12-23-2014, 07:40 PM
12-23-2014, 08:47 PM
Quote:It's not as difficult as you might think.
Still pretty impressive to me. I remember that Sputnik virus we sent to Iran that's some cool stuff.
12-24-2014, 12:38 AM
You hunch was spot-on; it is playing at Sun Ray Cinema!
#33
#33
Quote:Looks like it will be released after all.
http://money.cnn.com/2014/12/23/media/sc...?hpt=hp_t1
<div>
Would not surprise me if the Sunray Cinema is Riverside gets it.
</div>
Guest
12-24-2014, 09:38 PM
The full length film is now available for rent or purchase online!
https://www.youtube.com/watch?v=Ed2kSuKqfz0
This is a victory for the 1st Amendment and against foreign dictators!
https://www.youtube.com/watch?v=Ed2kSuKqfz0
This is a victory for the 1st Amendment and against foreign dictators!
12-25-2014, 09:38 AM
Quote:Still pretty impressive to me. I remember that Sputnik virus we sent to Iran that's some cool stuff.
Actually it's called Stuxnet.
I did some research on it. It obviously wasn't written by some kiddie in his mother's basement.
12-25-2014, 12:29 PM
Quote:Actually it's called Stuxnet.
I did some research on it. It obviously wasn't written by some kiddie in his mother's basement.
Lol I didn't even see that until now. Yes that's the virus they sent through wifi systems to find the Iranian nuclear plants.
12-25-2014, 03:07 PM
Quote:Lol I didn't even see that until now. Yes that's the virus they sent through wifi systems to find the Iranian nuclear plants.
Technically speaking, it didn't necessarily spread via wifi. It was planted and spread mainly through thumb drives connected to the USB port. The virus had a very specific target.
Countdown to Zero Day by Kim Zetter is a very good book that tells the story.
12-25-2014, 03:36 PM
Quote:Technically speaking, it didn't necessarily spread via wifi. It was planted and spread mainly through thumb drives connected to the USB port. The virus had a very specific target.
<a class="bbc_url" href='http://www.amazon.com/Countdown-Zero-Day-Stuxnet-Digital/dp/077043617X'>Countdown to Zero Day by Kim Zetter</a> is a very good book that tells the story.
I thought it was able to jump from device to device until it finally found its way to the target. My guess was just wifi I've never looked to much into it. Ill check out the book some time thanks for the link!
12-25-2014, 09:13 PM
Quote:I thought it was able to jump from device to device until it finally found its way to the target. My guess was just wifi I've never looked to much into it. Ill check out the book some time thanks for the link!
It's quite interesting how it worked, and how it did what it did. I'm betting that there are still computers running this thing today.
In a nutshell, here is how it worked.
It was distributed initially via a thumb drive. Once connected, it would search for what particular anti-virus software was installed on the particular machine, then install itself in a way that would not trigger the anti-virus software alerts.
It then figured out if it was connected to the internet, and if so it would notify a Command and Control (CNC) server that it was there. This not only gives the CNC an idea of where it is at, but also opens up the capability to send "updates" to the software.
Another thing that it would do is monitor the USB ports on the machine, and if it detects that a "new device" is connected, it would copy itself to that device. So plug a thumb drive into an infected machine means that the thumb drive is now infected.
This part is critical to understand how it spread so quickly and efficiently.
My comment: Infecting a network not connected to the internet can be done and was proven by this attack. The end target is not on the internet.
Next it looked to see if particular software was installed on the machine. In this case, it was looking for software that is used to program a specific device, in this case a specific Programmable Logic Controller (PLC). If it is installed, then it would proceed to the next step. If the software isn't there, then it does nothing but revert back to step 1.
Next, it would check to see if the computer is connected to a certain device, again a specific model of PLC. If so, it would check to see if the PLC was connected to certain other devices. If so, then it will wait and just watch. If not, then it does nothing but revert back to step 1.
