Cracking Stuxnet - A 21st-century cyber weapon against Iran - Ralph...
When first discovered in 2010, the Stuxnet computer worm posed a baffling puzzle. Beyond its unusually high level of sophistication loomed a more...
When first discovered in 2010, the Stuxnet computer worm posed a baffling puzzle. Beyond its unusually high level of sophistication loomed a more troubling mystery: its purpose. Ralph Langner and team helped crack the code that revealed this digital warhead's final target -- and its covert origins. In a fascinating look inside cyber-forensics, he explains how.
The idea behind the Stuxnet computer worm is actually quite simple. We don't want Iran to get the Bomb. Their major asset for developing nuclear weapons is the Natanz uranium enrichment facility. The gray boxes that you see, these are real-time control systems. Now if we manage to compromise these systems that control drive speeds and valves, we can actually cause a lot of problems with the centrifuge. The gray boxes don't run Windows software; they are a completely different technology. But if we manage to place a good Windows virus on a notebook that is used by a maintenance engineer to configure this gray box, then we are in business. And this is the plot behind Stuxnet.
So we start with a Windows dropper. The payload goes onto the gray box, damages the centrifuge, and the Iranian nuclear program is delayed -- mission accomplished. That's easy, huh? I want to tell you how we found that out. When we started our research on Stuxnet six months ago, it was completely unknown what the purpose of this thing was. The only thing that was known is very, very complex on the Windows part, the dropper part, used multiple zero-day vulnerabilities. And it seemed to want to do something with these gray boxes, these real-time control systems. So that got our attention, and we started a lab project where we infected our environment with Stuxnet and checked this thing out. And then some very funny things happened. Stuxnet behaved like a lab rat that didn't like our cheese -- sniffed, but didn't want to eat. Didn't make sense to me. And after we experimented with different flavors of cheese, I realized, well, this is a directed attack. It's completely directed. The dropper is prowling actively on the gray box if a specific configuration is found, and even if the actual program that it's trying to infect is actually running on that target. And if not, Stuxnet does nothing.
So that really got my attention, and we started to work on this nearly around the clock, because I thought, well, we don't know what the target is. It could be, let's say for example, a U.S. power plant, or a chemical plant in Germany. So we better find out what the target is soon. So we extracted and decompiled the attack code, and we discovered that it's structured in two digital bombs -- a smaller one and a bigger one. And we also saw that they are very professionally engineered by people who obviously had all insider information. They knew all the bits and bites that they had to attack. They probably even know the shoe size of the operator. So they know everything.
And if you have heard that the dropper of Stuxnet is complex and high-tech, let me tell you this: the payload is rocket science. It's way above everything that we have ever seen before. Here you see a sample of this actual attack code. We are talking about -- round about 15,000 lines of code. Looks pretty much like old-style assembly language. And I want to tell you how we were able to make sense out of this code. So what we were looking for is first of all is system function calls, because we know what they do.
And then we were looking for timers and data structures and trying to relate them to the real world -- to potential real world targets. So we do need target theories that we can prove or disprove. In order to get target theories, we remember that it's definitely hardcore sabotage, it must be a high-value target, and it is most likely located in Iran, because that's where most of the infections had been reported. Now you don't find several thousand targets in that area. It basically boils down to the Bushehr nuclear power plant and to the Natanz fuel enrichment plant.
So I told my assistant, "Get me a list of all centrifuge and power plant experts from our client base." And I phoned them up and picked their brain in an effort to match their expertise with what we found in code and data. And that worked pretty well. So we were able to associate the small digital warhead with the rotor control. The rotor is that moving part within the centrifuge, that black object that you see. And if you manipulate the speed of this rotor, you are actually able to crack the rotor and eventually even have the centrifuge explode. What we also saw is that the goal of the attack was really to do it slowly and creepy -- obviously in an effort to drive maintenance engineers crazy, that they would not be able to figure this out quickly.
The big digital warhead -- we had a shot at this by looking very closely at data and data structures. So for example, the number 164 really stands out in that code; you can't overlook it. I started to research scientific literature on how these centrifuges are actually built in Natanz and found they are structured in what is called a cascade, and each cascade holds 164 centrifuges. So that made sense, it was a match.
And it even got better. These centrifuges in Iran are subdivided into 15, what is called, stages. And guess what we found in the attack code? An almost identical structure. So again, that was a real good match. And this gave us very high confidence for what we were looking at. Now don't get me wrong here, it didn't go like this. These results have been obtained over several weeks of really hard labor. And we often went into just a dead-end and had to recover.
Anyway, so we figured out that both digital warheads were actually aiming at one and the same target, but from different angles. The small warhead is taking one cascade, and spinning up the rotors and slowing them down, and the big warhead is talking to six cascades and manipulating valves. So in all, we are very confident that we have actually determined what the target is. It is Natanz, and it is only Natanz. So we don't have to worry that other targets might be hit by Stuxnet.
Here's some very cool stuff that we saw -- really knocked my socks off. Down there is the gray box, and on the top you see the centrifuges. Now what this thing does is it intercepts the input values from sensors -- so for example, from pressure sensors and vibration sensors -- and it provides legitimate code, which is still running during the attack, with fake input data. And as a matter of fact, this fake input data is actually prerecorded by Stuxnet. So it's just like from the Hollywood movies where during the heist, the observation camera is fed with prerecorded video. That's cool, huh?
The idea here is obviously not only to fool the operators in the control room. It actually is much more dangerous and aggressive. The idea is to circumvent a digital safety system. We need digital safety systems where a human operator could not act quick enough. So for example, in a power plant, when your big steam turbine gets too over speed, you must open relief valves within a millisecond. Obviously, this cannot be done by a human operator. So this is where we need digital safety systems. And when they are compromised, then real bad things can happen. Your plant can blow up. And neither your operators nor your safety system will notice it. That's scary.
But it gets worse. And this is very important, what I'm going to say. Think about this. This attack is generic. It doesn't have anything to do, in specifics, with centrifuges, with uranium enrichment. So it would work as well, for example, in a power plant or in an automobile factory. It is generic. And you don't have -- as an attacker -- you don't have to deliver this payload by a USB stick, as we saw it in the case of Stuxnet. You could also use conventional worm technology for spreading. Just spread it as wide as possible. And if you do that, what you end up with is a cyber weapon of mass destruction. That's the consequence that we have to face. So unfortunately, the biggest number of targets for such attacks are not in the Middle East. They're in the United States and Europe and in Japan. So all of the green areas, these are your target-rich environments. We have to face the consequences, and we better start to prepare right now.
Thanks.
(Applause)
Chris Anderson: I've got a question. Ralph, it's been quite widely reported that people assume that Mossad is the main entity behind this. Is that your opinion?
Ralph Langner: Okay, you really want to hear that? Yeah. Okay. My opinion is that the Mossad is involved, but that the leading force is not Israel. So the leading force behind that is the cyber superpower. There is only one, and that's the United States -- fortunately, fortunately. Because otherwise, our problems would even be bigger.
CA: Thank you for scaring the living daylights out of us. Thank you Ralph.
(Applause)
10m:40s
9273
Adobe After Effects Tutorial Adding Footage With After Effects - English
Edit your videos with this video software. Learn how to add footage to a composition using Adobe After Effects compositing software in this...
Edit your videos with this video software. Learn how to add footage to a composition using Adobe After Effects compositing software in this computer software lesson from a video production expert.
Expert: Ryan Vaughn
Bio: Ryan Vaughn is a photo enthusiast who has used his expertise for professional wedding portraits and business promotion.
Filmmaker: MAKE | MEDIA
2m:29s
5497
Adobe After Effects Tutorial How to Use Adobe After Effects Software -...
Animate layers in your own movie. Watch an overview of using Adobe After Effects compositing software in this computer software lesson from a video...
Animate layers in your own movie. Watch an overview of using Adobe After Effects compositing software in this computer software lesson from a video production expert.
Expert: Ryan Vaughn
Bio: Ryan Vaughn is a photo enthusiast who has used his expertise for professional wedding portraits and business promotion.
Filmmaker: MAKE | MEDIA
1m:14s
5796
Burzynski - Cancer Is Serious Business part 1 - English
Burzynski, the Movie is the story of a medical doctor and Ph.D biochemist named Dr. Stanislaw Burzynski who won the largest, and possibly the most...
Burzynski, the Movie is the story of a medical doctor and Ph.D biochemist named Dr. Stanislaw Burzynski who won the largest, and possibly the most convoluted and intriguing legal battle against the Food & Drug Administration in American history.
His victorious battles with the United States government were centered around Dr. Burzynski's belief in and commitment to his gene-targeted cancer medicines he discovered in the 1970's called Antineoplastons, which have currently completed Phase II FDA-supervised clinical trials in 2009 and could begin the final phase of testing in 2011—barring the ability to raise the required $150 million to fund them.
When Antineoplastons are approved, it will mark the first time in history a single scientist, not a pharmaceutical company, will hold the exclusive patent and distribution rights on a paradigm-shifting medical breakthrough
36m:21s
5268
Iran atop Muslim countries in nanotechnology - July 18, 2011 - English
Ghanbar Naderi, Press TV, Tehran
Iran began its nanotechnology program back in 2001 and quickly became first in the production of...
Ghanbar Naderi, Press TV, Tehran
Iran began its nanotechnology program back in 2001 and quickly became first in the production of nanotechnology and nano-science in the region and the Muslim world. It is now among the world's top 15, that according to the officials at the Iran Nanotechnology Initiative Council.
The INIC official told Press TV that Iran is also among few countries that have compiled a National Nanotechnology Plan. Being the 15th in nanotechnology, he says, is also a major progress because Iran was 59 back in 2000.
Under Iran's Ten-Year Nanotechnology Plan, the priorities in nanotechnology development are energy, health, environment, water, materials and construction.
Sarkar predicted that nanotechnology would be a multi-billion-dollar market and that under the right circumstances Iran should enjoy a 2% share of this lucrative business in the coming years.
Asadifard said, however, that the ultimate goal is to create new job opportunities and generate wealth nationwide through the development of nanotechnology.
Iran has been chosen to host the next Asia Nano Forum. The regional gathering will be held on the sidelines of the 4th International Nanotechnology Festival and the Grand Industries Exhibition.
3m:9s
8753
[Africa Today] Is there an alternative to western aid in famine hit...
It is the world's biggest humanitarian crisis and it seems to be getting worse.
Thousands of people are on the move fleeing from both war and...
It is the world's biggest humanitarian crisis and it seems to be getting worse.
Thousands of people are on the move fleeing from both war and famine and of all the countries affected, its Somalia which is most stricken with half of its seven million population at severe risk. While the UN sponsored transitional government has complained of food holding by some aid agencies the al-Shabaab militia says these NGO's have no business in the areas they control.
23m:51s
5742
[Learning] This is How a Leader Speaks !!! - Iranian President vs....
"Business of a Great Leader Resemble in his Answers when he Speaks" starring a coward man named Musharraf, who 1st degrades his own...
"Business of a Great Leader Resemble in his Answers when he Speaks" starring a coward man named Musharraf, who 1st degrades his own country when asked a question portraying Pakistan as a country of barbarians and animals where things happen in probably an animalistic way then on a second question about whether or not he'll catch Bin Laden (who doesn't even exist) on US Orders, is more than happy to do so, and render any services US shall require.
I would like to seriously contend, that THIS IS HOW A GREAT LEADER SPEAKS ... A man, who cannot stand the TRUTH is not worthy of being called a Leader like the man named Musharraf. He is one coward about whom Israeli Foreign Minister said on record, and I quote ..
"Being a Proud and Staunch Jewish, Never in my Life I could even dream I would be praying for the life of a Muslim, but now I do .. for Musharraf"
This shows the state of slavery that man has pushed his nation into, no matter how confidently he can answer the journalists, because it doesn't matter. Being able to Answer confidently, when you're not even standing with the truth is no metric to measure LEADERSHIP.
A True Leader is one who stands for a CAUSE, not for others' causes .. He is the one who Stands for Truth, because even if you are in the Minority of ONE, Truth.. shall Still be the Truth ...
15m:21s
7952
[EUROPEAN AWAKENING] Occupy London protesters take over Swiss bank...
It started last month with one encampment outside Saint Paul's Cathedral. Next came the expansion to Finsbury Square, a smaller but similarly...
It started last month with one encampment outside Saint Paul's Cathedral. Next came the expansion to Finsbury Square, a smaller but similarly active protest camp.
Now, Occupy London have unveiled their latest base, and this time they mean business.
At four storeys high and taking up almost half a street, this is the third of the Occupy London movement's locations, coming complete with a fully functional conference room and a five hundred seat auditorium. More significantly, this building is owned by the Swiss bank UBS, who themselves are no strangers to controversy.
In two thousand and seven, they were accused of heavily profiting from a controversial mortgage scheme in which thousands of British pensioners lost a total of around one billion pounds. They bought the troubled mortgages from another bank. At the time they said that it was an “entirely usual” transaction.
It was bailed out by the Swiss government just one year later. This building is one of its assets, and it's worth over fifty four million pounds.
Occupy London want to hold educational workshops and community events here. They've named their new space “The bank of ideas”, this concept was explained to us by one occupier.
After weeks of being told that their protest was going nowhere, those within the Occupy movement are seeing this as proof that they aren't giving up any time soon. They plan on hosting a conference of worldwide occupy movements inside.
Officially the building is now a 'legal squat', meaning that police are powerless to remove the activists from the building without first consulting the courts.
The City of London has already started legal action against the Saint Pauls cathedral protest camp. Although this is a private building and in a different part of London, its owners are likely to start taking steps to launch their own case against the protesters.
UBS bank today said that they were taking “appropriate action”. In the meantime, Occupy London is likely to squeeze as many events as it can into their limited occupancy time to take full advantage of their new found space.
2m:54s
8547
[14 Mar 2012]Andaz-e-Jahanہندوستان کے اقتصادی اور...
[14 Mar 2012] Andaz-e-Jahan - ہندوستان کے اقتصادی اور تجارتی وفد کا دورہ ایران - Sahartv - Urdu...
[14 Mar 2012] Andaz-e-Jahan - ہندوستان کے اقتصادی اور تجارتی وفد کا دورہ ایران - Sahartv - Urdu
مہمان:ڈاکٹر وید پرتاب ویدک-محترم حسن کمال-ڈاکٹر سید حمید حسینی
41m:58s
6073
Sectarian strife in Gilgit-Baltistan, courtesy Islamabad - English
Gilgit-Baltistan, September 27: Roads wear a deserted look, shopping and business centres remain shut and attendance in government offices and...
Gilgit-Baltistan, September 27: Roads wear a deserted look, shopping and business centres remain shut and attendance in government offices and schools stays thin. This is the situation in Gilgit Baltistan, which is facing sectarian strife. The root cause is the influx of Sunnis from Pakistan -- essentially Pashtuns. Since the Zulfikar Ali Bhutto regime in the mid 1970s, Islamabad has been continuously encouraging sectarian polarization in Gilgit-Baltistan. The situation worsened dramatically under General Zia-ul-Haq, when the military dictator encouraged cadres of the radical Sunni Sipah-e-Sahaba Pakistan (SSP) to extend its activities to the Gilgit-Baltistan region. ISI-backed Sunni extremist organizations are now engaged in activities like bomb blasts and killings that provoke sectarian clashes.
3m:44s
7331
Video Tags:
Smart
meter,
civil
interests,
home,
business,
technology,
information
security,
policies,
opposition,
Victoria,
media,
civil
liberties,
cancer,
electromagnetic
waves,
presstv,
news,
latest
news
[23 June 2012] Pakistani traders protest against power outages - English
[23 June 2012] Pakistani traders protest against power outages - English
This, otherwise bustling city center in Rawalpindi, is giving a deserted...
[23 June 2012] Pakistani traders protest against power outages - English
This, otherwise bustling city center in Rawalpindi, is giving a deserted look as traders have shut down their businesses to protest against the long power outages. Normal life has virtually come to a halt in Pakistan's largest province, Punjab, due to crippling strike against the ongoing energy crises. Pakistan is currently in the midst of severe energy shortages with many parts of the country receive only a few hours of electricity a day during the sweltering summer season. Riots have broken out in many parts of the country's Punjab province, which is controlled by the opposition.
Angry protesters have attacked and torched public offices and a lawmaker's house in some cities. In his first address to the Parliament after getting elected as the country's Prime Minister, Raja Parvez Ashraf said addressing the energy crises would be his first priority. Prime Minister Ashraf was once in charge of water and power sector and was accused of receiving kickbacks in the rental power projects, a charge he strongly denies. Experts attribute the problem to years of underinvestment and bad management in the energy sector.
2m:21s
7504
Drug Enforcement Administration says that the CIA has been a major drug...
US: The former head of the Drug Enforcement Administration says that the CIA has been a major drug smuggler of cocaine into the US for decades and...
US: The former head of the Drug Enforcement Administration says that the CIA has been a major drug smuggler of cocaine into the US for decades and that the government has worked with and protected drug smugglers in other countries. [The reason for this is that it generates 'secret' funding for CIA activities around the world that would never be approved by Congress or the American people.]
2m:15s
5414