NYT: Obama, CyberWarrior

[DontSayBanana]

How the hell did this get leaked out? An investigation better be done and some heads need to roll!


Also, leaks about the Yemeni agent's identity. The one who found out about the new bomb process the radicals were going to use. That agent had to be pulled out, of course, and probably his and his family's safety compromised. I don't know if this was a US, UK or some other leak though. But if a US then the US has a lot of work to do, and more heads to be rolled! 

Also, for the movie on the OBL raid, someone, the Pentagon or who ever was working with the movie makers gave the name of one of the SEAL leaders. More heads need to roll!

This has been going on since Pres Bush. These clowns in the US govt need to seriously get their act together!

Not sure if serious.

[KRonn]

I'm serious. All of those were leaks, and intel leaks seem to be a real problem with the US govt. Some of those intel programs were good ones to have, real coups, but now the world knows of them. Leaks that give away an agent's identity make it harder to recruit more people in the future, for instance. This isn't an anti-Obama issue; it's a problem with how the US does intel and keeps its secrets.

[CountDeMoney]

I'm serious. All of those were leaks, and intel leaks seem to be a real problem with the US govt. Some of those intel programs were good ones to have, real coups, but now the world knows of them. Leaks that give away an agent's identity make it harder to recruit more people in the future, for instance. This isn't an anti-Obama issue; it's a problem with how the US does intel and keeps its secrets.

One thing, particularly with government and military higher-ups that otherwise never get the attention, is the compelling need to shine and be noticed.  For example, look at McCrystal and Rolling Stone;  they just loooove the attention, and they talk before they think.

Hell, then again, that's practically in any organization;  bureaucracies, police departments,  mega-corporations.  Executives just love to preen for the camera, for the reporter, anybody who's paying them their rapt attention.  Leaks make people feel important.

[DontSayBanana]

The ID leak is a concern, yeah, but my gut's telling me the Stuxnet leak is sanctioned.  Part of that is the obvious propaganda tool in espousing cyberwarfare.  It might be cheap, it might grant plausible deniability, but it's also incredibly "disposable" in that as soon as a vulnerability is patched, the attacker's back to square one.

From a hacking standpoint, the development of Stuxnet was incredibly stupid.  There were over 28 zero days.  That's called "putting all of the eggs in one basket."  One fully-analyzed rogue sample later, all of those zero days have been used up.  That's up to 27 wasted opportunities to keep the heat on.

[KRonn]

Right, leaks make them feel important. I can understand that, and see that as part of the motivation.  But that leaked info causes quite a mess, in some cases people die or operations are compromised, so they must feel the fools or much worse then. And they know the consequences of their actions. Totally irresponsible. And if caught they certainly look the contemptible fools, aside from criminal charges being brought.

[KRonn]

I wonder how bad the stuxnet virus will be, if others are able to replicate it, figure it out. I assume it's been captured on some computers, and people who don't like us now have access to try and figure it out, use it against us. 

[DontSayBanana]

I wonder how bad the stuxnet virus will be, if others are able to replicate it, figure it out. I assume it's been captured on some computers, and people who don't like us now have access to try and figure it out, use it against us. 

Not bad, actually.  Stuxnet has a very specific target in that every bit of the code is tailored to attack antique centrifuges via Siemens SCADA systems and zero days ID'ed as unique to the Iranians (a zero day that wasn't unique to the setup is how this thing got publicly released and then patched in the first place).  A hostile would need to ID a point of insertion, US-unique zero days, and completely rewrite pointers based on US hardware and software configurations.  In other words, they'd need to rewrite it from scratch.

[CountDeMoney]

I wonder how bad the stuxnet virus will be, if others are able to replicate it, figure it out. I assume it's been captured on some computers, and people who don't like us now have access to try and figure it out, use it against us.

It's a little more complicated than people think, especially if you're targeting specific ICS and SCADA networks in a closed RPN environment.

Here's Symantec's white paper on Stuxnet and Duqut: http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_duqu_the_precursor_to_the_next_stuxnet.pdf

Interesting reading.

[KRonn]

Ok, sounds better as far as the virus not being reverse engineered.

[Berkut]

SO this could have been just as fairly titled: GW Bush, CyberWarrior.

[CountDeMoney]

SO this could have been just as fairly titled: GW Bush, CyberWarrior.

Just like your post could've been just as fairly titled: Berkut, LOLWUT Asshat Fartbag.

[CountDeMoney]

I wonder how bad the stuxnet virus will be, if others are able to replicate it, figure it out. I assume it's been captured on some computers, and people who don't like us now have access to try and figure it out, use it against us.

Here, check this out.  Whoops.

WASHINGTON — The Obama administration is warning American businesses about an unusually potent computer virus that infected Iran's oil industry even as suspicions persist that the United States is responsible for secretly creating and unleashing cyberweapons against foreign countries.

The government's dual roles of alerting U.S. companies about these threats and producing powerful software weapons and eavesdropping tools underscore the risks of an unintended, online boomerang.

Unlike a bullet or missile fired at an enemy, a cyberweapon that spreads across the Internet may circle back accidentally to infect computers it was never supposed to target. It's one of the unusual challenges facing the programmers who build such weapons, and presidents who must decide when to launch them.

The Homeland Security Department's warning about the new virus, known as "Flame," assured U.S. companies that no infections had been discovered so far inside the U.S. It described Flame as an espionage tool that was sophisticated in design, using encryption and other techniques to help break into computers and move through corporate or private networks. The virus can eavesdrop on data traffic, take screenshots and record audio and keystrokes. The department said the origin is a mystery.

