Indian Cyber Warfare Discussion

[tarun]

http://www.guardian.co.uk/media/2010/de ... -cyber-war

"[The hackers] attack from the shadows and they have no fear of retaliation. There are no rules of engagement in this kind of emerging warfare."

[Pranav]

FBI backdoors in OpenBSD - http://bsd.slashdot.org/firehose.pl?op= ... /15/004235

Theo de Raadt has made public an email sent to him by Gregory Perry, who worked on the OpenBSD crypto framework a decade ago. The claim is that the FBI paid contractors to insert backdoors into OpenBSD's IPSEC stack. Mr. Perry is coming forward now that his NDA with the FBI has expired. The code was originally added ten years ago ... Since we had the first IPSEC stack available for free, large parts of the code are now found in many other projects/products ...

[karan_mc]

Two Positive steps taken by GOI over threat of Cyber attacks ,one offensive and another defensive

India raising its own offensive Cyber warriors now

Cyber security command on cards in India

[Pranav]

Very important and long overdue development :

Govt to back setting up a microchip facility in India - http://business-standard.com/india/stor ... ono=418439

Hope it does not fizzle out, as has happened in the past.

[animesharma]

Very important and long overdue development :

Govt to back setting up a microchip facility in India - http://business-standard.com/india/stor ... ono=418439

Hope it does not fizzle out, as has happened in the past.

I can't comment on security implications of this decision, but IMO fab or even a foundary would do nothing good to indian vlsi industry.
to name, there are over 130000 vlsi engineers working in various fabless semicons. I find it hard to find any fabless indian company wokring on same scale.
the security issues this thread talks about will remain half baked if we can't develop local semiconductor ecosystem as china has done.

[jamwal]

Indians hack Pakistani website: TV channel (Aug 15)

Islamabad, Aug 15 (IANS) Indian hackers have broken into the website of the Pakistan Press Foundation (PPF), a Pakistani television channel claimed Sunday.

In July, the official website of Punjab province's police department was hacked by Indian hackers who removed the names of Punjab Chief Minister Shahbaz Sharif and the police chief and posted some Indian slogans on the site, the television channel claimed.

Some 150 Pakistani websites were hacked recently, said officials of the Pakistan Telecommunication Authority (PTA), which controls telecommunication activities in Pakistan.

[nits]

Security concerns 'derail' 3G

The government will prevent telcos from offering non-voice 3G mobile services in seven days, unless they demonstrate that these facilities can be tapped live, a senior department of telecom (DoT) official said.

The 3G data services that could be impacted include high-speed internet, download of music and video clips, chat and internet telephony calls.

Last week, the industry lobby representing CDMA and dual-technology operators such as RCOM and Tata Teleservices wrote to the telecom minister seeking that the ban on video calls be revoked. The industry body said interception of video calls was only possible when the call ended, and that it would take six to nine months for the live tapping system to be implemented

[ashokpachori]

This May saw the launch of US Cyber Command, a military effort devoted to defending the country's computer networks and, presumably, attacking those of its enemies. Hot young coders are being tempted away from Silicon Valley and into classified cyber projects. The military of course will not say what these new hacker-soldiers are up to, but no one expects them to stand by and watch should a conflict break out.

[ashokpachori]

Wireless at the speed of plasma

http://www.newscientist.com/article/mg2 ... lasma.html

[ArmenT]

FBI backdoors in OpenBSD - http://bsd.slashdot.org/firehose.pl?op= ... /15/004235

Theo de Raadt has made public an email sent to him by Gregory Perry, who worked on the OpenBSD crypto framework a decade ago. The claim is that the FBI paid contractors to insert backdoors into OpenBSD's IPSEC stack. Mr. Perry is coming forward now that his NDA with the FBI has expired. The code was originally added ten years ago ... Since we had the first IPSEC stack available for free, large parts of the code are now found in many other projects/products ...

