- Circle of safety
April 27, 2013
Apps that send alerts to selected contacts during an emergency gains popularity after Delhi rape.
- The future is now
April 13, 2013
Stuff that seems futuristic, but already exists.
- The easter egg hunt
March 30, 2013
For kids, Easter is defined by the egg hunt, where decorated artificial eggs of various sizes - are hidden both indoors and outdoors.
- In This Section
- Entire Website
From the Times Of India
- MOST POPULAR
Cold war 2. 0
Three years ago, the US attacked a nuclear facility in Iran. No soldiers were deployed, not one missile was fired. The Iranians didn't even realise they were attacked till a year later, but the damage set the country's nuclear program back by 18 months. That highly covert operation marked what could be the beginning of a cyber arms race. . .
In July 2010, US President Barack Obama was briefed by his security staff in the Situation Room of the White House. Vice President Joseph Biden Jr and the then director of the CIA, Leon Panetta, were also present.
According to a report in the New York Times, dated June 1 this year, the meeting was to inform the President that a US operation, codenamed Olympic Games, had been compromised and that elements of the programme had leaked onto the internet.
The administration had to decide if it wanted to continue with the programme, or if it needed to stop the covert mission whose target was the Natanz nuclear plant in Iran.
The leaked element that Obama was informed about was the Stuxnet worm. This was the first time that a government had used a computer virus to attack the facilities of another sovereign state. And now, it was out in the open infecting computers across the world.
THE STARTING GUN
Olympic Games had been in existence since 2006, even before President Obama took office. His predecessor George W Bush was looking for ways to deal with Iran and its nuclear programme. After exhausting all options, the US allegedly decided to launch a high-tech cyber attack that would cripple Natanz.
As a first step, the US created a code that would infiltrate the nuclear plant's computer systems. This involved sneaking past cyber security;studying the facility's operations;and collecting information and sending that data back to the Olympic Games team.
It took months for this stage to be completed, but it provided the US with inside information on how Iran's nuclear plant functioned.
The next part involved creating a computer worm that would spread via the Windows operating system;invade the specialised software and hardware systems developed by German manufacturer Siemens;and through it, hijack the plant's rotating centrifuges.
For this, the US government collaborated with Israel to create a virus that was capable of lurking in computers for weeks before it launched a strike.
"The attacks seem designed to force a change in the centrifuge's rotor speed, first raising the speed and then lowering it, likely with the intention of inducing excessive vibrations or distortions that would destroy the centrifuge, " says a December 2010 report by the US-based non-profit, non-partisan Institute of Science and International Security (ISIS).
According to the NYT report, the centrifuges at Natanz were already under cyber attacks by 2009. And by the time Obama was informed of the security leak, Stuxnet is said to have brought down around 1, 000 of Iran's 5, 000 nuclear centrifuges.
The worm, interestingly, made its way into Natanz via a USB pen drive carried by an unwitting accomplice.
Security analysts who studied the virus agreed that it was one of the most complex pieces of code that they had seen. Antivirus firm F-Secure Labs estimates that it took "more than 10 man years of work to develop Stuxnet".
The worm, among other things, exploited security flaws known as Zero-days. These are vulnerabilities in software that are not even known to its own programmers and antivirus companies. Consider that out of the thousands of viruses that are discovered each year, less than 10 use Zero-day exploits. Stuxnet took advantage of at least four Zero-days.
Here, one of the exploits allowed the virus to spread from one Windows computer to another via infected USB pen drives.
"Stuxnet is like a laser-guided missile, " says Shantanu Ghosh, managing director of Symantec (India), a cyber security firm. "When compared to it, older generations of viruses seem like crude bombs. It is capable of wracking massive damage to digital infrastructure. "
But Stuxnet is just the tip of the iceberg. Cyber sleuths have since discovered similar viruses - Duqu in September 2011, Flame in May 2012, and Gauss as recently as August 9 - which seem like they've been coded by the same brains that are behind the attack on Natanz.
According to experts, Duqu and Flame are 'first stage' worms;the kind that are planted to steal information, and are precursors to a Stuxnet-like attack.
Flame is particularly scary because of its ability to steal data in many different ways. Alexander Gostev, an expert with antivirus firm Kaspersky Labs says, "It has worm-like features, allowing it to replicate in a network and on removable media if commanded so by its master. "
The virus is capable of recording audio conversations whenever it detects a microphone. It takes screenshots when certain applications like internet messengers are run. And if Bluetooth connectivity is available, it can even collect information about discoverable devices near the infected machine. All of this stolen data is compressed and sent back to its commandand-control servers on a regular basis. Of course, Flame is also capable of network "sniffing" and capturing users' keystrokes whenever they type.
At a technology summit in June this year, Kaspersky Labs' Chief Executive Eugene Kaspersky disclosed that part of the Flame virus program code is almost identical to code from a 2009 version of Stuxnet - information that was later confirmed by Symantec.
"Flame is not designed to steal money... It is also different from the simple tools used by hacktivists. So by excluding cybercriminals and hacktivists, we have come to the conclusion that it most likely belongs a nation state, " Gostev blogged at www. securelist. com.
"In addition, the geography of the targets - certain states are in the Middle East - and also the complexity of the threat leaves no doubt about it being a nation state that sponsored the research that went into it, " he wrote.
And now there's Gauss - the Trojan that the Global Research & Analysis Team (GReAT) at Kaspersky Lab calls a sophisticated spying tool. It is designed to monitor data from several Lebanese banks: Credit Libanais, Bank of Beirut, BlomBank, ByblosBank and FransaBank.
It's no secret that the Obama Administration is scrutinizing Lebanon's financial system over concerns that Syria, Iran and the Hezbollah are using its banks to fund their activities. "This is actually the first time we've observed a nationstate cyber campaign with a banking Trojan component, " GReAT says of the malware. "After looking at Stuxnet, Duqu and Flame, we can say with a high degree of certainty that Gauss comes from the same 'factory' or 'factories'. "
But aside from the immediate damages, industry watchdogs believe that Stuxnet, Duqu, Flame and Gauss have opened a Pandora's Box. If they ever fall into the wrong hands, these sophisticated tools could spell doom for almost every nation in the world.
Besides, experts now expect to see these threats move beyond mere espionage as countries start using them to wage covert warfare. And when almost every critical infrastructure runs on computers - whether dams, water supply, power grids or defense installations - nothing seems to be safe.
"If you want to disrupt the secret nuclear programme of a foreign nation, what can you do? You can try international pressure and boycotts;you can try a conventional military attack... (but) using a digital attack like Stuxnet has several advantages, especially in providing deniability, " F-Secure's Chief Research Officer Mikko Hypponen wrote in its Threat Report for 2012. "If US officials had not leaked the information that Stuxnet was created by its [sic] government, we would have never known it for sure. Stuxnet was obviously a game changer. "
Symantec's Ghosh concurs. "Cyber security questions are no longer an exotic topic that focus on spam messages and frozen personal computers, " he says. "Stuxnet is a clear indication that the world is changing and the threat landscape will be different. "
"But what does it mean in the long term?" Hypponen asks. "I think we are now seeing the very first step of a cyber arms race. Maybe we'll eventually see public cyber war exercises where a country will demonstrate their [sic] attack capabilities. Maybe we'll eventually see cyber disarmament programs.
"( But before that) Defending against militarystrength malware is a real challenge for the computer security industry. "
The effects of these nation-sponsored viruses were not only felt by its intended targets. The collateral damage caused by these "weapons" was much higher than acceptable levels. Many individuals and organisations are still reeling from the effects of its unintended breakout. So, how will such technology be controlled? How will it be regulated? What will nation-states do to prevent such tools from falling into enemy hands, and - most importantly - how prepared will they be to handle such retaliatory acts of war? These are questions that governments need to answer before it's too late.
Register for Full Access to the Crest Edition
Don't have a Facebook Account? Sign up for Times Crest here.
Subscribe to The Times of India Crest Edition and stay connected with our unequalled network of correspondents, analysts, writers and editors to figure the changes bubbling below the surface of society.