Malware hits industrial equipment

[Cyber Wolf]

As much a pain as it can be, it's stuff like this that makes me glad I routinely unplug my webcam, mic and headset when I'm not actively using them.

Not that my computer has anything of interest on it... and anyone spying on me would get mostly me singing and good shots of my more lived-in T-shirts...

[Lamplighter]

And the beat goes on....

NY Times
NICOLE PERLROTH
8/19/12

Virus Seeking Bank Data Is Tied to Attack on Iran

Quote:

A security firm said Thursday that it had discovered what it believed
was the fourth state-sponsored computer virus to surface in the Middle East
in the last three years, apparently aimed at computers in Lebanon.

The firm, Kaspersky Lab, said that the virus appeared to have been written
by the same programmers who created Flame, the data-mining computer virus
that was found to be spying on computers in Iran in May,
and that it might be linked to Stuxnet, the virus that disrupted
uranium enrichment work in Iran in 2010.

The latest virus, nicknamed Gauss after a name found in its code,
has been detected on 2,500 computers, most in Lebanon, the firm said.
Its purpose appeared to be to acquire logins for e-mail and instant messaging accounts,
social networks and, notably, accounts at certain banks — a function more typically found
in malicious programs used by profit-seeking cybercriminals.
<snip>

Kaspersky researchers said Gauss contained a “warhead” that seeks
a very specific computer system with no Internet connection and installs itself only if it finds one.
“It’s done in such a clever way that security researchers cannot analyze it,
because they don’t know the decryption key that unlocks the true purpose of that program,” Mr. Raiu said.

[xoxoxoBruce]

These new profesional viruses are from Kaspersky. They're spreading them around so they can find them and build street creds.

[Lamplighter]

Here is a fascinating l-o-n-g article about the reverse-engineering
of the malware known as Flame, which was designed to attack the Iranian nuclear site computers.

I won't spoil it for laymen/geeks that want to read it for themselves.
But this article is almost enough for someone to make a movie of the story
--- even though the denouement is not quite finished.

Wired
Kim Zetter
0/17/12
Coders Behind the Flame Malware Left Digital Clues on Control Servers

Quote:

The attackers behind the nation-state espionage tool known as Flame
accidentally left behind tantalizing clues that provide information about their identity
and that suggest the attack began earlier and was more widespread than previously believed.

Researchers have also uncovered evidence that the attackers may have produced
at least three other pieces of malware or variants of Flame that are still undiscovered.

The information comes from clues the attackers inadvertently left behind
on two command-and-control servers they used to communicate with infected machines
and steal gigabytes of data from them.

<snip>

[Lamplighter]

The "what" of Stuxnet has been widely described and discussed.
But the "who" was not known, even though many suspected Israel.

... Now the U.S. (NSA) and Israel are being publicly identified.


Washington Post
Greg Miller and Sari Horwitz
6/27/13

Justice Dept. targets general in leak probe
A retired four-star Marine Corps general who served as the nation’s second-ranking military officer
is a target of a Justice Department investigation into a leak of information about
a covert U.S.-Israeli cyberattack on Iran’s nuclear program, a senior Obama administration official said.

Retired Gen. James E. “Hoss” Cartwright served as deputy chairman of the Joint Chiefs of Staff
and was part of President Obama’s inner circle on a range of
critical national security issues before he retired in 2011.
<snip>

Stuxnet was part of a broader cyber campaign called Olympic Games that was disclosed
by the New York Times last year as one of the first major efforts by the United States
to use computer code as a destructive weapon against a key adversary.

The investigation into the Stuxnet leak was launched in June 2012
by Attorney General Eric H. Holder Jr. and gained momentum in recent months
amid indications that prosecutors were putting pressure on a range of
current and former senior officials suspected of involvement.

The leaks surrounding Stuxnet exposed details about what had been
one of the most closely held secrets in the U.S. intelligence community,
an ambitious effort by the National Security Agency in collaboration
with the Israeli government to devise computer code that could cripple
Iran’s alleged effort to pursue a nuclear bomb.

[Lamplighter]

I have been fascinated by the concept of the Stuxnet attacks
... "the malware programs thought to have been jointly developed by the U.S. and Israel
that targeted the Iranian nuclear program, but quickly made its way into the digital wild".

I've often thought this could become a great movie genre,
but so far there has not been a lot of public information.
That is changing.

This article in the Washington Post has links to all sorts of information,
starting at the U.S. group called "Technical Access Operations"

Washington Post
Andrea Peterson
8/29/13

The NSA has its own team of elite hackers

Quote:

Our Post colleagues have had a busy day.
First, they released documents revealing the U.S. intelligence budget
from National Security Agency (NSA) leaker Edward Snowden.
Then they recounted exactly how the hunt for Osama bin Laden went down.
In that second report, Craig Whitlock and Barton Gellman shared a few tidbits
about the role of the government’s hacking unit, Tailored Access Operations (TAO) in the hunt,
writing that TAO “enabled the NSA to collect intelligence from mobile phones
that were used by al-Qaeda operatives and other ‘persons of interest’ in the bin Laden hunt.”

So just what is Tailored Access Operations?
According to a profile by Matthew M. Aid for Foreign Policy, it’s a highly secret
but incredibly important NSA program that collects intelligence about foreign targets
by hacking into their computers, stealing data, and monitoring communications.
Aid claims TAO is also responsible for developing programs that could destroy
or damage foreign computers and networks via cyberattacks if commanded to do so by the president.
<snip>

[Lamplighter]

Stuxnet is now being attributed to the NSA.

And NSA doesn't need the internet ISP's because it's not just hacking the software.
This hardware works even when the computer is "turned off".

NY Times
DAVID E. SANGER and THOM SHANKER
JAN. 14, 2014

N.S.A. Devises Radio Pathway Into Computers

Quote:

WASHINGTON — The National Security Agency has implanted software in nearly
100,000 computers around the world that allows the United States to conduct
surveillance on those machines and can also create a digital highway for launching cyberattacks.

The technology, which the agency has used since at least 2008, relies on a covert channel of
radio waves that can be transmitted from tiny circuit boards and USB cards inserted surreptitiously
into the computers.

In some cases, they are sent to a briefcase-size relay station
that intelligence agencies can set up miles away from the target.
<snip>
The N.S.A.'s efforts to reach computers unconnected to a network have relied
on a century-old technology updated for modern times: radio transmissions.

But the Iranians and others discovered some of those techniques years ago.

The hardware in the N.S.A.'s catalog was crucial in the cyberattacks on Iran’s nuclear facilities,
code-named Olympic Games, that began around 2008 and proceeded through the summer of 2010,
when a technical error revealed the attack software, later called Stuxnet.<snip>

The people may have been right all along.