 |
| Stuxnet on TV |
Sergey Ulasen is the head of the "Anti-Virus Kernel " VirusBlokAda of a small computer company specializing in information security in Belarus. On June 17 Ulasen was at work in his office in Minsk when he received a strange email from a customer in Iran: il suo computer continuava a riavviarsi e non c’era verso di fermarlo . L’esperto di sicurezza si mise al lavoro e insieme a un collega identificò un virus informatico, ancora sconosciuto, che aveva infettato la copia di Windows del cliente iraniano. La storia la racconta Michael Joseph Gross in un lungo articolo su Vanity Fair dove si ipotizza che il virus fosse alla base di un atto di guerra vero e proprio, seppur virtuale, contro il programma nucleare di Teheran.
Il virus impostore
Il virus sfruttava una falla “zero day”, come dicono gli esperti di informatica: una Microsoft operating system vulnerabilities not yet known. The discovery of such a malfunction, which potentially puts at risk the safety of millions of computers, is approached with great care by the companies that produce anti-virus and Microsoft itself, which always tries to run for cover as quickly as possible.
The virus was discovered by Ulasen particular used as a way to spread previously unknown . Put a USB stick containing the virus in a laptop and smuggled the virus enters into, loading two files: a rootkit dropper (which allows the virus to do what he wants on the computer, as explained by a hacker, "" Root " means that you are God ") and a system to spread the malicious code so as to be encrypted, for Ulasen, indecipherable.
well thought out, the virus had managed to hide the customer's computer using a digital signature of Ulasen reliable, making it difficult to find. Put simply: Each program uses a digital signature, a sign of recognition, to prove his reliability to the operating system. Sometimes those who program viruses use fake signatures to fool security systems, but for the first time a malicious program used an authentic digital signature obtained in some way from Realtek, one of the largest manufacturers of computer components.
Having no idea of \u200b\u200bthe purpose of the virus, Ulasen July 5 to send the report to a friend in Germany , who gave him a coat to prepare a quick guide to send to the Microsoft Security Response Center. The next day the company confirmed it had received the alert and to be working to resolve this problem, so July 12 Ulasen decided to share his discovery on a forum of security experts. In a couple of days, a German computer was able to discover that the ultimate goal of the virus were the programmable logic controllers (PLCs), computers used in industry to manage processes in industrial plants, both in production and control.
On July 15th Microsoft released a first set of solutions to solve the problem on Windows and make harmless the action of the virus. At the time of publication of the solution, but the virus had already infected at least 15 thousand computers with significant peaks in Asia, especially India and Indonesia, and especially abnormal volumes in Iran. The malicious program was named for convenience "Stuxnet", an anagram of some letters in its code.
The problem was not, however, completely resolved. The day before Microsoft releases its recommendations, the authors of the virus changed the digital signature of Realtek, now discovered, with a new certificate always true of another company. This gave the system a week longer to spread, before the new sign was stolen identified and withdrawn from circulation. The developers of the virus did not react this time, avoiding a third time to update their malicious program, which allows Microsoft and other companies that deal with computer security to stem the spread of the virus.
Arriva Kaspersky
Microsoft had come to resolve this issue even with the help of Kaspersky Lab, a company russa specializzata nella produzione di antivirus fondata da Eugene Kaspersky nel 1997. Nato nel 1965 a Novorossijsk, il principale porto russo sul Mar Nero, Kaspersky si è laureato in Crittografia, Telecomunicazioni e Scienze Informatiche a Mosca, in un istituto sostenuto dal ministero della Difesa e dal KGB nel 1987. È appassionato di automobili, guida una Ferrari e sponsorizza un team di Formula 1, ed è un fan dell’attore Jackie Chan, tanto da averlo scelto come testimonial della propria società.
Insieme ai propri colleghi, Kaspersky rimase sorpreso dalle informazioni fornite da Microsoft su Stuxnet. Il virus non era come tutti gli altri e apriva un nuovo capitolo nella lotta contro i programmi malevolent, a chapter very profitable for companies such as Kaspersky working to combat the virus, if necessary in an instrumental way to make money on the concerns of those who use computers and the fear of losing valuable data and information.
aided by Symantec, the largest security company in the world (that of Norton Antivirus) and Kaspersky Microsoft discovered that in order to function Stuxnet not only exploited a flaw "zero day", but even four . Something unprecedented, a virus that makes Stuxnet unique.
As they began to accumulate the "zero day" Kaspersky says, was born on suspicion that behind Stuxnet there could be the work of a government, they find all these flaws without access to Windows source code would be so difficult and challenging time for a single person. Kaspersky then lowers his voice, smiles and says, "We're coming to a seriously dangerous. The next step, if we speak in these terms if we are discussing in this way, the next step would be to think that there has been a call from Washington in Seattle [where are the offices of Microsoft, ed] to have a hand in tinkering with the source code. "
Stuxnet The story was very interesting, but the lack of clear objective of this virus apparently born to sabotage some industrial machines made the story journalistically little expendable. In mid-July one of Kaspersky tried to convince a reporter for the New York Times to write, but without success, despite the insistence and reporting that such a virus would take at least six months of work to be developed and that it was spread in three waves starting in the early months of 2010.
 |
| Iran. Natanz uranium enrichment complex |
A cosa mirava Stuxnet
A metà settembre, quando il problema di Stuxnet sembrava essere superato, la segnalazione di un impresario di Amburgo riportò l’attenzione degli esperti sul virus. Ralph Langner, il proprietario di una società che produce sistemi di sicurezza per i PLC che usano i programmi della Siemens, aveva studiato per settimane il virus arrivando a una conclusione: era stato programmato per sabotare il programma nucleare iraniano.
