The Cellar  

Go Back   The Cellar > Main > Technology

Technology Computing, programming, science, electronics, telecommunications, etc.

Reply
 
Thread Tools Display Modes
Old 10-05-2010, 02:03 PM   #31
Happy Monkey
I think this line's mostly filler.
 
Join Date: Jan 2003
Location: DC
Posts: 13,575
Quote:
Originally Posted by classicman View Post
I thought they weren't connected to the internet. Wasn't that part of the issue? How are these USB's getting there.
It spreads to computers that are on the internet, in hopes of getting on CDs or USB drives that are transferred to the ones that aren't. Even computers that aren't on the internet generally need information transferred to or from them at some point, and there's always the vulnerability of some employee wanting to listen to their MP3s. Users are always the biggest potential vulnerability.
__________________
_________________
|...............| We live in the nick of times.
| Len 17, Wid 3 |
|_______________| [pics]
Happy Monkey is offline   Reply With Quote
Old 10-05-2010, 02:08 PM   #32
classicman
barely disguised asshole, keeper of all that is holy.
 
Join Date: Nov 2007
Posts: 23,401
Gotcha. thanks.
__________________
"like strapping a pillow on a bull in a china shop" Bullitt
classicman is offline   Reply With Quote
Old 10-05-2010, 03:54 PM   #33
tw
Read? I only know how to write.
 
Join Date: Jan 2001
Posts: 11,933
Quote:
Originally Posted by Happy Monkey View Post
It spreads to computers that are on the internet, in hopes of getting on CDs or USB drives that are transferred to the ones that aren't. Even computers that aren't on the internet generally need information transferred to or from them at some point, and there's always the vulnerability of some employee wanting to listen to their MP3s.
That was the point of independent analysis. This code was designed to be spread even without network connections. Sneakernet is one potential path. Some of the likely suspects include Russian salesmen. Flash drives are only one infection path.

But again, see that ethernet card, a 'USB to ethernet', or even a keyboard. All could be 'carriers' of malware. According to analysis, this malware could be undetected until it suddenly infects a machine. And then morphs into something different so as to be undetectable again. One reason why analysts suggest this was done by more than just hackers.

These Siemens controllers are routinely sold in third party markets. Iran would be purchasing many. More places where hackers could infect machines before hardware was delivered to Iran. We do not even know what hardware is infecting controllers. Most of what is published is only informed speculation. We do not even know if the malware purpose is reconnaissance or hardware destruction due to (according to independent analysts) malware complexity.

Remember, other nations are at greater risk and more concerned about Iran's nuclear program - including Russia.
tw is offline   Reply With Quote
Old 10-05-2010, 11:41 PM   #34
xoxoxoBruce
The future is unwritten
 
Join Date: Oct 2002
Posts: 71,105
Agreed, much of what we know, is from articles that are mostly speculation.
__________________
The descent of man ~ Nixon, Friedman, Reagan, Trump.
xoxoxoBruce is offline   Reply With Quote
Old 10-11-2010, 01:28 PM   #35
classicman
barely disguised asshole, keeper of all that is holy.
 
Join Date: Nov 2007
Posts: 23,401
Iran may have executed nuclear staffers over Stuxnet
Quote:
Intelligence sources report information reaching the West in the past week that Iran has put to death a number of atomic scientists and technicians suspected of helping plant the Stuxnet virus in its nuclear program. The admission by Ali Akbar Salehi, head of the Atomic Energy Organization, on Friday, Oct. 8 - the frankest yet by any Iranian official - that Western espionage had successfully penetrated its nuclear program is seen as bearing out those reports.

The Atomic Energy Organization has published booklets which Salehi said will "alert personnel to Western techniques for luring them into espionage." They "spell out precautionary measures to protect information and the life of scientists," he said.

This phrase was taken by the personnel receiving the booklet as a death threat for any who defy its directives.
From here

Dunno how valid this is, but it does offer another aspect to this.
__________________
"like strapping a pillow on a bull in a china shop" Bullitt
classicman is offline   Reply With Quote
Old 11-16-2010, 03:11 PM   #36
Happy Monkey
I think this line's mostly filler.
 
Join Date: Jan 2003
Location: DC
Posts: 13,575
Some interesting updates.

