Turbotodd

Ruminations on tech, the digital media, and some golf thrown in for good measure.

Posts Tagged ‘stuxnet

Stuxnet Two?

leave a comment »

The New York Times is reporting that a cyberattack against Iran in June took out a database used by Iran’s paramilitary arm used to plot attacks against oil tankers. The attack also degraded Tehran’s ability to target shipping traffic in the Persian Gulf, and Iran is still trying to recover information destroyed in the June 20 attack and get back online.

This attack came right around the time that Iran shot down a U.S. drone, a retaliatory attack for which the Trump Administration called off at the eleventh hour.

MIT Review reports the attack has had a lingering impact on the Iranian military’s ability to target oil tankers in the Persian Gulf, and noted the database wiped out belong to Iran’s paramilitary forces known as the Islamic Revolutionary Guard.

U.S. officials said there has been no escalation from Iran, but the Times reports there have been doubts about whether the benefits of the operation outweighed the cost — “lost intelligence and lost access to a critical network used by the Guard.”

The entire episode is reminiscent of Stuxnet, a cyber operation thought to be developed by the U.S. and Israel that targeted and destroyed controller systems for centrifuges in Iran’s uranium enrichment program — only this time at a much faster pace. 

Written by turbotodd

August 29, 2019 at 10:29 am

Internet Insecurity

leave a comment »

You ever get one of those emails where there are two headlines that couldn’t have been more synchronous?

That’s what I got today in a Washington Post email newsletter:

“New malware is 20 times size of Stuxnet”

“Cybersecurity experts needed to meet growing demand”

Surely the Post newsletter editor at least chuckled when he put those two together.

I didn’t chuckle, however, when I started reading up on this new Internet security phenom.

Wired’s Threat Level blog led with this: “A massive, highly sophisticated piece of malware has been newly found infecting systems in Iran and elsewhere and is believed to be part of a well-coordinated, ongoing, state-run cyberespionage operation.”

Here was The New York Times lead on the story: The computers of high-ranking Iranian officials appear to have been penetrated by a data-mining virus called Flame, in what may be the most destructive cyberattack on Iran since the notorious Stuxnet virus, an Iranian cyberdefense organization confirmed on Thursday.

And, the Post led with: Researchers have identified a sophisticated new computer virus 20 times the size of Stuxnet, the malicious software the disabled centrifuges in an Iranian nuclear plant. But unlike Stuxnet, the new malware appears to be used solely for espionage.

The Post goes on to cite analysts who “suspect Israel and the United States, given the virus’s sophistication, among other things.”

Which is it, we need more cybersecurity experts in the U.S., or we’re the “nation-state” behind this latest cyber war virus?

Whatever the case, the BBC’s coverage included the following facts: Russian security firm Kaspersky Labs believed the malware had been operating since August 2010 and described Flame as “one of the most complex threats ever discovered.”

If you don’t remember Stuxnet, it was the alleged state-sponsored virus which wreaked havoc on Iran’s uranium centrifuges.  This new malware, according to the BBC story, “appears not to cause physical damage,” but instead collects “huge amounts of sensitive information.”

Wired also adds to the story, reporting Flame was “written by different programmers, its complexity, the geographic scope of its infections and its behavior indicate strongly that a nation-state is behind Flame, rather than common cyber-criminals.”

Wired went on to report that “Early analysis of Flame by the Lab indicates that it’s designed primarily to spy on the users of infected computers and steal data from them, including documents, recorded conversations and keystrokes. It also opens a backdoor to infected systems to allow the attackers to tweak the toolkit and add new functionality.”

Recorded conversations?

Yes, indeedy.  According to Wired, one of the modules in Flame is “one that turns on the internal microphone of an infected machine to secretly record conversations that occur either over Skype or in the computer’s near vicinity.”

It also allegedly contains a module that turns “Bluetooth-enabled computers into a Bluetooth beacon,” scanning for other Bluetooth-enabled devices in order to “siphon names and phone numbers from their contacts folder.”

It can also store “frequent screenshots of activity on the machine,” screenshots that include everything from emeetings to instant messages, email….you get the picture.  Literally.

I don’t know about you, but I sense a whole new genre of cyber espionage novels looming on the horizon.

More details on Flame as they emerge…
%d bloggers like this: