Trump’s Stuxnet & Flame Primer

 

bromance-between-trump-and-putin

The romantic idea that war is handled by fleets of ships, planes, and other heavy metal manned by uniformed heroes is becoming part of the past.  Now, a USB stick can be more effective than a bomber.   And we are all part of the new system of war and espionage.  Every electronic device with which we interact provides behavioral data to Google, Facebook,  the NSA and the imaginary 400 pound man in bed in a basement.

It is no secret that Trump has a very limited knowledge of computers – except for his 7th grader mastery of bullying on Twitter.  He says “”I think we ought to get on with our lives. I think that computers have complicated lives very greatly. The whole age of computer has made it where nobody knows exactly what’s going on.”  Actually, people (other than the fake news issue) do know what is going on.  And thus, this writing on Stuxnet and Flame as a rudimentary primer on the sophistication of cyber warfare the day the first power grid was attacked in the US by the Russian Federation.

A code associated with the Russian hacking operation named the Grizzly Steppe by the Obama administration was found in a laptop associated with the system of a Vermont utility, according to U.S. officials.  This discovery occurred after Department of Homeland Security, FBI and the Office of the Director of National Intelligence shared the Grizzly Steppe malware code with executives from 16 sectors nationwide, including the financial, utility and transportation industries. Vermont utility officials identified the code within their operations and reported it to federal officials Friday.  The discovery reveals the vulnerabilities of the nation’s electrical grid. And it raises fears in the U.S. government that Russian government hackers are actively trying to penetrate the grid to carry out potential attacks.  You can read the official paper here.

Vermont Gov. Peter Shumlin said ,“Vermonters and all Americans should be both alarmed and outraged that one of the world’s leading thugs, Vladimir Putin, has been attempting to hack our electric grid, which we rely upon to support our quality-of-life, economy, health, and safety,” Shumlin said in a statement. “This episode should highlight the urgent need for our federal government to vigorously pursue and put an end to this sort of Russian meddling.”

Sen. Patrick J. Leahy (D-Vt.) said, “This is beyond hackers having electronic joy rides — this is now about trying to access utilities to potentially manipulate the grid and shut it down in the middle of winter,” Leahy said in a statement. “That is a direct threat to Vermont and we do not take it lightly.”

And it started with Stuxnet.

Stuxnet is a militarized malicious computer worm for which no organization or state has officially admitted responsibility. The worm was at first identified by the security company VirusBlokAda in mid-June 2010.  It is believed to have been used to infect and destroy Iranian uranium production and to render Syrian radar systems unless in Operation Olympic Games during which Syria’s infant nuclear facilities were destroyed by undetected bomber planes.

Anonymous US officials claimed the worm was developed during the Bush administration to sabotage Iran’s nuclear program with what would seem like a compounding accidents over a long period of time and to demoralize the Iranians. In May 2011, the PBS program Need To Know cited a statement by Gary Samore, White House Coordinator for Arms Control and Weapons of Mass Destruction, in which he said, “we’re glad they [the Iranians] are having trouble with their centrifuge machine and that we – the US and its allies – are doing everything we can to make sure that we complicate matters for them”

Stuxnet specifically targets programmable logic controllers (PLCs).  PLCs platform automation of electromechanical processes such as those used to control machinery on factory assembly lines, amusement rides, or centrifuges for separating nuclear material.  It seeks out Siemens Step 7 software through the Microsoft Windows operating system.

Four zero-day flaws were exploited. A zero-day (also known as zero-hour or 0-day or day zero) vulnerability is an undisclosed computer-software vulnerability that hackers can exploit to adversely affect computer programs, data, additional computers or a network.

Stuxnet reportedly compromised Iranian PLCs causing the fast-spinning centrifuges to tear themselves apart.  Stuxnet reportedly ruined almost one fifth of Iran’s nuclear centrifuges.

Stuxnet has three modules: a worm that executes all routines related to the main payload of the attack; a link file that automatically executes the propagated copies of the worm; and a rootkit component responsible for hiding all malicious files and processes, preventing detection of the presence of Stuxnet.

Stuxnet is said to be introduced to the target environment via an infected USB flash drive plugged into a computer.

The worm then propagates across the network, scanning for Siemens Step7 software on computers controlling a PLC. In the absence of either criterion, Stuxnet becomes dormant inside the computer. If both the conditions are fulfilled, Stuxnet introduces the infected rootkit onto the PLC and Step7 software, modifying the codes and giving unexpected commands to the PLC while returning a loop of normal operations system values feedback to the users.

Operation Olympic Games was a covert and still unacknowledged campaign of sabotage by means of cyber disruption, directed at Iranian nuclear facilities by the United States and likely Israel. As reported, it is one of the first known uses of offensive cyber weapons.

Started under the administration of George W. Bush in 2006, Olympic Games was accelerated under President Obama, who heeded Bush’s advice to continue cyber attacks on Iranian nuclear facility at Natanz. Bush believed that the strategy was the only way to prevent an Israeli conventional strike on Iranian nuclear facilities.

Stuxnet has not been useful in North Korea because the computer systems are secured and the ability to introduce even an infected thumb drive is zero.

Stuxnet and cyber warfares’ potential supersede conventional treaty mandated inspections and weapon proliferation.   In cyber warfare, entire power grids, chemical plants and transportations systems can be turned against their own nation of residence.

And now Flame has been detected.  Flame appears to be a new generation of Stuxnet, and when it infects computers, it turns each computer into a bluetooth transmitter of all keystrokes, electronic communications including video chats such as Google hangouts, Skype and Face Chat.  It also has a kill command which wipes all traces of the malware from the computer.

Its discovery was announced on 28 May 2012 by MAHER Center of Iranian National, Computer Emergency Response Team (CERT), Kaspersky Lab[6] and CrySyS Lab of the Budapest University of Technology and Economics.

Flame “is certainly the most sophisticated malware we encountered during our practice; arguably, it is the most complex malware ever found. Flame can spread to other systems over a local network (LAN) or via USB stick. It can record audio, screenshots, keyboard activity and network traffic. The program also records Skype conversations and can turn infected computers into Bluetooth beacons which attempt to download contact information from nearby Bluetooth-enabled devices.”

If all electronic devices that interact with the internet and communications systems are indeed blue tooth transmitters, clearly people know what is “going on” with whom and may be able to predict behavior with the behavioral data mining giants of Facebook and Google.

 

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s