Da tempo le autorità iraniane vengono accusate di essere al lavoro per costruire armi nucleari e nel 2003 l’Iran non ha fornito informazioni precise all’Agenzia Internazionale Atomic Energy Agency, the UN organization that promotes the peaceful use of nuclear-related technologies. The limited information on actual programs Iranians disturbing much of the West, especially Israel, are often subjected to threats by the government in Tehran. According to Langner and other computer experts, Stuxnet sought to sabotage the plans of Iran.
Stuxnet When it infects a computer, try to be propagated to all devices connected to the network of the same computer trying to find out if any of these are using the Siemens software. If the answer is no, Stuxnet become a function entirely useless and inert in the network. If the answer is yes, the virus will try to determine whether or not the given device is connected to a PC or wait it will be. Then analyzes the PLC and equipment which is connected to the search for a particular machine. If found, verify that is working under certain conditions. And if so, Stuxnet introduces new portions of code to change the way the machinery works.
Similar schemes to sabotage the operation of industrial devices were previously used in the past, but never remotely as in the case of Stuxnet says Langner, who towards the end of September last year he got a bit 'of vision When its discovery was reported Gadgetwise from one of the most popular tech blog of The New York Times. According to Langner, the virus was spread to hit Iran's Bushehr plant, which in fact was stopped for almost a month after some technical problems during the summer.
In the months following the publication of news on the website of the New York Times, an analyst at Symantec continued to work on Stuxnet to identify which is the target of the virus. With the help of a Dutch expert, it turned out that the virus had been created in order to sabotage a special type of equipment: centrifuges used in enriching uranium for nuclear power plants. Stuxnet was programmato per identificare un particolare tipo di centrifuga creato da una società iraniana in collaborazione con una azienda finlandese, misurarne alcuni parametri e modificarne la velocità, danneggiando così irreparabilmente i macchinari.
Gli americani e il Mossad
Altre verifiche condotte dall’espero di informatica tedesco Frank Rieger portarono, però, a ipotizzare che l’obiettivo del virus non fosse l’impianto di Bushehr, ma quello di Natanz. Rieger arrivò a questa conclusione dopo essersi consultato con gli analisti di sei diversi paesi europei che si erano occupati of Stuxnet. Thanks to their knowledge in these three countries, managed to talk with some members believe that the intelligence operation of sabotage had been organized by the United States in cooperation with Israel.
According to Rieger, the virus was developed by U.S. intelligence and was then released by the Mossad, the Israeli secret services. Cases of sabotage of this nature existed in the past by the secret services, but if you really Stuxnet fell within the category we would find ourselves in front of a very different scenario, where a program sent remotely can cause damage and make it virtually impossible to identify degli autori del virus. Un indizio che sembra indicare la presenza di un sistema molto raffinato, creato dai servizi, è dato anche dalla “scadenza” di Stuxnet. Il virus dovrebbe automaticamente disattivarsi e scomparire il 24 giugno del 2012, ma molti informatici sono scettici sull’effettiva capacità del programma malevolo di eliminarsi automaticamente.
Quella di un coinvolgimento dei servizi degli Stati Uniti e di Israele è un’ipotesi molto dibattuta da mesi, ma non sono naturalmente mai arrivate conferme da parte delle organizzazioni che potrebbero essere coinvolte. A gennaio, il capo uscente del Mossad, Meir Dagan, ha ammesso che alcune “misure adottate contro” Iran's nuclear plans have caused a slowdown of years in the development of technologies needed to build atomic weapons. The head of service has not, however, made reference to Stuxnet, but according to The New York Times, the Israelis have experienced a virus in their systems with some simulations to propagate and affect Iran's nuclear facilities.
The time evolution of Stuxnet seem to confirm the suspicions regarding the move to sabotage the Iranian nuclear issue. In January 2010, Iran refused the IAEA proposal to enrich its uranium abroad, under control, and a few weeks later began to circulate early versions of the virus. In February, the IAEA confirmed that the Iranian authorities were working to produce nuclear weapons and, again, just weeks after Stuxnet became even more advanced and able to spread the knowledge on the USB stick users. In April, Iran confirmed to be working to build a new plant for uranium enrichment and in the same month appeared the third evolution of Stuxnet. Then came the UN sanctions, the European Union and the United States.
The virus was therefore made plans to slow down Iran, a solution to use the same sanctions adopted by the international community. It is unclear whether Stuxnet actually had the desired effect, but instead allowed Ahmadinejad to make propaganda, claiming to have suffered a cyber attack against nuclear installations in his country.
Regardless of how it worked, no doubt Stuxnet is something new under the sun. At worst, it is a project for a new way of attacking the control systems of industrial production. Moreover, the most important thing now known publicly about Stuxnet Stuxnet is that it is now known publicly. [...] Stuxnet is the Hiroshima of information warfare. This is the its true meaning, and all the speculation about its objectives and its origin should not distract us from the greater truth. We had a border and not turning back.
SOURCE ( The Post )
0 comments:
Post a Comment