Couple of followups on this discussion:
http://www.itworld.com/open-source/1308 ... articipant <-- Two guys named by Gregory Perry have both denied any involvement with the FBI.
http://marc.info/?l=openbsd-tech&m=129244045916861&w=2 <---- as did one of the developers named.
http://marc.info/?l=openbsd-tech&m=129296046123471&w=2 <-- Theo de Raadt's followup. He thinks that if the FBI tried to put any backdoors, none of them made it into the OpenBSD tree. NETSEC's own products might be affected though. The community did another thorough audit of the tree and couldn't find anything suspicious, though they did end up fixing a couple of cases to make it even more stronger!

and finally from one of the FBI guys who was involved: http://www.theregister.co.uk/2010/12/15 ... oor_claim/

E J Hilbert, a former FBI cyber-crime agent, said attempts were made to place backdoors in open source security codes but that these were unsuccessful. "I was one of the few FBI cyber agents when the coding supposedly happened. Experiment yes. Success No," Hilbert said in a Twitter update.

Interestingly, he says "open source security codes", not "OpenBSD" specifically. Perhaps they attempted to stick something in other open source projects as well.

[AdityaM]

Mossad agents brought down Egypt's Internet network two years ago

On December 2008, severe disruptions to Egypt's Internet services were blamed on damage to underwater data cables caused by a ship's anchor.

this explains the cable cuts that disrupted internet in india

[Guddu]

I can share the sept issue of DTI, which focusses on cyber warfare. Pl. send me your request to mdphd1 at google chacha. Or if some mod has a better distribution system, can mail to moderator.

Also, DTI is offering a free subscription, see link https://a1.ecom01.com/aweek/665f69643d3533/FM.cgi

[PratikDas]

Wireless at the speed of plasma

http://www.newscientist.com/article/mg2 ... lasma.html

^^^ Looks like development of AESA has led to gains in Radio communications. Nice, but some things I failed to understand:

1.) Does the antennae transmit a cloud of only electrons and in specific direction using beam forming methods and the signal rides these electrons?

• PD: I doubt the electrons go anywhere. Rather, only a cloud of electrons is maintained around the diodes. Inbound electromagnetic radiation probably further energises the electron cloud as it gets absorbed. These electrons would then probably revert to their steady state by emitting the energy absorbed earlier, i.e. via electromagnetic radiation of the same wavelength as the inbound radiation. This emission would then be the reflection.
  
  By having a static pattern of activated and de-activated electron clouds, you'd be able to beam-form the reflection with constructive and destructive interference patterns.
  
  By having a dynamic pattern of activated and de-activated electron clouds, you'd be able to move or steer the reflected beam.

or

2.) The electron cloud just acts as a repeater for signal being transmitted from a different antennae?

• PD: Yes

Sorry if this is OT for this thread. My very humble speculation is in blue. Please correct if its wrong.

I doubt this technology has much application for an AESA radar sitting on the nose of a fighter, but I think it would have applications for fighter stealth if these chips were to be placed, say, in a band around the inlet of the PAK-FA

PS. Sorry if I've stated the obvious.

[wig]

the new york times has an intersting article delving into the stuxnet worm. i opine that it is worth reading in full : Israel Tests on Worm Called Crucial in Iran Nuclear Delay

The Dimona complex in the Negev desert is famous as the heavily guarded heart of Israel’s never-acknowledged nuclear arms program, where neat rows of factories make atomic fuel for the arsenal.

Over the past two years, according to intelligence and military experts familiar with its operations, Dimona has taken on a new, equally secret role — as a critical testing ground in a joint American and Israeli effort to undermine Iran’s efforts to make a bomb of its own.

Behind Dimona’s barbed wire, the experts say, Israel has spun nuclear centrifuges virtually identical to Iran’s at Natanz, where Iranian scientists are struggling to enrich uranium. They say Dimona tested the effectiveness of the Stuxnet computer worm, a destructive program that appears to have wiped out roughly a fifth of Iran’s nuclear centrifuges and helped delay, though not destroy, Tehran’s ability to make its first nuclear arms.

“To check out the worm, you have to know the machines,” said an American expert on nuclear intelligence. “The reason the worm has been effective is that the Israelis tried it out.”

Though American and Israeli officials refuse to talk publicly about what goes on at Dimona, the operations there, as well as related efforts in the United States, are among the newest and strongest clues suggesting that the virus was designed as an American-Israeli project to sabotage the Iranian program.

In recent days, the retiring chief of Israel’s Mossad intelligence agency, Meir Dagan, and Secretary of State Hillary Rodham Clinton separately announced that they believed Iran’s efforts had been set back by several years. Mrs. Clinton cited American-led sanctions, which have hurt Iran’s ability to buy components and do business around the world.

