Category: CyberSecurity

I’m at a cyber conference this week and applying for federal cyber security training, so I’m doing some homework. Here’s some snippets from books and articles I read recently.

Let’s consider a few recent examples to better illustrate the universe of cyber warfare. Perhaps the most famous is the Stuxnet worm, which was discovered in 2010 and was considered the most sophisticated piece of malware ever revealed, until a virus know as Flame, discovered in 2012, claimed that title. Designed to affect a particular type of industrial control system that ran on Windows operating system, Stuxnet was discovered to have infiltrated the monitoring systems of Iran’s Natanz nuclear-enrichment facility, causing centrifuges to abruptly speed up or slow down to the point of self-destruction while simultaneously disabling the alarm systems. Because the Iranian systems were not linked to the Internet, the worm must have been uploaded directly, perhaps unwittingly introduced by a Natanz employee on a USB flash drive. The vulnerabilities in the Windows systems were subsequently patched up, but not until after causing some damage to the Iranian nuclear effort, as the Iranian president, Mahmoud Ahmadinejad, admitted.
Initial efforts to locate the creators of the worm were inconclusive, though most believed that is target and the level of sophistication pointed to a state-backed effort. Among other reasons, security analysts unpacking the worm (their efforts made possible because Stuxnet had escaped “into the wild” — that is, beyond the Natanz plant) noticed specific references to dates and biblical stories in code that would be highly symbolic to Israelis. (Others argued that the indicators were far too obvious, and thus false flags.) The resources involved also suggested government production: Experts thought the worm was written by as many as 30 people over several months. And it used an unprecedented number of “zero-day” exploits, malicious computer attacks while exposing vulnerabilities in computer programs that were unknown to the program’s creator (in this case, the Windows OS) before the day of the attack, thus leaving zero days to prepare for it. The descovery of one zero-day exploit is considered a rare event– and exploited information can be sold for hundreds of thousands of dollars on the black market — so security analysts were stunned to discover that an early variant of Stuxnet took advantage of FIVE.
Sure enough, it was revealed in June 2012 that not one but two governments were behind the deployment of the Stuxnet worm. Unnamed Obama administration officials confirmed to the New York Times journalist David E. Sanger that Stuxnet was a joint U.S. and Israeli project design to stall and disrupt the suspected Iranian nuclear-weapons program.
In the book The New Digital Age: Transforming Nations, Businesses, and Our Lives
by Eric Schmidt and Jared Cohen | Apr 23, 2013

For example, when the CENTCOM (US Central Command)Twitter account was compromised for 40 minutes by the Islamic State in January 2015, the motive was not monetary; it was political. The objective was to create discomfort and a sense of insecurity by openly demonstrating a security gap and sending out political messages through it.
In the book Cybersecurity for Beginners by Raef Meeuwisse Second Edition published in March 2017

According to Norton Anti-virus website, the previous mentioned Flame doesn’t make the list of the 8 most amazing viruses ever. Norton’s website listed
1) CryptoLocker. Released in September 2013, CryptoLocker spread through email attachments and encrypted the user’s files so that they couldn’t access them.

The hackers then sent a decryption key in return for a sum of money, usually somewhere from a few hundred pounds up to a couple of grand.

2) ILOVEYOU. 2000. The malware was a worm that was downloaded by clicking on an attachment called ‘LOVE-LETTER-FOR-YOU.TXT.vbs’.

ILOVEYOU overwrote system files and personal files and spread itself over and over and over again. ILOVEYOU hit headlines around the world and still people clicked on the text—maybe to test if it really was as bad as it was supposed to be. Poking the bear with a stick, to use a metaphor.

ILOVEYOU was so effective it actually held the Guinness World Record as the most ‘virulent’ virus of all time. A viral virus, by all accounts. Two young Filipino programmers, Reonel Ramones and Onel de Guzman, were named as the perps but because there were no laws against writing malware, their case was dropped and they went free.

3) MyDoom 2004. MyDoom is considered to be the most damaging virus ever released—and with a name like MyDoom would you expect anything less?

MyDoom, like ILOVEYOU, is a record-holder and was the fastest-spreading email-based worm ever. MyDoom was an odd one, as it hit tech companies like SCO, Microsoft, and Google with a Distributed Denial of Service attack.

25% of infected hosts of the .A version of the virus allegedly hit the SCO website with a boatload of traffic in an attempt to crash its servers.

In 2004, roughly somewhere between 16-25% of all emails had been infected by MyDoom.

4)Storm Worm. 2006. Storm Worm was a particularly vicious virus that made the rounds in 2006 with a subject line of ‘230 dead as storm batters Europe’. Intrigued, people would open the email and click on a link to the news story and that’s when the problems started.

Storm Worm was a Trojan horse that infected computers, sometimes turning them into zombies or bots to continue the spread of the virus and to send a huge amount of spam mail.

5) Sasser & Netsky. 2004. Sasser spread through infected computers by scanning random IP addresses and instructing them to download the virus. Netsky was the more familiar email-based worm. Netsky was actually the more viral virus, and caused a huge amount of problems in 2004.

6) Anna Kournikova. 2001. Not sure why this one is on the list. The description says it didn’t cause much damage, was created as a joke the author turned himself over to the police. Jan De Wit, a 20-year-old Dutch man, wrote the virus as ‘a joke’. The subject was “Here you have, ;0)” with an attached file called AnnaKournikova.jpg.vbs. Anna was pretty harmless and didn’t do much actual damage, though.
7) Slammer. 2003. Slammer is the kind of virus that makes it into films, as only a few minutes after infecting its first victim, it was doubling itself every few seconds. 15 minutes in and Slammer had infected half of the servers that essentially ran the internet.

The Bank of America’s ATM service crashed, 911 services went down, and flights had to be cancelled because of online errors. Slammer, quite aptly, caused a huge panic as it had effectively managed to crash the internet in 15 quick minutes.

As described in a wired magazine article: An inside view of the worm that crashed the Internet in 15 minutes. “Gah!” Owen Maresh almost choked when the Priority 1 alert popped up on his panel of screens just after midnight on Saturday, January 25. Sitting inside Akamai’s Network Operations Control Center, the command room for 15,000 high-speed servers stationed around the globe, he had a God’s-eye view of the Internet, monitoring its health in real time. His job was to watch for trouble spots and keep Akamai’s servers – and the sites of its clients like Ticketmaster and MSNBC – open for business. This was big trouble.
The tiny worm hit its first victim at 12:30 am Eastern standard time. The machine – a server running Microsoft SQL – instantly started spewing millions of Slammer clones, targeting computers at random. By 12:33 am, the number of slave servers in Slammer’s replicant army was doubling every 8.5 seconds.
8) Stuxnet, described above by Cohen in the New Digital Age.

I’m going to dig up some data on the Marines.com hack as well. But what’s odd about most of these notable events is they are a decade or more old. What’s happened recently?