After the NYTimes recent article on Stuxnet computer worm more buzz is being generated around computer viruses affecting the real world…cyberwars and politics.
and with some quotes like this :
“Stuxnet computer worm, a destructive program that appears to have wiped out roughly a fifth of Iran’s nuclear centrifuges and helped delay, though not destroy, Tehran’s ability to make its first nuclear arms.”
some people feel that they woke up in the middle of “Die Hard” or “hackers” movie.

I did some search on stuxnet and on the history of computer worms/viruses attacks and incidents in the real world – here are some of the results of that search:

History of “famous” computer viruses causing harm in the real world : (those are the notable ones i found)

• Siberian Pipeline Explosion (1982):Trojan inserted into SCADA software that caused explosion
• 1992 Chevron – Former employee disabled emergency alter system in 22 states
• Roosevelt Dam (1994): Hacker breaks into floodgate SCADA systems
• March 1997: teenager breaks into NYNEX and cuts off Worcester Airport in Massachusetts for 6 hours affecting both air and ground communications
• June 1999: Bellingham, Washington Gasoline Pipeline Failure
• Sewage Dump (2000): Insider attack on sewage systems in Australia; Dumps 1 million gallons of raw sewage
• GAZPROM (2000):Hackers gain control of Russian natural gas pipeline
• Slammer (2003): Knocks nuclear monitoring system offline; Cripples airlines
• August 2003: USA Northeast Power Blackout
• August 2003: CSX Train Signaling System  and the Sobig Virus
• August 2005: Automobile plants and the Zotob Worm
• California Canal System (2007):Insider hacks SCADA
• March 2008: Hatch Nuclear Power Plant shutdown
• June 2009 : insider/employee attack on US hospital SCADA systems.

I used the word “famous” cuz of 2 other sources : BCIT and Joseph Weiss

BCIT (British Columbia Institute of Technology), funded by a petroleum company, is one of a few groups which tracked industrial cyber security incidents until the project went dormant in 2006 after Eric Byres left.
Their database, the Industrial Security Incident Database (ISID), tracks information regarding security related attacks on process control and industrial networked systems.
The BCIT reports that between 1994 and June 2006, 97 incidents have been investigated and logged in the database

Prior to 2001, the majority of attacks reported in the database were from insiders of the company. After 2001, the majority of the incidents reported were due to external sources. This swing has been attributed to the increase in use of more common operating systems and applications,open architectures, larger interconnected networks and automated “worm” attacks.
It is interesting to note that the majority of these attacks occurred months or years after the virus/worm was publicized in the media and patches were available and proven for control systems. This is indicative of a lapse in security policy rather than technology

Joseph Weiss managing partner of control systems security consultancy Applied Control Solutions,  said that in the US,  networks powering industrial control systems have been breached more than 125 times in the past decade involving systems in nuclear power plants, hydroelectric plants, water utilities, the oil industry and agribusiness.

The Aurora Experiment :

Another interesting thing i ran into is an experiment called Aurora by the US Departement of homeland Security conducted in march 2007 at the Department of Energy’s Idaho lab. In that experiment they emulate a hacker remotely accessing a 1M $ power generator and they blew it up
Here is the video

Here is the article on CNN
http://articles.cnn.com/2007-09-26/us/power.at.risk_1_generator-cyber-attack-electric-infrastructure?_s=PM:US

The stuxnet worm

” Stuxnet is a computer worm targeted at industrial equipment that was first discovered in July 2010 by VirusBlokAda, a security firm based in Belarus.

While it is not the first time that hackers have targeted industrial systems, it is the first discovered worm that spies on and reprograms industrial systems and the first to include a programmable logic controller (PLC) rootkit. It was specifically written to attack Supervisory Control And Data Acquisition (SCADA) systems used to control and monitor industrial processes. Stuxnet includes the capability to reprogram the PLCs and hide its changes.

The worm’s probable target is said to have been high value infrastructures in Iran using Siemens control systems. According to news reports the infestation by this worm might have damaged Iran’s nuclear facilities in Natanz and eventually delayed the start up of Iran’s Bushehr Nuclear Power Plant. Although Siemens initially had stated that the worm had not caused any damage, on November 29, Iran confirmed that its nuclear program had indeed been damaged by Stuxnet.

