Posts Tagged ‘computers’


>

Today it’s Facebook.  

” … Over the years, hundreds of thousands of applications may have inadvertently leaked millions of access tokens to third parties,”

  Symantec had to get them to come out and tell you…


And yet it amazes people continue to put things online that they wouldn’t want the whole world to see…

Story from Reuters below:

Facebook may have leaked your personal information: Symantec

Photo
12:46am EDT
(Reuters) – Facebook users’ personal information could have been accidentally leaked to third parties, in particular advertisers, over the past few years, Symantec Corp said in its official blog.
Third-parties would have had access to personal information such as profiles, photographs and chat, and could have had the ability to post messages, the security software maker said.
“We estimate that as of April 2011, close to 100,000 applications were enabling this leakage,” the blog post said.
” … Over the years, hundreds of thousands of applications may have inadvertently leaked millions of access tokens to third parties,” posing a security threat, the blog post said.
The third-parties may not have realized their ability to access the information, it said.
Facebook, the world’s largest social networking website, was notified of this issue and confirmed the leakage, the blog post said.
It said Facebook has taken steps to resolve the issue.
“Unfortunately, their (Symantec’s) resulting report has a few inaccuracies. Specifically, we have conducted a thorough investigation which revealed no evidence of this issue resulting in a user’s private information being shared with unauthorized third parties,” Facebook spokeswoman Malorie Lucich said in a statement.
Lucich said the report also ignores the contractual obligations of advertisers and developers which prohibit them from obtaining or sharing user information in a way that “violates our policies.”
She also confirmed that the company removed the outdated API (Application Programing Interface) referred to in Symantec’s report.
Facebook has more than 500 million users and is challenging Google Inc and Yahoo Inc for users’ time online and for advertising dollars.
(Reporting by Thyagaraju Adinarayan and Sakthi Prasad in Bangalore; Editing by Bernard Orrand Anshuman Daga)
© Thomson Reuters 2011. All rights reserved.

Facebook may have leaked your personal information: Symantec | Reuters

Sharevar addthis_config = { ui_cobrand: “The MasterFeeds”}

The MasterFeeds


>Facebook Loses Much Face In Secret Smear On Google
Facebook secretly hired a PR firm to plant negative stories about Google, says Dan Lyons in a jaw dropping story at the Daily Beast.

For the past few days, a mystery has been unfolding in Silicon Valley. Somebody, it seems, hired Burson-Marsteller, a top public-relations firm, to pitch anti-Google stories to newspapers, urging them to investigate claims that Google was invading people’s privacy. Burson even offered to help an influential blogger write a Google-bashing op-ed, which it promised it could place in outlets like The Washington Post, Politico, and The Huffington Post.
The plot backfired when the blogger turned down Burson’s offer and posted the emails that Burson had sent him. It got worse when USA Today broke a story accusing Burson of spreading a “whisper campaign” about Google “on behalf of an unnamed client.”

Not good.
The source emails are here.
I’ve been patient with Facebook over the years as they’ve had their privacy stumbles. They’re forging new ground, and it’s not an exaggeration to say they’re changing the world’s notions on what privacy is. Give them time. They’ll figure it out eventually.
But secretly paying a PR firm to pitch bloggers on stories going after Google, even offering to help write those stories and then get them published elsewhere, is not just offensive, dishonest and cowardly. It’s also really, really dumb. I have no idea how the Facebook PR team thought that they’d avoid being caught doing this.
First, it lets the tech world know that Facebook is scared enough of what Google’s up to to pull a stunt like this. Facebook isn’t supposed to be scared, ever, about anything. Supreme confidence in their destiny is the the way they should be acting.
Second, it shows a willingness by Facebook to engage in cowardly behavior in battle. It’s hard to trust them on other things when we know they’ll engage in these types of campaigns.
And third, some of these criticisms of Google are probably valid, but it doesn’t matter any more. The story from now on will only be about how Facebook went about trying to secretly smear Google, and got caught.
The truth is Google is probably engaging in some somewhat borderline behavior by scraping Facebook content, and are almost certainly violating Facebook’s terms and conditions. But many people argue, me included, that the key data, the social graph, really should belong to the users, not Facebook. And regardless, users probably don’t mind that this is happening at all. It’s just Facebook trying to protect something that it considers to be its property.
Next time Facebook should take a page from Google’s playbook when they want to trash a competitor. Catch them in the act and then go toe to toe with them, slugging it out in person. Right or wrong, no one called Google a coward when they duped Bing earlier this year.
You’ve lost much face today, Facebook.
Update: Sleazy PR Firm Throws Scummy Facebook Under The Sordid Bus


>

Can You Frisk a Hard Drive?

