Stuxnet worm
The Stuxnet worm is a versatile autonomous tool of industrial espionage, it is intended for gaining access to the operating system which is responsible for processing, data collection and operational supervisory control with industrial facilities. But, unlike the majority of similar viruses, not data theft, but damage of industrial automated systems can become the main application of Stuxnet. Worms of a similar class can imperceptibly be in a system in sleep mode and to begin to give the commands capable to put industrial equipment out of action to the set moment.
The Stuxnet code, extensive and sophisticated, the size more 500th kilobyte, managed to get into devices and Windows networks, several times copying itself before looking for the additional software. It was aimed at the programmable logic controllers (PLC) which provide automation of electromechanical processes in operation of machines and other industrial equipment.
Since detection of Stuxnet the set of the same difficult cyber attacks to management systems for the enterprises (OT) was around the world recorded. Partly it can be connected with growth of degree of a podklyuchennost of such networks to the Internet that does them more vulnerable for the attacks of cybercriminals, the states and hackers.
2017: New evidence of participation of the NSA in Stuxnet creation
In April, 2017 the hacker Shadow Brokers group published a new portion of the Equation Group tools — groupings which as it is considered, are connected with the U.S. National Security Agency and performed numerous cybertransactions in its interests.
Experts in security of Symantec found out in the last archive published by Shadow Brokers an exploit to Windows, almost identical to what was used by founders of the well-known Stuxnet — the virus used for sabotage at the Iranian nuclear enterprise.[1]
The expert of Symantec Liam O'Murchu who was carrying out the analysis of the last unloading from Shadow Brokers said that the exploit found there was developed for the MOF files in the environment of Windows.[2]
In opinion to O'Merkh, between this exploit and that which used Stuxnet there is "close connection" though to prove that it is really "that" exploit, it is not possible now.
There is some probability that in tool kit, the published Shadow Brokers, this exploit got how information on existence of Stuxnet became public property. In particular, this exploit got to the Metasploit set at the end of 2010.
However, as claims to O'Merkh, the tool for creation of MOF files which is contained in archive of the Equation tools is dated on September 9, 2010; by that moment several months were known of Stuxnet, however its key exploit did not manage to get to Metasploit yet.
Other researcher, Kevin Beaumont, also wrote about detection of the Stuxnet exploit. In turn, the editor of the VICE Motherboard edition Lorenzo Franceschi-Bicchierai noted that Avast antivirus the Antivirus detects exploits from Shadow Brokers unloading as Stuxnet — signatures completely match.
According to Bikkyerai, the instrument of creation of MOF files Stuxnet unloaded by Shadow Brokers, perhaps is the earliest technical certificate to the fact that hackers and programmers of the NSA created Stuxnet as many suspect.
Kaspersky Lab in 2015 stated that the Equation grouping "interacted with others influential and groupings, for example with those that stand up for Stuxnet and Flame, and every time from superiority position".[3]
In 2016 in the USA there was a documentary by Alex Gibney Zero Days ("Vulnerability of zero days")[4] devoted to the history Stuxnet. Affirms as this movie that Stuxnet was large and confidential (and remaining like that) the project American (CIA, the NSA and others) and the Israeli intelligence agencies, and its main objective was - to slow down the nuclear program of Iran in which peace nature there were considerable doubts. In the movie it is specified that because of an error of the Israeli Stuxnet programmers "flowed away" far beyond an expected area of application (it was marked in Belarus).
The transaction Stuxnet — or as it was presumably called by developers, "Olympic Games" — in fact turned back a failure — Dmitry Gvozdev, the CEO of Security reference monitor company says. — Seriously it was not succeeded to delay the nuclear program of Iran with its help, but all knew that the cyber weapon is an any more city legend or a science-fiction plot, and reality. And quite sad, considering that application of a cyber weapon any international treaties is not regulated. |
Gvozdev added also that experts very highly appreciate quality of the code in the Equation Group tools. That more mysterious a story with their presumable theft to nobody unknown hackers of Shadow Brokers looks before.