Russian digital security company Kaspersky Labs released a statement that described Stuxnet as “a working and fearsome prototype of a cyber-weapon that will lead to the creation of a new arms race in the world.” Kevin Hogan, Senior Director of Security Response at Symantec, noted that 60% of the infected computers worldwide were in Iran, suggesting its industrial plants were the target. Kaspersky Labs concluded that the attacks could only have been conducted “with nation-state support”, making Iran the first target of real cyberwarfare.” more

Key Elements of the StuxnetAttackTargeted Sabotage
•Uses a Windows rootkitto hide Windows binaries
–Signed by one of 2 stolen certificates from ‘JMicron’ and ‘Realtek’
•Injects code into Programmable Logic Controllers (PLC) systems
–Allows threat to alter and control SCADA systems
•Uses root kit techniques to hide injected PLC code
–Patches Siemens Step 7 software, which is used to view PLC code
•Communicates with C&C servers using HTTP
•Uses P2P networks to update itself
–Gives control of infected hosts even if C&C servers are taken down

Incursion
Spreads by copying itself to USB drives
– LNK vulnerability
– Autorun.inf
• Spreads via network shares
• Spreads using 2 known and 4 0-day
Microsoft vulnerabilities
– MS08-067 (vulnerability used by Conficker)
– Default password in Siemens WinCC
– LNK: allows automatic spreading via USB keys
– Printer Spooler: allows network spreading to
remote machines
– Undisclosed 1: local privilege escalation
vulnerability
– Undisclosed 2: local privilege escalation
vulnerability

Pointing Fingers :
In early 2008 the German company Siemens cooperated with one of the United States’ premier national laboratories, in Idaho, to identify the vulnerabilities of computer controllers that the company sells to operate industrial machinery around the world — and that American intelligence agencies have identified as key equipment in Iran’s enrichment facilities.

Siemens says that program was part of routine efforts to secure its products against cyberattacks. Nonetheless, it gave the Idaho National Laboratory — which is part of the Energy Department, responsible for America’s nuclear arms — the chance to identify well-hidden holes in the Siemens systems that were exploited the next year by Stuxnet.

What the hell is SCADA – that word that keeps popping up ?

Supervisory Control and Data Acquisition (SCADA) systems are computer-based control systems which are used to monitor and control physical processes. They are usually composed of a set of networked devices such as controllers, sensors, actuators, and communication devices.

In other words, SCADA is :

• the power in your home
• the water in your home
• the water that goes out of your home
• the traffic lights on the way to the office
• the commuter train controls
• the air conditioning system in your office building
• the phone system to your home
• ….

Security problems with SCADA

• SCADA = no authentication : what is the identity of an automated system ? How would policies such as “change your password monthly” be applied to automated systems that are supposed to run un-attended for years ?
• How to manage rights for each person ? which of the thousands possibilities can they monitor/control ?
• SCADA = No patching – old : install a system – replace it in 5 years,  now: install a system, patch it every month
• SCADA = industry in denial on how much they are connected to the internet, the usual belief is that they are not connected at all while in reality there are many uncontrolled interconnects via links or simple things like roaming notebooks
• Insider attacks
• a big prize – the prize for a successful attack is too big if successful and might tempt “groups” or even “nations” to invest millions and time.
• Open standards and architectures – The move to open standards such as Ethernet, TCP/IP, and web technologies has resulted in commonly released worms/viruses also affecting the computer systems of critical infrastructure and manufacturing industries. Hence it may be easier for an adversary to obtain the necessary knowledge, via the source code, to attack a system. It is important to note that this point is controversial; many computer scientists argue that open design is the most secure solution
• ….

Making sense of the above

Geeks will rule the world ! CyberDoom is nearby ! Only pre-historic caves are safe, buy a cave before prices start sky-rocketing !

Lebanon has the most sophisticated “defense” system – they can cut the power, cut the water – we are using generators and already buy water and we dump our sewage in the sea so there are no dangers of “sewage leaks” , we don’t have nuclear plants and barely have an industry in the first place !  hah ! On the other hand Israel completely relies on such systems :devil: , now are you thinking what I am thinking ?

Well – after such a long and serious article, i thought some sarcasm would be cheerful ;p  – as for making sense of the above, I presented the facts and I leave it to you to blog/comment about it. I will possibly aggregate your opinions/tweets/feedback in a second post then add mine as well.