If you stand with the Customs and Border Protection officers who staff the passport booths at Dulles airport near the nation’s capital, their task seems daunting. As a huge crowd of weary travelers shuffle along in serpentine lines, inspectors make quick decisions by asking a few questions (often across language barriers) and watching computer displays that don’t go much beyond name, date of birth and codes for a previous customs problem or an outstanding arrest warrant.
Illustrations by Jennifer Daniel, Photograph by Imagemore Co., Ltd./Corbis
The officers are supposed to pick out the possible smugglers, terrorists or child pornographers and send them to secondary screening.
The chosen few — 6.1 million of the 293 million who entered the United States in the year ending Sept. 30, 2010 — get a big letter written on their declaration forms: A for an agriculture check on foodstuffs, B for an immigration issue, and C for a luggage inspection. Into the computer the passport officers type the reasons for the selection, a heads-up to their colleagues in the back room, where more thorough databases are accessible.
And there is where concerns have developed about invasions of privacy, for the most complete records on the travelers may be the ones they are carrying: their laptop computers full of professional and personal e-mail messages, photographs, diaries, legal documents, tax returns, browsing histories and other windows into their lives far beyond anything that could be, or would be, stuffed into a suitcase for a trip abroad. Those revealing digital portraits can be immensely useful to inspectors, who now hunt for criminal activity and security threats by searching and copying people’s hard drives, cellphones and other electronic devices, which are sometimes held for weeks of analysis.
Digital inspections raise constitutional questions about how robust the Fourth Amendment’s guarantee “against unreasonable searches and seizures” should be on the border, especially in a time of terrorism. A total of 6,671 travelers, 2,995 of them American citizens, had electronic gear searched from Oct. 1, 2008, through June 2, 2010, just a tiny percentage of arrivals.

“But the government’s obligation is to obey the Constitution all the time,” said Catherine Crump, a lawyer for the American Civil Liberties Union. “Moreover, controversial government programs often start small and then grow,” after which “the government argues that it is merely carrying out the same policies it has been carrying out for years.”
One of the regular targets is Pascal Abidor, a Brooklyn-born student getting his Ph.D. in Islamic studies, who reported being frisked, handcuffed, taken off a train from Montreal and locked for several hours in a cell last May, apparently because his computer contained research material in Arabic and news photographs of Hezbollah and Hamas rallies. He said he was questioned about his political and religious views, and his laptop was held for 11 days.
Another is James Yee, a former Muslim chaplain at the Guantánamo Bay prison, who gets what he wryly calls a “V.I.P. escort” whenever he flies into the United States. In 2003, Mr. Yee was jailed and then exonerated by the Army after he had conveyed prisoners’ complaints about abuse, urged respect for their religious practices and reported obscene anti-Muslim caricatures being e-mailed among security staff.
Years later, he evidently remains on a “lookout” list. A federal agent stands at the door of Mr. Yee’s incoming plane, then escorts him to the front of the passport line and to secondary screening.
Arriving in Los Angeles last May from speaking engagements in Malaysia, he was thoroughly questioned and searched, he said, and his laptop was taken for three or four hours. He was not told why, but after it was returned and he was waiting to rebook a connecting flight he’d missed, a customs officer rushed up to the counter. “We left our disk inside your computer,” he quoted her as saying. “I said, ‘It’s mine now.’ She said no, and sure enough when I took the computer out, there was a disk.”
Customs won’t comment on specific cases. “The privacy rights that citizens have really supersede the government’s ability to go into any depth,” said Kelly Ivahnenko, a spokeswoman.
In general, “we’re looking for anyone who might be violating a U.S. law and is posing a threat to the country,” she explained. “We’re in the business of risk mitigation.”
Yet the mitigation itself has created a sense of risk among certain travelers, including lawyers who need to protect attorney-client privilege, business people with proprietary information, researchers who promise their subjects anonymity and photojournalists who may pledge to blur a face to conceal an identity. Some are now taking precautions to minimize data on computers they take overseas.
“I just had to do this myself when I traveled internationally,” said Ms. Crump, the lead attorney in a lawsuit challenging the policy on behalf of Mr. Abidor, the National Association of Criminal Defense Lawyers and the National Press Photographers Association.
During a week in Paris, where she lectured on communications privacy, she had legal work to do for clients, which she could not risk the government seeing as she returned. “It’s a pain to get a new computer,” she said, “wipe it completely clean, travel through the border, put the new data on, wipe it completely clean again.”
In simpler days, as customs merely looked for drugs, ivory, undeclared diamonds and other contraband that could be held in an inspector’s hand, searches had clear boundaries and unambiguous results.
Either the traveler had banned items, or didn’t. Digital information is different. Some is clearly illegal, some only hints at criminal intent, and under existing law, all is vulnerable to the same inspection as hand-carried material on paper.
Most pirated intellectual property and child pornography, for example, cannot be uncovered without fishing around in hard drives. “We’ve seen a raft of people coming from Southeast Asia with kiddie porn,” said Christopher Downing, a supervisor at Dulles. If a person has been gone only two or three days and pictures of children are spotted in a bag, he explained, the laptop is a logical candidate for inspection. Such searches have been fruitful, judging by the bureau’s spreadsheets, which list numerous child pornography cases.
But terrorism is an amalgam of violence and ideas, so its potential is harder to define as officers scrutinize words and images as indicators of attitudes, affiliations and aspirations. Random searches are not done, Mr. Downing said, although courts so far have upheld computer inspections without any suspicion of wrongdoing. In practice, something needs to spark an officer’s interest. “If you open up a suitcase and see a picture of somebody holding an RPG,” he noted, referring to a rocket-propelled grenade, “you’d want to look into that a little more.”
The search power is preserved by its judicious use, Mr. Downing said. “If you abuse it, you lose it.” he added. The A.C.L.U. doesn’t want customs to lose it, Ms. Crump explained, but just wants the courts to require reasonable suspicion, as the Supreme Court did in 1985 for examinations of a person’s “alimentary canal.” The court distinguished such intrusive inspection from “routine searches” on the border, which “are not subject to any requirement of reasonable suspicion, probable cause, or warrant.” The justices added in a footnote that they were not deciding “what level of suspicion, if any, is required for nonroutine border searches” of other kinds.
Laptop searches should be considered “nonroutine,” Ms. Crump argues, something the United States Court of Appeals for the Ninth Circuit declined to do in 2008, when it reversed a judge’s decision to suppress evidence of child pornography obtained during a suspicionless airport computer search.
With the search powers intact, Mr. Abidor no longer dares take the train home from his studies at McGill University in Montreal. He doesn’t want to be stranded at the border, waiting hours for a bus, as he was in May. So last month his father drove up from New York to get him for vacation. The men were ordered to a room and told to keep their hands on a table while customs officers spent 45 minutes searching the car, and possibly the laptop, Mr. Abidor said. “I was told to expect this every time.”

