Cyber WMD

    Newer Older

    Ralph Lagner cracked the code of the Stuxnet worm that tried to destroy the Iranian uranium enrichment facilities six months ago.

    The code contains two digital warheads. One slowly modulates the centrifuge rotor controller so that it eventually cracks and explodes. The other interrupts the input values from sensors so the plant control systems see raw sensor data that masks the damage being done.

    “When digital safety systems are compromised, then real bad things can happen. Your plant can blow up and neither your operators nor safety systems will notice it. That’s scary. But it gets worse. This attack is generic. It has nothing specific to do with centrifuges or uranium enrichment. It could work as well with a power plant or auto factory. You could use traditional worm technology to distribute it as wide as possible. And if you do that, you end up with a cyber weapon of mass destruction.”

    Who did it? “My opinion is that the Mossad is involved, but the leading force is not Israel. The leading force is the one cyber-superpower. There is only one, and that is the U.S.
    Fortunately, fortunately, because otherwise our problems would even be bigger.”

    Ponder that for a moment….

    The TED video of his talk just went online.

    1. ukweli 37 months ago | reply

      This is one of the reasons I'm convinced the computerization and networking of automobiles is a bad idea.

    2. obskura 37 months ago | reply

      A large problem is that still, and even in safety-critical embedded systems, developers favor configurability, online updates and easy access over protection, bullet-proof code and encapsulated systems. So far it's been useful to keep costs down, but that might turn out to be a double-edged sword...
      That, and of course the strange thing that most systems are still being programmed in one of the worst, most error prone language ever conceived, even though we had much better tools available for quite a while now... :) (ducks...)

    3. Happy Tinfoil Cat 37 months ago | reply

      I don't see a problem for cars until they start getting their updates wirelessly.

    4. TrombaMarina 37 months ago | reply

      Definitely a scary talk. This is a problem that's not going away, but getting worse as more things are computerized. Some software is well crafted and merely vulnerable. But much software is done on a budget and aggressive time line by people who are barely qualified to do the job and/or not really interested. Attacking such software is like shooting fish in a barrel.

      This also has serious implications for voting machines which have a history of hardware and software vulnerabilities. If ever there was a way Open Source software could save the world, voting machines might be that way. Making the software Open Source (or at least publicizing the copyrighted code) allows for peer review and public discussion/disclosure and even citizen-coders contributing patches for security holes. Clearly, the bad guys can get the code, so keeping the code secret is not the answer.

      Thanks for posting this. You always bring up interesting things.

    5. solerena 37 months ago | reply

      it looks like each organization should have a team dedicated to this particular problem, not even mentioned nuclear plants or anything related to national security or public health! banks might be leading a way in this regard... they have to...

    6. Tomi Tapio 37 months ago | reply

      Freaky android! Good text.

    7. Photo--Graphy [deleted] 35 months ago | reply

      Excellent Shot

    keyboard shortcuts: previous photo next photo L view in light box F favorite < scroll film strip left > scroll film strip right ? show all shortcuts