The gruff Mr. Dagan, whose organization has been accused by Iran of being behind the deaths of several Iranian scientists, told the Israeli Knesset in recent days that Iran had run into technological difficulties that could delay a bomb until 2015. That represented a sharp reversal from Israel’s long-held argument that Iran was on the cusp of success.

The biggest single factor in putting time on the nuclear clock appears to be Stuxnet, the most sophisticated cyberweapon ever deployed.

In interviews over the past three months in the United States and Europe, experts who have picked apart the computer worm describe it as far more complex — and ingenious — than anything they had imagined when it began circulating around the world, unexplained, in mid-2009.

Many mysteries remain, chief among them, exactly who constructed a computer worm that appears to have several authors on several continents. But the digital trail is littered with intriguing bits of evidence.

In early 2008 the German company Siemens cooperated with one of the United States’ premier national laboratories, in Idaho, to identify the vulnerabilities of computer controllers that the company sells to operate industrial machinery around the world — and that American intelligence agencies have identified as key equipment in Iran’s enrichment facilities.

Seimens says that program was part of routine efforts to secure its products against cyberattacks. Nonetheless, it gave the Idaho National Laboratory — which is part of the Energy Department, responsible for America’s nuclear arms — the chance to identify well-hidden holes in the Siemens systems that were exploited the next year by Stuxnet.

The worm itself now appears to have included two major components. One was designed to send Iran’s nuclear centrifuges spinning wildly out of control. Another seems right out of the movies: The computer program also secretly recorded what normal operations at the nuclear plant looked like, then played those readings back to plant operators, like a pre-recorded security tape in a bank heist, so that it would appear that everything was operating normally while the centrifuges were actually tearing themselves apart.

The attacks were not fully successful: Some parts of Iran’s operations ground to a halt, while others survived, according to the reports of international nuclear inspectors. Nor is it clear the attacks are over: Some experts who have examined the code believe it contains the seeds for yet more versions and assaults.

“It’s like a playbook,” said Ralph Langner, an independent computer security expert in Hamburg, Germany, who was among the first to decode Stuxnet. “Anyone who looks at it carefully can build something like it.” Mr. Langner is among the experts who expressed fear that the attack had legitimized a new form of industrial warfare, one to which the United States is also highly vulnerable.

Officially, neither American nor Israeli officials will even utter the name of the malicious computer program, much less describe any role in designing it.

http://www.nytimes.com/2011/01/16/world ... ml?_r=1&hp

[wig]

the american newsmagazine time has an article on chinese hacking of western oil firms

Hackers operating from China stole sensitive information from Western oil companies, a U.S. security firm reported Thursday, adding to complaints about pervasive Internet crime traced to the country.

The report by McAfee Inc. did not identify the companies but said the "coordinated, covert and targeted" attacks began in November 2009 and targeted computers of oil and gas companies in the United States, Taiwan, Greece and Kazakhstan. It said the attackers stole information on operations, bidding for oil fields and financing

McAfee said extraction of information occurred from 9 a.m. to 5 p.m. Beijing time on weekdays. It said that suggested the attackers were "company men" on a regular job, rather than freelance or amateur hackers.

The attackers used hacking tools of Chinese origin that are prevalent on Chinese underground hacking forums, McAfee said.

Google announced last January that cyberattacks from China hit it and at least 20 other companies. Google says it has "conclusive evidence" the attacks came from China but declined to say whether the government was involved.

http://www.time.com/time/world/article/ ... 94,00.html

[nmadhav]

Does any one know about project suter? The USAF project that uses AESA and other high tech emitters to infiltrate and take over enemy air defense networks?http://www.informationdissemination.net ... syria.html. I want to know if anything similar is being done by DRDO.

