Regularly quoted in the media -- and subject of an Internet meme -- he has testified on security before the United States Congress on several occasions and has written articles and op eds for many major publications, including The New York Times, The Guardian, Forbes, Wired, Nature, The Bulletin of the Atomic Scientists, The Sydney Morning Herald, The Boston Globe, The San Francisco Chronicle, and The Washington Post.
Schneier also publishes a free monthly newsletter, Crypto-Gram, with over 150,000 readers. In its ten years of regular publication, Crypto-Gram has become one of the most widely read forums for free-wheeling discussions, pointed critiques, and serious debate about security. As head curmudgeon at the table, Schneier explains, debunks, and draws lessons from security stories that make the news.
Here’s what we do know: Stuxnet is an Internet worm that infects Windows computers. It primarily spreads via USB sticks, which allows it to get into computers and networks not normally connected to the Internet. Once inside a network, it uses a variety of mechanisms to propagate to other machines within that network and gain privilege once it has infected those machines. These mechanisms include both known and patched vulnerabilities, and four “zero-day exploits”: vulnerabilities that were unknown and unpatched when the worm was released. (All the infection vulnerabilities have since been patched.)
Stuxnet doesn’t actually do anything on those infected Windows computers, because they’re not the real target. What Stuxnet looks for is a particular model of Programmable Logic Controller (PLC) made by Siemens (the press often refers to these as SCADA systems, which is technically incorrect). These are small embedded industrial control systems that run all sorts of automated processes: on factory floors, in chemical plants, in oil refineries, at pipelines–and, yes, in nuclear power plants. These PLCs are often controlled by computers, and Stuxnet looks for Siemens SIMATIC WinCC/Step 7 controller software. If it doesn’t find one, it does nothing.
So, unless the Anonymous hackers want to control industrial centrifuges, we should be alright? Not so fast. Theoretically, it would be possible to dismantle the virus and implant a separate payload, effectively piggy-backing another virus on the Windows-based attack code. This is no walk in the park coding exercise, to be sure, but Anonymous has proven their impressive abilities in the past. If such a deconstruction and reconstruction were to be pulled off, it could have wide-reaching consequences. In August 2010, the Stuxnet virus was reportedly infecting over 60,000 computers in Iran, not causing any harm but eager to spread until it found a place to release its payload.
For now, we’re largely dealing in hypotheticals. Since Stuxnet has been discovered, efforts are being put against it at high levels to prevent such attacks in the future. But if Anonymous does, in fact, have possession of the worm, it could have massive repercussions for both online and offline security. As Mort Zuckerman said late last year, though, “Malicious programmers are always able to find weaknesses and challenge security measures. The defender is always lagging behind the attacker.”
ComputingDenial-of-service attacks in the virtual world Second Life which work by infinitely replicating objects until the server crashes are referred to as grey goo attacks. This reference refers to the self-replicating aspects of grey goo. It is one example of the widespread convention of drawing analogies between certain Second Life concepts and the theories of radical nanotechnology.
Grey goo (alternatively spelled gray goo) is a hypothetical end-of-the-world scenario involving molecular nanotechnology in which out-of-control self-replicating robots consume all matter on Earth while building more of themselves, a scenario known as ecophagy ("eating the environment").
Although grey goo has essentially no military and no commercial value, and only limited terrorist value, it could be used as a tool for blackmail. Cleaning up a single grey goo outbreak would be quite expensive and might require severe physical disruption of the area of the outbreak (atmospheric and oceanic goos deserve special concern for this reason). Another possible source of grey goo release is irresponsible hobbyists. The challenge of creating and releasing a self-replicating entity apparently is irresistible to a certain personality type, as shown by the large number of computer viruses and worms in existence. We probably cannot tolerate a community of "script kiddies" releasing many modified versions of goo.
According to Q1 Labs, previous high profile attacks such as Stuxnet, the Google (News - Alert) breach, Wikileaks, NASDAQ and others are all connected. All the attacks, according to the security intelligence provider have a common theme and that is- low and slow APTs. These breaches points out the pressing need for Security Intelligence - the ability to see every action taking place on a network.
Q1 Labs claims that as the only Security Information and Event Management (SIEM) provider to integrate Application Layer Behavior Analysis, it is uniquely positioned to provide effective visibility and context by correlating network and application activity against log events and other security telemetry across entire networks.
Q1 Lab’s recommendations regarding network security in order to prevent a breach include: break down technology silos through the integration and analysis of a broad spectrum of information including network, virtual network, security, vulnerability, asset, application, and configuration data, among others, bridge operational silos and deliver the most appropriate security functions to meet the requirements of a broad spectrum of users including operators, analysts, auditors, managers, and executives, among others, have all the contextual information needed to prioritize the risk of a security incident based on the overall impact to the business, automate the detection and notification of newly introduced risks on the network, and seek to establish an integrated security intelligence framework for assessing risk across all relevant information.
We will begin to see the early stages of issuance of Personal Identity Verification – Interoperable (PIV-I) credentials in 2011 which will help increase security between government, business and individuals in conducting online and physical transactions. Digital signatures should begin to proliferate in lieu of wet signatures as the capability to perform digital signatures expands at least within the federal government. This will help streamline business processes and move traditional manual, labor intensive processes to more automated online transactions.
Remember when Anon hacked into HGbary the internet security company last week in a revenge attack for them trying to sell Anon info to the FBI. Well apparntly Anon got hold of the Stuxnet virus code.
Now this is really stupid.
Originally posted by ballsdeep
I haven't read the whole thread, but has anyone mentioned the fact that the term 'anon' is inherently inert; that chances are no-one has stolen stuxnet and the US are just preparing to infect someone other than Iran and blame 'anon'?
Originally posted by hillynilly
We are the resistance!
Anon wouldn't attack the citizens with stuxnet (the real anon)..
We don't have anything to worry about there.
They would drop it on paypal, amazon, ect....
Unless this is a CIA con,
Say *anon the hackers* have stuxnet
unleash it on anyone/thing/company/ in your way...
Blame it on anon...
Someone could be setting us up for the internet kill switch..
*OH NO stuxnet is everywhere we must shut down the internet*
edit on 14-2-2011 by hillynilly because: (no reason given)