bwall Posted June 1, 2012 Share Posted June 1, 2012 http://arstechnica.com/tech-policy/2012/06/confirmed-us-israel-created-stuxnet-lost-control-of-it/ To be honest, I'm happy. I thought it was the Russians trying to push the Iranians to increase tension with Israel so the Cold War could restart/continue. Quote Link to comment Share on other sites More sharing options...
telot Posted June 1, 2012 Share Posted June 1, 2012 http://arstechnica.com/tech-policy/2012/06/confirmed-us-israel-created-stuxnet-lost-control-of-it/ To be honest, I'm happy. I thought it was the Russians trying to push the Iranians to increase tension with Israel so the Cold War could restart/continue. I'm not seeing any proof or confirmation that the US/Israel made it. They just claim its detailed in some upcoming book. This could be Ars just being Ars again (sensationalistic and over dramatic)... telot Quote Link to comment Share on other sites More sharing options...
bwall Posted June 1, 2012 Author Share Posted June 1, 2012 (edited) I'm not seeing any proof or confirmation that the US/Israel made it. They just claim its detailed in some upcoming book. This could be Ars just being Ars again (sensationalistic and over dramatic)... telot True. Also seems like an interesting piece of info to be released as Anon is ripping itself apart. I've been watching stuff that's been trending on pastebin, and its getting ugly lol. Edit: But on the other hand... http://topics.nytimes.com/top/reference/timestopics/subjects/c/computer_malware/stuxnet/index.html Edited June 1, 2012 by bwall Quote Link to comment Share on other sites More sharing options...
digip Posted June 1, 2012 Share Posted June 1, 2012 This was mentioned over a year ago that it was a joint effort from the US and Israel, but no one has officially stepped up and said yes they did it. I don't doubt it though. Countries engage in this sort of thing on a daily basis. Its only when they get caught or publicly exposed does it ever come to light. IE: NSA's private room at AT&T for wiretapps on US citizens. Until a whistle blower comes forward or someone discovers the origins, its hard to say with certainty who or what is going on these days. Quote Link to comment Share on other sites More sharing options...
m1k Posted June 4, 2012 Share Posted June 4, 2012 (edited) http://cyberarms.wordpress.com/2012/06/01/officials-confirm-stuxnet-was-a-us-israel-creation/ Elections very close....not optimistic for the future...not at all... Edited June 4, 2012 by m1k Quote Link to comment Share on other sites More sharing options...
bobbyb1980 Posted June 8, 2012 Share Posted June 8, 2012 Looked it up and found Stuxnet on metasploit... don't think the CIA/Mossad is publishing their work on metasploit but I'm sure they'd love to take credit for it : P Quote Link to comment Share on other sites More sharing options...
digip Posted June 8, 2012 Share Posted June 8, 2012 http://cyberarms.wordpress.com/2012/06/01/officials-confirm-stuxnet-was-a-us-israel-creation/ Elections very close....not optimistic for the future...not at all... The only thing that confirms to me is that bloggers and the media know how to keep the FUD moving. Quote Link to comment Share on other sites More sharing options...
nopenopenope Posted June 28, 2012 Share Posted June 28, 2012 (edited) http://www.grc.com/securitynow.htm Episode 355 and 357, Stuxnet seems to be wrote by the same authors as the newly found Flame Virus, its also thought to be a module for the Flame, this thing is sick, and the amount of effort put into this had to be Governmental and probably part of the 'Olympic Games' http://www.nytimes.com/2012/06/01/world/middleeast/obama-ordered-wave-of-cyberattacks-against-iran.html?pagewanted=all , The Flame virus was originally thought to be written by a different group than Stuxnet ( http://www.crysys.hu/skywiper/skywiper.pdf Was first called skywiper by crysys, but a module in the reverse engineering process found a module called flame, therefore the new name.) but is now looking like its from the same author(s)http://www.forbes.com/sites/kenrapoza/2012/06/11/kaspersky-lab-same-countries-behind-stuxnet-and-flame-malware/. I've been following this for the last week and its really really interesting. I'd listen to those 2 episodes of that podcast if you want to know more about how it works. There's still no proof that this was done by the US or Israel. I just find the technology behind it incredibly interesting. Makes me want to go into malware analysis lol. Edited June 28, 2012 by soka80 Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted June 29, 2012 Share Posted June 29, 2012 http://www.grc.com/securitynow.htm Episode 355 and 357, Stuxnet seems to be wrote by the same authors as the newly found Flame Virus, its also thought to be a module for the Flame, this thing is sick, and the amount of effort put into this had to be Governmental and probably part of the 'Olympic Games' http://www.nytimes.com/2012/06/01/world/middleeast/obama-ordered-wave-of-cyberattacks-against-iran.html?pagewanted=all , The Flame virus was originally thought to be written by a different group than Stuxnet ( http://www.crysys.hu/skywiper/skywiper.pdf Was first called skywiper by crysys, but a module in the reverse engineering process found a module called flame, therefore the new name.) but is now looking like its from the same author(s)http://www.forbes.com/sites/kenrapoza/2012/06/11/kaspersky-lab-same-countries-behind-stuxnet-and-flame-malware/. I've been following this for the last week and its really really interesting. I'd listen to those 2 episodes of that podcast if you want to know more about how it works. There's still no proof that this was done by the US or Israel. I just find the technology behind it incredibly interesting. Makes me want to go into malware analysis lol. There are only speculations, but the evidence isn't that solid. They still don't know who's really behind all these events. I've also read that the US President Barack Obama is behind all these Cyber-attacks. One thing for sure, is that these authors are certainly sponsored by the government. First was Stuxnet, then Duqu now Flame what next. I think there is more to come. Quote Link to comment Share on other sites More sharing options...
nopenopenope Posted June 29, 2012 Share Posted June 29, 2012 There are only speculations, but the evidence isn't that solid. They still don't know who's really behind all these events. I've also read that the US President Barack Obama is behind all these Cyber-attacks. One thing for sure, is that these authors are certainly sponsored by the government. First was Stuxnet, then Duqu now Flame what next. I think there is more to come. Especially since there were several zero-days involved in flame, one that involved getting the code signed by microsoft, and flame exploits the windows update system with that and updates the malware within that. Several hours after it was first reported in romoved all traces of its self from the hard drives and then wrote over that space to ensure there wouldnt be any forensic evidence. And alll the data sent to and from the CC servers was encrypted serveral different ways. I'd love to see the source code of this, kasperski stated that it would probably take 10 years to reverse engineer the whole thing. Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted June 29, 2012 Share Posted June 29, 2012 I'd love to see the source code of this, kasperski stated that it would probably take 10 years to reverse engineer the whole thing. Flame is certainly one of the most sophisticated worms ever created to date. The thing that fascinates me about this worm is not the complexity of it, is the actual size of the worm 20MB. No other worm has ever been this big in size. The Flame authors must be really proud of themselves for creating a such highly advanced worm. Quote Link to comment Share on other sites More sharing options...
bobbyb1980 Posted June 29, 2012 Share Posted June 29, 2012 (edited) There's tons of viri out there that delete it's traces or will uninstall itself if it detects a debugger running. Why does that have to come from a government? I'm new in the game, but from what I've read that's an old trick. The wiki article says it infected 1000 machines. I bet there are people on this board who have pwned more boxes than that with a single method. Kaspersky does make one of the better antiviruses, but after seeing their interviews and meeting one of them face to face I lost a lot of respect. They're like Russian cheerleaders for viri. Edited June 29, 2012 by bobbyb1980 Quote Link to comment Share on other sites More sharing options...
nopenopenope Posted June 29, 2012 Share Posted June 29, 2012 There's tons of viri out there that delete it's traces or will uninstall itself if it detects a debugger running. Why does that have to come from a government? I'm new in the game, but from what I've read that's an old trick. The wiki article says it infected 1000 machines. I bet there are people on this board who have pwned more boxes than that with a single method. Kaspersky does make one of the better antiviruses, but after seeing their interviews and meeting one of them face to face I lost a lot of respect. They're like Russian cheerleaders for viri. Well thats basic yes, but the update system, crypto, and root kits in it all new technology, not the ideas themselves but how they were implemented. the code dates back to 2007, and stuxnet and doqu where just "modules" to the flame worm. The worm itself supports everything imaginable. Its pretty much its own OS running in the background. Im not entirely sure on how the code signing worked but if you listen to those links i posted the developers had to go to incredible lengths to crack the crypto for the code signing. Flame is the most advanced worm to ever exist, and who knows what else it did and was capable of. 1000 machines were specifically targeted, it had a specific job. Iranian government was infected with this thing for 5 years and was undetected thats an incredible acomplishment. Quote Link to comment Share on other sites More sharing options...
nopenopenope Posted June 29, 2012 Share Posted June 29, 2012 http://arstechnica.com/security/2012/06/flame-crypto-breakthrough/ http://arstechnica.com/security/2012/06/flame-crypto-attack-may-have-needed-massive-compute-power/ How the code signing worked... Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted June 30, 2012 Share Posted June 30, 2012 http://arstechnica.com/security/2012/06/flame-crypto-breakthrough/ http://arstechnica.com/security/2012/06/flame-crypto-attack-may-have-needed-massive-compute-power/ How the code signing worked... Apart from generating the MD5 collision attack, they also had to predict completely the certificate content that would've been signed by the CA. Which had to be identical, in order for the certificate to be valid. http://blogs.technet.com/b/srd/archive/2012/06/06/more-information-about-the-digital-certificates-used-to-sign-the-flame-malware.aspx Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.