-
skatakam
at February 05,2015
Some simple Security Measures could stop this mishap from happening like collecting logs of the average frequency of the centrifuges per hour(so that one can see and backtrack the reason for the sudden change in the frequency), Disabling the default password for database files, Not sharing hardware between Demilitarized zones and internal networks, Implementing policies that doesn't allow any unauthorized hardware like thumb drives, etc. The Monster was on the network for a longer period of time for about . Periodic monitoring of the network or software activity would really stop this damage. Its not about the Industrial Control units that i'm worried about. I'm worried about the damage these kind of software might cause to the civilian society. What if this was used to disable all the hospital infrastructure of the nation?. We just cant imagine about such situations. Stealing the authentication Certificates was a big advantage for the authors of this virus. 500 kb of an anonymous file hanging out in a secured network in a way undetectable is what hurts me.
-
nbodyk
at February 15,2015
Very interesting video. I did not realize how complex Stuxnet was and the amount of skill it must have taken to program it. Stuxnet was a worm, trojan horse, and virus and required someone who has incredible skills as a programmer. I wonder how long it took to write Stuxnet, because not only did it have to know how to exploit PC systems, it had to exploit the Program Logic Controllers, which run on different operating systems. It probably took so long to detect because it would increase the spin cycle for 15 minutes, shut down for 27 days, then slow down the spin cycle, and shut down for another 27 days. It's hard to detect something on your systems when it's going dormant for long periods of time in between actions. It's also disturbing to think that someone could do this to any country's industrial control systems. One key point in this is that Stuxnet took advantage of the default password for the Sieman's systems. This should be a note to all network administrators that you should always disable the default accounts once you have established the system administrator accounts. Additionally, six of the attacks took advantage of back doors. I know a lot of programmers like to leave back doors so it makes admin easy, but it also leaves a computer system vulnerable to those who wish to exploit it. Another interesting point was that Stuxnet used two stolen digital certificates so that anyone looking at the program would not know who really wrote it. The disturbing part of this is what if Iran had chose to retaliate and they had retaliated against a company or entity that had nothing to do with it because of stolen certificates.
-
gmazur
at February 17,2015
A very good high level explanation of how the Stuxnet attack worked. I think the gentleman’s opening line about attacking physical devices through malicious code is what is most troubling about this type of attack. Anyone with enough time money and resources can attack just about anything controlled by computer logic, even air gapped devices. Electrical power, medical devices, factory production, water facilities. Even consider that more and more devices at home run on software that can be remotely administered by the owner, and if not secured, by a hacker. How many folks take the time to secure their home network and every node that touches it including thermostats, security cameras, refrigerators, and alarm systems? They were designed for ease of use and functionality. Same can be said of industrial control systems ICS like Siemens device attacked by Stuxnet. ICS devices, many were designed well before the Internet, and did not have remote management over an insecure medium as part of the original design. Most ICS devices were designed for efficiency, throughput, and predictability. It is scary to think about the security level of the United States ICS SCADA devices controlling the infrastructure. Good book that goes into the a lot of details about the Stuxnet attack: Countdown to Zero Day by Kim Zetter.
-
connellyt
at February 24,2015
This was a really interesting video. Although the speaker only touched on it briefly, he stated the Stuxnet creators tested it against antivirus to make sure it wasn't detected. This isn't the first malware to be tested like this against A/V or other security tools. There are actually websites you can submit your code to so that it can be tested to make sure it isn't detected. In a similar way, I'm sure that some individuals test against Snort IDS signatures, or other free/open source security tools.
-
jczarny
at February 28,2015
After watching the video I understand now why it is believed that Stuxnet was a nation state creation. The complexity is astonishing, and it leads me to believe that you would have to have created this worm with some sort of inside knowledge of the facility infrastructure for it to be effective. With all the moving parts / different hardware architectures I would assume that the creators would also have to have built some sort of mock up test bed for testing. Good quick video with lots of valuable information.