Mark Rockwell Top Priority Sector: cbrne_detection Almost $3 million has been approved by U.S. nuclear security agencies to fuel collaborative nuclear security and development projects in the Ukraine and Russian Federation, said National Nuclear Security Administration (NNSA) on July 26. The projects, financed by NNSA’s Global Initiatives for Proliferation Prevention (GIPP) program, will be managed [...]
View full post on The Cyber Wars
An Irishman living in the US was the first to decipher the complex nature of Stuxnet, a computer worm that affected Iranian nuclear facilities in 2010. The worm is believed to have been the work of the CIA or Israeli security forces.
View full post on computer worm – Yahoo! News Search Results
View full post on National Cyber Security » Virus/Malware/Worms
A secure communications channel set up to prevent misunderstandings that might lead to nuclear war is likely to expand to handle new kinds of conflict — in cyberspace. The Nuclear Risk Reduction Center, established in 1988 under President Ronald Reagan so that Washington and Moscow could alert each other to missile tests and space launches that could be mistaken as acts of aggression, would take …
View full post on germany cyber attack – Yahoo! News Search Results
View full post on National Cyber Security
(Credit:
CBS Interactive)
(CNET) An Iranian double agent working for Israel used a standard thumb drive carrying a deadly payload to infect Iran’s Natanz nuclear facility with the highly destructive Stuxnet computer worm, according to a story by ISSSource.
Stuxnet quickly propagated throughout Natanz — knocking that facility offline and at least temporarily crippling Iran’s nuclear program — once a user did nothing more than click on a Windows icon. The worm was discovered nearly two years ago.
ISSSource’s report yesterday was based on sources inside the U.S. intelligence community.
These sources, who requested anonymity because of their close proximity to investigations, said a saboteur at the Natanz nuclear facility, probably a member of an Iranian dissident group, used a memory stick to infect the machines there. They said using a person on the ground would greatly increase the probability of computer infection, as opposed to passively waiting for the software to spread through the computer facility. “Iranian double agents” would have helped to target the most vulnerable spots in the system,” one source said. In October 2010, Iran’s intelligence minister, Heydar Moslehi said an unspecified number of “nuclear spies” were arrested in connection with Stuxnet.33 virus.
As CNET first reported in August 2010, Stuxnet, as a worm intended to hit critical infrastructure companies, wasn’t meant to remove data from Natanz. Rather, it left a back door that was meant to be accessed remotely to allow outsiders to stealthily control the plant.
The Stuxnet worm infected industrial control system companies around the world, particularly in Iran and India but also companies in the U.S. energy industry, Liam O’Murchu, manager of operations for Symantec Security Response, told CNET. He declined to say how many companies may have been infected or to identify any of them.
“This is quite a serious development in the threat landscape,” he said. “It’s essentially giving an attacker control of the physical system in an industrial control environment.”
According to ISSSource, the double agent was likely a member of the Mujahedeen-e-Khalq (MEK), a shadowy organization often engaged by Israel to carry out targeted assassinations of Iraninan nationals, the publication’s sources said.
As CNET reported in August 2010:
The Stuxnet worm propagates by exploiting a hole in all versions of Windows in the code that processes shortcut files, ending in “.lnk,” according to…[the] Microsoft Malware Protection Center….Merely browsing to the removable media drive using an application that displays shortcut icons, such as Windows Explorer, will run the malware without the user clicking on the icons. The worm infects USB drives or other removable storage devices that are subsequently connected to the infected machine. Those USB drives then infect other machines much like the common cold is spread by infected people sneezing into their hands and then touching door knobs that others are handling.
The malware includes a rootkit, which is software designed to hide the fact that a computer has been compromised, and other software that sneaks onto computers by using a digital certificates signed two Taiwanese chip manufacturers that are based in the same industrial complex in Taiwan–RealTek and JMicron, according to Chester Wisniewski, senior security advisor at Sophos…. It is unclear how the digital signatures were acquired by the attacker, but experts believe they were stolen and that the companies were not involved.
Once the machine is infected, a Trojan looks to see if the computer it lands on is running Siemens’ Simatic WinCC software. The malware then automatically uses a default password that is hard-coded into the software to access the control system’s Microsoft SQL database.
This story originally appeared on CNET.
Article source: http://www.cbsnews.com/8301-501465_162-57413557-501465/report-stuxnet-delivered-to-iranian-nuclear-plant-on-thumb-drive/
View full post on National Cyber Security » Virus/Malware/Worms
A story in ISSSource says that Iranian double agents used an infected memory stick to hit the facility with the worm that severely damaged Iran's nuclear program. Originally posted at Geek Gestalt
View full post on computer worm – Yahoo! News Search Results
View full post on National Cyber Security » Virus/Malware/Worms
South Africa is line to build a US-sponsored nuclear security training academy for English speaking countries around world, MPs have heard.
View full post on could security – Yahoo! News Search Results
View full post on National Cyber Security
Chinese cybercriminals have crafted a sophisticated, robust malware attack that exploits growing political tension and fear over Iran’s alleged covert nuclear weapons program to infect PCs.
The goal of the hackers is to corrupt the computers of U.S. military employees, according to researchers from the security firm Bitdefender, who detected the malware.
Calling it “the perfect firebomb,” the China-borne malware embeds itself in an email with an attached Microsoft Word document titled “Iran’s Oil and Nuclear Situation.doc.” The document, Bitdefender explained, contains an Adobe Shockwave Flash applet that attempts to get the recipients to load a fake YouTube video.
While the rigged video (an .mp4 file) loads, the malware exploits an Adobe Flash flaw that sneaks an executable file into the initial Word document.
If it sounds complicated, that’s the point, Bitdefender’s Bogdan Botezatu said.
“The operation is covert: the MP4 file triggering the exploit is streamed from the Web, which means the PC will be exploited by the time an anti-virus would generally scan a file,” he wrote. “Further, the malicious file delivered inside the doc file (us.exe) has multiple layers of obfuscation to dodge detection.”
Once the malware is implanted on a victim’s computer, it communicates with a command-and-control server in China.
Carefully crafted exploits aimed at military targets are nothing new; a November congressional report outlined state-sponsored cybercrime missions carried out by Chinese and Russian criminals against U.S. government agencies.
And the infamous “Operation Aurora” attacks, launched by Chinese cybercriminals, targeted more than 200 major U.S. companies, including Google and Morgan Stanley.
Because advanced persistent threats like this can be difficult to detect and eliminate once they’re on your system, it’s important to never click on any attachment that appears at all suspicious. It’s also crucial to install a software firewall and run strong anti-virus software on your computer, and to download security patches for vulnerable programs as soon as they become available.
© 2012 SecurityNewsDaily. All rights reserved
Article source: http://www.msnbc.msn.com/id/46722543/ns/technology_and_science-security/
View full post on National Cyber Security » Virus/Malware/Worms