Cyber Warfare

AssassinsMace

Lieutenant General
Please, Log in or Register to view URLs content!


'Proof' Links Flame, Stuxnet Super Cyber Weapons: Researchers
By LEE FERRAN and KIRIT RADIA | ABC News – 4 hrs agoEmailShare3PrintRelated Content'Proof' Links Flame, Stuxnet Super …
Researchers say they have uncovered "proof" linking the authors of the Flame cyber espionage program to Stuxnet, the most powerful offensive cyber weapon ever developed -- both of which are believed to have targeted Iran.

Analysts at the Russia-based cyber security firm Kaspersky Labs, which was the first to uncover Flame and had previously analyzed Stuxnet, wrote in a blog post today that they had found the "missing link" between Flame and Stuxnet: a specific piece of code that appears to have been used in both programs.

Flame, a highly advanced "toolkit" of cyber espionage programs capable of watching virtually everything on an infected computer, was discovered last month on computers in the Middle East and Iran and had apparently been spying on those systems for years. Stuxnet, an offensive cyber weapon designed to physically alter its intended target, was discovered in 2010 after it reportedly infiltrated and managed to damage an Iranian nuclear enrichment facility -- an unprecedented feat.

In both cases, cyber security experts that analyzed the programs' code determined that due to similarities in cost, time requirement and apparent target, it was likely they had each been developed under the direction of a nation-state, leading to speculation the U.S. or Israel may be involved. However, the same experts quickly noted that Flame's code architecture was vastly different from Stuxnet's and determined that while both could have come from the same nation-state, they were not likely written together.

READ: Smoke Over Flame: Who Is Behind Super Cyber Spy Tool?

But now Kaspersky Labs says the two cyber tools appear to have been developed in tandem and a section of code directly from Flame was used in an early 2009 version of Stuxnet, meaning that the two development teams overlapped in their work at least for a little while, even if they appear to have gone their separate ways in 2010 when newer versions of the programs appeared.

"We believed that the two teams only had access to some common resources, [but] that didn't show any true collaboration," Kaspersky Labs senior researcher Roel Schouwenberg told ABC News. "However, now it turns out that the Stuxnet team initially used Flame to kickstart the project. That proves collaboration and takes the connection between the two teams to a whole new level."

After Stuxnet's discovery, a Congressional report in December 2010 put the U.S. and Israel on a short list of countries believed to be capable of carrying out that attack -- a list that also included Russia, China, the U.K. and France. A month later, The New York Times reported Stuxnet may have been the result of a joint U.S., Israeli project to undermine Iran's nuclear program.

Five different U.S. government agencies declined to comment to ABC News about allegations they were involved in Flame and the Israeli government has reportedly denied any link to the virus.

News of the new connection between the two programs came just days after a U.S.-based cyber security firm, Symantec, reported Flame appears to have been given a "suicide" command that would wipe any trace of it from an infected computer.

Since I'm not a computer programming expert, I see this as a lot of hype. So unless whoever is behind this has taken over anything with a computer in it, what makes this any different from any other said possible cyber attack spoken of before? So it can affect things mechanically. Can't a hacker do the same? The only difference is this can do it on its own and can be "specifically" targeted. Frankly has the Iranian nuclear program halted to a complete stop? Stuxnet was said to takes years and cost hundreds of millions of USD to develop and what did it accomplish? Something that cost that much and whoever created it just did most of the work for any hacker or computer programming expert to "mutate" this into countless other threats.

Here's the problem if the US is behind this. The Pentagon just complained the last year about Chinese cyber espionage activities as possibly an act of war. What's this then? So are US departments not talking to one another? That's pretty irresponsible if the US is behind this and they make a statement that cyber espionage activity can be considered an act of war. And I don't really understand why the media is bragging about it because it's not like only the US and Israel can do this. It might just be a Pandora's Box they just opened. That's if it lives up to the hype which I'm skeptical in the first place.
 
Last edited:

Kurt

Junior Member
Stuxnet was programmed to cause malfunction for very specific engines used for uran enrichment, a sabotage act.
Flame is more espionage oriented.

Historically, you could have carried out such acts by diluting the supply with faulty components or have someone make longterm destructive modifications to hardware. Our shift to software solutions means that software sabotage is on the rise. Stuxnet is a first test of such tools of software affecting difficult to reach hardware.
Flame and the Chinese Trojans are classic espionage tools for SIGINT. The reports show a kind of double standard by assuming the good guys can do everything and everything the "future competitor" does is bad. Everybody complains about being spied at.
 

AssassinsMace

Lieutenant General
Pardon I forgot to mention the difference between Stuxnet and Flame but it has been reported developed from the same program.
 

Kurt

Junior Member
For me, the more interesting question would pertain to the future rules on the data highway that is drifting into very lawless territory via these developments.
 

bd popeye

The Last Jedi
VIP Professional
1-11.gif


Warned member: zighail

Reason: Posting anti-us/west flamebait.
zighail, since you are new you need to read the forum rules before you post again. If you desire to continue to post as you have you need to find a different forum. Your type of flamebait posting is not allowed here. For your offense you are granted a one week holiday away from SDF. While you are out read the forum rules..then abide by them.


FORUM RULES: Things to Remember Before Posting, important, please read!

bd popeye super moderator
 

AssassinsMace

Lieutenant General
[video=youtube;Js52FjOsgPA]http://www.youtube.com/watch?v=Js52FjOsgPA[/video]

I just saw this on CNBC. For a show about Chinese cyber espionage there was little evidence shown. Basically all the people interviewed were in the business of cyber security. That's like the robocalls I've gotten recently where they're trying to sell me on buying their security products by scaring me with government crime statistics. The guy from Nortel says evidence that China stole from the company and caused it to go bankrupt was the rise of Huawei happened at the same time. How about taking their products and seeing if it was exactly like Nortel? They didn't do that.
 

lostsoul

Junior Member
I just saw this on CNBC. For a show about Chinese cyber espionage there was little evidence shown. Basically all the people interviewed were in the business of cyber security. That's like the robocalls I've gotten recently where they're trying to sell me on buying their security products by scaring me with government crime statistics. The guy from Nortel says evidence that China stole from the company and caused it to go bankrupt was the rise of Huawei happened at the same time. How about taking their products and seeing if it was exactly like Nortel? They didn't do that.

The dumb American public will soak up the the "Yellow Peril" espionage, economic threat like a sponge, especially in an election year.

Note: The British MI5 have been actively recruiting "hackers" to work for them. Wonder what they would be doing?. So every country is at it. India should be extremely competent at this cyber espionage due to their developed computer software industry.
 

escobar

Brigadier
Please, Log in or Register to view URLs content!


Security researchers disclosed critical vulnerabilities in routers from Chinese networking and telecommunications equipment manufacturer Huawei at the Defcon hackers conference on Sunday.

The vulnerabilities -- a session hijack, a heap overflow, and a stack overflow -- were found in the firmware of Huawei AR18 and AR29 series routers and could be exploited to take control of the devices over the Internet,
said Felix Lindner, the head of security firm Recurity Labs and one of the two researchers who found the flaws.

Huawei is one of the fastest growing providers of networking and telecommunication equipment in the world. Huawei equipment powers half of the world's Internet infrastructure, Lindner said.

The researcher, who also analyzed the security of Cisco networking equipment in the past, described the security of the Huawei devices he analyzed as "the worst ever" and said that they're bound to contain more vulnerabilities.

During the Defcon talk, which Lindner gave together with Recurity Labs security consultant Gregor Kopf, the researchers pointed out that there are over 10,000 calls in the firmware's code to sprintf, a function that's known to be insecure.

"This stuff is distrusting," said security researcher Dan Kaminsky, who is best known for discovering a major vulnerability in the world's DNS (Domain Name System) infrastructure in 2008 and who worked for Cisco in the past. "If I were to teach someone from scratch how to write binary exploits, these routers would be what I'd demonstrate on."

"What FX [Lindner's moniker in security circles] has shown is that the 15 years of secure coding practices that we've learned about -- the things to do or not do -- have not been absorbed by the engineers at Huawei,
" Kaminsky said.

According to the Huawei website, the AR series routers are used by enterprises and AR18 in particular is marketed as product intended for small and home offices.

The Recurity Labs researchers specified during the talk that they didn't test any "big boxes" like the Huawei NE series routers -- which are intended for telecom data communication networks -- because they couldn't obtain them.

Lindner and Kopf also criticized Huawei for its lack of transparency when it comes to security issues. The company doesn't have a security contact for reporting vulnerabilities, doesn't put out security advisories and doesn't say what bugs have been fixed in its firmware updates, the researchers said.

"If I don't know who to contact, I can't tell you about your bugs and this happens," Lindner said, referring to the public disclosure of vulnerabilities.

The researcher hopes that this will be a wake-up call for Huawei customers. The only way to force a company to build more secure products is to make the customers ask for it, like it happened in the past with Microsoft, Cisco or Apple,
he said.

Huawei did not return a request for comment.
 
Top