The murmur of the snarkmatrix…

August § The Common Test / 2016-02-16 21:04:46
Robin § Unforgotten / 2016-01-08 21:19:16
MsFitNZ § Towards A Theory of Secondary Literacy / 2015-11-03 21:23:21
Jon Schultz § Bless the toolmakers / 2015-05-04 18:39:56
Jon Schultz § Bless the toolmakers / 2015-05-04 16:32:50
Matt § A leaky rocketship / 2014-11-05 01:49:12
Greg Linch § A leaky rocketship / 2014-11-04 18:05:52
Robin § A leaky rocketship / 2014-11-04 05:11:02
P. Renaud § A leaky rocketship / 2014-11-04 04:13:09
Jay H § Matching cuts / 2014-10-02 02:41:13

Don’t touch that USB drive
 / 

Smart, tech-literate reporting from Ralph Langner on the two Stuxnets:

… Stuxnet is not really one weapon, but two. The vast majority of the attention has been paid to Stuxnet’s smaller and simpler attack routine — the one that changes the speeds of the rotors in a centrifuge, which is used to enrich uranium. But the second and “forgotten” routine is about an order of magnitude more complex and stealthy. It qualifies as a nightmare for those who understand industrial control system security.

Aaand this seems important:

Stuxnet also provided a useful blueprint to future attackers by highlighting the royal road to infiltration of hard targets. Rather than trying to infiltrate directly by crawling through 15 firewalls, three data diodes, and an intrusion detection system, the attackers acted indirectly by infecting soft targets with legitimate access to ground zero: contractors.

Here’s something I’ve often wondered about: if you sprinkled an assortment of USB drives with provocative labels (“Project Z”? “Avengers FX reel”?) around, say, San Francisco’s Financial District, what proportion would get plugged in to office computers? I’m guessing 10%, maybe more. I consider myself as a test case here; I know the danger (most don’t) and it would still take all my willpower to throw a cool-looking drive away instead of checking it out.

Surely someone has conducted this experiment — is currently conducting it — driven, of course, not by curiosity but by malice. How many USB drives are lying in parking lots around the world right now, waiting to be picked up, carried inside…?

Link via Alexis Madrigal’s excellent 5 Intriguing Things email.

2 comments

The eye opener when reading that article to me was less about the methods that are used to infect a system with virus and more about the goal.

Specifically, that so much of the modern world relies on relatively thin margins. And by quietly mucking with those margins there can be as much impact as trying to bring the entire system down.

It is the equivalent to the Superman III vision of digitally shaving pennies, which I just found has the awesome name of a salami slicing scam. Instead of having computers (or reactors) grind to a halt, slicing off small portions of their reliability or efficiency to quietly destroy their margins of usefulness.

The snarkmatrix awaits you

Below, you can use basic HTML tags and/or Markdown syntax.