watching you watching us . .

Cyber Attack

Ways to circumvent shutdown of normal communications

“.. With a tin can, some copper wire and a few dollars’ worth of nuts, bolts and other hardware, a do-it-yourselfer can build a makeshift directional antenna. A mobile phone, souped-up with such an antenna, can talk to a network tower that is dozens of kilometres beyond its normal range (about 5km, or 3 miles).

– snip –

their existence has recently been valuable to the operation of several groups of revolutionaries in Egypt, Libya and elsewhere. To get round government shutdowns of internet and mobile-phone networks, resourceful dissidents have used such makeshift antennae to link their computers and handsets to more orthodox transmission equipment in neighbouring countries.

– snip –

Creative ideas for circumventing cyber-attacks even extend to the redesign of apparently innocent domestic equipment. Kenneth Geers, an American naval-intelligence analyst at a NATO cyberwar unit in Tallinn, Estonia, describes a curious microwave oven. Though still able to cook food, its microwaves (essentially, short radiowaves) are modulated to encode information as though it were a normal radio transmitter. Thus, things turn full circle, for the original microwave oven was based on the magnetron from a military radar. From conflict to domesticity to conflict, then, in a mere six decades ..”

“Unorthodox links to the internet”
Science and Technology, The Gaurdian UK, 17 March 2011 – last access 23 March 2011 – ( Full Article )


Stuxnet worm’s true origins ?

Interesting article on the possibile origins of Stuxnet… ?

“.. The worm, Stuxnet, is a Trojan horse said to have disabled Iran’s nuclear weapons program. The New York Times said late last year, “Meanwhile, the search for other clues in the Stuxnet program continues — and so do the theories about its origins.” The Times updated their take on January 15, 2011 calling Stuxnet, “the most sophisticated cyberweapon ever deployed…experts who have picked apart the computer worm describe it as far more complex — and ingenious — than anything they had imagined when it began circulating around the world, unexplained, in mid-2009 ..

– snip –

No one is looking back to a time in the mid-70s, when an obscure program called Promis first reared its head. Promis, according to sources, is at the root of Stuxnet. Promis was a computer program that promised to help US prosecutors track criminals and legal maneuverings through the system, “Prosecutor’s Management Information System.” The people-tracking software was later marketed by a firm named Inslaw, under the auspices of William Hamilton, a former NSA officer who still markets a version of the product today.

– snip –

By the late 1980s, Promis programs had been sold to Britain, Australia, South Korea and Canada. Allies harmless enough, right? But then up next was the KGB. There are multiple claims as to who sold Promis to the Russians. Several, including a source of mine, said it was newspaper mogul Robert Maxwell in assistance to Israel. Another acquaintance, former double agent David Dastych (Polish intell working for the CIA during the Cold War) said that an American intelligence officer admitted to him, “Yes, we gave Promis to the Russians and Chinese to back door their intell. Worked like a charm.” Both claims may overlap. In fact, the KGB is said to have used Promis for over 15 years. At first, there was nothing to suspect since malicious malware had not really been coined. Few back then understood the power of the computer, and so the Trojan horse entered the realms of international espionage, the microscopic spy ..”

Stuxnet worm’s true origins are exposed
PJ Wilcox, /, 22 February 2011 – last access 3 March 2011 – ( Full Article )


Further to this article:

“.. So we start with a Windows dropper. The payload goes onto the gray box, damages the centrifuge, and the Iranian nuclear program is delayed — mission accomplished. That’s easy, huh? I want to tell you how we found that out. When we started our research on Stuxnet six months ago, it was completely unknown what the purpose of this thing was. The only thing that was known is very, very complex on the Windows part, the dropper part, used multiple zero-day vulnerabilities. And it seemed to want to do something with these gray boxes, these real-time control systems ..

this is a directed attack. It’s completely directed. The dropper is prowling actively on the gray box if a specific configuration is found, and even if the actual program that it’s trying to infect is actually running on that target. And if not, Stuxnet does nothing ..

And if you have heard that the dropper of Stuxnet is complex and high-tech, let me tell you this: the payload is rocket science. It’s way above everything that we have ever seen before. Here you see a sample of this actual attack code. We are talking about — round about 15,000 lines of code. Looks pretty much like old-style assembly language ..

The big digital warhead — we had a shot at this by looking very closely at data and data structures. So for example, the number 164 really stands out in that code; you can’t overlook it. I started to research scientific literature on how these centrifuges are actually built in Natanz and found they are structured in what is called a cascade, and each cascade holds 164 centrifuges. So that made sense, it was a match ..

