubt that the whole attack had a targeted nature. The code of the Stuxnet worm looked professional and exclusive; there was evidence that extremely expensive zero-day vulnerabilities were used. However, it wasn't yet known what kind of organizations were attacked first and how the malware ultimately made it right through to the uranium enrichment centrifuges in the particular top secret facilities. Kaspersky Lab analysis sheds light on these questions.
Books

Book Review: Countdown To Zero Day 58

Posted by samzenpus
from the read-all-about-it dept.
benrothke writes A word to describe the book Takedown: The Pursuit and Capture of Americas Most Wanted Computer Outlaw was hyperbole. While the general storyline from the 1996 book was accurate, filler was written that created the legend of Kevin Mitnick. This in turn makes the book a near work of historical fiction. Much has changed in nearly 20 years and Countdown to Zero Day: Stuxnet and the Launch of the Worlds First Digital Weapon has certainly upped the ante for accurate computer security journalism. The book is a fascinating read and author Kim Zetters attention to detail and accuracy is superb. In the inside cover of the book, Kevin Mitnick describes this as an ambitious, comprehensive and engrossing book. The irony is not lost in that Mitnick was dogged by misrepresentations in Markoff's book. Keep reading for the rest of Ben's review.
Security

"BadUSB" Exploit Makes Devices Turn "Evil" 205

Posted by timothy
from the thinkgeek-had-something-funnier-years-ago dept.
An anonymous reader writes with a snippet from Ars Technica that should make you (even more) skeptical about plugging in random USB drives, or allowing persons unknown physical access to your computer's USB ports: When creators of the state-sponsored Stuxnet worm used a USB stick to infect air-gapped computers inside Iran's heavily fortified Natanz nuclear facility, trust in the ubiquitous storage medium suffered a devastating blow. Now, white-hat hackers have devised a feat even more seminal—an exploit that transforms keyboards, Web cams, and other types of USB-connected devices into highly programmable attack platforms that can't be detected by today's defenses. Dubbed BadUSB, the hack reprograms embedded firmware to give USB devices new, covert capabilities. In a demonstration scheduled at next week's Black Hat security conference in Las Vegas, a USB drive, for instance, will take on the ability to act as a keyboard that surreptitiously types malicious commands into attached computers. A different drive will similarly be reprogrammed to act as a network card that causes connected computers to connect to malicious sites impersonating Google, Facebook or other trusted destinations. The presenters will demonstrate similar hacks that work against Android phones when attached to targeted computers. They say their technique will work on Web cams, keyboards, and most other types of USB-enabled devices.
Security

Western Energy Companies Under Sabotage Threat 86

Posted by timothy
from the shame-if-anything-was-t'-happen dept.
An anonymous reader writes In a post published Monday, Symantec writes that western countries including the U.S., Spain, France, Italy, Germany, Turkey, and Poland are currently the victims of an ongoing cyberespionage campaign. The group behind the operation, called Dragonfly by Symantec, originally targeted aviation and defense companies as early as 2011, but in early 2013, they shifted their focus to energy firms. They use a variety of malware tools, including remote access trojans (RATs) and operate during Eastern European business hours. Symantec compares them to Stuxnet except that "Dragonfly appears to have a much broader focus with espionage and persistent access as its current objective with sabotage as an optional capability if required."
Security

Is Analog the Fix For Cyber Terrorism? 245

Posted by Unknown Lamer
from the security-through-obsolescence dept.
chicksdaddy writes "The Security Ledger has picked up on an opinion piece by noted cyber terrorism and Stuxnet expert Ralph Langner (@langnergroup) who argues in a blog post that critical infrastructure owners should consider implementing what he calls 'analog hard stops' to cyber attacks. Langner cautions against the wholesale embrace of digital systems by stating the obvious: that 'every digital system has a vulnerability,' and that it's nearly impossible to rule out the possibility that potentially harmful vulnerabilities won't be discovered during the design and testing phase of a digital ICS product. ... For example, many nuclear power plants still rely on what is considered 'outdated' analog reactor protection systems. While that is a concern (maintaining those systems and finding engineers to operate them is increasingly difficult), the analog protection systems have one big advantage over their digital successors: they are immune against cyber attacks.

Rather than bowing to the inevitability of the digital revolution, the U.S. Government (and others) could offer support for (or at least openness to) analog components as a backstop to advanced cyber attacks could create the financial incentive for aging systems to be maintained and the engineering talent to run them to be nurtured, Langner suggests."
Or maybe you could isolate control systems from the Internet.
The Military

S. Korea's Cyberwar Against N. Korea's Nukes 57

Posted by Soulskill
from the updating-antivirus-for-peace dept.
An anonymous reader writes "Yonhap News Agency reports that South Korea has announced it is developing offensive cyber-capabilities to target North Korea's nuclear facilities. Yonhap speculates the tools will be similar to the Stuxnet computer virus the U.S. used against Iran's uranium enrichment program. A report in The Diplomat questions this assertion, noting that a Stuxnet-like virus would only temporarily disrupt Pyongyang's ability to build more nuclear weapons, while doing nothing to address its existing ones. Instead, The Diplomat suggests Seoul is interested in developing cyber-capabilities that temporarily disable North Korea's ability to launch nuclear missiles, which would be complement Seoul's efforts to develop precision-guided missiles to preemptively destroy Pyongyang's nuclear and missile facilities."
Privacy

3 Reasons To Hate Mass Surveillance; 3 Ways To Fight It 120

Posted by timothy
from the not-an-exhaustive-list dept.
This site's "Your Rights Online" section, sadly, has never suffered for material. The revelations we've seen over the last year-and-change, though, of widespread spying on U.S. citizens, government spying in the E.U. on international conferences, the UK's use of malware against citizens, and the use of modern technology to oppress government protesters in the middle east and elsewhere shows how persistent it is. It's been a banner year on that front, and the banner says "You are being spied on, online and off." A broad coalition of organizations is calling today "The Day We Fight Back" against the growing culture of heads-they-win, tails-you-lose surveillance, but all involved know this is not a one-day struggle. (Read more, below.)
Security

In an Age of Cyber War, Where Are the Cyber Weapons? 94

Posted by Soulskill
from the left-them-in-my-other-cyber-pants dept.
chicksdaddy writes "MIT Tech Review has an interesting piece that asks an obvious, but intriguing question: if we're living in an age of cyber warfare, where are all the cyber weapons? Like the dawn of the nuclear age that started with the bombs over Hiroshima and Nagasaki, the use of the Stuxnet worm reportedly launched a global cyber arms race involving everyone from Syria to Iran and North Korea. But almost four years after it was first publicly identified, Stuxnet is an anomaly: the first and only cyber weapon known to have been deployed. Experts in securing critical infrastructure including industrial control systems are wondering why. If Stuxnet was the world's cyber 'Little Boy,' where is the 'Fat Man'? Speaking at the recent S4 Conference, Ralph Langner, perhaps the world's top authority on the Stuxnet worm, argues that the mere hacking of critical systems is just a kind of 'hooliganism' that doesn't count as cyber warfare. True cyber weapons capable of inflicting cyber-physical damage require extraordinary expertise. Stuxnet, he notes, made headlines for using four exploits for "zero day" (or previously undiscovered) holes in the Windows operating system. Far more impressive was the metallurgic expertise needed to understand the construction of Iran's centrifuges. Those who created and programmed Stuxnet needed to know the exact amount of pressure or torque needed to damage aluminum rotors within them, sabotaging the country's uranium enrichment operation."
Security

Researcher Offers New Perspective On Stuxnet-Wielding Sabotage Program 46

Posted by timothy
from the back-then-we-tied-an-onion-to-our-belts dept.
An anonymous reader writes with this excerpt from Help Net Security: "Stuxnet, the malware that rocket the security world and the first recorded cyber weapon, has an older and more complex 'sibling' that was also aimed at disrupting the functioning of Iran's uranium enrichment facility at Natanz, but whose modus operandi was different. The claim was made by well-known German control system security expert and consultant Ralph Langner, who has been analyzing Stuxnet since the moment its existence was first discovered. He pointed out that in order to known how to secure industrial control systems, we need to know what actually happened, and in order to do that, we need to understand all the layers of the attack (IT, ICS, and physical), and be acquainted with the actual situation of all these layers as they were at the time of the attack."
Security