I am off trying to figure out how hack into the power plants in lebanon and make electricity run 24/7 (joking, eh ! ) – in the meantime – I am still waiting for your feedback and opinions on the whole cyber attacks/ cyber terrorism / cyber risks stuff !

Read More

I should really be working – really – or at least i should be finishing that research on industrial viruses – but all i seem able to do is gaze at the glass ceiling – i find the metal structure holding it together really interesting.

I  can make out the shape of crossed square, lozenges, parallel lines, big Vs, M and W letters – it really depends on how you look at it…

i can also see a nice part of the mall by looking at its reflection in the glass and i can use those metal bars to measure how the mall is divided inside.
The glass seem to have this “steam” – resulting from the difference of heat between inside and outside. Humans are really a source of energy.

i am also trying to decide if the carved drawing in wall add to the spirit of the place or if it just an attempt at luxury/art and just makes of the building a “bastard with a tail” (you need to read the fountain head by ayn rand to understand this example)

as i sink more into that comfy sofa with laptop , i wish i could really put my feet up that table like i’d do at home.
but well – i am sure the people facing me at roadster won’t appreciate the view.

the sound of the small water pool is peaceful – but as it is getting more crowded, there is that constant monotone humming sound usually present in malls, the humming is starting to take over the water sound .
That humming is the sound of people walking, eating, talking, laughing and the sound of the machines , stairs, plates, forks, cups, different music from different shops…

i put headset, tune out and go back to watching that ceiling, trying to compare different malls and glass rooftops i’ve seens – after my attempt at understanding architecture – i go back to watching people without an attempt at understanding them.

the shoppers, the waiters, the people cleaning the floor,people in elevator, bored shop keepers,the  security guard, people eating, drinking,studying, working, their body language, the uniqueness of each one of them

i sip my now cold coffee – answer a phone call and go back to watching the humans on mute mode while listening to my music. It is small peaceful moments like this that somehow make the whole freelancing risks and troubles worth.

Read More

True collaboration require honest, active and true participation from everyone but there is always that struggle with control when it comes to domain names, hosting, twitter account, CMS logins… Usually the person who started up an idea creates or funds the above but true collaboration does not mean he/she “owns” the community work or has more “say” or control in it. So this form of control may discourage people from pitching or at least lessen their level of involvement.

On the other hand, it is not secure, smart, efficient to share the same password with many many people. What if someone decides to change the password ? everything goes to waste ?

So deciding who is trustful is a big issue and most importantly is wrong for collaboration. If idea generator trust person B, it doesn’t reflect if B earned this administrative control due to their participation or actions.

It should be the trust of the community that matters, not that of collaboration starter.

So for someone “nice trying to be a good admin, it is a burden and a responsibility having to decide who gets control on the other hand it is an impossible work to update the social media platforms used (email, twitter, facebook, blog, flickr, youtube… ) , to keep up with the community and actually reply and collaborate with people.

This password problem also creates the issue of project dying when the admin is arrested, not interested anymore, does not have time and it at least hinders the potential of an idea since no human being can really keep up with an online community of hundreds or thousands.

Creating multiple administrator account is not always possible, ever heard of twitter multiple logins for same account ? and it is not a good idea all the time , since again an admin can delete/cancel the others.

I have one workaround in mind to share but I want to suggest a more effective solution

The workaround :

There is a very nice tool called LastPass Password manager ( take a minute to check the features – it is really neat ). With LastPass you can manage your passwords but also share them in an encrypted format with other people without them actually knowing your password. They just accept your share and are able to login with their mouse using LastPass (if u were unable to get this working, leave a comment – i will include steps for how to do it )

This workaround is pretty nice – but does not solve the problem of ownership and does not have a procedure to decide who should get the login.

Suggested solution :

I suggest the following solution to be built from scratch with only collaboration needs in mind.

1 – create collaboration profile

2 – specify number of administrators needed

3 – specify collaboration mode : Full collaboration – Partial collaboration

4 – Everyone with the link to collaboration profile can nominate and vote up someone (if name available, vote up – otherwise, nominate )

5 – Top x voted names get contacted and they are given a link – each person enters a part of the password. None of them knows the full password and none has full control, also if someone gets arrested – no authority can get access.

6 – Using an extension like LastPass – the above people can actually login.

Those x people in charge can be auto-changed every x days and such – ensuring a fair change. Many add-ons can be created on top of this, but this is the basic idea . Anyone up to code this ?

Read More