The White House has declined to discuss the virus.

Suspicions heightened
But suspicions about the U.S. government's role in the use of cyberweapons were heightened by a report in Friday's New York Times . Based on anonymous sources, it said President Barack Obama secretly had ordered the use of another sophisticated cyberweapon, known as Stuxnet, to attack the computer systems that run Iran's main nuclear enrichment facilities. The order was an extension of a sabotage program that the Times said began during the Bush administration.

Private security researchers long have suspected that the U.S. and Israeli governments were responsible for Stuxnet. But the newspaper's detailed description of conversations in the Oval Office among Obama, the vice president and the CIA director about the U.S. government's responsibility for Stuxnet is the most direct evidence of this to date. U.S. officials rarely discuss the use of cyberweapons outside of classified settings.

Stuxnet is believed to have been released as early as 2009. It was discovered in June 2010 by a Belarusian antivirus researcher analyzing a customer's infected computer in Iran. It targeted electronic program controllers built by Siemens AG of Germany that were installed in Iran. The U.S. government also circulated warnings to American businesses about Stuxnet after it was detected.

The White House said Friday it would not discuss whether the U.S. was responsible for the Stuxnet attacks on Iran.

"I'm not able to comment on any of the specifics or details," White House spokesman Josh Earnest said. "That information is classified for a reason, and it is kept secret. It is intended not to be publicized because publicizing it would pose a threat to our national security."

Uncharted territory
Cyberweapons are uncharted territory because the U.S. laws are ambiguous about their use, and questions about their effectiveness and reliability are mostly unresolved. Attackers online can disguise their origins or even impersonate an innocent bystander organization, making it difficult to identify actual targets when responding to attacks.

Viruses and malicious software, known as malware, rely on vulnerabilities in commercial software and hardware products. But it is hard to design a single payload that always will succeed because the target may have fixed a software vulnerability or placed computers behind a firewall.

On the Internet, where being connected is a virtue, an attack intended for one target can spread unexpectedly. Whether a cyberweapon can boomerang depends on its state of the art, according to computer security experts. On that point, there are deep divisions over Flame.

Russian digital security provider Kaspersky Lab, which first identified the virus, said Flame's complexity and functionality "exceed those of all other cybermenaces known to date." There is no doubt, the company said, that a government sponsored the research that developed it. Yet Flame's author remains unknown because there is no information in the code of the virus that would link it to a particular country.

Other experts said it wasn't as fearsome.

'No secret sauce'
Much of the code used to build the virus is old and available on the Internet, said Becky Bace, chief strategist at the Center for Forensics, Information Technology and Security at the University of South Alabama. Flame could have been developed by a small team of smart people who are motivated and have financial backing, she said, making it just as likely a criminal enterprise or a group working as surrogates could have been responsible.

"Here's the wake-up call as far as cyber is concerned: You don't have to be a nation-state to have what it would take to put together a threat of this particular level of sophistication," said Bace, who spent 12 years at the National Security Agency working on intrusion detection and network security. "There's no secret sauce here."

Stuxnet was far more complex.

Still, Stuxnet could not have worked without detailed intelligence about Iran's nuclear program that was obtained through conventional spycraft, said Mikko Hypponen, chief research officer at F-Secure, a digital security company in Helsinki, Finland. The countries with the motivation and the means to gather that data are the United States and Israel, he said.

"This is at the level of complexity that very few organizations in the world would even attempt," said Hypponen, who has studied Stuxnet and Flame. "Basically you have to have moles. Most of what they needed to pull this off was most likely collected with what we would characterize as traditional intelligence work."

Collateral damage?
The more intricately designed a cyberweapon is, the less likely it will boomerang. Stuxnet spread well beyond the Iranian computer networks it was intended to hit. But the collateral damage was minimal because the virus was developed to go after very specific targets.

"When some of these super sophisticated things spread, it's bad but it may not have the same impact because the virus itself is so complex," said Jacob Olcott, a senior cybersecurity expert at Good Harbor Consulting. "It's designed to only have its impact when it finds certain conditions."

Israel is a world leader in cybertechnology and senior Israeli officials did little to deflect suspicion about that country's involvement in cyberweapons. "Whoever sees the Iranian threat as a significant threat is likely to take various steps, including these, to hobble it," said Vice Premier Moshe Yaalon, a former military chief and minister of strategic affairs.

A senior defense official involved in Israel's cyberwarfare program said Friday that, "Israel is investing heavily in units that deal with cyberwarfare both for defense and offense." He would not elaborate. The official spoke on condition of anonymity because he is not allowed to speak with the media.

Isaac Ben-Israel, an adviser to Israeli Prime Minister Benjamin Netanyahu on cybersecurity issues, declined Friday to say whether Israel was involved with Stuxnet.

It could take years to know who is responsible, which is what is so unsettling about attacks in cyberspace. "We are very good as an industry at figuring out what a piece of malware does," said Dave Marcus, director of advanced research and threat intelligence at digital security giant McAfee. "But we are less accurate when it comes to saying what group is responsible for it, or it came from this country or that organization."

[KRonn]

Yeah CDM. I had seen something like this on the news yesterday so that's why I brought it up. Things could get "interesting" if this thing does make the rounds of businesses. But it may all be speculation or a cover story to try and say it isn't the work of US intel.