David K. Shipler, a former reporter at The Times, is the author of “The Rights of the People: How Our Search for Safety Invades Our Liberties,” to be published in April.

‘Digital Inspections’ at U.S. Border Raise Constitutional Questions – NYTimes.com

var addthis_config = { ui_cobrand: “The MasterTech Blog”}

_______________________________________

Check it out on The MasterTech Blog

>

Israeli Test on Worm Called Crucial in Iran Nuclear Delay

This article is by William J. Broad, John Markoff and David E. Sanger.
The Dimona complex in the Negev desert is famous as the heavily guarded heart of Israel’s never-acknowledged nuclear arms program, where neat rows of factories make atomic fuel for the arsenal.
Over the past two years, according to intelligence and military experts familiar with its operations, Dimona has taken on a new, equally secret role — as a critical testing ground in a joint American and Israeli effort to undermine Iran’s efforts to make a bomb of its own.
Behind Dimona’s barbed wire, the experts say, Israel has spun nuclear centrifuges virtually identical to Iran’s at Natanz, where Iranian scientists are struggling to enrich uranium. They say Dimona tested the effectiveness of the Stuxnet computer worm, a destructive program that appears to have wiped out roughly a fifth of Iran’s nuclear centrifuges and helped delay, though not destroy, Tehran’s ability to make its first nuclear arms.
“To check out the worm, you have to know the machines,” said an American expert on nuclear intelligence. “The reason the worm has been effective is that the Israelis tried it out.”
Though American and Israeli officials refuse to talk publicly about what goes on at Dimona, the operations there, as well as related efforts in the United States, are among the newest and strongest clues suggesting that the virus was designed as an American-Israeli project to sabotage the Iranian program.

