Collarspace Discussion Forums


Home  Login  Search 

RE: Stuxnet "attackware" targeted malware


View related threads: (in this forum | in all forums)

Logged in as: Guest
 
All Forums >> [Community Discussions] >> Dungeon of Political and Religious Discussion >> RE: Stuxnet "attackware" targeted malware Page: <<   < prev  1 2 [3]
Login
Message << Older Topic   Newer Topic >>
RE: Stuxnet "attackware" targeted malware - 10/1/2010 6:30:05 AM   
Icarys


Posts: 5757
Status: offline
quote:

If stuxnet was encrypted using over the counter tools then it would already be fully decrypted and reverse engineered. Since it is being decrypted by hand by the top people in the field that tells me, a professional software developer with 20+ years experience, that this isn't an over the counter encryption technique.

This program is designed to violate both the security of USB and of the siemens indsutrial controllers in ways not previously known. one hacker might find an unknown vulnerability but 2?

The people disassembling this thing are quite sure it is lokking for a single specific industrial process. The "payload" is keyed to only be activated on that specific system and to do very specific things to that system. That requires in depth knowledge of that industrial process.

As I said above this is extremely unlikely to be a single p[erson. The skillset is too broad and the program is too big and too sophisticated to be a single coders effort.


I'm not sure why you said over the counter when the kind of people I'm talking about would write their own code. Nevermind..I see what you meant...You were talking about the encryption. Yes I agree. A: The key as you've said is written inside the code and B: Wasn't there legislation written that gave them a backdoor into corporately distributed encryption for national security reasons some 15 or 20 years ago?

I'm not disagreeing with you in whole. Just about the possibility of a single person doing it. It is probably unlikely but what makes it more unlikely is the intent factor. How many people in the world would have that type of maliciousness on their minds. It could be a group of hackers/terrorist working for a state or their own agenda.

I think they're on the right track for the most part but speculating on Israel based on a number they found out is irresponsible as far as I'm concerned.

Maybe I'm missing some of the story but Iran is now claiming it was attacked but there was no damage as of yet. It's been found supposedly on a couple of workers computers. Did they really find it or are they just taking advantage of the news?

As usual the claims are premature. We'll have a war between Iran/Israel/US and every other nation that wants a piece based on so far minimal discovery

< Message edited by Icarys -- 10/1/2010 6:36:19 AM >

_____________________________

submission - the feeling of patient, submissive humbleness - the state of being submissive or compliant; meekness.

Alaska Bound-The Official Countdown Has Started!
http://tinyurl.com/872mcu3
http://alturl.com/mog7m

(in reply to DomKen)
Profile   Post #: 41
RE: Stuxnet "attackware" targeted malware - 10/1/2010 6:51:46 AM   
mnottertail


Posts: 60698
Joined: 11/3/2004
Status: offline 		successful over the counter encryption doesnt work like that. part of the newer encryption standards is that the source must be open to peer public review,  so they can dissect the code and  look for flaws in the plan.

now you can put a pig in a sausage grinder, and out comes sausage, but having done that you can never grind the sausage and come out with pig.

Having said that, locks are built to keep the honest people out, now there are sophisticated people that can pick any lock given enough time and money, so its a matter of how valuable the goods are.

The government has some pretty damn good cryptologists (I know a few of them) and most of these crypto schemes are built on prime numbers. So, given enough time, money, people and computing power,  encryptions can eventually be broken.

Commercial software encryptions standards are way less than governments, usually around 512 bytes......so (512 * 2 * 8)! is the solution field. 

Bring a lunch and a lantern kids, cuz its gonna be an all night job.   

_____________________________

Have they not divided the prey; to every man a damsel or two? Judges 5:30


(in reply to Icarys)
Profile   Post #: 42
RE: Stuxnet "attackware" targeted malware - 10/1/2010 7:12:30 AM   
hertz


Posts: 1315
Joined: 8/7/2010
Status: offline
quote:

They have the keys. They have to be built into the code in order for the software to decrypt itself. That's why systems that encrypt/decrypt themselves can be reverse engineered at all.


It's not an area I have any expertise in, but I am left wondering what the point of encrypting software might be, if you then have to leave the key hanging around in order for it to be decrypted? That's a bit like putting a huge fuck-off lock on a safe vault and then leaving the key under the doormat...

To be honest, I am not even convinced by the whole encryption part of this story. Yes, there are lots of reports that Stuxnet uses encrypted dlls, but there is very little information about what that might mean and how heavy the encryption might be. I note too that the issue of encryption is raised in the way that Stuxnet is apparently using stolen encryption  keys to fake digital signing as an anti anti-virus measure.

(in reply to mnottertail)
Profile   Post #: 43
RE: Stuxnet "attackware" targeted malware - 10/1/2010 7:15:55 AM   
mnottertail


Posts: 60698
Joined: 11/3/2004
Status: offline 		Only the public key has to be there, not the private key, it is a key in two parts......

Decrypting is finish this sentence:

I was born in Tupelo, Mississippi, got up here.....................(finish the sentence correctly) 


http://en.wikipedia.org/wiki/Public-key_cryptography

< Message edited by mnottertail -- 10/1/2010 7:17:25 AM >

_____________________________

Have they not divided the prey; to every man a damsel or two? Judges 5:30


(in reply to hertz)
Profile   Post #: 44
RE: Stuxnet "attackware" targeted malware - 10/1/2010 8:13:28 AM   
DomKen


Posts: 19457
Joined: 7/4/2004
From: Chicago, IL
Status: offline
quote:

ORIGINAL: hertz

quote:

They have the keys. They have to be built into the code in order for the software to decrypt itself. That's why systems that encrypt/decrypt themselves can be reverse engineered at all.


It's not an area I have any expertise in, but I am left wondering what the point of encrypting software might be, if you then have to leave the key hanging around in order for it to be decrypted? That's a bit like putting a huge fuck-off lock on a safe vault and then leaving the key under the doormat...

To be honest, I am not even convinced by the whole encryption part of this story. Yes, there are lots of reports that Stuxnet uses encrypted dlls, but there is very little information about what that might mean and how heavy the encryption might be. I note too that the issue of encryption is raised in the way that Stuxnet is apparently using stolen encryption  keys to fake digital signing as an anti anti-virus measure.


By encrypting the DLL's the machine code cannot be simply read directly. This helps to defeat AV software which looks for certain things in programs that indicate it isn't kosher. The encrypted DLL's are just random numbers, effectively, and therefore do not set off AV software.

However the program itself has to have the key(s) needed to decrypt the DLL so the researchers had to monitor the program while it runs to discover the encryption technique and the key(s) involved. This isn't impossible but it is tedious and time consuming. This is why its taking so long to reverse engineer the virus to figure out what it is supposed to do.

(in reply to hertz)
Profile   Post #: 45
RE: Stuxnet "attackware" targeted malware - 10/1/2010 8:16:19 AM   
DomKen


Posts: 19457
Joined: 7/4/2004
From: Chicago, IL
Status: offline
quote:

ORIGINAL: mnottertail

Only the public key has to be there, not the private key, it is a key in two parts......

Decrypting is finish this sentence:

I was born in Tupelo, Mississippi, got up here.....................(finish the sentence correctly) 


http://en.wikipedia.org/wiki/Public-key_cryptography

Since the software has to decrypt the DLL's when loading thm from memory it must have the private key.

(in reply to mnottertail)
Profile   Post #: 46
RE: Stuxnet "attackware" targeted malware - 10/1/2010 1:38:36 PM   
hertz


Posts: 1315
Joined: 8/7/2010
Status: offline
quote:

However the program itself has to have the key(s) needed to decrypt the DLL so the researchers had to monitor the program while it runs to discover the encryption technique and the key(s) involved. This isn't impossible but it is tedious and time consuming. This is why its taking so long to reverse engineer the virus to figure out what it is supposed to do.


