Documentos de Académico
Documentos de Profesional
Documentos de Cultura
to US Shipping Ports
Musings by Borepatch
http://borepatch.blogspot.com
Stuxnet Recap
A new type of Computer Worm discovered in the summer of
2010
Stuxnet breaks ground several ways:
It uses multiple Day Zero exploits
It reprogrammed Industrial Process Control systems from Siemens
AG. These are devices used in manufacturing automation
It is particularly stealthy, using rootkit techniques to hide its
presence
It spreads via multiple vectors, before causing damage, and in a
controlled manner to avoid generating suspicion (compare with the
SLAMMER worm from 2003)
Speculation is that this was created by State actors as a form of
Information Warfare; speculation is that Israel targeted the
Iranian nuclear program
Why do we think that Stuxnet was
State-on-State Information War?
The Siemens IPC systems are not unusual, but are very
expensive and not typically available to the average Black Hat
hacker
Most malware these days is focused on stealing money – e.g.
Capturing online banking passwords – and not on industrial
process control. This is a very unusual target.
Some analyses of the worm code reveal hints as to its origin,
e.g. Dates supposedly referencing Iranian dissidents, etc. It is
possible that these could have been planed by the worm's
creator to generate suspicion at Israel, however.
The motive (disabling the Iranian nuclear program) is plausible.
Implications if this is State-on-
State Information War
Automated processes are a plausible target, even if they use
uncommon hardware/software. ”Security By Obscurity” is over
Air gaps (isolated networks) are no defense: it appears that the
Iranian network is isolated from the Internet, and was infected
via USB removable filesystems. Note that the US DoD
classified network was similarly infected in 2008.
State adversaries can afford to invest millions in programming
talent, and take months or possibly years to create highly
sophisticated payloads. This is not something that a typical
antivirus will defend against.
Impact is likely based on the value of the targeted systems.
Some types of systems may be better managed, and harder to
subvert.
How to you stop the US 3 rd
Infantry Division?
Very few State actors can
counter the US military on the
field of battle
But the US military units need
ammunition and gasoline
Slowing the flow of supplies –
or getting the wrong supplies
sent – will stop the units due to
lack of gas and ammunition
The ”teeth” are a very hard
target. What about the
logistical ”tail”?
Port of Wilmington
Efficiency drives throughput, and the number of Gross Moves
per hour is the key metric
Cost per move is critical for competitiveness
Specialized software is provided by multiple vendors (e.g.
NAVIS) to optimize throughput and minimize cost
Your typical Black Hat hacker would not have access to these
types of systems; a State Actor would
A Stuxnet-style worm targeting the major Port automation
software could criple a US Military response, if unleashed in the
weeks or months prior to a conflict
How do you defend against a
hypothetical threat?
There is no indication that a worm targeting transportation has
been created.
Harder targets are more resilient
It is more difficult for a worm to penetrate a hardened system
Worm penetration will be less extensive on a hardened system
Once triggered, damage is likely less on a hardened system
The easiest way to harden systems is to focus on the COTS
portion (e.g. Common OS and application layers)
Automated scanning for missing parches, misconfigurations, etc is a well
understood field, with mature products an well-documented processes
Rapid gains in hardening result in a typical practice that is much
closer to Best Practice
Advice from the UK's Information
Security Chief