And it even got better. These centrifuges in Iran are subdivided into 15, what is called, stages. And guess what we found in the attack code? An almost identical structure ..

This attack is generic. It doesn’t have anything to do, in specifics, with centrifuges, with uranium enrichment. So it would work as well, for example, in a power plant or in an automobile factory. It is generic. And you don’t have — as an attacker — you don’t have to deliver this payload by a USB stick, as we saw it in the case of Stuxnet. You could also use conventional worm technology for spreading. Just spread it as wide as possible. And if you do that, what you end up with is a cyber weapon of mass destruction. That’s the consequence that we have to face. So unfortunately, the biggest number of targets for such attacks are not in the Middle East. They’re in the United States and Europe and in Japan. So all of the green areas, these are your target-rich environments ..

My opinion is that the Mossad is involved, but that the leading force is not Israel. So the leading force behind that is the cyber superpower. There is only one, and that’s the United States — fortunately, fortunately. Because otherwise, our problems would even be bigger ..”

Cracking Stuxnet, a 21st-century cyber weapon
Ralph Langner, TED2011, March 2011 – Full Talk


U.S. – China: Cyber War Scenario in the Eyes of a Chinese Student

Interesting article in the Atlantic from the perception of a Chinese student…

“.. Stuxnet is a computer worm that gained notoriety in 2010 as it took down about one fifty of Iran’s nuclear centrifuges. The New York Times describes it as may be “the most sophisticated cyberweapon ever deployed”. Many experts believe that it was developed by either the United States or Israel. And the official Chinese media asserted that Stuxnet is a joint U.S.-Israel project. (Interestingly, to lend itself credibility, one news report from the leading Chinese news agency is entitled “New York Times Confirms U.S.-Israel Development of Computer Worm Targeted at Iran”.)

Does the United States’ (possible) active use of cyber weapons legitimize their use by other countries? And more pertinent to my concern, is China’s insistence on the United States’ involvement in Stuxnet a sign of Beijing’s intention to capitalize on the legitimacy conferred by Stuxnet?

– snip –

Cyber attacks from China have been going on for more than a decade. The high-profile Titan Rain and Operation Aurora made it clear that networks belonging to the U.S. government, the defense industry, and other companies have suffered large-scale, sustained and highly sophisticated cyber attacks from computers located in China, though Beijing has denied any involvement. As with Stuxnet, the nature of cyber attacks makes it hard to trace to their origin, and even if an origin is found, there is no international legal authority that could hold the state responsible for the cyber activities of its individuals. The states can plead “plausible deniability” which is what makes it possible for many cyber attackers to operate with impunity, as seen in the case of Russian attacks on Estonia.

Regarding the China threat, many American security experts worry that in a dispute over Taiwan, China would disable and exploit U.S. computer networks. But some, like James Mulvenon, Deputy Director of Defense Group and a specialist on the Chinese military, go further to say that he observed a potential expansion of the People’s Liberation Army’s (PLA) intrusion set. He argues that the list of targets for both computer network exploitation and attack activities would encompass a wide range of countries and regions, including the East and South China Seas.

Moreover, experts point to China’s systematic training of its cyber warriors and its recruitment strategy. The cyber warriors are firstly trained in military institutions such as the PLA National University of Defense Technology, which built the “Tianhe 1A” supercomputer that surpassed U.S.’ Cray XT5 Jaguar as the world’s fastest computer by a large margin at the end of last year. Second, the PLA has included computer network operations (CNOs) in its military exercises since 2005 and aims at disabling target networks with its first attacks, according to Dr. Zheng Dacheng, a Taiwanese expert on the Chinese military.

In addition to trained cyber warriors, China can fully utilize the talents of its civilians who require the kind of security clearance for which only about 20% of U.S. population would qualify if the same cyber missions were carried out by United States, according to Kevin G. Coleman, security technology expert at Technolytics Institute.

– snip –

China’s efforts in cyber space have mainly been internally rather than externally focused. This would support the regime’s main concern of domestic stability, rather than an intensified confrontation with a foreign entity.

Chinese citizens’ limited access to foreign websites is often seen as one of the defenses China has in a future cyber war scenario. Aside from the infamous Great Firewall, China only has nine ports through which the Chinese Internet is connected to the foreign Internet (as last reported in 2008, after which all information on this is withheld). Therefore, it is conceivable that China could cut itself off the Internet and operate a de facto Intranet. However, it also means that in the case of a large-scale outbreak of domestic instability, the government can cut its people off from the outside world (as what happened in Egypt).