In recent days, the retiring chief of Israel’s Mossad intelligence agency, Meir Dagan, and Secretary of State Hillary Rodham Clinton separately announced that they believed Iran’s efforts had been set back by several years. Mrs. Clinton cited American-led sanctions, which have hurt Iran’s ability to buy components and do business around the world.
The gruff Mr. Dagan, whose organization has been accused by Iran of being behind the deaths of several Iranian scientists, told the Israeli Knesset in recent days that Iran had run into technological difficulties that could delay a bomb until 2015. That represented a sharp reversal from Israel’s long-held argument that Iran was on the cusp of success.
The biggest single factor in putting time on the nuclear clock appears to be Stuxnet, the most sophisticated cyberweapon ever deployed.
In interviews over the past three months in the United States and Europe, experts who have picked apart the computer worm describe it as far more complex — and ingenious — than anything they had imagined when it began circulating around the world, unexplained, in mid-2009.
Many mysteries remain, chief among them, exactly who constructed a computer worm that appears to have several authors on several continents. But the digital trail is littered with intriguing bits of evidence.
In early 2008 the German company Siemens cooperated with one of the United States’ premier national laboratories, in Idaho, to identify the vulnerabilities of computer controllers that the company sells to operate industrial machinery around the world — and that American intelligence agencies have identified as key equipment in Iran’s enrichment facilities.
Siemens says that program was part of routine efforts to secure its products against cyberattacks. Nonetheless, it gave the Idaho National Laboratory — which is part of the Energy Department, responsible for America’s nuclear arms — the chance to identify well-hidden holes in the Siemens systems that were exploited the next year by Stuxnet.
The worm itself now appears to have included two major components. One was designed to send Iran’s nuclear centrifuges spinning wildly out of control. Another seems right out of the movies: The computer program also secretly recorded what normal operations at the nuclear plant looked like, then played those readings back to plant operators, like a pre-recorded security tape in a bank heist, so that it would appear that everything was operating normally while the centrifuges were actually tearing themselves apart.
The attacks were not fully successful: Some parts of Iran’s operations ground to a halt, while others survived, according to the reports of international nuclear inspectors. Nor is it clear the attacks are over: Some experts who have examined the code believe it contains the seeds for yet more versions and assaults.
“It’s like a playbook,” said Ralph Langner, an independent computer security expert in Hamburg, Germany, who was among the first to decode Stuxnet. “Anyone who looks at it carefully can build something like it.” Mr. Langner is among the experts who expressed fear that the attack had legitimized a new form of industrial warfare, one to which the United States is also highly vulnerable.
Officially, neither American nor Israeli officials will even utter the name of the malicious computer program, much less describe any role in designing it.
But Israeli officials grin widely when asked about its effects. Mr. Obama’s chief strategist for combating weapons of mass destruction, Gary Samore, sidestepped a Stuxnet question at a recent conference about Iran, but added with a smile: “I’m glad to hear they are having troubles with their centrifuge machines, and the U.S. and its allies are doing everything we can to make it more complicated.”
In recent days, American officials who spoke on the condition of anonymity have said in interviews that they believe Iran’s setbacks have been underreported. That may explain why Mrs. Clinton provided her public assessment while traveling in the Middle East last week.
By the accounts of a number of computer scientists, nuclear enrichment experts and former officials, the covert race to create Stuxnet was a joint project between the Americans and the Israelis, with some help, knowing or unknowing, from the Germans and the British.
The project’s political origins can be found in the last months of the Bush administration. In January 2009, The New York Times reported that Mr. Bush authorized a covert program to undermine the electrical and computer systems around Natanz, Iran’s major enrichment center. President Obama, first briefed on the program even before taking office, sped it up, according to officials familiar with the administration’s Iran strategy. So did the Israelis, other officials said. Israel has long been seeking a way to cripple Iran’s capability without triggering the opprobrium, or the war, that might follow an overt military strike of the kind they conducted against nuclear facilities in Iraq in 1981 and Syria in 2007.
Two years ago, when Israel still thought its only solution was a military one and approached Mr. Bush for the bunker-busting bombs and other equipment it believed it would need for an air attack, its officials told the White House that such a strike would set back Iran’s programs by roughly three years. Its request was turned down.
Now, Mr. Dagan’s statement suggests that Israel believes it has gained at least that much time, without mounting an attack. So does the Obama administration.
For years, Washington’s approach to Tehran’s program has been one of attempting “to put time on the clock,” a senior administration official said, even while refusing to discuss Stuxnet. “And now, we have a bit more.”
Finding Weaknesses
Paranoia helped, as it turns out.
Years before the worm hit Iran, Washington had become deeply worried about the vulnerability of the millions of computers that run everything in the United States from bank transactions to the power grid.
Computers known as controllers run all kinds of industrial machinery. By early 2008, the Department of Homeland Security had teamed up with the Idaho National Laboratory to study a widely used Siemens controller known as P.C.S.-7, for Process Control System 7. Its complex software, called Step 7, can run whole symphonies of industrial instruments, sensors and machines.
The vulnerability of the controller to cyberattack was an open secret. In July 2008, the Idaho lab and Siemens teamed up on a PowerPoint presentation on the controller’s vulnerabilities that was made to a conference in Chicago at Navy Pier, a top tourist attraction.
“Goal is for attacker to gain control,” the July paper said in describing the many kinds of maneuvers that could exploit system holes. The paper was 62 pages long, including pictures of the controllers as they were examined and tested in Idaho.
In a statement on Friday, the Idaho National Laboratory confirmed that it formed a partnership with Siemens but said it was one of many with manufacturers to identify cybervulnerabilities. It argued that the report did not detail specific flaws that attackers could exploit. But it also said it could not comment on the laboratory’s classified missions, leaving unanswered the question of whether it passed what it learned about the Siemens systems to other parts of the nation’s intelligence apparatus.
The presentation at the Chicago conference, which recently disappeared from a Siemens Web site, never discussed specific places where the machines were used.
But Washington knew. The controllers were critical to operations at Natanz, a sprawling enrichment site in the desert. “If you look for the weak links in the system,” said one former American official, “this one jumps out.”
