background preloader

Stuxnet

Stuxnet
Stuxnet is a computer worm[1] that was discovered in June 2010. It was designed to attack industrial programmable logic controllers (PLCs). PLCs allow the automation of electromechanical processes such as those used to control machinery on factory assembly lines, amusement rides, or centrifuges for separating nuclear material. Exploiting four zero-day flaws,[2] Stuxnet functions by targeting machines using the Microsoft Windows operating system and networks, then seeking out Siemens Step7 software. Stuxnet reportedly compromised Iranian PLCs, collecting information on industrial systems and causing the fast-spinning centrifuges to tear themselves apart.[3] Stuxnet’s design and architecture are not domain-specific and it could be tailored as a platform for attacking modern SCADA and PLC systems (e.g. in the automobile or power plants), the majority of which reside in Europe, Japan and the US.[4] Stuxnet reportedly ruined almost one-fifth of Iran's nuclear centrifuges.[5] Discovery[edit]

http://en.wikipedia.org/wiki/Stuxnet

Related:  Understanding StuxnetAttacksCollective Knowledge 2Stuxnet DevelopersNyhedssider og artikler

Buffer overflow Technical description[edit] A buffer overflow occurs when data written to a buffer also corrupts data values in memory addresses adjacent to the destination buffer due to insufficient bounds checking. This can occur when copying data from one buffer to another without first checking that the data fits within the destination buffer. Example[edit] In the following example, a program has two data items which are adjacent in memory: an 8-byte-long string buffer, A, and a two-byte big-endian integer, B. char A[8] = "";unsigned short B = 1979;

A Cyberworm that Knows No Boundaries Iran's announcement that a computer worm called Stuxnet had infected computers that controlled one of its nuclear processing facilities marked a signal event in cyber attacks. Although such attacks were known to be theoretically possible, the incident proved that a cyberworm could successfully infiltrate a system and produce physical damage. Furthermore, the sophisticated nature of the worm and the resources that would have been required to design, produce, and implant it strongly suggest a state-sponsored effort. It has become clear that Stuxnet-like worms pose a serious threat even to infrastructure and computer systems that are not connected to the Internet.

United States Navy Marine Mammal Program - Wikipedia The U.S. Navy Marine Mammal Program (NMMP) is a program administered by the U.S. Navy which studies the military use of marine mammals - principally bottlenose dolphins and California sea lions - and trains animals to perform tasks such as ship and harbor protection, mine detection and clearance, and equipment recovery. Stuxnet worm is the 'work of a national government agency' A heatmap showing the number of computers infected by the Stuxnet computer worm. A computer worm which targets industrial and factory systems is almost certainly the work of a national government agency, security experts told the Guardian – but warn that it will be near-impossible to identify the culprit. The "Stuxnet" computer worm, which has been described as one of the "most refined pieces of malware ever discovered", has been most active in Iran, says the security company Symantec – leading some experts to conjecture that the likely target of the virus is the controversial Bushehr nuclear power plant, and that it was created by Israeli hackers. Speaking to the Guardian, security experts confirmed that Stuxnet is a targeted attack on industrial locations in specific countries, the sophistication of which takes it above and beyond previous attacks of a similar nature. Graph shows concentration of Stuxnet-infected computers in Iran as of August.

IP address spoofing example scenario of IP address spoofing Background[edit] The basic protocol for sending data over the Internet network and many other computer networks is the Internet Protocol ("IP"). The header of each IP packet contains, among other things, the numerical source and destination address of the packet.

FBI intent on sniffing out those who leaked possible US Stuxnet role Federal investigators in the US are tightening the screws on former senior government officials who might have leaked info about the Stuxnet worm, according to The Washington Post. Last June, Attorney General Eric H. Holder Jr. started the inquiry into loose lips. As Naked Security recounts here, the Stuxnet virus was seemingly created by the US, under the regime of President George W.

Stuxnet malware is 'weapon' out to destroy ... Iran's Bushehr nuclear plant? Cyber security experts say they have identified the world's first known cyber super weapon designed specifically to destroy a real-world target – a factory, a refinery, or just maybe a nuclear power plant. Skip to next paragraph Subscribe Today to the Monitor DNS spoofing Overview of the Domain Name System[edit] When a DNS server has received a false translation and caches it for performance optimization, it is considered poisoned, and it supplies the false data to clients. If a DNS server is poisoned, it may return an incorrect IP address, diverting traffic to another computer (often an attacker's).[citation needed] Cache poisoning attacks[edit] Normally, a networked computer uses a DNS server provided by an Internet service provider (ISP) or the computer user's organization.

Hypothesis A hypothesis (plural hypotheses) is a proposed explanation for a phenomenon. For a hypothesis to be a scientific hypothesis, the scientific method requires that one can test it. Scientists generally base scientific hypotheses on previous observations that cannot satisfactorily be explained with the available scientific theories. Stuxnet was dated 2005, Symantec discovered earlier version 0,5 - Security Affairs Rivers of words have been written on the popular Stuxnet virus, there have been many hypotheses, sometimes contradictory, about its paternity but the only certainty seemed to be the date of its creation, but suddenly the certainty as happen tin he best thriller movies has been called into question. The authors of Stuxnet, the malware that hit Iranian nuclear plant in 2010 interfering with nuclear program of the Government of Teheran, started the operations earlier than previously demonstrated according a new research proposed by Symantec firm. According the study conducted by Symantec there was a predecessor of the final version of the virus, a development version that was spread in 2005 and the was designed to manipulate the nuclear facility’s gas valves. Francis deSouza, Symantec’s president of products and services, commented to Bloomberg: Symantec highlighted the differences of version 0.5 with subsequent instances of Stuxnet: The study states:

Related: