HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 26 guests and 1 member online
 
Advertisement

You are here: Home arrow Ethical Hacking Discussions and Related Certificationsarrow Cyber Warfarearrow Stuxnet - very interesting read / insight
EH-Net
May 25, 2013, 02:36:36 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Go back to The Ethical Hacker Network Online Magazine Home Page
 
   Home   Help Calendar Login Register  
Pages: 1 [2]   Go Down
« previous next »
  Print  
Author Topic: Stuxnet - very interesting read / insight  (Read 9761 times)
0 Members and 1 Guest are viewing this topic.
sil
Hero Member
*****
Offline Offline

Posts: 549



View Profile WWW
« Reply #15 on: November 30, 2010, 05:43:03 PM »
Nah I'm not above anyone in fact, I learn just as much as everyone else does. I've been into intelligence as a hobby for about 15 years beginning with cypherpunks, cryptome, politechbot, globalsecurity, Orlin Grabbe (RIP) etc. and I ran my own "cryptome" like site for a while (*edited and fixed this link http://web.archive.org/web/*/http://politrix.org). Prior to that, I had a crypto only site for a whole (http://web.archive.org/web/*/http://venona.antioffline.com) so I read a lot into military/government strategies. I guess I have a little more experience with a lot more things than other people, but doesn't mean I'm smarter... Just more experienced.

There is a heavy shift into politics where this is concerned (Stuxnet) which is like a wetdream to many computer security companies and one has to remember, security is a multibillion dollar industry. The cost associated in marketing to "shut someone up" is akin to paying Forrester or Gartner to do research.

Let's take a quick look at the cost benefit of something like this....

Company X is a billion dollar security company. They develop products to "protect" the infrastructure. They have the capability to spend at MINIMUM 500,000.00 in marketing, write-ups, analysis', etc. which is peanuts. Creative accounting will allow them to write this off.

In their "preps" and "analysis'" of Stuxnet and similar threats (which they will googly-eyed now defend against for the right price), they market/saturate the public with "the world is coming to an end" writings. Total cost, let's be obnoxious and say they spend $5,000,000.00 in marketing, analysis, personnel, etc. What do you think the return would be if ONE large company forked out cash for their products?

Certain industries (AV, SSL Cert Cartels, etc.) have the FUD game down to a science. It doesn't make sense to post real world information because 1) no one wants to hear it. Besides it sounds more "Jason Bourne" and thrilling to spew fiction 2) Sex sells, well so does "rogue governments" ... How many contracts do you think sprouted up after Titan Rain and Advanced Persistent Threat?

What's amusing is that for all the "security" these products tout, they're extremely horrible at getting it down to a science so they tend to shift things. Where Intrusion Detection became Intrusion Prevention to now Intrusion TOLERANCE (sorry I don't want to tolerate intrusions). If one takes a moment away from the "hype" and looks at things on a most basic level, seriously ask yourself, if you were that rogue agency in government, would you waste your black budget dollars on a big "what if.." kind of exploit Stuxnet IS (not was).

Sure Stux was targeted and focused, but it wasn't anything uber-grandiose that made me want to "stop the press." I have friends on AIM which at the flick of an IM could whip up better more covert things before going to bed.


(FYI I edited my comment to add the politrix link if anyone is wondering)
« Last Edit: November 30, 2010, 06:00:13 PM by sil » Logged
http://www.infiltrated.net/mgz/puppylecter.jpg
Joshsevo
Sr. Member
****
Offline Offline

Posts: 278


View Profile
« Reply #16 on: November 30, 2010, 11:55:15 PM »
From what I have read about it said that it would make the centrifuges spin "out of control".  Now I may not have any experience in hacking or CEH for that.  But what I do have is experience with Nuc reactors and generally how they work.  Not only that but seeing as my wife was only a few hundred miles away from the Chernobyl accident in 1987 I have first hand witness to what it was like after a fallout.

I am pretty sure that "fallout" may be the wrong terminology here.  Maybe a spill but not fallout.  Fallout refers to nuc waste, leftovers, clouds/dust and particles such after a explosion of either a nuc bomb or an accident where radioactive material gets dispersed into the air. 

But a centrifuge just spins the material to a higher degree of purity.  I think it's like 99% pure to make a nuc bomb where as a reactor does not need as pure. 

On top of this if a meltdown did happen due to Stuxnet depending on how large the facility is would depend on how far it would go.  Referring back to my wife and her homeland being Poland and her being about 900 miles away from their fumbling Russian neighbors to the east of them it only got about that far.  Maybe a little further but most of that was media hype or "Hollywood media as you guys call it.  She remembers them canceling school, church, business were closed because of fear of the fallout, as well as they should have been.  but it reaching us is more than likely not going to happen.

Another thing to consider is if a melt down did start to happen that it would take more than a virus to make this happen.  There are too many protocols, too many people involved, too many safety nets.  I asked this question while on board my Nuclear powered air craft carrier while also standing next to one of two reactors on the ship.  The guy replied that if someone tried to sabotage the reactor that he couldn't do it.  There are at least 25 people from different depts that are watching the reactors at all times 24/7/365. It would be a concerted effort of those 25 to do it and not all of them would have the same ideology to commit and an act like this an kill 6000+ of us on the ship.

So you need to consider that yes there are some scientists in Iran that don't believe in their own country producing reactors and material for energy and then they also know what the intent of the countries actions really are, (as do we all).

But then there are some people that are so disillusioned with their countries leaders that they would do anything they said and believe anything they were told.  Strange, I swear I read this about another countries citizens believing their beloved leader .....oh ya Germany.....Hitler.
Logged
Security+, Network+, C|EH, CHFI, CPT
Pages: 1 [2]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.064 seconds with 22 queries.
 
Exclusive Deal

sansfire13_245x90_cw90.jpg
SANSFIRE 2013
June 15 - 22

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters
5% OFF Any SANS Course in Any Format!
Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013
Polls
Compared to this year, 2013 will be:
 
Recent Forum Topics
EH-Net News Feeds
Latest Additions
 
         
Advertisement

© 2013 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.