Controllers, and the electrical regulators they run, became a focus of sanctions efforts. The trove of State Department cables made public by WikiLeaks describes urgent efforts in April 2009 to stop a shipment of Siemens controllers, contained in 111 boxes at the port of Dubai, in the United Arab Emirates. They were headed for Iran, one cable said, and were meant to control “uranium enrichment cascades” — the term for groups of spinning centrifuges.
Subsequent cables showed that the United Arab Emirates blocked the transfer of the Siemens computers across the Strait of Hormuz to Bandar Abbas, a major Iranian port.
Only months later, in June, Stuxnet began to pop up around the globe. The Symantec Corporation, a maker of computer security software and services based in Silicon Valley, snared it in a global malware collection system. The worm hit primarily inside Iran, Symantec reported, but also in time appeared in India, Indonesia and other countries.
But unlike most malware, it seemed to be doing little harm. It did not slow computer networks or wreak general havoc.
That deepened the mystery.
A ‘Dual Warhead’
No one was more intrigued than Mr. Langner, a former psychologist who runs a small computer security company in a suburb of Hamburg. Eager to design protective software for his clients, he had his five employees focus on picking apart the code and running it on the series of Siemens controllers neatly stacked in racks, their lights blinking.
He quickly discovered that the worm only kicked into gear when it detected the presence of a specific configuration of controllers, running a set of processes that appear to exist only in a centrifuge plant. “The attackers took great care to make sure that only their designated targets were hit,” he said. “It was a marksman’s job.”
For example, one small section of the code appears designed to send commands to 984 machines linked together.
Curiously, when international inspectors visited Natanz in late 2009, they found that the Iranians had taken out of service a total of exactly 984 machines that had been running the previous summer.
But as Mr. Langner kept peeling back the layers, he found more — what he calls the “dual warhead.” One part of the program is designed to lie dormant for long periods, then speed up the machines so that the spinning rotors in the centrifuges wobble and then destroy themselves. Another part, called a “man in the middle” in the computer world, sends out those false sensor signals to make the system believe everything is running smoothly. That prevents a safety system from kicking in, which would shut down the plant before it could self-destruct.
“Code analysis makes it clear that Stuxnet is not about sending a message or proving a concept,” Mr. Langner later wrote. “It is about destroying its targets with utmost determination in military style.”
This was not the work of hackers, he quickly concluded. It had to be the work of someone who knew his way around the specific quirks of the Siemens controllers and had an intimate understanding of exactly how the Iranians had designed their enrichment operations.
In fact, the Americans and the Israelis had a pretty good idea.
Testing the Worm
Perhaps the most secretive part of the Stuxnet story centers on how the theory of cyberdestruction was tested on enrichment machines to make sure the malicious software did its intended job.
The account starts in the Netherlands. In the 1970s, the Dutch designed a tall, thin machine for enriching uranium. As is well known, A. Q. Khan, a Pakistani metallurgist working for the Dutch, stole the design and in 1976 fled to Pakistan.
The resulting machine, known as the P-1, for Pakistan’s first-generation centrifuge, helped the country get the bomb. And when Dr. Khan later founded an atomic black market, he illegally sold P-1’s to Iran, Libya, and North Korea.
The P-1 is more than six feet tall. Inside, a rotor of aluminum spins uranium gas to blinding speeds, slowly concentrating the rare part of the uranium that can fuel reactors and bombs.
How and when Israel obtained this kind of first-generation centrifuge remains unclear, whether from Europe, or the Khan network, or by other means. But nuclear experts agree that Dimona came to hold row upon row of spinning centrifuges.
“They’ve long been an important part of the complex,” said Avner Cohen, author of “The Worst-Kept Secret” (2010), a book about the Israeli bomb program, and a senior fellow at the Monterey Institute of International Studies. He added that Israeli intelligence had asked retired senior Dimona personnel to help on the Iranian issue, and that some apparently came from the enrichment program.
“I have no specific knowledge,” Dr. Cohen said of Israel and the Stuxnet worm. “But I see a strong Israeli signature and think that the centrifuge knowledge was critical.”
Another clue involves the United States. It obtained a cache of P-1’s after Libya gave up its nuclear program in late 2003, and the machines were sent to the Oak Ridge National Laboratory in Tennessee, another arm of the Energy Department.
By early 2004, a variety of federal and private nuclear experts assembled by the Central Intelligence Agency were calling for the United States to build a secret plant where scientists could set up the P-1’s and study their vulnerabilities. “The notion of a test bed was really pushed,” a participant at the C.I.A. meeting recalled.
The resulting plant, nuclear experts said last week, may also have played a role in Stuxnet testing.
But the United States and its allies ran into the same problem the Iranians have grappled with: the P-1 is a balky, badly designed machine. When the Tennessee laboratory shipped some of its P-1’s to England, in hopes of working with the British on a program of general P-1 testing, they stumbled, according to nuclear experts.
“They failed hopelessly,” one recalled, saying that the machines proved too crude and temperamental to spin properly.
Dr. Cohen said his sources told him that Israel succeeded — with great difficulty — in mastering the centrifuge technology. And the American expert in nuclear intelligence, who spoke on the condition of anonymity, said the Israelis used machines of the P-1 style to test the effectiveness of Stuxnet.
The expert added that Israel worked in collaboration with the United States in targeting Iran, but that Washington was eager for “plausible deniability.”
In November, the Iranian president, Mahmoud Ahmadinejad, broke the country’s silence about the worm’s impact on its enrichment program, saying a cyberattack had caused “minor problems with some of our centrifuges.” Fortunately, he added, “our experts discovered it.”
The most detailed portrait of the damage comes from the Institute for Science and International Security, a private group in Washington. Last month, it issued a lengthy Stuxnet report that said Iran’s P-1 machines at Natanz suffered a series of failures in mid- to late 2009 that culminated in technicians taking 984 machines out of action.
The report called the failures “a major problem” and identified Stuxnet as the likely culprit.
Stuxnet is not the only blow to Iran. Sanctions have hurt its effort to build more advanced (and less temperamental) centrifuges. And last January, and again in November, two scientists who were believed to be central to the nuclear program were killed in Tehran.
The man widely believed to be responsible for much of Iran’s program, Mohsen Fakrizadeh, a college professor, has been hidden away by the Iranians, who know he is high on the target list.
Publicly, Israeli officials make no explicit ties between Stuxnet and Iran’s problems. But in recent weeks, they have given revised and surprisingly upbeat assessments of Tehran’s nuclear status.
“A number of technological challenges and difficulties” have beset Iran’s program, Moshe Yaalon, Israel’s minister of strategic affairs, told Israeli public radio late last month.
The troubles, he added, “have postponed the timetable.”