If it passed the first few tests, it would assume that it's on the right computer and just watch and record what the PLC is doing for a period close to a month. This step is key to how it hid itself.
After a certain period of time, it would command the PLC to do something that wasn't originally programmed (speed up above limits), but would report to monitoring computers that "everything is O.K." using the data that it gathered while "watching". It would do this for a set amount of time, then let the PLC return to "normal operation" for a certain period of time.
Next, it would command the PLC to slow down way below limits for a certain period of time, then return to "normal operation".
Overall Effect
Commanding the PLC to operate the equipment that they are connected to well above and well below the limits causes a failure. In this case, "regular centrifuge replacement" should be in the hundreds within a year. Actual replacement was in the thousands within a month.
Think about that for a moment. Your very computer could possibly have this virus on it, and you would never know it. Think about how many times you plug something in via USB. If it's plugged in to another computer, you just spread the virus.
Bottom Line Analysis
This was a very nasty bug that is the result of a lot of work by WAY more than one person. I vaguely outlined what the code did, Where did it originate? That's probably a good topic for discussion.
12-25-2014, 10:00 PM
Quote:It's quite interesting how it worked, and how it did what it did. I'm betting that there are still computers running this thing today.
In a nutshell, here is how it worked.
...
Overall Effect
...
Bottom Line Analysis
You a programmer?
12-26-2014, 05:44 PM
Quote:You a programmer?
Let's just say that I understand programming, especially when it gets to machine level. I am very proficient and know the OP codes for several different types of architecture.
At the "human level" I am pretty proficient in several different programming languages and scripting languages. My personal favorites are C for programming and PERL for scripting.
Let's also just say that I have a pretty good in-depth understanding of how networks work.
I'll just leave it at that.
12-28-2014, 06:41 PM
So you work for the FBI or CIA? Cool, good to know :thumbsup:
12-29-2014, 06:14 PM
Cyber security firm Norse believes they've identified 6 hackers, one being a former Sony employee, two are based in America, one in Canada, one in Singapore, and one in Thailand.
http://news.yahoo.com/cybersecurity-firm...23498.html
Shocker no NK
I mean NK denying it and all goes against their hubristic nature, and homeland security saying there is no credible threat goes against their superfluous nature.
http://news.yahoo.com/cybersecurity-firm...23498.html
Shocker no NK
I mean NK denying it and all goes against their hubristic nature, and homeland security saying there is no credible threat goes against their superfluous nature.
12-29-2014, 06:46 PM
So did anyone actually see this movie?
Guest
12-29-2014, 06:58 PM
Quote:Cyber security firm Norse believes they've identified 6 hackers, one being a former Sony employee, two are based in America, one in Canada, one in Singapore, and one in Thailand.There were people from the CIA, to Anonymous, who were saying all along that there was no way that NK could have pulled off an attack this sophisticated in the first place.
http://news.yahoo.com/cybersecurity-firm...23498.html
Shocker no NK
I mean NK denying it and all goes against their hubristic nature, and homeland security saying there is no credible threat goes against their superfluous nature.
12-29-2014, 07:54 PM
Quote:So you work for the FBI or CIA? Cool, good to know :thumbsup:
LOL. No, I'm just a geek.
12-29-2014, 07:57 PM
Quote:There were people from the CIA, to Anonymous, who were saying all along that there was no way that NK could have pulled off an attack this sophisticated in the first place.
It is possible for them to pull something like this off, but very unlikely.
12-30-2014, 12:15 AM
Quote:So did anyone actually see this movie?
I've heard the movie sucks pretty bad though a few thought it was tolerable. I won't see it just because it's not my kind of movie. To each their own though.
12-30-2014, 04:34 AM
It definitely didn't suck. It was over the top yes. Kim Jong Un was hilarious. Great character. "Dave..."
Guest
12-30-2014, 10:35 AM
Quote:It is possible for them to pull something like this off, but very unlikely.I remember hearing that North Korea only has only about 4 networks available. In comparison, the US has over 100,000.