But surely this is true of all encryption algorithms of this type? Regardless of whether Stuxnet uses 'over the counter' encryption or some newly created variation thereof,  the key is going to have to be discovered in order to reverse back to the original code. I haven't seen any report so far which suggests that the encryption techniques being used are novel or unusual. The suggestion that investigators are having to work very hard to unravel it doesn't strike me as especially significant.

There's an interesting article here dating from July of this year. It is interesting to see that the story has developed from then into a hyped, almost hysterical version of itself. I'm as interested in the motivation behind the hype, as I am interested in the worm itself.

This is interesting too, from July again...



< Message edited by hertz -- 10/1/2010 1:42:11 PM >

(in reply to DomKen)
Profile   Post #: 47
RE: Stuxnet "attackware" targeted malware - 10/1/2010 1:50:58 PM   
Icarys


Posts: 5757
Status: offline 		Yes very interesting. The last line explains states for the most part what is going on with this.

So far just a lot of speculation.

It would be pretty incredible if it turned out that it was a single extremely determined individual who did this.



< Message edited by Icarys -- 10/1/2010 1:55:07 PM >

_____________________________

submission - the feeling of patient, submissive humbleness - the state of being submissive or compliant; meekness.

Alaska Bound-The Official Countdown Has Started!
http://tinyurl.com/872mcu3
http://alturl.com/mog7m

(in reply to hertz)
Profile   Post #: 48
RE: Stuxnet "attackware" targeted malware - 10/1/2010 1:55:44 PM   
DomKen


Posts: 19457
Joined: 7/4/2004
From: Chicago, IL
Status: offline 		If it was encrypted with a standard encryption program once the key was acquired it would be a simple matter of plugging the key in to that standard program and then feeding the decrypted DLL into a commercial reverse engineering package. You'd have a reasonable version of the source code in a matter of minutes,. This is why we know what most viruses do as soon as they come out. That we don't have this level of knowledge of stuxnet after several months of study says to me that the encryption is more than a simple public key system and it is possible the DLL's have been optimized by hand making reverse engineering software useless.

I do find it interesting that you post info from symantec that confirms what I've said and directly states it is extremely unlikely that a single hacker did this. Did you not read the article?

(in reply to hertz)
Profile   Post #: 49
RE: Stuxnet "attackware" targeted malware - 10/1/2010 1:57:58 PM   
hertz


Posts: 1315
Joined: 8/7/2010
Status: offline
quote:

It would be pretty incredible if it turned out that it was a single extremely determined individual who did this.


Hey! Maybe it's a job application. Wouldn't that be cool?

(in reply to Icarys)
Profile   Post #: 50
RE: Stuxnet "attackware" targeted malware - 10/1/2010 1:59:22 PM   
mnottertail


Posts: 60698
Joined: 11/3/2004
Status: offline 		well, seems to me that the encrypted public-private keys could be publicly privately encrypted in camera and spread across the service programs pasa or pssa(what you would call your dlls (service programs) in your world in the program static storage area (pssa or your code segment) and the program active storage area (your data seg) and we all know about self modifying code to do the duty anyhow right, so that you gotta see it run and catch it modifying itself to grab the keys.

< Message edited by mnottertail -- 10/1/2010 2:00:55 PM >

_____________________________

Have they not divided the prey; to every man a damsel or two? Judges 5:30


(in reply to hertz)
Profile   Post #: 51
RE: Stuxnet "attackware" targeted malware - 10/1/2010 2:03:59 PM   
DomKen


Posts: 19457
Joined: 7/4/2004
From: Chicago, IL
Status: offline
quote:

ORIGINAL: mnottertail

well, seems to me that the encrypted public-private keys could be publicly privately encrypted and spread across the service programs pasa or pssa(what you would call your dlls (service programs) in your world in the program static storage area (pssa or your code segment) and the program active storage area (your data seg) and we all know about self modifying code to do the duty anyhow right, so that you gotta see it run and catch it modifying itself to grab the keys.

