First Weaponized Software

First Weaponized Software

www.csmonitor.com

"What we're seeing with Stuxnet is the first view of something new that doesn't need outside guidance by a human – but can still take control of your infrastructure," says Michael Assante, former chief of industrial control systems cyber security research at the US Department of Energy's Idaho National Laboratory. "This is the first direct example of weaponized software, highly customized and designed to find a particular target."

(visit the link for the full news article)

This virus needs no human interaction, and exists without the Internet. It can identify, or fingerprint, the systems it wishes to control; it's the first virus to jump from the computer world to the real world. Now this folks, is what Skynet looks like.

It's a massive in it's size and researchers do not fully understand how it works, but it has been deemed a weapon that can cause physical real-world machines to obey its commands, or possibly shut down nuclear weapon sites; such as has happened with Iran.

www.csmonitor.com
(visit the link for the full news article)

Crickey!

This is some seriously worrying stuff. Although, it was only a matter of time before some boffins (technical guys) somewhere came up with this stuff.

I do wonder though, just how long this sort of software has been 'out there'. It would not surprise me in the least to learn that it might have been out there for years, doing its work, undetected, and unmolested, for governments or other similarly nasty people.

Interesting read, thanks for posting it. S & F

I wouldn't leap as far as calling it Skynet.

However it obviously has tremendous potential for sabotage and terrorism. Just think if it's creators decided to make it a bit more indiscriminate in its targeting. Could be devastating...

Quite interesting.

Everyone seems to think it was built to target nuclear and other industrial facilities in iran. Also they think it would take a country and not a group of hackers to create something like this. Guess that points the finger at the U.S. and/or Israel.

IF - I repeat IF - the U.S. is involved in targeting iran in this way then I have to take my hat off to the agency that executed this. Anyone would have to admit that this approach would be far better then having missiles and bombs blowing things up and killing civilians. The first true "surgical" strike. A country turning "asymmetrical warfare" back onto the people that have made a living off of it for years.

Then again, we'll probably never know who really did this.

I think there are several misunderstandings on how a virus works

First, any virus can exists without the Internet, it can propagate using any medium, usb drives, burned cds where files or folders where infected, it could attach to another exe file, and probably other ways, the internet is just one way to propagate and the virus needs to be designed to use a network connection for that.

It is not really looking for a target like a missil would do, instead it just sits there checking, is this the computer i'm supposed to crash? yes, crash it, no? keep checking, the idea being that eventually if it gets copied enough times, it will reach a system which complies with the target requisites, or maybe it will never reach such system, if it doesn't use the internet, then it needs for someone to go and by hand insert the virus into the network where the target, which severely restricts the virus, a private network with no access to the external world will never get infected with this virus unless someone carries the binary in a usb drive or cd and insert that media into a computer in the private network.

The article is a little misleading in those aspects, giving this virus magical properties which no virus really has, it can just chose targets, it is software made by someone, it can't think on its own and it will never change to use a different target than the one it was compiled to look for, software like this is not a stage where it can become Skynet, i'm sure there are better and more dangerous stuff out there, this one is made for show up only

Oh and software has been used before to target other countries, back in the 80's or something like that, the US inserted a bug into a gas lines management application, which later was 'stolen' by the USSR, guess what happened when they used the software...

Kai

This method is long known in computer security industry, but this time its serious, because it target computerized critical industry.
Conventional usage is just to differentiate - is it a SunOS or Windows or Linux or What system to infect.
Now since it target specific Siemens stuff that deal with nuke (I assume) then its really really really dangerous, certain part of the plant configuration need to be replaced/modified completely to disable it.

Problem exist if the same kind of virus created and work in general common target - this will set us all back a few years up to the last millennia.

Could someone explain in laymans terms how it is possible to jump from one system to another, how it doesn't need to be in a computer???

Originally posted by jokei
Could someone explain in laymans terms how it is possible to jump from one system to another, how it doesn't need to be in a computer???

That's not true, it needs a computer, if not using internet, someone needs to carry the virus in a usb drive or cd and copy it from one computer to another, there isn't something like a computer virus that can jump systems like a human or animal virus does, all virus, computer or human or whatever, need a way to copy themselves over to a new host, and that can be the network, usb drive, cd, air, water etc, computer viruses are software, they need storage media or a network, there's no way around that, yet.

Welcome to the USDOD chip virus attack. The military has moved into the new realm of hardware attacks by attacking the chips in the hardware. The first sign this started was with the trojan digital picture frames from China where the trojan was built into the chip inside the digital picture frame. The USDOD has been playing with this technology for a while on there Secret Internet Protocol Router Network or SIPRnet. SIPRnet runs hidden software in the bios of a computer and runs a inspection of the hardware on the computer and has the ability to shut down the hardware if it wants in order to secure the computer for classified data. Now they have begun to use this technology to attack computers they don't like and shut down the chips inside to create a paperweight.

