Jump to content
We've just launched our new store! Unique tees, mugs, bags, and more. 10% discount with code OPEN10

  • Sign Up!

    Join our friendly community of music lovers and be part of the fun 😎

WikiLeaks

Guest Atlanteanlost

By Guest Atlanteanlost
in Discussions

 Share

Recommended Posts

eFestivals Mentor

eFestivals

Posted
Posted

Has anyone noticed how overnight the BBC has hugely changed the reporting of the latest wikileak leak?

Last night they were reporting how the Libyans were 'thuggishly threatening the UK over Megrahi'. Today they're reporting it in reverse, about how the UK was worried about what Libya might do if he died in jail.

It's a very subtle change in what's being reported, but the implication that a person takes from it is hugely different.

Link to comment
Share on other sites
  • Replies 93
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Kowalski Newbie

Kowalski

Posted
Posted (edited)

The most stupid stupid stupid thing about the stuxnet worm is that there's absolutely no reason whatsoever for any power station or anything else to be connected to the 'net. Remove that connection (or be smart enough to not have made it in the first place), and all the security worries vanish in an instant.

Anyone with a modicum of sense wouldn't have made this most basic of errors in the first place.

Edited by Kowalski
Link to comment
Share on other sites
eFestivals Mentor

eFestivals

Posted
Posted (edited)

I've dealt with oil and gas companies, and national energy suppliers, and yet to find any control systems connected to the internet. The majority of them do have third party access through firewalls/DMZs though.

I'm confused at what you're saying. Is the "third party access through firewalls/DMZs" to the control systems or not?

The stuxnet virus attacked the Iranian power stations via the net. The reports of the risk to other countries including the UK has said that we're at risk of the same. That risk can only exist if the control systems are on the net.

It's certainly the case that many traffic control systems (traffic lights) are net-connected, and so at risk from cyber attack - yet there's no necessity for them to be net-connected.

Edited by eFestivals
Link to comment
Share on other sites
eFestivals Mentor

eFestivals

Posted
Posted

It is, many control systems have third party access via firewalls from corporate intranets or external third party computers. These are not direct connections to the internet but pose a serious threat.

they ARE direct connections, but behind a firewall.

And firewalls are only as good as they're good. Believing that they bring about a "no connection to the internet" is the first flaw in the thinking that has led to this risk.

I'll have to take your word for it because I wasn't 100% sure how the attacks hit the Iranian power stations, could have been maliciously placed there through a firewall, or from removable media. It is highly unlikely they are connected to the net, but if they are then it is their own fault.

The Iranians were very definitely attacked over the net.

It might be that the virus got onto their internal systems in the first place via removable media of some kind, but once it's there then the net can be utilised to control what the virus does, without a firewall being much of an issue (how much of an issue it is depends on the method of operation that the firewall uses, and how well the firewall has been implemented).

I agree, they don't need to be net-connected at all. I've not come across an industrial control system that is.

Except the ones you've mentioned in the first part of what I've quoted here of course. :lol:

Link to comment
Share on other sites
rabid Newbie

rabid

Posted
Posted

From the BBC:

Unlike most viruses, the worm targets systems that are traditionally not connected to the internet for security reasons.

Instead it infects Windows machines via USB keys - commonly used to move files around - infected with malware.

Once it has infected a machine on a firm's internal network, it seeks out a specific configuration of industrial control software made by Siemens.

Link to comment
Share on other sites
rabid Newbie

rabid

Posted
Posted

The Iranians were very definitely attacked over the net.

It might be that the virus got onto their internal systems in the first place via removable media of some kind, but once it's there then the net can be utilised to control what the virus does, without a firewall being much of an issue (how much of an issue it is depends on the method of operation that the firewall uses, and how well the firewall has been implemented).

Link to comment
Share on other sites
Kowalski Newbie

Kowalski

Posted
Posted

Experts had first thought that Stuxnet was written to steal industrial secrets -- factory formulas that could be used to build counterfeit products. But Langner found something quite different. The worm actually looks for very specific Siemens settings -- a kind of fingerprint that tells it that it has been installed on a very specific Programmable Logic Controller (PLC) device -- and then it injects its own code into that system.

