Cyber warfare is a major concern for the global society. The introduction, development and operation of information and communication technologies have been accompanied by an increase in criminal accomplishments. With regard to cyberspace, the Internet is increasely been used as a tool and medium by organized crime. In order to commit cybercrime, cyber weapon are needed.
The first known cyber weapon to have ever been created was the Stuxnet virus that was discovered in the late summer of 2010. To say it was a computer virus isn’t right because a computer virus relies on an unwitting victim to instill it, whereas a worm often spread over a computer network on its own. Stuxnet was a 500kb computer worm that infected the software of at least
…show more content…
This worm was an unprecedentedly masterful and malicious piece of code that conducted attacks in three stages. It starts by targeted Microsoft Windows machines and networks while repeatedly replicating itself. It then sought out Siemens Step7 software, which is also Windows-based that is used to program industrial control systems that operate equipment, such as centrifuges. And finally, it compromised the programmable logic controllers. The worm’s creators could therefore spy on the industrial systems and even cause the fast-spinning centrifuges to tear themselves apart, unknown to the engineers at the plant.
In order for the original Stuxnet worm to work correctly it has to be introduced into a system, usually via an infected USB thumb drive/flash drive. Once the USB thumb drive is inserted into a system, it proceeds to infect all machines running Microsoft Windows. It does this by displaying a digital certificate that seems to show that it comes from a reliable company, the worm is able to evade automated-detection systems. It then checks whether a given machine is part of the targeted industrial control system made by Siemens. If it isn’t the right system, the worm does nothing. However if it is the right system the worm attempts to access the Internet and download a more recent version of itself. So to say it goes through a sequence of checks to actually determine if this is the right target. It 's kind
The early version of the worm functioned as a man-in-the-middle attack. It sat between the engineering software and the Siemens controllers for the input and output valves feeding into each centrifuge. The worm would accept commands from the engineering software and give false responses to indicate that these commands were being processed by the controllers. In reality, the worm was regularly allowing the centrifuges to be over-pressurized, which had the effect of causing the centrifuges to wear out and break more quickly. The later version of the software was much more crude. It would take over the centrifuges and refuse to acknowledge signals from the engineering software while an attack was active. The attack operated about once a month and worked by slowing down the centrifuges and then spinning them back up to past their normal full speed. This would cause damage as the centrifuges passed through what was known as a resonance speed, which would destabilize the rotor. Stuxnet managed to increase the rotor speeds at Iran’s Natanz nuclear facility from a normal speed of 63,000 rpm to 84,600 rpm. The worms were carefully designed so that it would not be obvious to someone in the facility that their mechanical systems were being sabotaged. For example, the worm would randomly affect different centrifuges at
In order to properly answer the question posed we must first define what cyber-war and cyber-terrorism are. The Oxford Dictionaries defines cyber-war as “The use of computer technology to disrupt the activities of a state or organization, especially the deliberate attacking of communication systems by another state or organization:” Although there is no dictionary definition of cyber-terrorism, The Center for Strategic and International Studies (CSIS) has defined it as “the use of computer network tools to shut down critical national infrastructures (e.g., energy, transportation, government operations) or to coerce or intimidate a government or civilian population.” The author defines cyber terror as “the intimidation of civilian enterprise through the use of high technology to bring about political, religious, or ideological aims, actions that result in disabling or deleting critical infrastructure data or information.”
Another occurrence of cyberwarfare and its power lies within the Stuxnet worm, unleashed primarily to attack Iranian industrial programmable logic controllers (PLCs) in the nation’s Nuclear facilities. The Stuxnet worm is typically introduced to its target environment via an infected USB flash drive, and upon being loaded onto a computer running the Microsoft Windows operating system the worm would then seek out Siemens Step7 software. This software will then allow for Stuxnet to control Iranian PLCs, collecting information on industrial systems and causing the fast-spinning centrifuges to tear themselves apart. Stuxnet’s complexity is evident in its three prong approach to infection: It unloads a worm that executes all routines related to the main attack, it executes a link file that automatically activates other copies of the worm on the same network, and it activates its rootkit, which allows it to hide its processes and activity on the local computer as well as the entire computer network. Kaspersky Lab, an international software security group operating in almost 200 countries and territories worldwide, concluded that the attack “is a one-of-a-kind, sophisticated malware attack backed by a well-funded, highly skilled attack team” and that the “attack could only be conducted with nation-state support and backing”. In May 2011, the PBS program Need To Know cited a statement by Gary Samore, White House Coordinator for Arms Control and Weapons of Mass Destruction, in which
The nature of the cyber threat has changed dramatically over the past 25 years. In the early days of the personal computer, hackers were mostly motivated by the lulz, or laughs. They hacked computer systems just to prove that they could do it or to make a point. One of the very first computer viruses to infect IBM PCs was the Brain virus, created in 1986 by brothers Amjad Farooq Alvi and Basit Farooq, aged 24 and 17, of Lahore, Pakistan. Their virus was intended to be innocuous in nature, to stop others from pirating the software the brothers had spent years developing. Brain worked by infecting the boot sector of a floppy disk as a means of preventing its copying and allowed the brothers to track illegal copies of their own software. The brothers, upset that others were pirating their software without paying for it, included an ominous warning which appeared on infected users screens:
It uses the flaws in Windows computers to break into a computer and links other affected or unaffected computers together into a huge botnet (“Conficker”, 2015). The botnet can be controlled remotely by the author(s)’ of the worm. Conficker worm infected 9 million to 15 million Windows computers in over 200 countries in the world including government, military, business, and home computers. So far the author of this worm is still unknown (“Conficker”, 2015).
