Wonder if they'll do anything to retailiate this time. :hmm:
EDIT: In a more public fashion than what ever they did last time. I assume they must have done something.
http://www.torontosun.com/2012/05/28/most-complex-cyber-weapon-found-in-iran
QuoteBOSTON - Security experts said on Monday a highly sophisticated computer virus is infecting computers in Iran and other Middle East countries and may have been deployed at least five years ago to engage in state-sponsored cyber espionage.
Evidence suggest that the virus, dubbed Flame, may have been built on behalf of the same nation or nations that commissioned the Stuxnet worm that attacked Iran's nuclear program in 2010, according to Kaspersky Lab, the Russian cyber security software maker that took credit for discovering the infections.
Kaspersky researchers said they have yet to determine whether Flame had a specific mission like Stuxnet, and declined to say who they think built it.
Iran has accused the United States and Israel of deploying Stuxnet.
Cyber security experts said the discovery publicly demonstrates what experts privy to classified information have long known: that nations have been using pieces of malicious computer code as weapons to promote their security interests for several years.
"This is one of many, many campaigns that happen all the time and never make it into the public domain," said Alexander Klimburg, a cyber security expert at the Austrian Institute for International Affairs.
A cyber security agency in Iran said on its English website that Flame bore a "close relation" to Stuxnet, the notorious computer worm that attacked that country's nuclear program in 2010 and is the first publicly known example of a cyber weapon.
Iran's National Computer Emergency Response Team also said Flame might be linked to recent cyber attacks that officials in Tehran have said were responsible for massive data losses on some Iranian computer systems.
Kaspersky Lab said it discovered Flame after a U.N. telecommunications agency asked it to analyze data on malicious software across the Middle East in search of the data-wiping virus reported by Iran.
STUXNET CONNECTION
Experts at Kaspersky Lab and Hungary's Laboratory of Cryptography and System Security who have spent weeks studying Flame said they have yet to find any evidence that it can attack infrastructure, delete data or inflict other physical damage.
Yet they said they are in the early stages of their investigations and that they may discover other purposes beyond data theft. It took researchers months to determine the key mysteries behind Stuxnet, including the purpose of modules used to attack a uranium enrichment facility at Natanz, Iran.
If Kaspersky's findings are validated, Flame could go down in history as the third major cyber weapon uncovered after Stuxnet and its data-stealing cousin Duqu, named after the Star Wars villain.
The Moscow-based company is controlled by Russian malware researcher Eugene Kaspersky. It gained notoriety after solving several mysteries surrounding Stuxnet and Duqu.
Officials with Symantec Corp and Intel Corp McAfee security division, the top 2 makers of anti-virus software, said they were studying Flame.
"It seems to be more complex than Duqu but it's too early to tell its place in history," said Dave Marcus, director of advanced research and threat intelligence with McAfee.
Symantec Security Response manager Vikram Thakur said that his company's experts believed there was a "high" probability that Flame was among the most complex pieces of malicious software ever discovered.
At least one rival of Kaspersky expressed skepticism.
Privately held Webroot said its automatic virus-scanning engines detected Flame in December 2007, but that it did not pay much attention because the code was not particularly menacing.
That is partly because it was easy to discover and remove, said Webroot Vice President Joe Jaroch. "There are many more dangerous threats out there today," he said.
MAPPING IT OUT
Kaspersky's research shows the largest number of infected machines are in Iran, followed by Israel and the Palestinian territories, then Sudan and Syria.
The virus contains about 20 times as much code as Stuxnet, which caused centrifuges to fail at the Iranian enrichment facility it attacked. It has about 100 times as much code as a typical virus designed to steal financial information, said Kaspersky Lab senior researcher Roel Schouwenberg.
Flame can gather data files, remotely change settings on computers, turn on PC microphones to record conversations, take screen shots and log instant messaging chats.
Kaspersky Lab said Flame and Stuxnet appear to infect machines by exploiting the same flaw in the Windows operating system and that both viruses employ a similar way of spreading.
That means the teams that built Stuxnet and Duqu might have had access to the same technology as the team that built Flame, Schouwenberg said.
He said that a nation state would have the capability to build such a sophisticated tool, but declined to comment on which countries might do so.
The question of who built flame is sure to become a hot topic in the security community as well as the diplomatic world.
There is some controversy over who was behind Stuxnet and Duqu. Some experts suspect the United States and Israel, a view that was laid out in a January 2011 New York Times report that said it came from a joint program begun around 2004 to undermine what they say are Iran's efforts to build a bomb.
The U.S. Defense Department, CIA, State Department, National Security Agency, and U.S. Cyber Command declined to comment.
Hungarian researcher Boldizsar Bencsath, whose Laboratory of Cryptography and Systems Security first discovered Duqu, said his analysis shows that Flame may have been active for at least five years and perhaps eight years or more.
That implies it was active long before Stuxnet.
"It's huge and overly complex, which makes me think it's a first-generation data gathering tool," said Neil Fisher, vice president for global security solutions at Unisys Corp. "We are going to find more of these things over time."
Others said cyber weapons technology has inevitably advanced since Flame was built.
"The scary thing for me is: if this is what they were capable of five years ago, I can only think what they are developing now," Mohan Koo, managing director of British-based Dtex Systems cyber security company.
Some experts speculated that the discovery of the virus may have dealt a psychological blow to its victims, on top of whatever damage Flame may have already inflicted to their computers.
"If a government initiated the attack it might not care that the attack was discovered," said Klimburg of the Austrian Institute for International Affairs. "The psychological effect of the penetration could be nearly as profitable as the intelligence gathered."
*sighs* It'd be nice if they at least learned some of the basics of cyber security before scaremongering. Malware is only as effective as the zero days that it exploits- if it's trying to exploit a zero day that's already been patched, it doesn't matter how big it is.
Also, a massive virus is going to be progressively easier to detect; the smaller it is, the harder it's going to be to catch prior to infection, since it's more likely to be embedded with otherwise good code without noticeably changing the file size (see: "cracked games" on Kazaa that had 4KB file sizes).
Quote from: DontSayBanana on May 28, 2012, 11:46:05 PM
(see: "cracked games" on Kazaa that had 4KB file sizes).
Tamas, I was told to ask you about this.
If I had a nickel for every computer I had to bleach because of Kazaa shenanigans, I would have been a much wiser and richer teenager. <_<
Quote from: jimmy olsen on May 28, 2012, 11:09:50 PM
There is some controversy over who was behind Stuxnet and Duqu. Some experts suspect the United States and Israel, a view that was laid out in a January 2011 New York Times report that said it came from a joint program begun around 2004 to undermine what they say are Iran's efforts to build a bomb.
For it to be controversy, don't there have to be some who believe it was somebody else? :lol:
Yeah, and I doubt either the US or Israeli cyber-warfare dudes are the least bit annoyed of everyone pointing at them as creators of what is a work of art. :P
Stux, Duqu? Obviously those are George Lucas Star Wars names, so the culprit is in Marin County.
Iran should really update its anti-virus software.
Quote from: Josephus on May 29, 2012, 09:25:35 AM
Iran should really update its anti-virus software.
It's those embargoes- Kaspersky is the best they could get. :lol:
"If the relatively short history of viruses, worms and Trojans has taught us anything, it is that the more dangerous the cyber beast, the more control the ringmaster must exert to make it do his bidding and not bite the hand that feeds it."
Too much? :unsure:
Quote from: Josephus on May 29, 2012, 09:25:35 AM
Iran should really update its anti-virus software.
Would you volunteer, after seeing what happened with the guy in charge of rooting the worm out?
Quote from: Iormlund on May 29, 2012, 09:58:32 AM
Quote from: Josephus on May 29, 2012, 09:25:35 AM
Iran should really update its anti-virus software.
Would you volunteer, after seeing what happened with the guy in charge of rooting the worm out?
Can' they just use the free Microsoft Essentials? :D
Quote from: Josephus on May 29, 2012, 10:13:56 AM
Quote from: Iormlund on May 29, 2012, 09:58:32 AM
Quote from: Josephus on May 29, 2012, 09:25:35 AM
Iran should really update its anti-virus software.
Would you volunteer, after seeing what happened with the guy in charge of rooting the worm out?
Can' they just use the free Microsoft Essentials? :D
the Iran-MS scandal?
Quote from: Iormlund on May 29, 2012, 09:58:32 AM
Quote from: Josephus on May 29, 2012, 09:25:35 AM
Iran should really update its anti-virus software.
Would you volunteer, after seeing what happened with the guy in charge of rooting the worm out?
What did happen?
Quote from: DGuller on May 29, 2012, 01:32:11 PM
Quote from: Iormlund on May 29, 2012, 09:58:32 AM
Quote from: Josephus on May 29, 2012, 09:25:35 AM
Iran should really update its anti-virus software.
Would you volunteer, after seeing what happened with the guy in charge of rooting the worm out?
What did happen?
Got hit with a second mortgage.
Quote from: DGuller on May 29, 2012, 01:32:11 PM
Quote from: Iormlund on May 29, 2012, 09:58:32 AM
Quote from: Josephus on May 29, 2012, 09:25:35 AM
Iran should really update its anti-virus software.
Would you volunteer, after seeing what happened with the guy in charge of rooting the worm out?
What did happen?
Curt Shilling fucked his shit up good and proper.
Quote from: Brazen on May 29, 2012, 09:55:48 AM
"If the relatively short history of viruses, worms and Trojans has taught us anything, it is that the more dangerous the cyber beast, the more control the ringmaster must exert to make it do his bidding and not bite the hand that feeds it."
Too much? :unsure:
The rich burgundy hue aside, is that true?
Quote from: Admiral Yi on May 29, 2012, 08:40:46 PM
The rich burgundy hue aside, is that true?
Depends on a lot of variables. If a government's designed a cyberweapon to attack an infrastructure system also used by said government, then yes- extra levels of target verification need to be coded into the weapon to make sure it doesn't accidentally bring down a "friendly" system.
Quote from: DontSayBanana on May 29, 2012, 09:21:42 PM
Depends on a lot of variables. If a government's designed a cyberweapon to attack an infrastructure system also used by said government, then yes- extra levels of target verification need to be coded into the weapon to make sure it doesn't accidentally bring down a "friendly" system.
In Stuxnet's case, though, it was designed to go after specific Siemens controllers that were connected to specific centifuge hardware systems; so yeah, if the launching country doesn't have that particular ICS configuration, they don't have to worry about it as much, particularly in a closed system such as Iran's.
What I could see as hampering or redirecting a Flame- or Stuxnet-style attack is if it's launched against a country that, because embargoes, trade blockades, etc., that many of their systems have been jury-rigged, home-grown and customized to the point that a specifically programmed attack would not be nearly as effective as it could be. Can you imagine going after North Korea's Vic-20 based systems?
QuoteKamran Napelian, an Iranian cyber defence official told The New York Times that the virus "has a special pattern which you only see coming from Israel".
"The virus copies what you enter on your keyboard, it monitors what you see on your computer screen," he told the newspaper.
He said he was not authorised to disclose how much damage Flame had caused, but estimated it had been active for at least six months and had caused a "massive" data loss. He added that Iran had developed software to combat Flame, something the international community has yet to do.
Yeah, OK, Mohammed Zuckerberg.
Quote from: CountDeMoney on May 30, 2012, 05:50:02 AM
In Stuxnet's case, though, it was designed to go after specific Siemens controllers that were connected to specific centifuge hardware systems; so yeah, if the launching country doesn't have that particular ICS configuration, they don't have to worry about it as much, particularly in a closed system such as Iran's.
Agreed; I was actually trying to say that the quote as a blanket given was scaremongering.
Quote
What I could see as hampering or redirecting a Flame- or Stuxnet-style attack is if it's launched against a country that, because embargoes, trade blockades, etc., that many of their systems have been jury-rigged, home-grown and customized to the point that a specifically programmed attack would not be nearly as effective as it could be. Can you imagine going after North Korea's Vic-20 based systems?
:lol: The best way would probably be to go after the thousands of smuggled Arduinos embedded in the systems. ;)
QuoteQuoteKamran Napelian, an Iranian cyber defence official told The New York Times that the virus "has a special pattern which you only see coming from Israel".
"The virus copies what you enter on your keyboard, it monitors what you see on your computer screen," he told the newspaper.
He said he was not authorised to disclose how much damage Flame had caused, but estimated it had been active for at least six months and had caused a "massive" data loss. He added that Iran had developed software to combat Flame, something the international community has yet to do.
Yeah, OK, Mohammed Zuckerberg.
Did this guy seriously just claim that only Israelis use keyloggers? :wacko:
QuoteHe added that Iran had developed software to combat Flame, something the international community has yet to do.
They trained a camel to spit at the infected computer.
Quote from: DontSayBanana on May 30, 2012, 06:32:08 AM
Did this guy seriously just claim that only Israelis use keyloggers? :wacko:
Maybe the clue was how it logged right to left.
Quote from: CountDeMoney on May 30, 2012, 06:45:24 AM
Quote from: DontSayBanana on May 30, 2012, 06:32:08 AM
Did this guy seriously just claim that only Israelis use keyloggers? :wacko:
Maybe the clue was how it logged right to left.
More likely they've been "examining the code" with freeware hex editors and keep seeing "LULZ THIS IS TOTALLY ISRAEL" in plain text. ;)
Quote from: CountDeMoney on May 30, 2012, 06:45:24 AM
Quote from: DontSayBanana on May 30, 2012, 06:32:08 AM
Did this guy seriously just claim that only Israelis use keyloggers? :wacko:
Maybe the clue was how it logged right to left.
:lol:
Quote from: DontSayBanana on May 30, 2012, 06:47:47 AM
Quote from: CountDeMoney on May 30, 2012, 06:45:24 AM
Quote from: DontSayBanana on May 30, 2012, 06:32:08 AM
Did this guy seriously just claim that only Israelis use keyloggers? :wacko:
Maybe the clue was how it logged right to left.
More likely they've been "examining the code" with freeware hex editors and keep seeing "LULZ THIS IS TOTALLY ISRAEL" in plain text. ;)
If you copy and paste the code into Word and then change the font into Wingdings it spellz out the Star of David and 'Israel was Here'.
Quote from: Ed Anger on May 30, 2012, 06:34:29 AM
QuoteHe added that Iran had developed software to combat Flame, something the international community has yet to do.
They trained a camel to spit at the infected computer.
:lol:
Quote from: CountDeMoney on May 30, 2012, 05:50:02 AM
What I could see as hampering or redirecting a Flame- or Stuxnet-style attack is if it's launched against a country that, because embargoes, trade blockades, etc., that many of their systems have been jury-rigged, home-grown and customized to the point that a specifically programmed attack would not be nearly as effective as it could be. Can you imagine going after North Korea's Vic-20 based systems?
Pretty much all PLC programs are custom made. And, speaking as someone who has worked with these specific systems for years, we tend to make extensive use of pointers and shift bits around manually (it's similar to writing assembler code).
This means following someone else's code can be tricky. I cannot even fathom how complex an AI you'd need to identify patterns matching this target without a human involved.
Quote from: DGuller on May 29, 2012, 01:32:11 PM
Quote from: Iormlund on May 29, 2012, 09:58:32 AM
Quote from: Josephus on May 29, 2012, 09:25:35 AM
Iran should really update its anti-virus software.
Would you volunteer, after seeing what happened with the guy in charge of rooting the worm out?
What did happen?
Someone attached a bomb to his car window and detonated it.
Quote from: Iormlund on May 30, 2012, 08:12:26 AM
Someone attached a bomb to his car window and detonated it.
Looks like the patch failed on that one, lulz :mossad:
Quote from: CountDeMoney on May 30, 2012, 08:16:58 AM
Quote from: Iormlund on May 30, 2012, 08:12:26 AM
Someone attached a bomb to his car window and detonated it.
Looks like the patch failed on that one, lulz :mossad:
WAD
Not sure how much of this was already public knowledge, but a bit more on stuxnet and the cyberwar here:
http://www.nytimes.com/2012/06/01/world/middleeast/obama-ordered-wave-of-cyberattacks-against-iran.html?_r=1 (http://www.nytimes.com/2012/06/01/world/middleeast/obama-ordered-wave-of-cyberattacks-against-iran.html?_r=1)
I like Obama's foreign policy and I think he's been pretty good on the whole WoT angle. But this series of briefings about it all to the NYT is a really bad and stupid decision <_<
Quote from: Sheilbh on June 02, 2012, 09:41:47 AM
I like Obama's foreign policy and I think he's been pretty good on the whole WoT angle. But this series of briefings about it all to the NYT is a really bad and stupid decision <_<
Election season :contract:
Still wrong <_<
Quote from: Sheilbh on June 02, 2012, 09:49:57 AM
Still wrong <_<
That wasn't a justification, it was an explanation. To do the right thing you need to be able to "do".