[jamwal]

Some Pakis compromised account of one of the Admins of Indian Army fans page in facebook and posted crap leading to government banning it permanently.
Here is the new working fan page

[tarun]

Looks like we don't need external enemies to conduct DDoS attacks on our Internet. Our CERT-IN & DoT are rather well qualified to do the same.
Talk about self-goals. While we should be inviting oppressed nationalities in China-Pak to host their content in India the GoI seems hell bent on pushing out Indian content out of Indian Datacenters and webhosts.
http://www.medianama.com/2011/02/223-in ... uidelines/

[Ravi Karumanchiri]

The new cyber military-industrial complex

RON DEIBERT AND RAFAL ROHOZINSKI
Special to Globe and Mail Update
Published Monday, Mar. 28, 2011 2:00AM EDT

READ IT HERE

In the aftermath of the revolution that brought down Egypt’s Hosni Mubarak, protesters burst into the building that housed the state security services and combed through thousands of documents left by the departing regime. Among the files listing paid informants, tortured confessions and acts of secret manipulation was one rather exceptional document: a contract from an obscure German firm selling cyberwar software to the Egyptian regime. The document, quickly posted on the Internet, provided a detailed glimpse inside the black arts of today’s world of electronic warfare.

For those who study the geopolitics of cyberspace, the revelation was hardly surprising. There’s an arms race in cyberspace, and a massively exploding new cyber-industrial complex that serves it. The German firm is but one small manifestation.

...

Both Indian and Iranian officials have gone on public record condoning hackers who work in the state’s interest....

...

We have indeed created a kind of “world brain”; the problem is, it’s a typically aggressive and insecure human one.

Ron Deibert is director of the Citizen Lab at the University of Toronto’s Munk School of Global Affairs. Rafal Rohozinski is CEO of the Ottawa-based SecDev Group.

READ IT HERE

[Raghavendra]

Both Indian and Iranian officials have gone on public record condoning hackers who work in the state’s interest....

That's a Lie, police in the past have tortured Indian hackers, one had his hand broken, not praised or condoned their work

[Ravi Karumanchiri]

^^^Raghavendra, with respect;

I think you're behind on your reading.
Suggest you read through this thread, starting with the first post, which discusses the work of the NTRO WRT Cyber Warfare.

PS: In case anyone is unclear: I didn't write the above, I only quoted it from that Globe and Mail article.

[nits]

Stuxnet attack fear pushes govt to check IT network

The government fears a cyber attack on the power transmission lines and air traffic control systems by the new and sophisticated computer program Stuxnet. As a counter measure, the top brass of the country, which includes all chiefs of staff and secretaries of home, telecom, defence, finance and IT, has drafted a plan to thwart any such attack.

In a meeting held in the Prime Minister's Office on March 23, minutes of which were reviewed by ET, the country's top brass has made a plan to harden the security around Air Traffic Controllers (ATCs) and PowerGrid. A two-tier team comprising National Technical Research Organisation and ATC officials has been formed. The team would visit all airports shortly to conduct security reviews.

[Craig Alpert]

Defence Ministry to File Complaint on Fake Emails

I guess they haven't heard of a thing called SPAM A country that leads the world in IT uses email address of giants such as Google and Yahoo? Something is clearly not right with that picture. They can create a proper one associated with IA, IN, IAF or just use the ones that NTRO has developed for them but not sure what the logic behind using Gmail or Yahoo would be.

[Manish_P]

Cyber spying: China vs US

Some interesting points from the article

U.S. efforts to halt Byzantine Hades hacks are ongoing, according to four sources familiar with investigations. In the April 2009 cable, officials in the State Department's Cyber Threat Analysis Division noted that several Chinese-registered Web sites were "involved in Byzantine Hades intrusion activity in 2006."

The sites were registered in the city of Chengdu, the capital of Sichuan Province in central China, according to the cable. A person named Chen Xingpeng set up the sites using the "precise" postal code in Chengdu used by the People's Liberation Army Chengdu Province First Technical Reconnaissance Bureau (TRB), an electronic espionage unit of the Chinese military.

Many firms whose business revolves around intellectual property -- tech firms, defense group companies, even Formula One teams -- complain that their systems are now under constant attack to extract proprietary information. Several have told Reuters they believe the attacks come from China.

Some security officials say firms doing business directly with Chinese state-linked companies -- or which enter fields in which they compete directly -- find themselves suffering a wall of hacking attempts almost immediately.

In a private meeting of US, German, French, British and Dutch officials held at Ramstein Air Base in September 2008, German officials said such computer attacks targeted every corner of the German market, including "the military, the economy, science and technology, commercial interests, and research and development," and increase "before major negotiations involving German and Chinese interests," according to a cable from that year.