Stuxnet Expert Dismisses NIST Cyber Security Framework, Proposes Alternative 32

Posted by timothy
from the he-did-it-his-way dept.
An anonymous reader writes "Ralph Langner, the security expert who deciphered how Stuxnet targeted the Siemens PLCs in Iran's Natanz nuclear facility, has come up with a cybersecurity framework for industrial control systems (ICS) that he says is a better fit than the U.S. government's Cyber Security Framework. Langner's Robust ICS Planning and Evaluation, or RIPE, framework takes a different approach to locking down ICS/SCADA plants than the NIST-led one, focusing on security capabilities rather than risk. He hopes it will help influence the final version of the U.S. government's framework."
Security

Business Is Booming In the 'Zero-Day' Game 97

Posted by timothy
from the pat-I'd-like-to-buy-an-exploit dept.
HonorPoncaCityDotCom writes "Nicole Perlroth and David E. Sanger write in the NY Times that all over the world, from South Africa to South Korea, business is booming in zero days. The average attack persists for almost a year before it is detected, according to Symantec, the maker of antivirus software. Until then it can be exploited or 'weaponized' by both criminals and governments to spy on, steal from, or attack their targets. Ten years ago, hackers would hand knowledge of such flaws to Microsoft and Google free in exchange for a T-shirt, but increasingly the market for 0-day exploits has begun to migrate into the commercial space (PDF) as the market for information about computer vulnerabilities has turned into a gold rush. Companies like Vupen charge customers an annual $100,000 subscription fee to shop through its catalog, and then charges per sale to countries who want to use the flaws in pursuit of the kind of success that the United States and Israel achieved three summers ago when they attacked Iran's nuclear enrichment program with a computer worm that became known as 'Stuxnet.' Israel, Britain, Russia, India and Brazil are some of the biggest spenders but North Korea is also in the market, as are some Middle Eastern intelligence services."
United States

Snowden Claims That NSA Collaborated With Israel To Write Stuxnet Virus 491

Posted by samzenpus
from the in-today's-leaked-news dept.
andrewa writes "In an interview with Der Spiegel Snowden claims that the NSA, amongst other things, collaborated with Israel to write the Stuxnet virus. Not that this is news, as it has been suspected that it was a collaborative effort for some time. When asked about active major programs and how international partners help, Snowden says: 'The partners in the "Five Eyes" (behind which are hidden the secret services of the Americans, the British, the Australians, New Zealanders and Canadians -- ed.) sometimes go even further than the NSA people themselves. Take the Tempora program of the British intelligence GCHQ for instance. Tempora is the first "I save everything" approach ("Full take") in the intelligence world. It sucks in all data, no matter what it is, and which rights are violated by it. This buffered storage allows for subsequent monitoring; not a single bit escapes. Right now, the system is capable of saving three days’ worth of traffic, but that will be optimized. Three days may perhaps not sound like a lot, but it's not just about connection metadata. "Full take" means that the system saves everything. If you send a data packet and if makes its way through the UK, we will get it. If you download anything, and the server is in the UK, then we get it. And if the data about your sick daughter is processed through a London call center, then ... Oh, I think you have understood.'"
Power

Congressional Report: US Power Grid Highly Vulnerable To Cyberattack 124

Posted by Soulskill
from the industry-strangely-averse-to-voluntary-protections dept.
An anonymous reader writes "Despite warnings that a cyberattack could cripple the nation's power supply, a U.S. Congressional report (PDF) finds that power companies' efforts to protect the power grid are insufficient. Attacks are apparently commonplace, with one utility claiming they fight off some 10,000 attempted attacks every month. The report also found that while most power companies are complying with mandatory standards for protection, few do much else above and beyond that to protect the grid. 'For example, NERC has established both mandatory standards and voluntary measures to protect against the computer worm known as Stuxnet. Of those that responded, 91% of IOUs [Investor-Owned Utilities], 83% of municipally- or cooperatively-owned utilities, and 80% of federal entities that own major pieces of the bulk power system reported compliance with the Stuxnet mandatory standards. By contrast, of those that responded to a separate question regarding compliance with voluntary Stuxnet measures, only 21% of IOUs, 44% of municipally- or cooperatively-owned utilities, and 62.5% of federal entities reported compliance.'"
Security