Apparently it was targetted at facilities with over a certain number of components manufactured by particular vendors, and set to particular configurations. Very targetted.
__________________
_________________
|...............| We live in the nick of times.
| Len 17, Wid 3 |
|_______________| [pics]
Happy Monkey is offline   Reply With Quote
Old 01-16-2011, 09:46 AM   #37
TheMercenary
“Hypocrisy: prejudice with a halo”
 
Join Date: Mar 2007
Location: Savannah, Georgia
Posts: 21,393
Another update....

Very interesting. So now it is pretty obvious where it came from.

http://www.nytimes.com/2011/01/16/wo...16stuxnet.html
__________________
Anyone but the this most fuked up President in History in 2012!
TheMercenary is offline   Reply With Quote
Old 01-16-2011, 10:43 AM   #38
xoxoxoBruce
The future is unwritten
 
Join Date: Oct 2002
Posts: 71,105
That's an interesting scenario, no proof, but a lot of circumstantial evidence.
__________________
The descent of man ~ Nixon, Friedman, Reagan, Trump.
xoxoxoBruce is offline   Reply With Quote
Old 01-16-2011, 01:11 PM   #39
TheMercenary
“Hypocrisy: prejudice with a halo”
 
Join Date: Mar 2007
Location: Savannah, Georgia
Posts: 21,393
A number of "un-named sources" most likely contributed to the article. I hope they stick it to the Iranians. And how about those targeted killings of the engineers, makes you wonder.
__________________
Anyone but the this most fuked up President in History in 2012!
TheMercenary is offline   Reply With Quote
Old 01-16-2011, 01:13 PM   #40
xoxoxoBruce
The future is unwritten
 
Join Date: Oct 2002
Posts: 71,105
Mossad.
__________________
The descent of man ~ Nixon, Friedman, Reagan, Trump.
xoxoxoBruce is offline   Reply With Quote
Old 01-16-2011, 02:42 PM   #41
TheMercenary
“Hypocrisy: prejudice with a halo”
 
Join Date: Mar 2007
Location: Savannah, Georgia
Posts: 21,393
My guess as well, if not them, their agents. More power to them. I hope we are giving them lots of intel support.
__________________
Anyone but the this most fuked up President in History in 2012!
TheMercenary is offline   Reply With Quote
Old 05-28-2012, 10:29 AM   #42
Lamplighter
Person who doesn't update the user title
 
Join Date: Jun 2010
Location: Bottom lands of the Missoula floods
Posts: 6,402
SlashGear
Chris Davies
May 28th 2012

Flame cyber-espionage discovered in vast infection net
Quote:
A new and fast spreading malware tipped to already dwarf the notorious Stuxnet has been identified,
codenamed Flame and believed to be state-run cyberespionage affecting PCs in Iran and nearby countries.

Spotted by Kaspersky Lab, “Worm.Win32.Flame” blends features from backdoor, trojan and worm malware,
and once surreptitiously loaded onto a target machine can monitor network traffic, local use,
grab screenshots and record audio, sending all that data back to its home servers.
Believed to be active from at least March 2010, Flame is tipped to be 20x more prevalent than Stuxnet.

Iran is the most common place Kaspersky have discovered Flame,
but it’s also been discovered in Israel, Palestine, the Sudan, Syria, Lebanon, Saudi Arabia and Egypt;
there are “probably thousands of victims worldwide” the researchers estimate.
Interestingly, there’s a broad spread of targeted computers, across academia,
private companies, specific individuals and others; the operators appear to be cleaning up after themselves, too,
only leaving Flame active on the most interesting machines, and deleting it from those with little worth.
<snip>

What has researchers particularly concerned is the scale of Flame’s monitoring abilities.
Rather than merely recording VoIP calls, the malware can turn on the PC’s microphone and
surreptitiously begin its own recordings, for instance, while screenshots are taken
when “interesting” apps, such as instant messaging clients, are on-screen.
Meanwhile, if the computer has Bluetooth, it can scan for nearby devices and
then use the short-range wireless technology to create secret peer-to-peer connections
while embedding details on Flame’s status in the “discoverable device” information.
<snip>
Lamplighter is offline   Reply With Quote
Old 05-31-2012, 09:29 AM   #43
Lamplighter
Person who doesn't update the user title
 
Join Date: Jun 2010
Location: Bottom lands of the Missoula floods
Posts: 6,402
NY Times
By NICOLE PERLROTH
Published: May 30, 2012

Researchers Find Clues in Malware

Quote:
SAN FRANCISCO — Security experts have only begun examining the thousands of lines of code that make up Flame, an extensive, data-mining computer virus that has been designed to steal information from computers across the Middle East, but already digital clues point to its creators and capabilities.
<snip>

Flame, these researchers say, shares several notable features with two other major programs that targeted Iran in recent years. The first virus, Duqu, was a reconnaissance tool that researchers say was used to copy blueprints of Iran’s nuclear program. The second, Stuxnet, was designed to attack industrial control systems and specifically calibrated to spin Iranian centrifuges out of control.

Because Stuxnet and Duqu were written on the same platform and share many of the same fingerprints in their source code, researchers believe both were developed by the same group of programmers. Those developers have never been identified, but researchers have cited intriguing bits of digital evidence that point to a joint American-Israeli effort to undermine Iran’s efforts to build a nuclear bomb.

For example, researchers at Kaspersky Lab tracked the working hours of Duqu’s operators and found they coincided with Jerusalem local time. They also noted that Duqu’s programmers were not active between sundown on Fridays and sundown on Saturdays, a time that coincides with the Sabbath when observant Jews typically refrain from secular work.<snip>

Unlike Duqu and Stuxnet, security researchers say, Flame is remarkable in that it has been able to evade discovery for five years — which was impressive given its size. Most malware is a couple hundred kilobytes in size. Flame is 20 megabytes. “It was hiding in plain sight,” said Mr. Schouwenberg. “It was designed in such a way that it was nearly impossible to track down.”
Researchers noted that Flame spreads through more conservative means. Researchers say that while Stuxnet had the ability to replicate autonomously, Flame can spread from machine to machine only when prompted by the attacker.
Lamplighter is offline   Reply With Quote
Old 05-31-2012, 02:55 PM   #44
Cyber Wolf
As stable as a ring of PU-239
 
Join Date: Jun 2004
Location: On a huge rock covered in water, highly advanced moss and 7 billion parasites
Posts: 1,264
As much a pain as it can be, it's stuff like this that makes me glad I routinely unplug my webcam, mic and headset when I'm not actively using them.

Not that my computer has anything of interest on it... and anyone spying on me would get mostly me singing and good shots of my more lived-in T-shirts...
__________________
"I don't see what's so triffic about creating people as people and then getting' upset 'cos they act like people." ~Adam Young, Good Omens

"I don't see why it matters what is written. Not when it's about people. It can always be crossed out." ~Adam Young, Good Omens
Cyber Wolf is offline   Reply With Quote
Old 08-10-2012, 10:37 AM   #45
Lamplighter
Person who doesn't update the user title
 
Join Date: Jun 2010
Location: Bottom lands of the Missoula floods
Posts: 6,402
And the beat goes on....

NY Times
NICOLE PERLROTH
8/19/12

Virus Seeking Bank Data Is Tied to Attack on Iran
Quote:
A security firm said Thursday that it had discovered what it believed
was the fourth state-sponsored computer virus to surface in the Middle East
in the last three years, apparently aimed at computers in Lebanon.

The firm, Kaspersky Lab, said that the virus appeared to have been written
by the same programmers who created Flame, the data-mining computer virus
that was found to be spying on computers in Iran in May,
and that it might be linked to Stuxnet, the virus that disrupted
uranium enrichment work in Iran in 2010.

The latest virus, nicknamed Gauss after a name found in its code,
has been detected on 2,500 computers, most in Lebanon, the firm said.
Its purpose appeared to be to acquire logins for e-mail and instant messaging accounts,
social networks and, notably, accounts at certain banks — a function more typically found
in malicious programs used by profit-seeking cybercriminals.
<snip>

Kaspersky researchers said Gauss contained a “warhead” that seeks
a very specific computer system with no Internet connection and installs itself only if it finds one.
“It’s done in such a clever way that security researchers cannot analyze it,
because they don’t know the decryption key that unlocks the true purpose of that program,”
Mr. Raiu said.
Lamplighter is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

All times are GMT -5. The time now is 01:57 AM.


Powered by: vBulletin Version 3.8.1
Copyright ©2000 - 2022, Jelsoft Enterprises Ltd.