Category Archives: Stuxnet

04/30/12

Cyber Weapons and Cyber Attacks

gAtO wAs -reading my friend Pierluigi Paganini’s Security Affairs blog – http://securityaffairs.co -  about “Google Used as Cyber Weapons and it got me thinking. To put it in todays terms, cyber Iran is in the news lately and they do control oil coming from the middle east. Their oil fields are controlled by the Internet (SCADA) and thus vulnerable to a cyber attack. So talking about cyber weapons is not far fetched.. so.. What are Cyber weapons and how do we use them in today’s digital infrastructure. Cyber weapons today are not just about security but also as a geo-political tool and it’s power to control the price of oil as well as an a attack vector. 

We have targeted and un-targeted cyber weapons. If we look at Stuxnet and DuQu style of targeted attacks we have a cyber weapon that is guided to make sure it has the right target then uses unpublished certificates to give the software a trusted attack vector, then it goes about doing it’s dirty work. DuQu is different and these two codes do different things one is a computer to kinetic cause and effect like messing with their centrifuges in their enrichment plant and telling the monitoring stations that everything was cool and dandy and then deletes itself from the face of the earth after a self-kill date.

One lone person can with today’s tools develop, control and execute a massive cyber attack to any physical device that is connected to the Internet.

 

What is a Cyber Weapon? – http://hackmageddon.com/2012/04/22/what-is-a-cyber-weapon/

On the other hand DuQu goes and does recon and gathering of information to make an attack transmit it back to Command & Control, then sits back and waits quietly and undetected. What a dynamic dual these two are, why mention these two because, Stuxnet was the first and DuQu was the son of…stuxnet. We now have an evolving Code-Based warrior class of cyber weapons that using this framework other cyber weapons can be created.

 

The Internet was design as a weapons-class communication medium.

Spammers and phising criminals have got a new tool social engineering: it is used in:Advanced Persistent Threat (APT) style attacks just a simple email attachment and your their next victim. Then the Chinese did a clever legal plain overt in your face thing— they created an FACEBOOK account for “James Stavridis”  who happens to be an American Admiral in the Minister of Defence in NATO and then other officials from NATO accepted his Friend request and gathered tons of personal information about high ranking NATO officials.

This is the plain in sight social engineering planning that goes into today’s complex cyber operations. It’s a numbers game. The question needs to be asked. How many dead unknown family relatives have died and left me billion of dollars from Nigeria? Like I said someone will click on the link, greed, stupidity or just drunk, they just created another zombie computer. This zombie can now be given a dictionary attack code to hack your site and the hack begins a new. The life-cycle of hacking botNet.

The bad guy’s are everywhere -  The social engineer aspect in today’s social networks is so new that nobody has the rules. 

Let’s go into a hackers mind. I’m a game player and we figure out the games and then find the weak spot and slide right in and killing that monster to that level 22 knight elf warrior. To make it more fun Google and Facebook are changing their security policy to allow more and more information about ourselves is available online. Make sure you know that anything you say online is stored, collected and examined until you go down the rabbit hole like ToR “Smile your on candid camera” – all the time.

 

In today’s digital matrix just about anything can be used to hack you. 

We today have attacks like the LuckyCat attack from China that has a Chinese professor with a masters and PHD in computer science leading the team. The LuckyKat hack was very well though out and planned with “state-sponsored individuals in China”. Lucky Cat:

To avoid detection, the hackers used a diverse set of infrastructure and anonymity tools. Each attack used a unique campaign code to track which victims were compromised by which malware, illustrating that the attackers were both very aggressive and continually targeted intended victims with several waves of malware, according to Trend Micro’s report.

The security company was able to connect an email address used to register one of the group’s command-and-control servers to a hacker in the Chinese underground community.

The hacker has been using aliases “dang0102″ or “scuhkr” and has been linked to the Information Security Institute of the Sichuan University in Chengdu, China, where he was involved in a research project on network attack and defense.

The person behind the aliases and the email address is Gu Kaiyuan, who is now apparently an employee at Tencent, China’s leading Internet portal company, The New York Times reported on Thursday.

While we spend time on low hanging fruits like the Anonymous attack from the LulzSec crewz and Sabu. Come on this was an embarrassment and the FBI took it personal while the RSA (March 27, 2012 NSA Chief:China behind RSA Attacks: ( http://www.informationweek.com/news/government/security/232700341 ) and Locckheed Martin (May 31, 2011- Lockheed Martin Suffers Massive Cyber attack – http://www.informationweek.com/news/government/security/229700151 ) hacks from foreign nationalist hacking into our defense contractors was a much bigger deal but we ate up the LuLz and three months later we gave Loockheed Martin a National contract to protect our National electrical grid(July 27, 2011 – Lockheed Promised Electric Grid Security Contract – http://uscyberlabs.com/blog/2011/07/27/lockheed-promises-electric-grid-security/ ).