Stuxnet's Earliest Known Version Discovered and Analyzed 77

Posted by Unknown Lamer
from the no-u235-for-you dept.
An anonymous reader writes "Symantec researchers have discovered an older version of the infamous Stuxnet worm that caused the disruption at Iran's nuclear facility in Natanz: Stuxnet 0.5. According to a whitepaper released by the researchers at RSA Conference 2013, Stuxnet 0.5 has first been detected in the wild in 2007 when someone submitted it to the VirusTotal malware scanning service, but has been in development as early as November 2005. Unlike Stuxnet versions 1.x that disrupted the functioning of the uranium enrichment plant by making centrifuges spin too fast or too slow, this one was meant to do so by closing valves."
Government

Officials Warn: Cyber War On the US Has Begun 292

Posted by samzenpus
from the get-to-the-choppa! dept.
snydeq writes "Security pros and government officials warn of a possible cyber 9/11 involving banks, utilities, other companies, or the Internet, InfoWorld reports. 'A cyber war has been brewing for at least the past year, and although you might view this battle as governments going head to head in a shadow fight, security experts say the battleground is shifting from government entities to the private sector, to civilian targets that provide many essential services to U.S. citizens. The cyber war has seen various attacks around the world, with incidents such as Stuxnet, Flame, and Red October garnering attention. Some attacks have been against government systems, but increasingly likely to attack civilian entities. U.S. banks and utilities have already been hit.'"
Government

The One Sided Cyber War 215

Posted by Unknown Lamer
from the great-firewall-of-america dept.
Curseyoukhan writes with a skeptical perspective on the U.S. Cyberwar posturing. From the article: "The first shot was probably the release of Stuxnet sometime during or before 2009. Even though no one has officially claimed responsibility everyone knows who was behind it. Stuxnet hit with a bang and did a whole lot of damage to Iran's uranium-enrichment capabilities. We followed up Stuxnet with Flame — the Ebola virus of spyware. What did the Iranians fire back with? A series of massive, on-going and ineffective DDoS attacks on American banks. This is a disproportionate response but not in the way military experts usually mean that phrase. It's the equivalent of someone stealing your car and you throwing an ever-increasing number of eggs at his house in response. It's fascinating that Iran continues to do nothing more despite the fact that U.S. critical infrastructure currently has the defensive posture of a dog waiting for a belly rub. Keep that in mind the next time you hear that a 'cyber Pearl Harbor' is imminent."
Security

Kaspersky Says Cyber Weapons "Cleaner" Than Traditional Weapons But "Much Worse" 89

Posted by samzenpus
from the give-me-email-or-give-me-death dept.
DavidGilbert99 writes "Eugene Kaspersky and Mikko Hypponen have been watching the cyber security world every since happy hackers were writing viruses for nothing more than their own entertainment. Today however things are very much different. At the DLD 2013 conference, the pair debated the current state of cyber warfare and cyber weapons. Kaspersky said that while cyber weapons may be much 'cleaner' than traditional missiles, guns and bombs, they are 'much worse' as they can be used by just about anyone who has some level of computer proficiency. Both agreed that it was very difficult to protect against the highly-complex nation-state developed malware like Stuxnet, Flame and Gauss. Hypponen said that we are in the 'first stages of a cyber-arms race' warning: 'I think we've only seen the very beginning of these problems.'"
Security

Iran Claims New Cyberattacks On Industrial Sites 75

Posted by Soulskill
from the christmas-gift-from-the-nsa dept.
wiredmikey writes "Iranian officials on Tuesday said a 'Stuxnet-like' cyberattack hit some industrial units in a southern province. 'A virus had penetrated some manufacturing industries in Hormuzgan province, but its progress was halted,' Ali Akbar Akhavan said, quoted by the ISNA news agency. Akhavan said the malware was 'Stuxnet-like' but did not elaborate, and that the attack had occurred over the 'past few months.' One of the targets of the latest attack was the Bandar Abbas Tavanir Co, which oversees electricity production and distribution in Hormuzgan and adjacent provinces. He also accused 'enemies' of constantly seeking to disrupt operations at Iran's industrial units through cyberattacks, without specifying how much damage had been caused. Iran has blamed the U.S. and Israel for cyberattacks in the past. In April, it said a voracious malware attack had hit computers running key parts of its oil sector and succeeded in wiping data off official servers."

"Is it really you, Fuzz, or is it Memorex, or is it radiation sickness?" -- Sonic Disruptors comics

Working...