Thursday, September 30, 2010
Sunday, September 26, 2010
Saturday, September 25, 2010
Al-Jazeera Confirms Iran Nuclear And Industrial Sites Crippled By Stuxnet, Time To Go Long Symantec?
After last week's Stuxnet disclosures, it was only a matter of time before the viral sabotage was flushed into the open, with Iran confirming that it had been in fact attacked. As expected, Al-Jazeera has just confirmed that not only has Bushehr been infected, but so have numerous other industrial sites all over Iran. Yet despite the pervasive attack, 'no damage or disruption of nuclear facilities has yet been reported, however.' What is surprising is that Iran has made such a major media splash on the topic: one would assume that demonstrating such broad cyberdefensive weakness would not be in the country's favor...
More from Al-Jazeera:
Iran's nuclear agency is trying to combat a complex computer worm that has affected industrial sites throughout the country and is capable of taking over the control systems of power plants, Iranian media reports have said.
Experts from the Atomic Energy Organisation of Iran met this week to discuss how to remove the malicious computer code, or worm, the semi-official Isna news agency reported on Friday.
Isna said the malware had spread throughout Iran, but did not name specific sites affected.
Foreign media reports have speculated the worm was aimed at disrupting Iran's first nuclear power plant, which is to go online in October in the southern port city of Bushehr.
Speaking to Al Jazeera, Rik Ferguson, a senior security adviser at the computer security company Trend Micro, described the worm as 'very sophisticated'.
'It is designed both for information theft, looking for design documents and sending that information back to the controllers, and for disruptive purposes,' he said.
'It can issue new commands or change commands used in manufacturing.
'It's difficult to say with any certainty who is behind it. There are multiple theories, and in all honesty, any of of them could be correct.'
Perhaps now is a good time to buy some SYMC: after all, it will be somewhat difficult for Iran to go on an anti-virus program piracy raid mission with everyone focused on the country's troubles. And with Iran suddenly in dire need of legitimate virus protection to go with its extensive Win95-backed infrastructure, could the $12 billion anti-virus company suddenly be an LBO target for those who wish to capitalize on the sales surge of the Norton product suite?
Thursday, September 23, 2010
Is A Virus About To Revolutionize Modern Warfare?
Tyler Durden's picture
Submitted by Tyler Durden on 09/23/2010 10:22 -0500
* Germany
* India
* Iran
* Israel
* Nuclear Power
One of the most interesting stories in the last few days, has little to do with finance and economics (at least right now), but arguably very much to do with geopolitics. A fascinating report which cites computer security experts claims that the recent uber-cryptic malware worm Stuxnet is nothing less than a weapon designed to infiltrate industrial systems, and based on attack patterns, the ultimate object of Stuxnet may be none other than Iran's Busher nuclear reactor, which could be targetted for destruction without absolutely any military intervention. Has modern warfare just become obsolete courtesy of a computer virus?
From Yahoo:
Cyber security experts say they have identified the world’s first known cyber super weapon designed specifically to destroy a real-world target – a factory, a refinery, or just maybe a nuclear power plant.
The cyber worm, called Stuxnet, has been the object of intense study since its detection in June. As more has become known about it, alarm about its capabilities and purpose have grown. Some top cyber security experts now say Stuxnet’s arrival heralds something blindingly new: a cyber weapon created to cross from the digital realm to the physical world – to destroy something.
A brief history of Stuxnet:
Stuxnet surfaced in June and, by July, was identified as a hypersophisticated piece of malware probably created by a team working for a nation state, say cyber security experts. Its name is derived from some of the filenames in the malware. It is the first malware known to target and infiltrate industrial supervisory control and data acquisition (SCADA) software used to run chemical plants and factories as well as electric power plants and transmission systems worldwide. That much the experts discovered right away.
But what was the motive of the people who created it? Was Stuxnet intended to steal industrial secrets – pressure, temperature, valve, or other settings –and communicate that proprietary data over the Internet to cyber thieves?
And it gets much more eerie:
Since reverse engineering chunks of Stuxnet's massive code, senior US cyber security experts confirm what Mr. Langner, the German researcher, told the Monitor: Stuxnet is essentially a precision, military-grade cyber missile deployed early last year to seek out and destroy one real-world target of high importance – a target still unknown.
"Stuxnet is a 100-percent-directed cyber attack aimed at destroying an industrial process in the physical world," says Langner, who last week became the first to publicly detail Stuxnet's destructive purpose and its authors' malicious intent. "This is not about espionage, as some have said. This is a 100 percent sabotage attack."
Stuxnet is so sophisticated it may revolutionize the way modern warfare if fought entirely:
Stuxnet's ability to autonomously and without human assistance discriminate among industrial computer systems is telling. It means, says Langner, that it is looking for one specific place and time to attack one specific factory or power plant in the entire world.
"Stuxnet is the key for a very specific lock – in fact, there is only one lock in the world that it will open," Langner says in an interview. "The whole attack is not at all about stealing data but about manipulation of a specific industrial process at a specific moment in time. This is not generic. It is about destroying that process."
The virus has already spread to the point where it is safe to say most critical SCADA infrastructure may already be infected.
So far, Stuxnet has infected at least 45,000 industrial control systems around the world, without blowing them up – although some victims in North America have experienced some serious computer problems, Eric Byres, a Canadian expert, told the Monitor. Most of the victim computers, however, are in Iran, Pakistan, India, and Indonesia. Some systems have been hit in Germany, Canada, and the US, too. Once a system is infected, Stuxnet simply sits and waits – checking every five seconds to see if its exact parameters are met on the system. When they are, Stuxnet is programmed to activate a sequence that will cause the industrial process to self-destruct, Langner says.
Has Stuxnet already hit its target?It might be too late for Stuxnet's target, Langner says. He suggests it has already been hit – and destroyed or heavily damaged. But Stuxnet reveals no overt clues within its code to what it is after.
Will DEADF007 be the keyword that everyone will soon focus on?
Langner's analysis also shows, step by step, what happens after Stuxnet finds its target. Once Stuxnet identifies the critical function running on a programmable logic controller, or PLC, made by Siemens, the giant industrial controls company, the malware takes control. One of the last codes Stuxnet sends is an enigmatic “DEADF007.” Then the fireworks begin, although the precise function being overridden is not known, Langner says. It may be that the maximum safety setting for RPMs on a turbine is overridden, or that lubrication is shut off, or some other vital function shut down. Whatever it is, Stuxnet overrides it, Langner’s analysis shows.
"After the original code [on the PLC] is no longer executed, we can expect that something will blow up soon," Langner writes in his analysis. "Something big."
And the punchline - Iran's nuclear plant may have already been destroyed without anyone firing a shot anywhere:
A geographical distribution of computers hit by Stuxnet, which Microsoft produced in July, found Iran to be the apparent epicenter of the Stuxnet infections. That suggests that any enemy of Iran with advanced cyber war capability might be involved, Langner says. The US is acknowledged to have that ability, and Israel is also reported to have a formidable offensive cyber-war-fighting capability.
Could Stuxnet's target be Iran's Bushehr nuclear power plant, a facility much of the world condemns as a nuclear weapons threat?
Langner is quick to note that his views on Stuxnet's target is speculation based on suggestive threads he has seen in the media. Still, he suspects that the Bushehr plant may already have been wrecked by Stuxnet. Bushehr's expected startup in late August has been delayed, he notes, for unknown reasons. (One Iranian official blamed the delay on hot weather.)
There is much more to this story than merely creating page click inducing headlines. Computerworld itself is on the case:
A highly sophisticated computer worm that has spread through Iran, Indonesia and India was built to destroy operations at one target: possibly Iran's Bushehr nuclear reactor.
That's the emerging consensus of security experts who have examined the Stuxnet worm. In recent weeks, they have broken the cryptographic code behind the software and taken a look at how the worm operates in test environments. Researchers studying the worm all agree that Stuxnet was built by a very sophisticated and capable attacker -- possibly a nation-state -- and it was designed to destroy something big.
Though it was first developed more than a year ago, Stuxnet was discovered in July 2010, when a Belarus-based security company found the worm on computers belonging to an Iranian client. Since then it has been the subject of ongoing study by security researchers, who say they have never seen anything like it before. Now, after months of private speculation, some of the researchers who know Stuxnet best say that it may have been built to sabotage Iran's nukes.
And ever more experts are chiming in:
Last week Ralph Langner, a well-respected expert on industrial systems security, published an analysis of the worm, which targets Siemens software systems, and suggested that it may have been used to sabotage Iran's Bushehr nuclear reactor. A Siemens expert, Langner simulated a Siemens industrial network and then analyzed the worm's attack.
Experts had first thought that Stuxnet was written to steal industrial secrets -- factory formulas that could be used to build counterfeit products. But Langner found something quite different. The worm actually looks for very specific Siemens settings -- a kind of fingerprint that tells it that it has been installed on a very specific programmable logic controller (PLC) device -- and then it injects its own code into that system.
Because of the complexity of the attack, the target "must be of extremely high value to the attacker," Langner wrote in his analysis.
The evidence supporting that the attack is truly focusing on Iran is moving beyond the merely circumstantial:
This specific target may well have been Iran's Bushehr reactor, now under construction, Langner said in a blog post. Bushehr reportedly experienced delays last year, several months after Stuxnet is thought to have been created, and, according to screenshots of the plant posted by UPI, it uses the Windows-based Siemens PLC software targeted by Stuxnet.
Another article by Computerworld discusses the lack of patching of a bug which Windows promised had been fixed, yet which allowed the entry of the virus into attacked systems. One wonders why Windows may have misrepresented this weakness...
Microsoft confirmed Wednesday that it overlooked the vulnerability when it was revealed last year.
The vulnerability in Windows Print Spooler service was one of four exploited by Stuxnet, a worm that some have suggested was crafted to sabotage an Iranian nuclear reactor.
Last week, researchers at both Kaspersky Lab and Symantec, the firms that had reported the bug to Microsoft in July and August, respectively, said the print spooler vulnerability had not been publicly disclosed before they found Stuxnet was using the flaw.
Yesterday Microsoft this omission:
"Microsoft is aware of claims that the print spooler vulnerability in MS10-061 was partially discussed in a publication in April 2009," said company spokesman Dave Forstrom in an e-mail Wednesday. "These claims are accurate. Microsoft was not directly made aware of this vulnerability nor its publication at the time of release."
And for the paranoid, there are at least two other unpatched bugs which allow Stuxnet to enter any system it desires:
The security firms also notified Microsoft of two other unpatched bugs that the Stuxnet worm exploited. Those flaws, which can be used by attackers to upgrade access privileges on compromised PCs to administrator status, will be patched in a future update, Microsoft said last week. It has not set a timetable for the fixes, however.
Little information is available about the two lesser vulnerabilities. Danish bug tracker Secunia, for example, has posted only bare-bones advisories, noting that one affects Windows XP while the other affects Vista and Windows Server 2008 machines.
In other words, the entire world could very well be open to attacks by the most sophisticated targeted virus ever created, whose sole purpose may be the eradication of targets which previously involved the involvement of armed combat.
Is the face of warfare about to change forever?
Wednesday, September 22, 2010
Monday, September 20, 2010
Thursday, September 16, 2010
The "National Security" Apparatus Has Been Hijacked to Serve the Needs of Big Business
As I noted yesterday:
Claims
of 'national security' are ... used to keep basic financial information
- such as who got bailout money - secret. That might not bode for
particularly warm and friendly treatment for someone persistently
demanding the release of such information.
I gave the following two examples:
- Reuters noted in January:U.S.
securities regulators originally treated the New York Federal
Reserve's bid to keep secret many of the details of the American
International Group bailout like a request to protect matters of national security, according to emails obtained by Reuters.
- And Business Week wrote on May 23, 2006:President George W. Bush has bestowed on his intelligence czar, John Negroponte, broad authority, in the name of national security, to excuse publicly traded companies from their usual accounting and securities-disclosure obligations
Further
evidence comes from the Department of Homeland Security's involvement
in requests for information under the Freedom of Information Act. As
AP noted in July:
For
at least a year, the Homeland Security Department detoured requests
for federal records to senior political advisers for highly unusual
scrutiny, probing for information about the requesters and delaying
disclosures deemed too politically sensitive.
***
The
Freedom of Information Act, the main tool forcing the government to be
more open, is designed to be insulated from political considerations.
***
Career employees were ordered to provide Secretary Janet Napolitano's political staff with information about the people who asked for records — such as where they lived, whether they were private citizens or reporters — and about the organizations where they worked.
If a member of Congress sought such documents, employees were told to specify Democrat or Republican.
***
The special reviews at times delayed the release of information to Congress, watchdog groups and the news media for weeks beyond the usual wait, even though the directive specified the reviews should take no more than three days.
***
Two exceptions required White House review: requests to see documents about spending under the $862 billion stimulus law and the calendars for Cabinet members.
Calendars became politically sensitive after AP obtained them for Treasury Secretary Timothy Geithner. They described calls several times each day with Wall Street executives.
***
Under
the law, people can request copies of U.S. government records without
specifying why they want them and are not obligated to provide personal
information about themselves other than their name and an address
where the records should be sent.
Yet several times, at least, junior political staffers asked superiors about the motives or affiliations of the requesters
Wired described it this way:
The
DHS issued a directive to employees in July 2009 requiring a wide
range of public records requests to pass through political appointees
for vetting. These included any requests dealing with
a “controversial or sensitive subject” or pertaining to meetings
involving prominent business leaders and elected officials. Requests
from lawmakers, journalists, and activist and watchdog groups were also
placed under this scrutiny.
Moreover, as the ACLU notes, Fusion Centers - a hybrid of military, intelligence agency, police and private corporations set up in centers throughout the country,
and run by the Department of Justice and Department of Homeland
Security - allow big businesses like Boeing get access to classified
information which gives them an unfair advantage over smaller
competitors:
Participation in fusion centers might give
Boeing access to the trade secrets or security vulnerabilities of
competing companies, or might give it an advantage in competing for
government contracts. Expecting a Boeing analyst to distinguish between
information that represents a security risk to Boeing and information
that represents a business risk may be too much to ask.
And a large portion of all intelligence work has now being outsourced to private companies. For example, according to the Washington Post:
Close to 30 percent of the workforce in the intelligence agencies is contractors.
And under the FBI's Infraguard program, businesses sometimes receive intel even before elected officials.
Of
course, 'no-bid' contracts in Iraq and elsewhere are another example
of how national security claims have been used to bypass the normal
bidding process which is designed to save taxpayers money. Halliburton,
Blackwater/Xe, and other friends of the Bush administration have
received tremendous windfalls in this fashion. And because BP supplies most of the oil and gas to the U.S. military, I would be surprised if BP has to participate in normal bidding procedures for new war-related projects.
Indeed, the whole Gulf oil spill is a classic example of how national security
claims have been used to protect a private corporation. Specifically,
as many locals have testified (and as will come out more in the next
couple of years), the Department of Homeland Security has helped to
enforce a blackout of information on how bad the oil spill was, and has
hindered scientists from collecting data from the most impacted sites.
And
Treasury Secretary Hank Paulson warned Congress that there would be
martial law unless the Tarp bailouts were approved. As I pointed out last October:
The New York Times wrote on July 16th:
***In retrospect, Congress felt bullied by Mr. Paulson last year. Many of them fervently believed they should not
prop up the banks that had led us to this crisis — yet they were
pushed by Mr. Paulson and Mr. Bernanke into passing the $700 billion
TARP, which was then used to bail out those very banks.
Congressmen
Brad Sherman and Paul Kanjorski and Senator James Inhofe all say that
the government warned of martial law if Tarp wasn't passed:
Bait And Switch
Indeed, the Tarp Inspector General has said that Paulson misrepresented some fundamental aspects of Tarp.
And Paulson himself has said:So Paulson knew 'by the time the bill wasDuring the two weeks that Congress considered the [Tarp] legislation, market conditions worsened considerably. It
was clear to me by the time the bill was signed on October 3rd that we
needed to act quickly and forcefully, and that purchasing troubled
assets—our initial focus—would take time to implement and would not be
sufficient given the severity of the problem. In
consultation with the Federal Reserve, I determined that the most
timely, effective step to improve credit market conditions was to
strengthen bank balance sheets quickly through direct purchases of
equity in banks.
signed' that it wouldn't be used for its advertised purpose - disposing
of toxic assets - and would instead be used to give money directly to
the big banks?
And see this and this.
In
the above-described ways - and many others as well - the entire
'national security' apparatus has been hijacked to serve the needs of
big business.
President Eisenhower warned us about the
military-industrial complex. But its not just the 'military'.
Homeland Security, intelligence agencies, and other portions of the
government have also become servants of big business as well.
Indeed, the interests of the government and big business are so closely aligned
that some high-level government officials may consider any threat to
the bottom line of the big banks and other corporate giants as an
existential threat to the nation's security.
Tuesday, September 7, 2010
Friday, September 3, 2010
Thursday, September 2, 2010
ObamaCare and the Constitution
The new health care law, nicknamed ObamaCare, requires every American to purchase health insurance or pay a fine. Supporters say this unprecedented requirement is permitted by the Constitution's Commerce Clause, which allows Congress "to regulate commerce...among the several states." Robert A. Levy, a distinguished legal scholar who chairs the Cato Institute board of directors, speaks on the legitimacy of this legal interpretation. He gave three reasons why the individual mandate should not pass constitutional muster, says Reason Magazine.
- The Commerce Clause was never intended, and has never been used, to compel the purchase of a private product. If Congress can force individuals to buy health insurance, then Congress can mandate the purchase of exercise equipment, diet foods, and on and on -- extending the dominion of the federal government to all manner of human conduct, including nonconduct.
- The penalty for violating the mandate is not a tax. That means Congress's power "to lay and collect taxes" does not apply. To justify the mandate, Congress expressly cited the commerce power but not the taxing power. The courts should be guided accordingly.
- Even if the penalty is deemed to be a tax, the Constitution does not authorize it. The Supreme Court has held that Congress cannot use its taxing power as a backdoor means of regulating, unless the regulation is authorized elsewhere in the Constitution. In this case, there is no other constitutional authorization.
Source: Robert A. Levy, "ObamaCare and the Constitution," Reason Magazine, August-September 2010.
For text:
http://reason.com/archives/2010/06/17/obamacare-and-the-constitution
For more on Health Issues:
http://www.ncpa.org/sub/dpd/?Article_Category=16