The first article I found gave me a better foundation for what the (Polymorphic) Worm is, where it targets and how it spreads. This particular worm spread using the internet and targeting Internet Security Systems (ISS) buffer overflows. This ISS attack using overflow is the same type of breach we practiced in one of our previous assignments this semester. The article titled "The spread of the Witty worm" discusses what it looks for and how it accesses the Internet Security Systems. Using the ISS path the Worm takes advantage of a security flaw in the firewall applications. Once breached the worm then uploads its "payload contained in a phrase, (^,^) insert witty message here (^, ^)." (Moore, 2004) This article addressed several of my concerns how what, and where? With the what? The article talks about once infected could it be removed. The report also covers where the worm goes for a suggesting a random destination within the hard drive taken over and eventually rendering the entire machine
The experts said that the virus was designed to target Simatic WinCC Step7 software; which is an industrial control system made by the German conglomerate Siemens. The system was used to program controllers that drive motors, valves and switches in everything from food factories and automobile assembly lines to gas pipelines and water treatment plants (Zetter, 2011). This happens to be the same software that was used at Natanz facility.
Discovered in June of 2010, a computer worm called Stuxnet was designed to attack programmable-logic controllers or PLCs that are used to control switches and values in industries that operate a specific type of on Siemens PLC device using Step7 software running on a Windows operating system. The worm was successful because it was able to exploit a of four zero-day flaw of Windows operating system. Stuxnet
In this 21st century, the Internet is being used anytime, anywhere in our daily life, of course, no exception in war zone between nations and cyberwar is the term which is used to call the wars use network technology, what exactly Cyberwarfare means? Well, this term widely covers many aspects in cases, but in generally, Cyberwarfare involves the use and targeting of computers or networks in warfare and it could be in both side offensive and defense to against cyberattacks. Therefore, there is a question that is beings asked is whether Cyberwarfare will become a new Nuclear warfare of our generation? In order to answer this question, I’m going to figure out what are the differences and similarities between Nuclear warfare and Cyberwarfare.
In May of 2017, any computer that was running a Microsoft Windows operating system was under attack worldwide by a ransomware cryptoworm known as WannaCry. When it hit the targeted computers, it would encrypt the data and demand a ransom payment in Bitcoin. Bitcoin is a worldwide cryptocurrency and digital payment system. Within a day of the first attack it was estimated to have infected more than 230,000 computers in over 150 countries. The attack was worldwide and ranged from health services to Fed Ex. Marcus Hutchins is a British computer security researcher who is known for finding a way to halt WannaCry. He found that the malware was connected to a specific domain and the “kill switch” was hard coded into the malware.
A cyber attack was made on Estonia in 2007, on 26 April 2007 at sharp 10'o clock; government of Estonia was made the target for a preplanned cyber attack by some secret foe (Stacy Prowell, 2010).
To understand the business of malware, one must understand how malware has evolved in the past twenty-five years. Malware, which includes all kinds of malicious software, was originally created to show the weaknesses of computers. The first type of malware, created in 1986, was a virus called “Brain.A. Brain.A was developed in Pakistan, by two brothers - Basit and Amjad. They wanted to prove that PC is not secure platform, so they created virus that was replicating using floppy disks” (Milošević). Even today malware is still used to check the security of machines.
Such concerns have generally involved the infiltration of a computer system for purposes of degrading its capabilities, manipulating data, or using the device to launch cyber attacks on other systems. The Stuxnet worm, 3 which was first reported in June 2010 by a security firm in Belarus, appears to be the first malicious software (malware) designed specifically to attack a particular type of ICS: one that controls nuclear plants, whether for power or uranium enrichment. The malware attacks and disrupts a Microsoft Windows-based application that is employed by a particular ICS produced by the German company Siemens. 4 The worm can be spread through an air-gapped network by a removable device, such as a thumb drive, and possibly through computers connected to the Internet, and it is often capable of remaining hidden from detection. It is difficult to determine the geographic origin of the malware, as cyber attackers often employ
Microsoft Windows was attacked via buffer overflow in August 2003. The attack, known as the Blaster Worm, focused on an already recognized buffer overflow in Windows’ remote procedure call (RPC) facilities. RPC is specific to the Windows operating system. The vulnerability was in Port 135 which handles transmission control protocol (TCP) the language in which a system communicates in. Port 135 did not require authentication about a server it was communicating with. Therefore, the Blaster Worm was able to inundate the port with data, in turn, injecting malicious code into the system. By exploiting this vulnerability in Port 135, the Blaster Worm would install itself on a computer and immediately seek out other susceptible computers. Once infected, the Blaster Worm permitted individuals or an entity to take a myriad of very damaging actions from executing programs to giving others hackers full access to resources and information. Additionally, the Blaster Worm had the ability to instruct a newly discovered susceptible system to download the worm so that the infectious cycle would continue (Hoogstraten, 2003). The antidote to the Blaster Worm virus’ came in the form of a patch issued after it infected an estimated “100,000 Microsoft Windows systems and cost millions in damage” (Bailey, Cooke, Jahanian, Watson, & Nazario, 2005).
The infected computers are normally infected by a Trojan horse virus, once infected the virus usually opens an Internet Relay Chat (IRC) channel, this channel will wait for commands from the user in command of the botnet network. In the modern world, there is large, and growing, industry of selling lists of infected computers to hackers and spammers.