Cracking Stuxnet - A 21st-century cyber weapon against Iran - Ralph...
When first discovered in 2010, the Stuxnet computer worm posed a baffling puzzle. Beyond its unusually high level of sophistication loomed a more...
When first discovered in 2010, the Stuxnet computer worm posed a baffling puzzle. Beyond its unusually high level of sophistication loomed a more troubling mystery: its purpose. Ralph Langner and team helped crack the code that revealed this digital warhead's final target -- and its covert origins. In a fascinating look inside cyber-forensics, he explains how.
The idea behind the Stuxnet computer worm is actually quite simple. We don't want Iran to get the Bomb. Their major asset for developing nuclear weapons is the Natanz uranium enrichment facility. The gray boxes that you see, these are real-time control systems. Now if we manage to compromise these systems that control drive speeds and valves, we can actually cause a lot of problems with the centrifuge. The gray boxes don't run Windows software; they are a completely different technology. But if we manage to place a good Windows virus on a notebook that is used by a maintenance engineer to configure this gray box, then we are in business. And this is the plot behind Stuxnet.
So we start with a Windows dropper. The payload goes onto the gray box, damages the centrifuge, and the Iranian nuclear program is delayed -- mission accomplished. That's easy, huh? I want to tell you how we found that out. When we started our research on Stuxnet six months ago, it was completely unknown what the purpose of this thing was. The only thing that was known is very, very complex on the Windows part, the dropper part, used multiple zero-day vulnerabilities. And it seemed to want to do something with these gray boxes, these real-time control systems. So that got our attention, and we started a lab project where we infected our environment with Stuxnet and checked this thing out. And then some very funny things happened. Stuxnet behaved like a lab rat that didn't like our cheese -- sniffed, but didn't want to eat. Didn't make sense to me. And after we experimented with different flavors of cheese, I realized, well, this is a directed attack. It's completely directed. The dropper is prowling actively on the gray box if a specific configuration is found, and even if the actual program that it's trying to infect is actually running on that target. And if not, Stuxnet does nothing.
So that really got my attention, and we started to work on this nearly around the clock, because I thought, well, we don't know what the target is. It could be, let's say for example, a U.S. power plant, or a chemical plant in Germany. So we better find out what the target is soon. So we extracted and decompiled the attack code, and we discovered that it's structured in two digital bombs -- a smaller one and a bigger one. And we also saw that they are very professionally engineered by people who obviously had all insider information. They knew all the bits and bites that they had to attack. They probably even know the shoe size of the operator. So they know everything.
And if you have heard that the dropper of Stuxnet is complex and high-tech, let me tell you this: the payload is rocket science. It's way above everything that we have ever seen before. Here you see a sample of this actual attack code. We are talking about -- round about 15,000 lines of code. Looks pretty much like old-style assembly language. And I want to tell you how we were able to make sense out of this code. So what we were looking for is first of all is system function calls, because we know what they do.
And then we were looking for timers and data structures and trying to relate them to the real world -- to potential real world targets. So we do need target theories that we can prove or disprove. In order to get target theories, we remember that it's definitely hardcore sabotage, it must be a high-value target, and it is most likely located in Iran, because that's where most of the infections had been reported. Now you don't find several thousand targets in that area. It basically boils down to the Bushehr nuclear power plant and to the Natanz fuel enrichment plant.
So I told my assistant, "Get me a list of all centrifuge and power plant experts from our client base." And I phoned them up and picked their brain in an effort to match their expertise with what we found in code and data. And that worked pretty well. So we were able to associate the small digital warhead with the rotor control. The rotor is that moving part within the centrifuge, that black object that you see. And if you manipulate the speed of this rotor, you are actually able to crack the rotor and eventually even have the centrifuge explode. What we also saw is that the goal of the attack was really to do it slowly and creepy -- obviously in an effort to drive maintenance engineers crazy, that they would not be able to figure this out quickly.
The big digital warhead -- we had a shot at this by looking very closely at data and data structures. So for example, the number 164 really stands out in that code; you can't overlook it. I started to research scientific literature on how these centrifuges are actually built in Natanz and found they are structured in what is called a cascade, and each cascade holds 164 centrifuges. So that made sense, it was a match.
And it even got better. These centrifuges in Iran are subdivided into 15, what is called, stages. And guess what we found in the attack code? An almost identical structure. So again, that was a real good match. And this gave us very high confidence for what we were looking at. Now don't get me wrong here, it didn't go like this. These results have been obtained over several weeks of really hard labor. And we often went into just a dead-end and had to recover.
Anyway, so we figured out that both digital warheads were actually aiming at one and the same target, but from different angles. The small warhead is taking one cascade, and spinning up the rotors and slowing them down, and the big warhead is talking to six cascades and manipulating valves. So in all, we are very confident that we have actually determined what the target is. It is Natanz, and it is only Natanz. So we don't have to worry that other targets might be hit by Stuxnet.
Here's some very cool stuff that we saw -- really knocked my socks off. Down there is the gray box, and on the top you see the centrifuges. Now what this thing does is it intercepts the input values from sensors -- so for example, from pressure sensors and vibration sensors -- and it provides legitimate code, which is still running during the attack, with fake input data. And as a matter of fact, this fake input data is actually prerecorded by Stuxnet. So it's just like from the Hollywood movies where during the heist, the observation camera is fed with prerecorded video. That's cool, huh?
The idea here is obviously not only to fool the operators in the control room. It actually is much more dangerous and aggressive. The idea is to circumvent a digital safety system. We need digital safety systems where a human operator could not act quick enough. So for example, in a power plant, when your big steam turbine gets too over speed, you must open relief valves within a millisecond. Obviously, this cannot be done by a human operator. So this is where we need digital safety systems. And when they are compromised, then real bad things can happen. Your plant can blow up. And neither your operators nor your safety system will notice it. That's scary.
But it gets worse. And this is very important, what I'm going to say. Think about this. This attack is generic. It doesn't have anything to do, in specifics, with centrifuges, with uranium enrichment. So it would work as well, for example, in a power plant or in an automobile factory. It is generic. And you don't have -- as an attacker -- you don't have to deliver this payload by a USB stick, as we saw it in the case of Stuxnet. You could also use conventional worm technology for spreading. Just spread it as wide as possible. And if you do that, what you end up with is a cyber weapon of mass destruction. That's the consequence that we have to face. So unfortunately, the biggest number of targets for such attacks are not in the Middle East. They're in the United States and Europe and in Japan. So all of the green areas, these are your target-rich environments. We have to face the consequences, and we better start to prepare right now.
Thanks.
(Applause)
Chris Anderson: I've got a question. Ralph, it's been quite widely reported that people assume that Mossad is the main entity behind this. Is that your opinion?
Ralph Langner: Okay, you really want to hear that? Yeah. Okay. My opinion is that the Mossad is involved, but that the leading force is not Israel. So the leading force behind that is the cyber superpower. There is only one, and that's the United States -- fortunately, fortunately. Because otherwise, our problems would even be bigger.
CA: Thank you for scaring the living daylights out of us. Thank you Ralph.
(Applause)
10m:40s
9278
Firefly - Understanding Allah through Insects - English
The firefly is equipped with an amazing system. This insect has an organ in its body that produces fluorescent light. This light has great...
The firefly is equipped with an amazing system. This insect has an organ in its body that produces fluorescent light. This light has great significance for the firefly to preserve its race, because the female and male fireflies recognize each other by looking at their lights. The fluorescent organ of the firefly is composed of three layers just like the headlamps of an automobile. Cells that produce light lie at the bottom layer. The duty of these cells is to produce a combustible substance. This combustible substance reacts with oxygen controlled by an enzyme. As a result of this chemical reaction, the fluorescent light manufactured in a similar fashion to a factory is first transferred to the adjacent concave layer and then to the upper transparent layer where it is reflected as light. The perfect quality and 98% productivity rate of this fluorescent light astonished scientists examining fireflies. The light bulbs used for lighting purposes by people can only convert 5% of the received energy into light, the remaining 95% being lost in the form of heat. Because of this 95% heat which is released, we cannot touch a light bulb when it is on. Despite the fact that the firefly produces almost 20 times more light than a light bulb, the temperature does not rise, due to the cold nature of its light. Man can produce cold light only in laboratories, at the end of a series of chemical reactions. It is obviously irrational to claim that this complex lighting system has been designed and then installed in the body of this tiny insect by itself. More irrational than this is the claim of the theory of evolution that this system formed as a result of coincidences in nature. The perfection in the firefly's body is an indication that it is the product of a superior wisdom and infinite knowledge. Allah created all living species with distinct qualities and through them shows us His Eternal Might. In a verse of the Qur'an, people are summoned to ponder on this fact:
Among His Signs is the creation of the heavens and earth and all the creatures He has spread about in them. And He has the power to gather them together whenever He wills. (Surat ash-Shura: 29)
3m:7s
7236
[26 July 2011] پاراچنار امدادی کاروان روانہ MWM...
Since the innocent residents of Parachinar have been suffering for over 5 years now. There is a blockade of basic necessities of life inside...
Since the innocent residents of Parachinar have been suffering for over 5 years now. There is a blockade of basic necessities of life inside Parachinar e.g. food, medicines etc. Terrorists kill those who attempt to go to Parachinar. There are several incidents where cars and trucks are burnt by these Takfiri elements.
Government of Pakistan has always turned a blind eye towards the demands made by the residents of Parachinar and the supporters of human rights throughout Pakistan. False promises and unfulfilled commitments by the Government have compelled the general public of Pakistan to feel for the oppressed living in Parachinar.
To fulfill this responsibility, MWM has decided to take an aid caravan to Parachinar. Now the civilians of Pakistan will help the oppressed of Parachinar.
Freedom lover people of Pakistan have donated many goods and money to their brothers and sisters in Pakistan. May Allah accept their contribution.
MAY ALLAH PROTECT THIS CARAVAN AND THAT THEY REACH PARACHINAR WITH ALL THE FOOD SUPPLIES, MEDICINES, AND OTHER GOODS OF USE. MAY ALLAH BRING THESE DIGNIFIED AND GLORIOUS BELIEVERS BACK HOME SAFE AS WELL.
22m:23s
15436
الولاية المعاصرة - هل تتبع القائد الحق؟...
A Comparison Between The Situation In Kufah During The Time Of Imam Al-Husayn [Who Was In \\\\\\\'Ghaybah\\\\\\\' For The Muslims Living There] And...
A Comparison Between The Situation In Kufah During The Time Of Imam Al-Husayn [Who Was In \\\\\\\'Ghaybah\\\\\\\' For The Muslims Living There] And The Situation We Are In Today During The Apparent Absence Of Imam Al-Hujjah.
10m:29s
22679
Venezuelan Muslims join Ramadan celebrations - Aug 3, 2011 - English
The holy month of Ramadan has begun and Muslims living in Venezuela do not miss the occasion to follow the tradition in spite that they live in a...
The holy month of Ramadan has begun and Muslims living in Venezuela do not miss the occasion to follow the tradition in spite that they live in a country where around 92% of the population practices Roman Catholicism, according to government estimates.
Press TV's Ricardo Rojas reports from Caracas
2m:18s
7834
Bahrainis in NY protest Khalifa oppression - Sep 22, 2011 - English
It was in February 2011 when thousands of Bahrainis most of them from the country's Shia majority took to the streets to demand political reform....
It was in February 2011 when thousands of Bahrainis most of them from the country's Shia majority took to the streets to demand political reform. The Bahraini government reacted to the protests with a mixture of violent repression, and offers of limited concessions.
More than seven months later this time in New York City and on the sidelines of the UN General Assembly, Bahrainis and their supporters gather to call on the government of Hamed Bin Khalifa to end its brutal oppression against its people.
While the gathering is a humble one, the demonstrator's voices are loud and clear, they're calling for a free Bahrain for all.
The demonstrators stand united in front of the Bahraini mission where the Kingdom's ambassador to the UN is rumored to be having lunch with King Khalifa, the ruler of Bahrain.
While the ill treatment of the Shia population has made headlines around the world since protests erupted, for many demonstrators here the rally is about upholding core human values, regardless of religious affiliations.
Hussain Abdullah, Director of the advocacy group Americans for Democracy & Human Rights in Bahrain says the majority of the population are living under state oppression and the government needs to know that the voices of reason will not remain silent.
With posters and banners in hand and the Bahraini flag raised in the air the demonstrators hope gatherings like these big or small will garner the attention and support of the international community.
2m:25s
6608
Occupy Calgary draws several hundred protesters - Protest Against...
Occupy Calgary draws several hundred protesters
Hundreds of people drummed, chanted and protested issues ranging from income disparity, capitalism...
Occupy Calgary draws several hundred protesters
Hundreds of people drummed, chanted and protested issues ranging from income disparity, capitalism and corporate politics to homelessness and fiat currency during “Occupy Calgary.”
They began their protest at the foot of the locked glass doors of downtown Bankers Hall on Saturday afternoon. After about two hours, a crowd estimated to be between 300 and 500 people marched to Olympic Plaza, where several vowed to camp out over the weekend.
Police said there were no arrests. The demonstrators had remained peaceful.
Following similar protests in cities across Canada, the Occupy Wall Street movement is drawing thousands of people across the world to set up campsites in urban parks. It began in New York in September; when protesters began a sit-in at Zuccotti park to object to Wall Street’s role in the 2008 financial collapse.
“There’s a high disparity between the rich and the poor in Calgary,” said SAIT journalism student Sarah Pynoo, 19. “We’re one of the richest cities in North America, but we have enormous homelessness problems.
“And there are thousands of people living below the poverty line and that’s worrying.”
The protest was rich with signs, flags and even a few raging grannies. One cardboard sign, painted in a dark silhouette of a mouse, featured a red mouth with the sign “corporate politics eats people.”
Some protesters tried to draw awareness to investment fraud issues in Alberta. Others on 9/11 truth, a return to the gold standard, and mainstream media bias.
6m:6s
6576