One reason: for China, digital espionage is wrapped into larger concerns about how to keep China's economy, the world's second largest, growing. "They've identified innovation as crucial to future economic growth -- but they're not sure they can do it," says Lewis. "The easiest way to innovate is to plagiarize" by stealing US intellectual property, he adds.

[Raghavendra]

^^^Raghavendra, with respect;

I think you're behind on your reading.
Suggest you read through this thread, starting with the first post, which discusses the work of the NTRO WRT Cyber Warfare.

PS: In case anyone is unclear: I didn't write the above, I only quoted it from that Globe and Mail article.

well you are correct on this, apologies for my mistake

[Raghavendra]

Defence Ministry to File Complaint on Fake Emails

I guess they haven't heard of a thing called SPAM

This is a case of impersonation and for investigation purposes first an FIR needs to be registered and that's what they have done

[Pranav]

Suter is a military computer program developed by BAE Systems that attacks computer networks and communications systems belonging to an enemy. Development of the program has been managed by Big Safari, a secret unit of the United States Air Force. It is specialised to interfere with the computers of integrated air defence systems.[1]

Three generations of Suter have been developed. Suter 1 allows its operators to monitor what enemy radar operators can see. Suter 2 lets them take control of the enemy's networks and direct their sensors. Suter 3, tested in summer 2006, enables the invasion of links to time-critical targets such as battlefield ballistic missile launchers or mobile surface-to-air missile launchers.

The program has been tested with aircraft such as the EC-130, RC-135, and F-16CJ.[1] It has been used in Iraq and Afghanistan since 2006.[2][3]

U.S. Air Force officials have speculated that a technology similar to Suter was used by the Israeli Air Force to thwart Syrian radars and sneak into their airspace undetected in Operation Orchard on September 6, 2007. The evasion of air defence radar was otherwise unlikely because the F-15s and F-16s used by the IAF were not equipped with stealth technology.[2][4]

Source: http://en.wikipedia.org/wiki/Suter_%28c ... program%29 .

[Craig Alpert]

Not really India's persay but nonetheless lessons learned could be applied here.

Pentagon gets cyberwar guidelines

WASHINGTON (AP) — President Barack Obama has signed executive orders that lay out how far military commanders around the globe can go in using cyberattacks and other computer-based operations against enemies and as part of routine espionage in other countries.

The orders detail when the military must seek presidential approval for a specific cyber assault on an enemy and weave cyber capabilities into U.S. war fighting strategy, defense officials and cyber security experts told The Associated Press.

Signed more than a month ago, the orders cap a two-year Pentagon effort to draft U.S. rules of the road for cyber warfare, and come as the U.S. begins to work with allies on global ground rules.

The guidelines are much like those that govern the use of other weapons of war, from nuclear bombs to missiles to secret surveillance, the officials said.

In a broad new strategy document, the Pentagon lays out some of the cyber capabilities the military may use during peacetime and conflict. They range from planting a computer virus to using cyberattacks to bring down an enemy's electrical grid or defense network.

"You don't have to bomb them anymore. That's the new world," said James Lewis, cybersecurity expert at the Center for Strategic and International Studies.

The new Pentagon strategy, he said, lays out cyber as a new warfare domain and stresses the need to fortify network defenses, protect critical infrastructure and work with allies and corporate partners.
..........

As an example, the new White House guidelines would allow the military to transmit computer code to another country's network to test the route and make sure connections work — much like using satellites to take pictures of a location to scout out missile sites or other military capabilities.

The digital code would be passive and could not include a virus or worm that could be triggered to do harm at a later date. But if the U.S. ever got involved in a conflict with that country, the code would have mapped out a path for any offensive cyberattack to take, if approved by the president.

The guidelines also make clear that when under attack, the U.S. can defend itself by blocking cyber intrusions and taking down servers in another country. And, as in cases of mortar or missile attacks, the U.S. has the right to pursue attackers across national boundaries — even if those are virtual network lines.

"We must be able to defend and operate freely in cyberspace," Lynn said in a speech last week in Paris. The U.S., he said, must work with other countries to monitor networks and share threat information.

......
Over time, Lynn said, the program could be a model for the Homeland Security Department as it works with companies that run critical infrastructure such as power plants, the electric grid and financial systems.