This article has been revised to reflect the following correction:
Correction: January 17, 2011
An earlier version of this story misspelled, at one point, the name of the German company whose computer controller systems were exploited by the Stuxnet computer worm. It is Siemens, not Seimens.

Stuxnet Worm Used Against Iran Was Tested in Israel – NYTimes.com

var addthis_config = { ui_cobrand: “The MasterTech Blog”}

_______________________________________

Check it out on The MasterTech Blog

Tehran confirms its industrial computers under Stuxnet virus attack
DEBKAfile Exclusive Report September 25, 2010, 6:07 PM (GMT+02:00)

Iran is first nation to admit to being victim of cyber-terror


Mahmoud Alyaee, secretary-general of Iran’s industrial computer servers, including its nuclear facilities control systems, confirmed Saturday, Sept. 25, that30,000 computers belonging to classified industrial units had been infected and disabled bythemalicious Stuxnet virus.
This followed debkafile‘s exclusive report Thursday, Sept. 23, from its Washington and defense sources that a clandestine cyber war is being fought against Iran by the United States with elite cyber war units established by Israel. Stuxnet is believed to be the most destructive virus ever devised for attacking major industrial complexes, reactors and infrastructure. The experts say it is beyond the capabilities of private or individual hackers and could have been produced by a high-tech state like America or Israel, or its military cyber specialists.
The Iranian official said Stuxnet had been designed to strike the industrial control systems in Iran manufactured by the German Siemens and transfer classified data abroad.

The head of the Pentagon’s cyber war department, Vice Adm. Bernard McCullough said Thursday, Sept. 22, that Stuxnet had capabilities never seen before. In a briefing to the Armed Forces Committee of US Congress, he testified that it was regarded as the most advanced and sophisticated piece of Malware to date.
According to Alyaee, the virus began attacking Iranian industrial systems two months ago. He had no doubt that Iran was the victim of a cyber attack which its anti-terror computer experts had so far failed to fight. Stuxnet is powerful enough to change an entire environment, he said without elaborating. Not only has it taken control of automatic industrial systems, but has raided them for classified information and transferred the date abroad.

