Thursday, July 24, 2014
   
Text Size

Site Search powered by Ajax

Code name: 'Olympic Games'... Stuxnet, Duku & Flame

Share Link: Share Link: Bookmark Google Yahoo MyWeb Del.icio.us Digg Facebook Myspace Reddit Ma.gnolia Technorati Stumble Upon Newsvine

bloggersIf you think your computer MIGHT be vulnerable to hackers.... you're probably right.

Almost every week these days, I get an email from someone's infected computer, asking me to open an attachment. It was a local reporter's system last week. Maybe it will be yours next. Maybe it will be mine.

Major corporations are hacked with frightening regularity. Passwords and identities are stolen, credit card numbers are distributed. Lives are disrupted. It happens all the time.

Computer security software is notoriously difficult to install and maintain.

The #1 vulnerability?

Users who never even change the default passwords! (Usually username: admin, password: admin)

Vulnerable PCs and careless users transmitted the Stuxnet centrifuge controller virus from computer to computer until it quietly found its mark: The uranium processing facility in Natanz, Iran.

Once there, Stuxnet masked the damage it was doing by first intercepting the safety control signals prior to doing any damage, and then mimicking those signals as it tore the place apart, operating on multiple centrifuges at once. Stuxnet was able to destroy about 10% of Iran's enrichment facilities before anyone realized there was a software problem.

Last Sunday, Stuxnet reported shut itself down, following pre-programmed code. How nice.  But don't rest too easy: Support programs to Stuxnet, known as "Duku" and "Flame" are still out there... and tomorrow there will be more... and counter attacks are surely coming, as well. Our troubles have just begun...

Stuxnet, launched in 2010, is currently considered the "state of the art" in computer virus programs, even called "rocket science" by the experts who analyzed it and figured out what it was designed to attack.  Stuxnet's origins remain unknown, but all roads lead to... home. My country.  The U.S.A..

Stuxnet and its delivery systems appear to be the "Manhattan Project" of the past decade, the result of a project inappropriately code-named "Olympic Games" (inappropriate, because the Olympic Committee tries very hard not to lose its trademarks and copyrights).

The equivalent of the Manhattan Project's "Smyth Report" (published in late August, 1945), the public revealing of the Olympic Games project, has not happened yet -- presumably because the "games" have only just begun. In fact, we're still in the qualifying events, and no one has qualified.  Stuxnet was only of limited success.

So maybe, just maybe, your computer has been violated? Millions of conscientious, hard-working, diligent computer user's systems have been infected at one time or another. But even if your computer system has never been hacked, there's still a very good chance that many of the parts in it are substandard:  In fact, chances are nearly 100% that SOMETHING in your computer is counterfeit.

Counterfeit parts account for an estimated $7.5 billion dollars in annual lost revenue in America, representing 11,000 jobs. Bogus transistors, diodes, capacitors, resisters, power supplies, relays, and other parts have turned up in U.S. military systems despite being accompanied by all the required "Certificates of Compliance" and all the other paperwork being in order -- including the labels on the actual parts!

A recent Senate Committee report concluded that the Department of Defense doesn't even know how large the problem is, but it surely involves millions of counterfeit parts that are now in service in the U. S. military. An accidental nuclear war is made more likely by this problem.

But they are not alone. Aerospace has also been targeted by the counterfeiters, specifically because, like "mil spec" parts, aerospace parts cost much more than normal parts do. No one wants a 5 cent resister ruining a $100 million dollar rocket launch, so a 2 dollar resister is used instead.  But it might really be a 5 cent piece of junk!

Slap on a stolen hologram sticker, and it becomes very hard to tell where a part really came from.

But that's not all. "Diligent" manufacturers go astray, too. Deadlines cause line managers to order workers to skip "required" tests, for instance. This has been documented at "reputable" corporations.

And how about our nuclear reactors?

They buy the same sorts of parts our military and aerospace industries purchase.

Their computer systems and controllers are just as vulnerable to a "Stuxnet" type of virus attack as anyone else's, because those computers and their security systems are operated by humans, and humans make mistakes.

Not only are our nuclear reactors vulnerable to attack, but so are our transmission systems -- and the "smarter" the grid gets -- that is, the more computerized its controls become so they can switch between energy sources and keep the lights on -- the MORE vulnerable it will be to a sophisticated hack attack.

We have only seen the very first salvos in the coming Internet-Based Global War. It's no game, though. The stakes are very high and the players are very good at it already.

It's hard to be perfect, we're only human -- but we're battling against relentless, automated attackers. Wish us luck.

Oh and, we might lose to Mother Nature anyway. One well-aimed solar flare in our direction can do more damage than a billion Stuxnets.


blog comments powered by Disqus

Subscribe via RSS or Email:

Make a donation to MWC News

Enter Amount:

Featured_Author

Login






Login reminder Forgot login?
Register Register

Comments

Subscribe to MWC News Alert

Email Address

Subscribe in a reader Facebok page Twitter page