I wrote last week about Stuxnet as a language attack with real-world consequences. I also wrote about how some in the security world think that the level of sophistication and the specificity of the target suggests that a nation/state - rather than merely some hacker or group of hackers - might have orchestrated the attack. I mean, I don't have access to the Stuxnet code; I'm just reporting what some in the industry believe.
Today Gizmodo reports that "the Pentagon and German intelligence are being accused of creating the virus to take down Iran's atomic facility." They point to articles at a variety of news organizations who are reporting the accusation (scroll down after the jump). Interesting food for thought, especially if we ask ourselves the tough questions about the nature of military attacks (and what qualifies/what doesn't/etc.
Showing posts with label cybercrime. Show all posts
Showing posts with label cybercrime. Show all posts
Monday, September 27, 2010
Thursday, September 23, 2010
Possible example that the pen IS mightier than the sword?
A while back, in my ENG 2353 (Professional Writing Technologies) class, I mentioned that no one country has oversight of the interwebs. In general, our participation - as individuals, as communitites, as part of a city/state/country/world - is without governance. I mean, it's not completely without government, but it's not exactly like the United States FCC can regulate globally-generated internet content. Well, not yet anyway.
So, I was reminded of our class' talk recently by two news-stories about the - hmm, how to describe it? - desire by some to globally regulate internet content. Maybe it's not merely about the desire; maybe desire is predicated (trumped?) here by necessity? I'm not 100% sure, but I do know that the ideas in these two stories speaks to the idea of content control/regulation. Read on!
Ever heard of Stuxnet? Probably not, and there's no reason you necessarily would have. However, some believe that it could very well kill everyone you know. Got your attention now? Wait, there's more!
Stuxnet is malware designed to deliver a pretty specific set of trojans into a computer system, theoretically then allowing some remote user(s) access into the infected system. Usually, trojans like that are designed to give those remote users access to our sensitive information: passwords, bank account/credit card info, etc. On that level, Stuxnet works a lot like malware you or I might get on our adorable little computers at home or school. However, (according to a great article on PC World) industrial cyber-security experts like Ralph Langer and Dale Peterson, CEO of Digital Bond, believe that because of the sheer complexity and artistry of the code itself, the malware likely was designed for a specific target: Iran's nearly-completed Bushehr nuclear reactor. In fact, Langer describes Stuxnet as "the hack of the century."
Stuxnet evidently targets some specific sectors of computer networks designed by Siemens, a big name in giant, industrial computer networks, among other things. The specificity and complexity of the attack, coupled with the small number of organizations that use the exact combination of Siemens' systems, limits the possible number of targets to just about one: Iran's nuclear reactor. Put another way, the Stuxnet trojans were designed to shut down "critical factory operations -- things that need a response within 100 milliseconds," according to IDG News' Robert McMillan (via PC World), not to infiltrate lots of different computers all over the world to steal lots of info like credit card numbers from regular Windows/Mac computers. McMillan argues that failure in those industrial systems could mean reactor meltdown, chemical catastrophe, etc, and that the target's specificity suggests that a new breed of cybercriminal - and/or "possibly a nation state" - created this malware to "destroy something big."
Up next time: "idea crime" and the internet!
So, I was reminded of our class' talk recently by two news-stories about the - hmm, how to describe it? - desire by some to globally regulate internet content. Maybe it's not merely about the desire; maybe desire is predicated (trumped?) here by necessity? I'm not 100% sure, but I do know that the ideas in these two stories speaks to the idea of content control/regulation. Read on!
Ever heard of Stuxnet? Probably not, and there's no reason you necessarily would have. However, some believe that it could very well kill everyone you know. Got your attention now? Wait, there's more!
Stuxnet is malware designed to deliver a pretty specific set of trojans into a computer system, theoretically then allowing some remote user(s) access into the infected system. Usually, trojans like that are designed to give those remote users access to our sensitive information: passwords, bank account/credit card info, etc. On that level, Stuxnet works a lot like malware you or I might get on our adorable little computers at home or school. However, (according to a great article on PC World) industrial cyber-security experts like Ralph Langer and Dale Peterson, CEO of Digital Bond, believe that because of the sheer complexity and artistry of the code itself, the malware likely was designed for a specific target: Iran's nearly-completed Bushehr nuclear reactor. In fact, Langer describes Stuxnet as "the hack of the century."
Stuxnet evidently targets some specific sectors of computer networks designed by Siemens, a big name in giant, industrial computer networks, among other things. The specificity and complexity of the attack, coupled with the small number of organizations that use the exact combination of Siemens' systems, limits the possible number of targets to just about one: Iran's nuclear reactor. Put another way, the Stuxnet trojans were designed to shut down "critical factory operations -- things that need a response within 100 milliseconds," according to IDG News' Robert McMillan (via PC World), not to infiltrate lots of different computers all over the world to steal lots of info like credit card numbers from regular Windows/Mac computers. McMillan argues that failure in those industrial systems could mean reactor meltdown, chemical catastrophe, etc, and that the target's specificity suggests that a new breed of cybercriminal - and/or "possibly a nation state" - created this malware to "destroy something big."
Up next time: "idea crime" and the internet!
Subscribe to:
Posts (Atom)