Now why is “gAtO going LoCo” over all this is because while all this madness is going on these professional hacks are being given to smaller countries and even smaller terrorist cells that can use these same tools professionaled managed and all in a box. How to Hack a Box going to your local nut case living in mama’s basement, another unemployed person with time on their hands and reading all about it. This is the bottom of the connect the dot contest. One lone person can with today’s tools develop, control and execute a massive cyber attack to any physical device that is connected to the Internet now that’s a cyber weapon

 

How many devices connected to the Internet that you know about??? -?— gAtO oUt. .

 

Share on TwitterShare on TumblrSubmit to StumbleUponSave on DeliciousDigg ThisSubmit to reddit
01/4/12

China U.S. Cyber War Coming

China U.S. Cyber War Coming

gAtO sAy -the lack of trust between Washington and Beijing looks only likely to grow. Stuxnet was the first real Cyber Weapon that has been deployed by a nation/state actors and if you think that China does not see the threat, we all need to wake up. Just a few months ago the U.S made public (announced to the world) that their SCADA software (Sunway) has a number of security holes. They could of mentioned it quietly and confidential. This was a slap in the face to the Chinese, at the height of Lulz-Anonymous hackings.

gAtOmAlO - China U.S. Cyber War

Now if you were China and you know that America and/or Isreal created Stuxnet, and now they have the son of Stuxnet “the DuQu virus”(2nd generation)  and we told them that their SCADA is full of holes wouldn’t you start to beat your chess and bang the drums of cyber warfare, screaming saying every one is hacking China too.(True the U.S alone is conducting cyber testing of weapons every day)

Let look at this Cyber Warfare thingy.

Offense and defense in cyber war have distinct characteristics, and they change frequently. Offensive technologies include computer viruses, DDoS (type), EMP bombs, microwave bombs, and computer and microchip backdoors.  For defense, there are network scanners, network wiretapping devices, password breaking devices, electromagnetic detectors and firewalls, and anti-virus software. IMHO -Let me throw these few things out-

https://chinacyberwarfare.wordpress.com/

**__“China also need us as a consumer of their exports, as we are the biggest single market in the world.” — This statement is not really true anymore__**

This is were Americans are dead wrong, it used to be that way but as other countries like the BRIC countries have been growing they themselves have produced what “Mr Henry Ford” did create a middle class that can buy it’s own goods and service. As your people come out of the plow and into a smartphone working at the Apple I-Pad factory they learn, more and more. The Chinese are getting tried of being the cheap labor market and the corruption of the communist party to embrace capitalism is changing their minds quickly.

The sad facts are that while we (America) have been at war for the last 10 years China has been building business relations with every country it can. Money talks and they have made some solid moves. Take the biggest IPO this coming year “FACEBOOK” China has band Facebook from China but they are making a big deal in buying Facebook stocks with Glodman S. The US is looking into this and trying to stall it but, when they buy a let’s say 10% share then they will make Facebook available to the Chinese and WAMO add 50-100 million onto Facebook and that stock will be golden.

As to the all the hacking that China has done last year alone we cannot do a thing, not because we can’t but the relationship that we have with China is economics and they got us by the short hair there.

I compiled this bit of info that may open eyes— United States-China Economic and Security Review Commission

https://chinacyberwarfare.wordpress.com/2011/09/14/united-states-china-economic-and-security-review-commission-2/

We threw China a message a while back by exposing the weak links in their SCADA systems:

https://chinacyberwarfare.wordpress.com/2011/07/24/critical-infrastructure-vulnerable-to-holes-in-chinese-scada-software-threatpost/

And let’s not forget one of my Hero of 2011 Dillon Beresford – he took on CHina and found out that they were wide open. I followed and verified some of his findings and found even more open doors. You see the culture in China is all about saving face. You may of done bad work but when your boss disgraces you, you move and fix the problem, at least you think you fixed it, the pool of educated security people in CHina is low that they can’t,  so their defenses are down today.

https://chinacyberwarfare.wordpress.com/2011/07/30/glass-dragon-chinas-cyber-offense-obscures-woeful-defense-threatpost-2/

- China and the US will be at war in 2012 just how bad it’s going to get— will see.  That’s my 2 cents

gAtO tHiNk – China and Russia will use Iran as a proxy to get what they want and in so doing it they will train and arm Iranian with the needed infusion of technology and education. They do have oil and especially China needs it to make sure of it’s growing economy.

Let me add N. Korea to this mix because of the close ties with China. In N.Korea the new leader the son of the father will have to show the world where he stands as a show of power. Better yet if Obama get’s N. Korea to open up a bit it would be a political move that could help him in the elections this year. Kin Jr. could open N. Korea to the world and make it better for it’s people or they could take the hard line with China support. The could be another proxy for China or Russia.

Both Iran and N. Korea claim of a new super cyber army recently and that was a message to the world, cyber warfare will come – ready or not… gAtO oUt -

Share on TwitterShare on TumblrSubmit to StumbleUponSave on DeliciousDigg ThisSubmit to reddit