This was the first time an Iranian official has explained how the United States and Israel intelligence agencies have been able to keep pace step by step of progress made in Iran’s nuclear program. Until now, Tehran attributed the leaks to Western spies using Iranian double agents.
Last Thursday, debkafile first reported from its Washington sources that US president Barack Obama had resolved to deal with the nuclear impasse with Iran by going after the Islamic republic on two tracks: UN and unilateral sanctions for biting deep into the financial resources Iran has earmarked for its nuclear program, and a secret cyber war with Israel to cripple its nuclear facilities.
In New York, the US offer to go back to the negotiating table was made against this background.
Leaks by American security sources to US media referred to the recruitment by Israel military and security agencies of cyber raiders with the technical knowhow and mental toughness for operating in difficult and hazardous circumstances, such as assignments for stealing or destroying enemy technology, according to one report.
debkafile‘s sources disclose that Israel has had special elite units carrying out such assignments for some time. Three years ago, for instance, cyber raiders played a role in the destruction of the plutonium reactor North Korea was building at A-Zur in northern Syria.
Some computer security specialists reported speculated that the virus was devised specifically to target part of the Iranian nuclear infrastructure, either the Bushehr nuclear plant activated last month – which has not been confirmed – or the centrifuge facility in Natanz.
debkafile‘s sources add: Since August, American and UN nuclear watchdog sources have been reporting a slowdown in Iran’s enrichment processing due to technical problems which have knocked out a large number of centrifuges and which its nuclear technicians have been unable to repair. It is estimated that at Natanz alone, 3,000 centrifuges have been idled.

DEBKAfile, Political Analysis, Espionage, Terrorism, Security
Also see Stratfor’s analysis here

Share this|var addthis_config = { ui_cobrand: “The MasterBlog”}

________________________
The MasterBlog


>A computer worm proliferating in Iran targets automated activity in large industrial facilities. Speculation that the worm represents an effort by a national intelligence agency to attack Iranian nuclear facilities is widespread in the media. The characteristics of the complex worm do in fact suggest a national intelligence agency was involved. If so, the full story is likely to remain shrouded in mystery.

Analysis

A computer virus known as a worm that has been spreading on computers primarily in Iran, India and Indonesia could be a cyberattack on Iranian nuclear facilities, according to widespread media speculation.

_______________________________________


The Stuxnet Computer Worm and the Iranian Nuclear Program

Summary

A computer worm proliferating in Iran targets automated activity in large industrial facilities. Speculation that the worm represents an effort by a national intelligence agency to attack Iranian nuclear facilities is widespread in the media. The characteristics of the complex worm do in fact suggest a national intelligence agency was involved. If so, the full story is likely to remain shrouded in mystery.

Analysis

A computer virus known as a worm that has been spreading on computers primarily in Iran, India and Indonesia could be a cyberattack on Iranian nuclear facilities, according to widespread media speculation.
Creating such a program, which targets a specific Siemens software system controlling automated activity in large industrial facilities, would have required a large team with experience and actionable intelligence. If a national intelligence agency in fact targeted Iranian nuclear facilities, this would be the first deployment of a cyberweapon reported on in the media. It would also mean that the full details of the operation are not likely ever to be known.
The so-called Stuxnet worm first attracted significant attention when Microsoft announced concerns over the situation in a Sept. 13 security bulletin, though various experts in the information technology community had been analyzing it for at least a few months. The worm is very advanced, required specific intelligence on its target, exploits multiple system vulnerabilities and uses two stolen security certificates, suggesting a typical hacker did not create it.
On a technical level, Stuxnet uses four different vulnerabilities to gain access to Windows systems and USB flash drives, identified independently by antivirus software makers Symantec and Kaspersky Lab. Discovering and exploiting all four vulnerabilities, which in this case are errors in code that allow access to the system or program for unintended purposes, would have required a major effort. Three of them were “zero-day” vulnerabilities, meaning they were unknown before now. A Polish security publication, Hakin9, had discovered the fourth, but Microsoft had failed to fix it. Typically, hackers who discover zero-day vulnerabilities exploit them immediately to avoid pre-emption by software companies, which fix them as soon as they learn of them. In another advanced technique, the worm uses two stolen security certificates from Realtek Semiconductor Corp. to access parts of the Windows operating system.
Stuxnet seems to target a specific Siemens software system, the Simatic WinCC SCADA, operating a unique hardware configuration, according to industrial systems security expert Ralph Langner and Symantec, which both dissected the worm. SCADA stands for “supervisory control and data acquisition systems,” which oversee a number of programmable logic controllers (PLCs), which are used to control individual industrial processes. Stuxnet thus targets individual computers that carry out automated activity in large industrial facilities, but only will activate when it finds the right one. Siemens reported that 14 facilities using its software had already been infected, but nothing had happened. When Stuxnet finds the right configuration of industrial processes run by this software, it supposedly will execute certain files that would disrupt or destroy the system and its equipment. Unlike most sophisticated worms or viruses created by criminal or hacker groups, this worm thus does not involve winning wealth or fame for the creator, but rather aims to disrupt one particular facility, shutting down vital systems that run continuously for a few seconds at a time.
VirusBlokAda, a Minsk-based company, announced the discovery of Stuxnet June 17, 2010, on customers’ computers in Iran. Data from Symantec indicates that most of the targeted and infected computers are in Iran, Indonesia and India. Nearly 60 percent of the infected computers were in Iran. Later research found that at least one version of Stuxnet had been around since June 2009. The proliferation of the worm in Iran indicates that country was the target, but where it started and how it has spread to different countries remains unclear.
Few countries have the kind of technology and industrial base and security agencies geared toward computer security and operations required to devise such a worm, which displays a creativity that few intelligence agencies have demonstrated. This list includes, in no particular order, the United States, India, the United Kingdom, Israel, Russia, Germany, France, China and South Korea.
Media speculation has focused on the United States and Israel, both of which are seeking to disrupt the Iranian nuclear program. Though a conventional war against Iran would be difficult, clandestine attempts at disruption can function as temporarily solutions. Evidence exists of other sabotage attempts in the covert war between the United States and Israel on one side and Iran on the other over Iranian efforts to build a deliverable nuclear weapon.
U.S. President Barack Obama has launched a major diplomatic initiative to involve other countries in stopping Iran’s nuclear activities, so another country might have decided to contribute this creative solution. Whoever developed the worm had very specific intelligence on their target. Targeting a classified Iranian industrial facility would require reliable intelligence assets, likely of a human nature, able to provide the specific parameters for the target. A number of defectors could have provided this information, as could have the plants’ designers or operators. Assuming Siemens systems were actually used, the plans or data needed could have been in Germany, or elsewhere.
Evidence pinpointing who created the worm is not likely to emerge. All that is known for certain is that it targets a particular industrial system using Siemens’ programming. Whether the worm has found its target also remains unclear. It may have done so months ago, meaning now we are just seeing the remnants spread. Assuming the target was a secret facility — which would make this the first cyberweapon reported in the media — the attack might well never be publicized. The Iranians have yet to comment on the worm. They may still be investigating to see where it has spread, working to prevent further damage and trying to identify the culprit. If a government did launch the worm, like any good intelligence operation, no one is likely to take credit for the attack. But no matter who was responsible for the worm, Stuxnet is a display of serious innovation by its designer.