I'm assuming that is precisely how it is done. I've done it myself. Writing the code is fairly tedious but you simply fill a char array with the key but do the fill in random sequence. If you do it interspersed with other commands the compiler should leave each command alone and the full key will not appear until the software runs.

(in reply to mnottertail)
Profile   Post #: 52
RE: Stuxnet "attackware" targeted malware - 10/1/2010 2:06:53 PM   
mnottertail


Posts: 60698
Joined: 11/3/2004
Status: offline 		thats what I am figuring, the old juke em by the onion peel and they have to see it strip the layers in camera.  not noticable unless you are aware to notice it, little hexidecimal prestidigitation.  Bring a lunch and a lantern. gonna be an all night job.

_____________________________

Have they not divided the prey; to every man a damsel or two? Judges 5:30


(in reply to DomKen)
Profile   Post #: 53
RE: Stuxnet "attackware" targeted malware - 10/1/2010 2:08:22 PM   
hertz


Posts: 1315
Joined: 8/7/2010
Status: offline
quote:

I do find it interesting that you post info from symantec that confirms what I've said and directly states it is extremely unlikely that a single hacker did this. Did you not read the article?


Yes, I did read the article. Did you not read my argument?  All I have been arguing is that the current hype about this being some sort of Cyber attack launched by one state on another is  premature. Unlikely is not the same as impossible. The whole thing is unlikely. Stuxnet could have come from anywhere. We don't know now, and it is possible we never will.

(in reply to DomKen)
Profile   Post #: 54
RE: Stuxnet "attackware" targeted malware - 10/1/2010 2:19:16 PM   
Icarys


Posts: 5757
Status: offline 		Yeah I thought of that. It probably would guarantee him/her a great spot lol.

There was a group of hackers a while back that did something similar and now they have a security firm. They'd attack corporate computers then call them up. I can't remember the group..maybe someone who was so inclined could find the story on it.


_____________________________

submission - the feeling of patient, submissive humbleness - the state of being submissive or compliant; meekness.

Alaska Bound-The Official Countdown Has Started!
http://tinyurl.com/872mcu3
http://alturl.com/mog7m

(in reply to hertz)
Profile   Post #: 55
RE: Stuxnet "attackware" targeted malware - 10/2/2010 8:19:37 AM   
Icarys


Posts: 5757
Status: offline 		Could it be possible that it was a group from the intended state to build yet another reason for "retaliation"? :> Unlikely maybe but possible.

Could it be that whomever is behind this wants people to think it was Israel? Who knows...

Is it also possible that the person or people behind it are smart enough not to leave an identifier? It is possible.

There's not much in the way of rational that I would dismiss as impossible in life...improbable yes but impossible no..especially when speaking about people.

< Message edited by Icarys -- 10/2/2010 8:21:42 AM >

_____________________________

submission - the feeling of patient, submissive humbleness - the state of being submissive or compliant; meekness.

Alaska Bound-The Official Countdown Has Started!
http://tinyurl.com/872mcu3
http://alturl.com/mog7m

(in reply to Icarys)
Profile   Post #: 56
RE: Stuxnet "attackware" targeted malware - 10/4/2010 2:11:33 PM   
hertz


Posts: 1315
Joined: 8/7/2010
Status: offline 		Nice Q and A here

For conspiracy nuts, the second but last question is pay-dirt.

(in reply to Icarys)
Profile   Post #: 57
Page:   <<   < prev  1 2 [3]
All Forums >> [Community Discussions] >> Dungeon of Political and Religious Discussion >> RE: Stuxnet "attackware" targeted malware Page: <<   < prev  1 2 [3]
Jump to:





New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts




Collarchat.com © 2025
Terms of Service Privacy Policy Spam Policy

0.219