Link to comment
Share on other sites
eFestivals Mentor

eFestivals

Posted
Posted

Going from a third party machine, to a machine in a DMZ, then to the control system is not a direct connection to the internet.

it is when people find a way to bridge the gaps between those supposedly (but not in reality) isolated systems, which people DO succeed in doing.

The parts have direct connections (wires, if you like) between them, so it only takes one person to find a way to route traffic along those connections for it all to become 'a direct connection to the internet'.

While I'm not trying to suggest that routing traffic along those connections is an easy thing to do, it is always doable in some manner. There is no such thing and can never be so as a fully secure system.

And it's not impossible that doing those things is actually a breeze for someone with the right knowledge. If the stories are to be believed then Windoze has a deliberate back-door which the CIA etc is able to utilise, and while that might be a conspiracy theory, such back-doors certainly do exist within some systems which have a higher US govt security rating than Windoze does (as a particular member of these forums could verify if he wished to reveal himself).

If traffic light systems are counted as industrial control systems then yes. They are not in my area of work though.

traffic lights are definitely that - tho at the simple end of things.

But that wasn't what I was meaning - I was meaning stuff like the DMZ machines you mention. The normal situation for such things is that they have an external (net) connection, as well as connection via a different network card to the internal intRAnet. The machine can be bridged, and it happens more than you might imagine.

Link to comment
Share on other sites
eFestivals Mentor

eFestivals

Posted
Posted

Indeed but that doesn't mean it didn't enter the Iranian systems through the net. That is more about what it actually does once its found the specific PLC it is looking for.

I'm not entirely sure if it's been stated that the virus got onto their machines via the 'net or not, but it's definitely been stated that that traffic to do with the virus was getting out onto the net and on to a particular country (tho I've forgotten which of the 4 main possibilities it was to).

Link to comment
Share on other sites
eFestivals Mentor

eFestivals

Posted
Posted (edited)

So even if there isn't a direct connection to the internet, a boffin can make

Given that security services the world over believe cyber to be by far the biggest threat, I'll stick with my original assertion and completely ignore your suggestion that I'm completely and utterly wrong.

Can I just confirm that in the first post you suggest that the stupidity lies in connecting to a public and open service and in the second you say it doesn't matter anyway because it can be made to connect to an open and public service? I'd don't have a great understanding of these things

Yes, cyber is a big threat, but only because they've set everything up in such a way that it can be threatened.

That was the point I was making, and why I said it's wrong to concentrate on the idea that cyber is a threat. The threat was created by the stupidity of the people who set things up in such a way that it could be threatened, rather than by the ambitions of terrorists or 'enemy states'. It's something which should never have happened.

Regarding your last para, what you've said is pretty much what I've said, but your confusion is caused by the angle Kowalski first took about the control systems being 'isolated' from the net and my response to that. They are isolated (via firewalls, intranets, etc) from the net, but often there are physical cables that give a physical connection (but not a network connection as standard) from a piece of control gear to the net. Those physical connections often (depending on setup) have the capability to become (the equivalent of) network connections, so that if someone if determined and clever enough (and perhaps needing a virus somewhere within the system to be able to do it) they can connect from the internet thru to that control gear.

If you think of a firewall as being a PC with two network cards (which is what many firewalls essentially are) - one for traffic in from the net and the other being a connection onto a company's internal network - then you can perhaps start to get an idea of how these things can be worked. That 'firewall PC' has to route allowable network traffic thru that PC from the internet to the internal network, which is done via firewalling software (which has a set of rules of what can be allowed thru and what can't). Some virus's aim to create the same scenario of routing traffic that shouldn't be routing in the way that a virus can achieve.

Edited by eFestivals
Link to comment
Share on other sites
eFestivals Mentor

eFestivals

Posted
Posted

Yup, they've gone for paypal.com (not www just http://paypal.com)

Interestingly, one of the sites all this is being shown on - pandalabs have started to be counter hacked :lol:

Wonder how much money the companies affected are actually losing from this? There's definately been a big increase in ddos attacks this year related to big companies...

It's all still up at the moment.

<selfish mode on>

... and I hope it stays that way for the next 48 hours or so. I've got some calendars still to sell, and have just sent out a mailer to help push the last of them. :P

</off>

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...