The worm that turned: How Stuxnet helped heat up cyberarms race IRIB Iranian TV via Reuters TV file Workers are seen in what was described by Iranian state television as the control room at a uranium enrichment facility in Natanz, Iran, in this image taken from video released on Feb. 15. By Robert Windrem, Senior investigative producer, NBC News When the worm dubbed “Stuxnet” wriggled into public view in July 2010, computer security experts recognized almost immediately that it was no ordinary piece of malware. “This particular attack targets the industrial supervisory software SCADA,” Juraj Malcho, head of the Virus Lab at the Slovakia-based security firm ESET, wrote at the time. It took months of analysis before experts were able to identify the target of the cyberattack: Iran’s nuclear program. The worm, they discovered, was a powerful new tool for mayhem, capable of both surveillance and harming computers. Stuxnet only burst into the limelight, they said, after escaping from those systems and spreading “into the wild” across the Internet.
A Cyberworm that Knows No Boundaries Iran's announcement that a computer worm called Stuxnet had infected computers that controlled one of its nuclear processing facilities marked a signal event in cyber attacks. Although such attacks were known to be theoretically possible, the incident proved that a cyberworm could successfully infiltrate a system and produce physical damage. Furthermore, the sophisticated nature of the worm and the resources that would have been required to design, produce, and implant it strongly suggest a state-sponsored effort. It has become clear that Stuxnet-like worms pose a serious threat even to infrastructure and computer systems that are not connected to the Internet.
We can't crush Iran - Foreign policy This month’s Vanity Fair has a feature on Israeli leader Benjamin Netanyahu. “An Israeli strike against Tehran’s nuclear facilities gone awry may pose the single greatest peril to his political future, which may be the biggest guarantee — more than American opposition to any move or the effectiveness of sanctions — that it won’t happen,” the article reads. Indeed, gradually and without fanfare, the possibility of a military strike against Iran, which only a few months ago seemed imminent, has lately receded from view. It seems that perhaps the U.S. and Israel came to their senses and realized that an attack on Iran would be disastrous. The turning tide against a military strike is underscored by three new reports on the problems of an attack. First on the table is a monograph from the staunchly pro-Israel think tank the Washington Institute on Near East Policy. The third outlet advocating a different direction on Iran may be the most important. Iran is no different.
Smart meter hacking can disclose which TV shows and movies you watch At the 28th Chaos Computing Congress (28c3) hacker conference in Berlin, Germany researchers presented a talk titled "Smart Hacking for Privacy" where they looked into the privacy implications of "smart" electricity meters. In Germany consumers who wish to contract with independent smart meter providers are able to have one installed in their home via a similar style of subscription you might agree to for a free cellular handset from a mobile phone company. The researchers, Dario Carluccio and Stephan Brinkhaus, signed up with a company called Discovergy to see what type of information these meters collect, whether they were as secure as the company promised and what they might be able to determine from consumption patterns. Discovergy's website made three promises about the security of their devices. These claims mysteriously vanished from their website before the presentation was delivered on December 30, 2011. Want to know more about smart meter privacy?
Executive Order -- Improving Critical Infrastructure Cybersecurity The White House Office of the Press Secretary For Immediate Release February 12, 2013 By the authority vested in me as President by the Constitution and the laws of the United States of America, it is hereby ordered as follows: Section 1. Sec. 2. Sec. 3. Sec. 4. (b) The Secretary and the Attorney General, in coordination with the Director of National Intelligence, shall establish a process that rapidly disseminates the reports produced pursuant to section 4(a) of this order to the targeted entity. (c) To assist the owners and operators of critical infrastructure in protecting their systems from unauthorized access, exploitation, or harm, the Secretary, consistent with 6 U.S.C. 143 and in collaboration with the Secretary of Defense, shall, within 120 days of the date of this order, establish procedures to expand the Enhanced Cybersecurity Services program to all critical infrastructure sectors. Sec. 5. Sec. 6. Sec. 7. Sec. 8. Sec. 9. Sec. 10. Sec. 11. Sec. 12.
Ex-Pentagon general target of leak investigation, sources say James Cartwright, a retired general and trusted member of President Barack Obama's national security team, has been informed that he's the target of a Justice Department criminal investigation into a leak about a covert cyberattack on Iran's nuclear program. NBCs Mike Isikoff reports. By Michael Isikoff, National Investigative Correspondent, NBC News Legal sources tell NBC News that the former second ranking officer in the U.S. military is now the target of a Justice Department investigation into a politically sensitive leak of classified information about a covert U.S. cyber attack on Iran’s nuclear program. According to legal sources, Retired Marine Gen. Last year, the New York Times reported that Cartwright, a four-star general who was vice chairman of the Joint Chiefs from 2007 to 2011, conceived and ran the cyber operation, called Olympic Games, under Presidents Bush and Obama. Related story The worm that turned: How Stuxnet helped heat up cyberarms race
FBI intent on sniffing out those who leaked possible US Stuxnet role Federal investigators in the US are tightening the screws on former senior government officials who might have leaked info about the Stuxnet worm, according to The Washington Post. Last June, Attorney General Eric H. Holder Jr. started the inquiry into loose lips. As Naked Security recounts here, the Stuxnet virus was seemingly created by the US, under the regime of President George W. The US pulled Israel into the cyber-espionage effort, with stunning results. Those results included slowing down and speeding up a centrifuge's delicate parts, which resulted in damage so extreme that, according to The New York Times, debris from a damaged centrifuge was laid across the conference table at the White House's Situation Room to demonstrate the malware's potential power. But the obligingly destructive Stuxnet spun out of control and escaped into the wider world, damaging systems well beyond Iran. The code name for the Stuxnet operation was Olympic Games. The Guardian's Greenwald writes:
Bipartisanship and Iran Several days ago, a letter was sent to President Obama urging a harder-line on Iran, including ever-harsher sanctions and more aggressive threats of war in the event that the current negotiations fail to produce a quick and total resolution. What makes the letter notable is that it was not sent by AIPAC (at least not nominally), but rather by 44 Senators, exactly half of whom (22) are Democrats. That includes liberal Senate stalwarts such as Ron Wyden, Jeff Merkley, and Sherrod Brown. This implication is clear: a military attack by the U.S. on Iran is at least justified, if not compelled, if a satisfactory agreement is not quickly reached regarding Iran’s nuclear program. Note, too, the Iraq-War-replicating framework that it is Iran’s burden to prove that they are peaceful rather than the aggressor-parties’ burden to prove they are doing something wrong. The substance of all of this has been extensively debated, so let’s take note of the political implications.