Members of Congress are working on a number of bills to address cybersecurity and have encouraged such public-private partnerships, particularly to secure critical infrastructure. But they also warn of privacy concerns.

...........
Under the new Pentagon guidelines, it would be unacceptable to deliberately route a cyberattack through another country if that nation has not given permission — much like U.S. fighter jets need permission to fly through another nation's airspace.

[SaiK]

pentagon is going serious on cyber warfare and announced military strike back based on the threat and damages caused. so, attack maasan cyber space, you can get nuked.. now that is pretty mad.

[darshhan]

For those interested in stuxnet this link is a must.

http://www.wired.com/threatlevel/2011/0 ... xnet/all/1

was January 2010, and investigators with the International Atomic Energy Agency had just completed an inspection at the uranium enrichment plant outside Natanz in central Iran, when they realized that something was off within the cascade rooms where thousands of centrifuges were enriching uranium.

Natanz technicians in white lab coats, gloves and blue booties were scurrying in and out of the “clean” cascade rooms, hauling out unwieldy centrifuges one by one, each sheathed in shiny silver cylindrical casings.

Any time workers at the plant decommissioned damaged or otherwise unusable centrifuges, they were required to line them up for IAEA inspection to verify that no radioactive material was being smuggled out in the devices before they were removed. The technicians had been doing so now for more than a month
Normally Iran replaced up to 10 percent of its centrifuges a year, due to material defects and other issues. With about 8,700 centrifuges installed at Natanz at the time, it would have been normal to decommission about 800 over the course of the year.

But when the IAEA later reviewed footage from surveillance cameras installed outside the cascade rooms to monitor Iran’s enrichment program, they were stunned as they counted the numbers. The workers had been replacing the units at an incredible rate — later estimates would indicate between 1,000 and 2,000 centrifuges were swapped out over a few months.

The question was, why?

Iran wasn’t required to disclose the reason for replacing the centrifuges and, officially, the inspectors had no right to ask. Their mandate was to monitor what happened to nuclear material at the plant, not keep track of equipment failures. But it was clear that something had damaged the centrifuges.

What the inspectors didn’t know was that the answer they were seeking was hidden all around them, buried in the disk space and memory of Natanz’s computers. Months earlier, in June 2009, someone had silently unleashed a sophisticated and destructive digital worm that had been slithering its way through computers in Iran with just one aim — to sabotage the country’s uranium enrichment program and prevent President Mahmoud Ahmadinejad from building a nuclear weapon.

But it would be nearly a year before the inspectors would learn of this. The answer would come only after dozens of computer security researchers around the world would spend months deconstructing what would come to be known as the most complex malware ever written — a piece of software that would ultimately make history as the world’s first real cyberweapon.

n June 17, 2010, Sergey Ulasen was in his office in Belarus sifting through e-mail when a report caught his eye. A computer belonging to a customer in Iran was caught in a reboot loop — shutting down and restarting repeatedly despite efforts by operators to take control of it. It appeared the machine was infected with a virus.

Ulasen heads an antivirus division of a small computer security firm in Minsk called VirusBlokAda. Once a specialized offshoot of computer science, computer security has grown into a multibillion-dollar industry over the last decade keeping pace with an explosion in sophisticated hack attacks and evolving viruses, Trojan horses and spyware programs.

The best security specialists, like Bruce Schneier, Dan Kaminsky and Charlie Miller are considered rock stars among their peers, and top companies like Symantec, McAfee and Kaspersky have become household names, protecting everything from grandmothers’ laptops to sensitive military networks.

VirusBlokAda, however, was no rock star nor a household name. It was an obscure company that even few in the security industry had heard of. But that would shortly change.

Ulasen’s research team got hold of the virus infecting their client’s computer and realized it was using a “zero-day” exploit to spread. Zero-days are the hacking world’s most potent weapons: They exploit vulnerabilities in software that are yet unknown to the software maker or antivirus vendors. They’re also exceedingly rare; it takes considerable skill and persistence to find such vulnerabilities and exploit them. Out of more than 12 million pieces of malware that antivirus researchers discover each year, fewer than a dozen use a zero-day exploit.

In this case, the exploit allowed the virus to cleverly spread from one computer to another via infected USB sticks. The vulnerability was in the LNK file of Windows Explorer, a fundamental component of Microsoft Windows. When an infected USB stick was inserted into a computer, as Explorer automatically scanned the contents of the stick, the exploit code awakened and surreptitiously dropped a large, partially encrypted file onto the computer, like a military transport plane dropping camouflaged soldiers into target territory.

It was an ingenious exploit that seemed obvious in retrospect, since it attacked such a ubiquitous function. It was also one, researchers would soon learn to their surprise, that had been used before.

VirusBlokAda contacted Microsoft to report the vulnerability, and on July 12, as the software giant was preparing a patch, VirusBlokAda went public with the discovery in a post to a security forum. Three days later, security blogger Brian Krebs picked up the story, and antivirus companies around the world scrambled to grab samples of the malware — dubbed Stuxnet by Microsoft from a combination of file names (.stub and MrxNet.sys) found in the code.

As the computer security industry rumbled into action, decrypting and deconstructing Stuxnet, more assessments filtered out.

It turned out the code had been launched into the wild as early as a year before, in June 2009, and its mysterious creator had updated and refined it over time, releasing three different versions. Notably, one of the virus’s driver files used a valid signed certificate stolen from RealTek Semiconductor, a hardware maker in Taiwan, in order to fool systems into thinking the malware was a trusted program from RealTek.

Internet authorities quickly revoked the certificate. But another Stuxnet driver was found using a second certificate, this one stolen from JMicron Technology, a circuit maker in Taiwan that was — coincidentally or not – headquartered in the same business park as RealTek. Had the attackers physically broken into the companies to steal the certificates? Or had they remotely hacked them to swipe the company’s digital certificate-signing keys? No one knew.

“We rarely see such professional operations,” wrote ESET, a security firm that found one of the certificates, on its blog. “This shows [the attackers] have significant resources.”

In other ways, though, Stuxnet seemed routine and unambitious in its aims. Experts determined that the virus was designed to target Simatic WinCC Step7 software, an industrial control system made by the German conglomerate Siemens that was used to program controllers that drive motors, valves and switches in everything from food factories and automobile assembly lines to gas pipelines and water treatment plants.

Although this was new in itself — control systems aren’t a traditional hacker target, because there’s no obvious financial gain in hacking them — what Stuxnet did to the Simatic systems wasn’t new. It appeared to be simply stealing configuration and design data from the systems, presumably to allow a competitor to duplicate a factory’s production layout. Stuxnet looked like just another case of industrial espionage.

Antivirus companies added signatures for various versions of the malware to their detection engines, and then for the most part moved on to other things.

The story of Stuxnet might have ended there. But a few researchers weren’t quite ready to let it go.

Read it all.

[sum]

^^ Extraordinary read...thanks a ton for posting!!

[sanjeevpunj]

I have always wondered if the Microprocessor Chips that form the core of computing,are not pre-programmed to send regular packets of information, to its manufacturer, who could be sharing the data with the Manufacturing country's Intelligence agency? Eg: Intel would pass on the data to CIA. The information could be used to trace,locate and even hack into such systems when needed? I am not an expert in VLSI or such similar stuff, but I really wonder if this is possible.

[tarun]

I have always wondered if the Microprocessor Chips that form the core of computing,are not pre-programmed to send regular packets of information, to its manufacturer, who could be sharing the data with the Manufacturing country's Intelligence agency? Eg: Intel would pass on the data to CIA. The information could be used to trace,locate and even hack into such systems when needed? I am not an expert in VLSI or such similar stuff, but I really wonder if this is possible.

You need to have the whole path right to the International Gateways of India and beyond the LIM equipment installed there which needs to be completely compromised. That would be incredibly hard to pull off.
-Tarun

[ArmenT]

I have always wondered if the Microprocessor Chips that form the core of computing,are not pre-programmed to send regular packets of information, to its manufacturer, who could be sharing the data with the Manufacturing country's Intelligence agency? Eg: Intel would pass on the data to CIA. The information could be used to trace,locate and even hack into such systems when needed? I am not an expert in VLSI or such similar stuff, but I really wonder if this is possible.

First, the part that actually sends out packets is a network card, not the microprocessor (though, these days, they are both on the same motherboard). Microprocessor cannot send out any packets without the network card's co-operation. And you can't guarantee that your microprocessor will be used with your network chips (unless you're the supplier of the complete PC).