Wireless systems could be vulnerable too. the virus can hop/skip/copy itself through wireless networks, or through mobile phone networks. dont need wires for viruses to spread, you just need a wireless connection.

just throwing a monkey wrench into the whole thing.

reply to post by Kaifan


I agree and that makes the most sense, but I wonder if they will, or have come up with a way to propagate this sort of thing using some super TS quantum delivery system ?

sounds "rediculous" I know hehe, but I think the time is growing near for absolutely mind boggling things to be discovered..

Let me hypothesize further:

Lets just assume for fun that those cases where a disk was seen hovering near coyote canyon or other installations and wirelessly and remotely changed the codes, and shut down nukes was doing something similar..

Now no one publically was ever informed about "how" the unknowns caused that.. did eeproms (electronic eraseable programmable read only memories) have their software changed by those incidents? in the cases where they said the codes were changed in the targeting systems of nukes, those stories sound very similar to what might be envisioned in relation to this OP story...

Maybe they have finally had some success at reverse engineering what happened at these nuke sites

it doesn't take much to completely destroy a microsoft product. it seems like overkill to use weaponized software.

Don't forget the radio signals they use. Nuclear power plants would use radio signals to communicate if there was a problem at the plant. Not sure if they are allways on or not?

I don't know why, but the concept of using viruses (malware, e.t.c) as a serious tool of warfare has never crossed my mind before. This article is a real eye-opener for me!

What are the implications of it? How long before cyber-terrorism rears it's ugly head?

As somebody in the link said, this really is a big wake up call.

I just hope we aren't waking up to smell the coffee after the event.

China has been putting these in the cheap hardware that's sold at every best buy and even in government offices.

Doesn't matter what your software firewall says, your router and modem still see EVERYTHING that comes in and out.

Think about it, the new apple ipad headphones have a SMALL chip inside one of the headphones that will actually tell the IPOD if it's a genuine headset or not.

It's just as easy to send a virus, especially one that doesn't need the internet and will wait and collect until you plug it in or sign on again.

The time has come to either use ancient computers, and your own linux, or know you're being monitored by china, microsoft, nsa, cia, ect. All now have backdoors, every software engineer knows this, and why the computers we surf porn on are almost bare custom builds. lol

Thanks for participating ATS members, this is my first thread.

I agree wholeheartedly with the above statements; I do believe something of this scale and complexity is a state-sponsored weapon that is truly surgical in its approach to warfare. And if it was built into computer chips at a third-party site, only to come active when it finds a pre-programmed set of qualifiers at its destination, then who's to say these viral chips (if that's what it is) are not installed everywhere... almost like an "off switch" for whatever its creator (country) doesn't like.

And the fact that leading researchers have had this virus privately in their hands since June and they still don't understand it - what's the new technology here? Why are the professionals having a difficult time understanding it, only recently learning it can control automated systems?

The more I think about this story the more questions I have, and the more fearful its implications become.

Here Is a slightly more technical article for those that want it.
So as far as I understand it, the Trojan infects a windows PC in the normal way. it then uploads itself to the Mini computer thats controlling an industrial process.
The Trojan then alters basic read right functions of the Mini computer so that you can't see the extra code added by the Trojan.
The site gives an example of something like this happening before

By writing code to the PLC, Stuxnet can potentially control or alter how the system operates. A previous historic example includes a reported case of stolen code that impacted a pipeline. Code was secretly “Trojanized” to function properly and only some time after installation instruct the host system to increase the pipeline's pressure beyond its capacity. This resulted in a three kiloton explosion, about 1/5 the size of the Hiroshima bomb.

But it seems that the incident they are referring to is debatable in whether is actually happened or not Sibrian Pipeline Sabotage

reply to post by Jason88


sleeper spies during the cold war.

Now sleeping viruses in post cold war.

I remember in my networking class back in 2000 and 2001; a conversation with the students, and my teacher were going over some networking protocols and the application layer. I had asked if it was possible to tweak the firmware into overclocking a routers/servers processor to the point of short circuit, or make it blow itself out.

Short answer was yes, its possible. So, lets just say if a sleeper virus were to be disguised in a program, and its way of copying itself was if the system it was on was connected to the network, or a WAN, (internet) and able to replicate itself over different systems. if the maker of this program had an activation switch he would be able to send a command out that copies itself the same way over the internet. (wired/wireless doesn't matter.) Lets just say this weapon virus had the capability of frying its hosts chips. this would fry front end, and back end servers/networks.

Imagine turning on your comp in the morning, and wait for 5 mins and then you get the BSOD, computer shuts down, and is unable to turn on. you try to use your cell and it doesn't work. the world would be in the dark.

this is why a virus like this would be dangerous. imagine it shutting down everything! that would sure as hell cause chaos.

This is my worst case scenario for this computer bug.

reply to post by ugie1028


That's a pretty terrifying worst case scenario. There goes sleep tonight! So if this bug can fry both front and back end computer systems, then wouldn't it fry itself too? And if that's the case, and this has been around since 1982 with something similar causing the Siberian pipeline sabotage, then we're just plain lucky to have caught it. It hides, literally destroys and leaves no trace of itself.