If the first use is the main purpose of China’s cyber setup, then the defense effort would be severely undermined because the government and big state-owned-enterprises are whitelisted to have full and unrestricted access to foreign networks, and many big private firms use satellite or microwave connections which do not go through the state’s control mechanism, thus they will not be effectively immune from a cyber attack.

The domestically-focused use of this cyber structure actually occurred in Xinjiang after the July 2009 riots when the Internet was shut down for 10 months. In fact, The National Defense Mobilization Law, enacted in July 2010, stipulates that the state has broad authority in times of national defense mobilization and can, according to Article 63(1), take control of the telecommunication industry, the media, the information networks, and the energy and the water supply systems, among other things.

– snip –

Perhaps most importantly, however, the United States is not vulnerable because of threats from China, but because it has done a poor job of building cyber-defenses. Recall the embarrassment when the Pentagon revealed last December that live video feeds from its $4.5 million Predator drones were hijacked using $26 software downloaded from the Internet. Regardless of what China does or intends to do, if United States does not take appropriate measures to defend itself, then it would continue to be exposed to threats from various state and non-state actors.

Currently, with Cyber Command protecting the military networks and DHS protecting the rest of the government, everyone else is left on their own, and America’s critical infrastructures are not getting the best security technology this country has to offer. In China, however, cyber security has increasingly become a huge business. It has now contracted out the network security of the government and other crucial state-owned-enterprises to (semi-) private security firms: Venus Tech is responsible for the network security of the Ministry of Finance, National Grid, Civil Aviation Administration, etc.; NSFOCUS secures China Telecom, National People’s Congress, etc.; Feitian is responsible for securing Bank of China, the State Secrets Bureau, Ministry of Commerce, Sinopec, etc.; and Zhonghangjiaxin develops security systems for part of the People’s Liberation Army’s General Staff Department and Headquarter of the Armed Police ..”

Ella Chou, The Atlantic, 8 February 2011 – last access 9 February 2011 – ( Full Article )


FBI serves 40 search warrants in Anonymous crackdown – coincided with the arrests of five UK youths accused of participating in the DDoS spree

“.. FBI agents executed more than 40 search warrants on Thursday as part of an investigation into coordinated web attacks carried out by the hacking collective known as Anonymous. The search warrants coincided with the early morning arrests of five UK youths accused of participating in the DDoS spree.

Word of the crackdown first surfaced in the US four weeks ago. Metropolitan Police in the UK confirmed their investigation in mid December.

“The FBI also is reminding the public that facilitating or conducting a DDoS attack is illegal, punishable by up to 10 years in prison, as well as exposing participants to significant civil liability,” the agency said in a press release.

Thursday’s arrests were part of an international police probe carried out by law enforcement agencies throughout Europe and the US. A French official told the Associated Press that a 15-year-old suspected of masterminding the attacks was arrested in December. The unidentified teen has since been released, but his computer was confiscated.

That same month, a 16-year-old boy in the Netherlands was arrested for allegedly carrying out attacks on Visa and MasterCard after the credit card companies stopped processing payments to WikiLeaks.

Researchers have said members of Anonymous modified a piece of open-source software to create what they call the Low Orbit Ion Cannon. The tool allows large groups of online protestors to simultaneously unleash torrents of data on websites they want to bring down ..”

Dan Goodin, The Register UK, 28 January 2011 – last access 2 February 2011 – ( Full Article )


Reports of London Stock Exchange Investigating Cyber Attacks

Reports of London Stock Exchange investigating cyber attacks.. not clear if they are isolated or related incidents ? although was it an inside job, was it a bug..

” .. The British and United States stock exchanges have reportedly enlisted the help of the security services after finding out they were the victims of cyber attacks.

According to media reports, the London Stock Exchange (LSE) is investigating a terrorist cyber attack on its headquarters last year, while US officials have traced an attack on one of its exchanges to Russia.

A report from The Times said that it had been told by ‘well-placed intelligence sources’ that the London Stock Exchange was trying to find the source of the attack, while a cyber security expert is reported as saying that the threat is ‘advanced and persistent’.

The Associated Press said that officials suspect the attacks were designed to spread panic among markets and destabilise western financial institutions .. ”

SCmagazine UK, Dan Raywood, 1 February 2011 – last access 2 February 2011 – ( Full Article )

– snip –

” .. GCHQ director Iain Lobban said last year that worms have already been designed to cause significant disruption to government systems, while former White House security advisor Richard Clarke told the RSA Conference Europe that the US and UK are woefully underprepared for an attack on critical infrastructure.

Uri Rivner, head of new technologies at RSA Security speculated that the attack may have been an inside job .. ”

Phil Muncaster,, 31 January 2011 – last access 2 February 2011 – ( Full Article )