Der digitale Erstschlag ist erfolgt
Fieberhaft arbeiten die besten Sicherheitsexperten der Welt an der Analyse eines völlig neuartigen Computervirus. Jetzt legen erste Indizien einen erstaunlichen Verdacht nahe: Offenbar hat die digitale Waffe das iranische Atomprogramm sabotiert.
Der extreme Aufwand, der von den Autoren von stuxnet getrieben wurde, schließt Hobbyhacker oder lumpige Cyber-Kriminelle aus. Die Entwicklung sowie der Ankauf der notwendigen Angriffskomponenten in dieser Qualität und Zuverlässigkeit verursachen Kosten im siebenstelligen Euro-Bereich. Auf vielen Ebenen stellt stuxnet sicher, dass die Verbreitung absolut zuverlässig und unbemerkt vor sich geht. Am Ziel angekommen, also auf einer passenden Siemens-Industrieanlage, stellen umfangreiche Überprüfungen sicher, dass wirklich nur die spezifische Anlage, auf die stuxnet zielt, manipuliert wird....
Angesichts dieses Aufwandes bleiben als Autoren nur Nationalstaaten übrig, die über entsprechende Ressourcen verfügen, um eine derart hochgezüchtete Cyber-Waffe zu entwickeln und zu testen - und zwar, bis sie nahezu nebenwirkungsfrei ist. „Cyber-Kriege“ können aufgrund des nötigen langfristigen Entwicklungsaufwandes für die digitalen Angriffswerkzeuge de facto nur von Entitäten in der Größenordnung von Staaten geführt werden.
Code:
http://www.faz.net/s/RubCEB3712D41B64C3094E31BDC1446D18E/Doc~E8A0D43832567452FBDEE07AF579E893C~ATpl~Ecommon~Scontent.html
stuxnet: targeting the iranian enrichment centrifuges in Natanz?
stuxnet is a so far not seen publicly class of nation-state weapons-grade attack software. It is using four different zero-day exploits, two stolen certificates to get proper insertion into the operating system and a really clever multi-stage propagation mechanism, starting with infected USB-sticks, ending with code insertion into Siemens S7 SPS industrial control systems.
This is a game for nation state-sized entities, only two handful of governments and maybe as many very large corporate entities could manage and sustain such an effort to the achievment level needed to build stuxnet.
Code:
http://frank.geekheim.de/?p=1189
How Stuxnet is Scaring the Tech World Half to Death
once it reached a computer with access to the Internet it began communicating with a command-and-control server—the Stuxnet mothership. The C&C servers were located in Denmark and Malaysia and were taken off-line after they were discovered. But while they were operational, Stuxnet would contact them to deliver information it had gathered about the system it had invaded and to request updated versions of itself. You see, the worm’s programmers had also devised a peer-to-peer sharing system by which a Stuxnet machine in contact with C&C would download newer versions of itself and then use it to update the older worms on the network.
Code:
http://www.weeklystandard.com/blogs/how-stuxnet-scaring-tech-world-half-death?destination=node%2F496938
Stuxnet is "
the most refined piece of malware ever discovered ... mischief or financial reward wasn’t its purpose,
it was aimed right at the heart of a critical infrastructure"
experts studying Stuxnet considered that the complexity of the code indicates that only a nation state would have the capabilities to produce it.[6][23][24] Israel, perhaps through Unit 8200[25], has been speculated to be the country behind Stuxnet in many of the media reports...There has also been speculation on the involvement of NATO, the United States and other Western nations.[29]
Iran has set up its own systems to clean up infections and has advised against using the Siemens SCADA antivirus since it is suspected that the antivirus is actually embedded with codes which update Stuxnet instead of eradicating it.[45][46][47][48]
According to Hamid Alipour, deputy head of Iran's Information Technology Company, "The attack is still ongoing and new versions of this virus are spreading." He reports that his company had begun the cleanup process at Iran's "sensitive centres and organisations."[46] "We had anticipated that we could root out the virus within one to two months, but the virus is not stable, and since we started the cleanup process three new versions of it have been spreading,"
Code:
http://en.wikipedia.org/wiki/Stuxnet
Bookmarks