"Brokers" in the messages so diligently show the not ownership of English that it already looks a clownery — Dmitry Gvozdev notices. — There is a question whether notorious "theft" the authorized draining was. However, whatever tempting was the similar assumption, something cannot be approved unambiguously so far. |
Experts found many other exploits to earlier unknown vulnerabilities in popular software products in the last unloadings of Shadow Brokers that demonstrates enormous scope of the transactions Equation Group.
As Kevin Beaumont, "wrote, for example... Shadow Brokers just threw a bomb in the sphere of information security. Here more analysis will be required, however so far something looks very nasty". [5]
It should be added that in the last unloading of Shadow Brokers the numerous evidence of attempt of Equation Group to get unauthorized access to the interbank SWIFT system, and certificates to the fact that hackers cracked at least one of the largest service bureaus SWIFT — EastNets company were detected. The company EastNets disproves it, though it is not too convincing.[6]
2015: Kaspersky Labs: Stuxnet is created by structure of the NSA of Equation Group
Stuxnet call the cyber weapon created at a fate of the U.S. Government, and the hacker Equation Group group is considered his authors. The Russian experts in security of Kaspersky Labs told about existence of this group in 2015. According to them, Equation Group controlled creation of "worms" of Stuxnet and Flame and also is involved in not less than 500 cracking in 42 countries of the world. Government institutions were objects of cracking of Equation Group often. There is an opinion that this hacker group is directly connected with the NSA and acts for the benefit of U.S. authorities.
2012: Attacks of Stuxnet on Iran were carried out by order of Obama
Affirms as article published in the The New York Times newspaper (June, 2012) that cyber attacks of the Stuxnet worm to Iran were performed by order of the U.S. President Barack Obama and were designed to slow down implementation of the nuclear program of Iran.
Authors of article claim that Obama expressed concern that the Stuxnet program developed under the code name "Olympic Games" will induce other countries, terrorists and hackers to be engaged in creation of similar means, but came to a conclusion that the USA has no other options of actions in relation to Iran. The purpose of the attack was in getting access to a management system of the industrial computer at the Iranian nuclear enterprise in Natanz. The Stuxnet worm was developed by specialists of the U.S. National Security Agency and confidential Israeli cyberdivision.
Quoting anonymous sources, correspondents of the newspaper reported that at the beginning of the presidential term Obama disposed to accelerate design of a cyber weapon which began to be developed at George Bush's administration.
According to experts, attacks of this sort will lead to a race of cyberarms. "Messages that for Stuxnet there are USA and Israel cannot but be alarming, – Harry Sverdlav, the technical director of the company of Bit9 specializing in deliveries of security protections on the Internet noted. – The countries which did not think before of creation of the program of cyberarms are forced to participate now in this game too".
In article it is said that Obama disposed to stop the attack after Stuxnet began to infect other computers, but at the same time work on the program is continued. Authors of article have a talk with the representatives of the USA, Israel and the European countries concerning the program of preparation and commission of cyber attack.
The press service of the White House refused to comment on the publication in the New York Times.
Snorre Fagerland, the senior virus analyst of the Norwegian company Norman, is not surprised with messages that behind the attacks of Stuxnet there are intelligence agencies of the USA and Israel. On the scales this worm is much more difficult also izoshchrenny, than what we met earlier, and creation of such malware requires very serious resources.
"Apparently, from 10 to 20 people took part in work on Stuxnet, – Fagerland added. – Messages about participation in it the USA can generate a wave of other cyber attacks. Many countries will want to test the offensive cyber weapon. Rates grow. Other states inspired by an example of pioneers think of that being engaged in implementation of similar programs".
But even if other countries have own offensive cyberarms, on the level of the organization they most likely concede to founders of Stuxnet.
"It was incredibly difficult to develop the Stuxnet worm, and to here copy him after it became property of the public, it is possible, – noticed Sverdlav. – Recently Iranian computers were attacked by the Flame worm who by the sizes by 40 times exceeds original Stuxnet. Thus, the bar is raised above and above".
2011: The Russian Foreign Ministry accused the USA and Israel of untying of a cyber war
In September, 2011 the Ministry of Foreign Affairs of the Russian Federation for the first time stated an official position concerning distribution of the Stuxnet worm who caused a loss to the atomic industry of Iran. The MFA considers that it is intrigues of the USA and Israel.
Russia for the first time sounded accusatory outputs of rather computer epidemic caused by distribution of the Stuxnet worm, having accused the USA and Israel of his cultivation. Russia called an incident from Stuxnet "the only proved example of the cyber war which is well under way".
According to AFP, the head of the safety department of the Russian Ministry of Foreign Affairs Ilya Rogachyov was categorical, having called origin of the malware Stuxnet which for the first time appeared in June, 2010 and which is still puzzling cybersecurity experts.
According to Rogachyov, "experts consider that traces of Stuxnet conduct directly to Israel and the USA".
"We consider that some countries use a cyberspace for the military-political purposes. Only the proved action such is distribution of the Stuxnet worm who was started in 2010 for destabilization of uranium mine workings in Iran", - he added.
Ilya Rogachyov accurately let know that the USA and Israel are involved in Stuxnet attacks
Rogachyov made this comment in very important time. This week Iran stated that it asked Russia for the help in construction of the second nuclear object not of the territory of the country in addition to already available NPP in Bushehr. This NPP caused big tension in the relations of Iran and the USA: the last suspected Iran of intention to become the new nuclear power.
Earlier in 2011 the representative of Russia in NATO Dmitry Rogozin said that Stuxnet put sufficient damage of the Bushehr NPP which could lead to emergence of the second Chernobyl.
Emergence of Stuxnet forced many enterprises to estimate potential harm which cyber attacks can cause to the industrial systems. After the attack there was a set of the reports on this subject which revealed a set of vulnerabilities in this type of systems.
Concerning cyber attacks it is always difficult to define who really stands behind their organization. As for this worm, many information security experts consider that behind him there is USA. Iran also accused Israel of spread of this virus, but did not provide sufficient evidences.
2010: The Belarusian company detected Stuxnet on the Iranian computers
Appearance of the Stuxnet worm became known in July, 2010 after the small firm from Belarus dealing with issues of information security detected it on computers of the Iranian[7].
Summer of 2010 news about the first-ever implemented virus attack on programmable logic controllers became a principal theme for discussion among all world specialists in information security field. Infection not so much of the software how many the system hardware became the purpose of the latest Stuxnet virus.
In June, 2010 the Stuxnet virus managed to get into computers of the Iranian nuclear power plant in Bushehr therefore the total quantity of the computers struck with a worm made 60% of all infected systems in the country. To the middle of October the worm already began to infect the industrial systems of China where, by estimates of internal specialists, about 1000 enterprises were infected. Total number of the infected computers approached 6 million that struck serious blow to national security of the country.
According to experts in the field of security, the attack was prepared by specialists of very high qualification (most likely, intelligence agencies of one of the states). There was an effective objective to destroy something extremely large-scale. Perhaps, it was talked of the Iranian nuclear reactor in Bushehr. The experts studying a worm reported that he implements the code in systems with programmable logic controllers of Siemens.
At the end of 2010 Iran announced arrest of "spies" who were allegedly involved in distribution of a worm, but their communications with foreign powers were not in details provided.
See Also
- Censorship on the Internet. World experience
- Censorship (control) on the Internet. Experience of China
- Censorship (control) on the Internet. Experience of Russia, Roskomnadzor
- Law on regulation of Runet
- VPN and privacy (anonymity, anonymizers)
- Protection of critical information infrastructure of Russia
- Law On security of critical information infrastructure of the Russian Federation
- National Biometric Platform (NBP)
- Single Biometric System (SBS) of these clients of banks
- Biometric identification (market of Russia)
- Directory of solutions and projects of biometrics
- Digital economy of Russia
- Information security of digital economy of Russia
- SORM (System for Operative Investigative Activities)
- State detection system, warnings and mitigations of consequences of the computer attacks (State system of detection, prevention and elimination of consequences of computer attacks)
- National filtering system of Internet traffic (NASFIT)
- Yastreb-M Statistics of telephone conversations
- How to bypass Internet censorship of the house and at office: 5 easy ways
- The auditor - a control system of blocking of the websites in Russia
- The Single Network of Data Transmission (SNDT) for state agencies (Russian State Network, RSNet)
- Data network of public authorities (SPDOV)
- Single network of telecommunication of the Russian Federation
- Electronic Government of the Russian Federation
- Digital economy of Russia
- Cyber crime in the world
- Requirements of a NIST
- Global index of cyber security
- Cyber wars, Cyber war of Russia and USA
- Cyber crime and cyber conflicts: Russia, FSB, National coordination center for computer incidents (NKTsKI), Information Security Center (ISC) of FSB, Management of K BSTM of the Ministry of Internal Affairs of the Russian Federation, Ministry of Internal Affairs of the Russian Federation, Ministry of Defence of the Russian Federation, National Guard of the Russian Federation
- Cyber crime and cyber conflicts: Ukraine
- Cyber crime and cyber conflicts: USA, CIA, NSA, FBI, US Cybercom, U.S. Department of Defense, NATO, Department of Homeland Security, Cybersecurity and Infrastructure Security Agency (CISA)
- Cyber crime and cyber conflicts: Europe, ENISA
- Cyber crime and cyber conflicts: Israel
- Cyber crime and cyber conflicts: Iran
- Cyber crime and cyber conflicts: China
- As the USA spied on production of chips in the USSR
- Security risks of communication in a mobile network
- Information security in banks
- Digital transformation of the Russian banks
- Overview: IT in banks 2016
- The policy of the Central Bank in the field of data protection (cyber security)
- Losses of the organizations from cyber crime
- Losses of banks from cyber crime
- Trends of development of IT in insurance (cyberinsurance)
- Cyber attacks
- Overview: Security of information systems
- Information security
- Information security (world market)
- Information security (market of Russia)
- The main trends in data protection
- Software for data protection (world market)
- Software for data protection (the market of Russia)
- Pentesting (pentesting)
- Cybersecurity - Means of enciphering
- Cryptography
- VPN - Virtual private networks
- Security incident management: problems and their solutions
- Authentication systems
- Law on personal data No. 152-FZ
- Personal data protection in the European Union and the USA
- Quotations of user data in the market of cybercriminals
- Jackpotting
- Virus racketeer (encoder)
- WannaCry (virus racketeer)
- Petya/ExPetr/GoldenEye (virus racketeer)
- Malware (malware)
- APT - Targeted or target attacks
- DDoS and DeOS
- Attacks on DNS servers
- DoS-attacks on content delivery networks, CDN Content Delivery Network
- How to be protected from DDoS attack. TADetails
- Rootkit
- Fraud Detection System (fraud, fraud, fraud detection system)
- Solutions Antifraud directory and projects
- How to select an antifraud system for bank? TADetails
- Security Information and Event Management (SIEM)
- Directory of SIEM solutions and projects
- Than a SIEM system is useful and how to implement it?
- For what the SIEM system is necessary and as it to implement TADetails
- Intrusion detection and prevention systems
- Reflections of local threats (HIPS)
- Confidential information protection from internal threats (IPC)
- Phishing, DMARC, SMTP
- Trojan
- Botha's botnet
- Backdoor
- Worms Stuxnet Regin
- Flood
- Information loss preventions (DLP)
- Skimming (shimming)
- Spam
- Sound attacks
- Antispam software solutions
- Classical file infectors
- Antiviruses
- Cybersecurity: means of protecting
- Backup system
- Backup system (technologies)
- Backup system (security)
- Firewalls
Notes
- ↑ The alleged link between the Shadow Brokers data leak and the Stuxnet cyber weapon
- ↑ Microsoft Operations Framework The alleged link between the Shadow Brokers data leak and the Stuxnet cyber weapon
- ↑ Equation: Star of death of Galaktika of the Malware
- ↑ of World War 3.0: Zero Days
- ↑ [1]
- ↑ Shadowbrokers expose NSA access to SWIFT service bureaus
- ↑ client Ataki of Stuxnet to Iran were carried out by order of Obama