Also, you can't guarantee that someone won't connect it to a hub and see suspicious packet activity (i.e. blinking LEDs) when nothing is supposedly happening on the PC. Once that cat is out of the bag, the manufacturer is going to be blacklisted worldwide and that won't make the stockholders very happy.

[sanjeevpunj]

^^^^ Interesting to learn.I thought some code could be embedded in the Microprocessor to regularly send out info without any trigger/request.Thanks for clarifying.

[sooraj]

just checked defenseforumindia.com website, it is hacked by pakistani hacker groups

[chackojoseph]

^^^^ May be not. They must have copyright violation and server must have taken then off for non reply to the DMCA. defence.pk and its sister content farms have been server hopping lately due to my DMCA complaints.

[ankitash]

^^^^ May be not. They must have copyright violation and server must have taken then off for non reply to the DMCA. defence.pk and its sister content farms have been server hopping lately due to my DMCA complaints.

indiandefence.com is the sister site of defence.pk

defenceforumindia.com OTOH is indic onlee

[wig]

http://timesofindia.indiatimes.com/tech ... 465101.cms
china seems to behind cyber attacks

Security experts have discovered the biggest series of cyber attacks to date, involving the infiltration of the networks of 72 organizations including the United Nations, governments and companies around the world.

Security company McAfee, which uncovered the intrusions, said it believed there was one "state actor" behind the attacks but declined to name it, though one security expert who has been briefed on the hacking said the evidence points to China.

The long list of victims in the five-year campaign include the governments of the United States, Taiwan, India, South Korea, Vietnam and Canada; the Association of Southeast Asian Nations (ASEAN); the International Olympic Committee (IOC); the World Anti-Doping Agency; and an array of companies, from defense contractors to high-tech enterprises.

In the case of the United Nations, the hackers broke into the computer system of the UN Secretariat in Geneva in 2008, hid there unnoticed for nearly two years, and quietly combed through reams of secret data, according to McAfee.

"Even we were surprised by the enormous diversity of the victim organizations and were taken aback by the audacity of the perpetrators," McAfee's vice president of threat research, Dmitri Alperovitch, wrote in a 14-page report released on Wednesday.

"What is happening to all this data ... is still largely an open question. However, if even a fraction of it is used to build better competing products or beat a competitor at a key negotiation (due to having stolen the other team's playbook), the loss represents a massive economic threat."

McAfee learned of the extent of the hacking campaign in March this year, when its researchers discovered logs of the attacks while reviewing the contents of a "command and control" server that they had discovered in 2009 as part of an investigation into security breaches at defense companies.

It dubbed the attacks "Operation Shady RAT" and said the earliest breaches date back to mid-2006, though there might have been other intrusions as yet undetected. (RAT stands for "remote access tool," a type of software that hackers and security experts use to access computer networks from afar).

Some of the attacks lasted just a month, but the longest -- on the Olympic Committee of an unidentified Asian nation -- went on and off for 28 months, according to McAfee.

"Companies and government agencies are getting raped and pillaged every day. They are losing economic advantage and national secrets to unscrupulous competitors," Alperovitch said.

"This is the biggest transfer of wealth in terms of intellectual property in history," he said. "The scale at which this is occurring is really, really frightening."

China connection?
He said that McAfee had notified all the 72 victims of the attacks, which are under investigation by law enforcement agencies around the world. He declined to give more details, such as the names of the companies hacked.

Jim Lewis, a cyber expert with the Center for Strategic and International Studies, was briefed on the discovery by McAfee. He said it was very likely that China was behind the campaign because some of the targets had information that would be of particular interest to Beijing.

The systems of the IOC and several national Olympic Committees were breached in the run-up to the 2008 Beijing Games, for example.

And China views Taiwan as a renegade province, and political issues between them remain contentious even as economic ties have strengthened in recent years.

"Everything points to China. It could be the Russians, but there is more that points to China than Russia," Lewis said.

[Ravi Karumanchiri]

McAfee says it has uncovered biggest-ever series of cyber attacks
JIM FINKLE
Boston— Reuters

Published Wednesday, Aug. 03, 2011 1:27AM EDT
Last updated Wednesday, Aug. 03, 2011 3:42AM EDT

http://www.theglobeandmail.com/news/tec ... le2117891/