Read more: The Stuxnet Computer Worm and the Iranian Nuclear Program | STRATFOR 

Also see:

Iran ‘attacked’ by computer worm
Iran’s nuclear agency trying to combat a virus capable of taking over systems that control power plants, media says.
Last Modified: 25 Sep 2010 15:08 GMT
Foreign media has speculated that the worm is aimed at disrupting the Bushehr nuclear plant [EPA]

Iran’s nuclear agency is trying to combat a complex computer worm that has affected industrial sites throughout the country and is capable of taking over the control systems of power plants, Iranian media reports have said.
Experts from the Atomic Energy Organisation of Iran met this week to discuss how to remove the malicious computer code, or worm, the semi-official Isna news agency reported on Friday.
No damage or disruption of nuclear facilities has yet been reported, however.
The computer worm, dubbed Stuxnet, can take over systems that control the inner workings of industrial plants.
Experts in Germany discovered the worm in July, and it has since shown up in a number of attacks – primarily in Iran, Indonesia, India and the US.
‘Disrupting Bushehr’
Isna said the malware had spread throughout Iran, but did not name specific sites affected.
Foreign media reports have speculated the worm was aimed at disrupting Iran’s first nuclear power plant, which is to go online in October in the southern port city of Bushehr.

The Russian-built plant will be internationally supervised, but world powers remain concerned that Iran wants to use its civil nuclear power programme as a cover for making weapons.
Iran denies such an aim and says its nuclear work is solely for peaceful purposes.
The destructive Stuxnet worm has surprised experts because it is the first one specifically created to take over industrial control systems, rather than just steal or manipulate data.
Speaking to Al Jazeera, Rik Ferguson, a senior security adviser at the computer security company Trend Micro, described the worm as “very sophisticated”.
“It is designed both for information theft, looking for design documents and sending that information back to the controllers, and for disruptive purposes,” he said.
“It can issue new commands or change commands used in manufacturing.
“It’s difficult to say with any certainty who is behind it. There are multiple theories, and in all honesty, any of of them could be correct.”
Western experts have said the worm’s sophistication – and the fact that about 60 per cent of computers infected looked to be in Iran – pointed to a government-backed attack.
Washington is also tracking the worm, and the Department of Homeland Security is building specialised teams that can respond quickly to cyber emergencies at industrial facilities across the US.

Share this | var addthis_config = { ui_cobrand: “The MasterBlog”}

________________________
The MasterBlog





%d bloggers like this: