Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Ralph Langner: Cracking Stuxnet, a 21st-century cyber weapon
http://www.ted.com/talks/lang/eng/ralph_langner_cracking_stuxnet_a_21st_century_cyberweapon.html ^ | Ralph Langner

Posted on 04/09/2011 7:43:38 PM PDT by Pride_of_the_Bluegrass

When first discovered in 2010, the Stuxnet computer worm posed a baffling puzzle. Beyond its unusually high level of sophistication loomed a more troubling mystery: its purpose. Ralph Langner and team helped crack the code that revealed this digital warhead's final target -- and its covert origins. In a fascinating look inside cyber-forensics

(Excerpt) Read more at ted.com ...


TOPICS: Editorial; Foreign Affairs; Israel; War on Terror
KEYWORDS: cyberattack; cyberweapon; iran; stuxnet; tech; tedtv; virus; worm; wot

1 posted on 04/09/2011 7:43:42 PM PDT by Pride_of_the_Bluegrass
[ Post Reply | Private Reply | View Replies]

To: Pride_of_the_Bluegrass

If it wasn’t a video, I would read more.


2 posted on 04/09/2011 7:51:26 PM PDT by the invisib1e hand (You is what you am.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: the invisib1e hand

There is an interactive transcript on the right side of the page if you need it.


3 posted on 04/09/2011 8:02:43 PM PDT by Pride_of_the_Bluegrass
[ Post Reply | Private Reply | To 2 | View Replies]

To: Pride_of_the_Bluegrass

Thx but it was about 2 paragraphs. And what’s the upshot: that this guy decoded some cyber ops? Does that make him a hero?


4 posted on 04/09/2011 8:08:35 PM PDT by the invisib1e hand (You is what you am.)
[ Post Reply | Private Reply | To 3 | View Replies]

To: Pride_of_the_Bluegrass
I watched the whole video. He repeated much that is already common knowledge, but the graphics were helpful in understanding the mechanical structure of the plant layout.

...and he calls it generic, and says it can be easily duplicated and used against the West.

He also says it's most likely a U.S. Operation.

5 posted on 04/09/2011 8:09:00 PM PDT by Tex-Con-Man
[ Post Reply | Private Reply | To 1 | View Replies]

To: the invisib1e hand

It’s a good summary of stuff I’ve read elsewhere; it’s not too long; the guy does a fine job summarizing the key points at a reasonably understandable level; and his German accent helps makes it seem even more exotic and scary.

Well worth spending the time to listen to.

Got to admire the US (and Isreali) computer geeks who put together this thing - just hope it doesn’t come back to bite us.


6 posted on 04/09/2011 8:27:14 PM PDT by Stosh
[ Post Reply | Private Reply | To 2 | View Replies]

To: Tex-Con-Man

It was Mossad. We are not that smart to have crippled the Iranian nuclear program.


7 posted on 04/09/2011 8:28:07 PM PDT by ncfool (The new USSA - United Socialist States of AmeriKa. Welcome to Obummers world or Obamaville USSA.)
[ Post Reply | Private Reply | To 5 | View Replies]

To: the invisib1e hand

Yes that is the upshot he worked on the team that helped to crack the code. Is he a hero? Well probably not if you are an Iranian nuclear scientist.


8 posted on 04/09/2011 8:45:03 PM PDT by Pride_of_the_Bluegrass
[ Post Reply | Private Reply | To 4 | View Replies]

To: ncfool
Did you watch the entire presentation?

He acknowledges that Mossad likely played a role, but said only one country was capable of pulling it off...the U.S.

9 posted on 04/09/2011 8:56:55 PM PDT by Tex-Con-Man
[ Post Reply | Private Reply | To 7 | View Replies]

To: Pride_of_the_Bluegrass

It was some Indians at a call center in Bangalore.

We no longer have people in America who can do anything technical. They’re all journalism amd political science majors, some of whom go on to law school.

Americans can no longer make or design things. They soon will only be qualified to be day laboerers for their Chinese owners.


10 posted on 04/09/2011 9:40:32 PM PDT by oldbill
[ Post Reply | Private Reply | To 1 | View Replies]

To: Pride_of_the_Bluegrass

He won’t break my next version...


11 posted on 04/09/2011 9:44:31 PM PDT by SuperLuminal (Where is another agitator for republicanism like Sam Adams when we need him?)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Pride_of_the_Bluegrass

I love the Mission Impossible flare about it. All you need is to have Peter Graves peel his face off at the end.


12 posted on 04/09/2011 9:48:18 PM PDT by Walkingfeather
[ Post Reply | Private Reply | To 1 | View Replies]

To: Pride_of_the_Bluegrass

I think he only cracked what stuxnet wanted him to crack.


13 posted on 04/09/2011 10:59:38 PM PDT by stuartcr (The soul is the .cfg file for the body)
[ Post Reply | Private Reply | To 1 | View Replies]

To: the invisib1e hand; Tex-Con-Man; ncfool
Thx but it was about 2 paragraphs. And what’s the upshot: that this guy decoded some cyber ops? Does that make him a hero?

Transcript:

The idea behind the Stuxnet computer worm is actually quite simple. We don't want Iran to get the Bomb. Their major asset for developing nuclear weapons is the Natanz uranium enrichment facility. The gray boxes that you see, these are real-time control systems. Now if we manage to compromise these systems that control drive speeds and valves, we can actually cause a lot of problems with the centrifuge. The gray boxes don't run Windows software; they are a completely different technology. But if we manage to place a good Windows virus on a notebook that is used by a machines engineer to configure this gray box, then we are in business. And this is the plot behind Stuxnet.

So we start with a Windows dropper. The payload goes onto the gray box, damages the centrifuge, and the Iranian nuclear program is delayed -- mission accomplished. That's easy, huh? I want to tell you how we found that out. When we started our research on Stuxnet six months ago, it was completely unknown what the purpose of this thing was. The only thing that was known is very, very complex on the Windows part, the dropper part, used multiple zero-day vulnerabilities. And it seemed to want to do something with these gray boxes, these real-time control systems. So that got our attention, and we started a lab project where we infected our environment with Stuxnet and checked this thing out. And then some very funny things happened. Stuxnet behaved like a lab rat that didn't like our cheese -- sniffed, but didn't want to eat. Didn't make sense to me. And after we experimented with different flavors of cheese, I realized, well, this is a directed attack. It's completely directed. The dropper is prowling actively on the gray box if a specific configuration is found, and even if the actual program that it's trying to infect is actually running on that target. And if not, Stuxnet does nothing.

So that really got my attention, and we started to work on this nearly around the clock, because I thought, well, we don't know what the target is. It could be, let's say for example, a U.S. power plant, or a chemical plant in Germany. So we better find out what the target is soon. So we extracted and decompiled the attack code, and we discovered that it's structured in two digital bombs -- a smaller one and a bigger one. And we also saw that they are very professionally engineered by people who obviously had all insider information. They knew all the bits and bites that they had to attack. They probably even know the shoe size of the operator. So they know everything.

And if you have heard that the dropper of Stuxnet is complex and high-tech, let me tell you this: the payload is rocket science. It's way above everything that we have ever seen before. Here you see a sample of this actual attack code. We are talking about -- round about 15,000 lines of code. Looks pretty much like old-style assembly language. And I want to tell you how we were able to make sense out of this code. So what we were looking for is first of all is system function calls, because we know what they do.

And then we were looking for timers and data structures and trying to relate them to the real world -- to potential real world targets. So we do need target theories that we can prove or disprove. In order to get target theories, we remember that it's definitely hardcore sabotage, it must be a high-value target, and it is most likely located in Iran, because that's where most of the infections had been reported. Now you don't find several thousand targets in that area. It basically boils down to the Bushehr nuclear power plant and to the Natanz fuel enrichment plant.

So I told my assistant, "Get me a list of all centrifuge and power plant experts from our client base." And I phoned them up and picked their brain in an effort to match their expertise with what we found in code and data. And that worked pretty well. So we were able to associate the small digital warhead with the rotor control. The rotor is that moving part within the centrifuge, that black object that you see. And if you manipulate the speed of this rotor, you are actually able to crack the rotor and eventually even have the centrifuge explode. What we also saw is that the goal of the attack was really to do it slowly and creepy -- obviously in an effort to drive maintenance engineers crazy, that they would not be able to figure this out quickly.

The big digital warhead -- we had a shot at this by looking very closely at data and data structures. So for example, the number 164 really stands out in that code; you can't overlook it. I started to research scientific literature on how these centrifuges are actually built in Natanz and found they are structured in what is called a cascade, and each cascade holds 164 centrifuges. So that made sense, it was a match.

And it even got better. These centrifuges in Iran are subdivided into 15, what is called, stages. And guess what we found in the attack code? An almost identical structure. So again, that was a real good match. And this gave us very high confidence for what we were looking at. Now don't get me wrong here, it didn't go like this. These results have been obtained over several weeks of really hard labor. And we often went into just a dead-end and had to recover.

Anyway, so we figured out that both digital warheads were actually aiming at one and the same target, but from different angles. The small warhead is taking one cascade, and spinning up the rotors and slowing them down, and the big warhead is talking to six cascades and manipulating valves. So in all, we are very confident that we have actually determined what the target is. It is Natanz, and it is only Natanz. So we don't have to worry that other targets might be hit by Stuxnet.

Here's some very cool stuff that we saw -- really knocked my socks off. Down there is the gray box, and on the top you see the centrifuges. Now what this thing does is it intercepts the input values from sensors -- so for example, from pressure sensors and vibration sensors -- and it provides legitimate code, which is still running during the attack, with fake input data. And as a matter of fact, this fake input data is actually prerecorded by Stuxnet. So it's just like from the Hollywood movies where during the heist, the observation camera is fed with prerecorded video. That's cool, huh?

The idea here is obviously not only to fool the operators in the control room. It actually is much more dangerous and aggressive. The idea is to circumvent a digital safety system. We need digital safety systems where a human operator could not act quick enough. So for example, in a power plant, when your big steam turbine gets too over speed, you must open relief valves within a millisecond. Obviously, this cannot be done by a human operator. So this is where we need digital safety systems. And when they are compromised, then real bad things can happen. Your plant can blow up. And neither your operators nor your safety system will notice it. That's scary.

But it gets worse. And this is very important, what I'm going to say. Think about this. This attack is generic. It doesn't have anything to do, in specifics, with centrifuges, with uranium enrichment. So it would work as well, for example, in a power plant or in an automobile factory. It is generic. And you don't have -- as an attacker -- you don't have to deliver this payload by a USB stick, as we saw it in the case of Stuxnet. You could also use conventional worm technology for spreading. Just spread it as wide as possible. And if you do that, what you end up with is a cyber weapon of mass destruction. That's the consequence that we have to face. So unfortunately, the biggest number of targets for such attacks are not in the Middle East. They're in the United States and Europe and in Japan. So all of the green areas, these are your target-rich environments. We have to face the consequences, and we better start to prepare right now.

Thanks.

(Applause)

Chris Anderson: I've got a question. Ralph, it's been quite widely reported that people assume that Mossad is the main entity behind this. Is that your opinion?

Ralph Langner: Okay, you really want to hear that? Yeah. Okay. My opinion is that the Mossad is involved, but that the leading force is not Israel. So the leading force behind that is the cyber superpower. There is only one, and that's the United States -- fortunately, fortunately. Because otherwise, our problems would even be bigger.

CA: Thank you for scaring the living daylights out of us. Thank you Ralph.

(Applause)

14 posted on 04/09/2011 11:47:58 PM PDT by Gondring (Paul Revere would have been flamed as a naysayer troll and told to go back to Boston.)
[ Post Reply | Private Reply | To 4 | View Replies]

To: ShadowAce

ping


15 posted on 04/09/2011 11:59:35 PM PDT by Gondring (Paul Revere would have been flamed as a naysayer troll and told to go back to Boston.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Pride_of_the_Bluegrass

Here is my take: Stuxnet was invented because the U.S. didn’t want to do anything about Iran. Israelis weren’t game either. The Iranian regime knew it & cooperated in disseminating propaganda.

Happy fantasies!


16 posted on 04/10/2011 3:58:17 AM PDT by odds
[ Post Reply | Private Reply | To 1 | View Replies]

To: Walkingfeather
I love the Mission Impossible flare about it. All you need is to have Peter Graves peel his face off at the end.

Or...

"Und now I crush you mit mein robotic hand..."

17 posted on 04/10/2011 4:53:37 AM PDT by Gondring (Paul Revere would have been flamed as a naysayer troll and told to go back to Boston.)
[ Post Reply | Private Reply | To 12 | View Replies]

To: Gondring

Bump for later. Thx.


18 posted on 04/10/2011 5:35:29 AM PDT by the invisib1e hand (You is what you am.)
[ Post Reply | Private Reply | To 14 | View Replies]

To: Pride_of_the_Bluegrass

That’s what it comes down to...

When operating complex systems don’t believe _anything_ you do not _know_.

The Iranians were using stuff they hadn’t built and got burned.


19 posted on 04/10/2011 6:00:35 AM PDT by glorgau
[ Post Reply | Private Reply | To 1 | View Replies]

To: glorgau

“When operating complex systems don’t believe _anything_ you do not _know_.

The Iranians were using stuff they hadn’t built and got burned.”

For proof of the above thesis, albeit on a much more simple level, Google “Why Allah Gave Then Camels”.

Keep your coffee away from your keyboard while watching it.

;-)


20 posted on 04/10/2011 2:38:52 PM PDT by GladesGuru (In a society predicated upon freedom, it is essential to examine principles,)
[ Post Reply | Private Reply | To 19 | View Replies]

To: Pride_of_the_Bluegrass

Langner concludes that Stuxnet is a new WMD unleashed on the world and the West will be most vulnerable to an attack.

So why did he publicly analyze it and let Iran know its purpose?


21 posted on 04/12/2011 5:42:57 PM PDT by dervish (how did the Libyan rebels get tanks?)
[ Post Reply | Private Reply | To 1 | View Replies]

To: dervish

Largely due to the fact that they were powerless to stop it, and as far as I can tell no one alerted them to what was going on even while it was occurring. If they were hit again even with what is know they could do nothing about it.


22 posted on 04/16/2011 12:53:41 PM PDT by Pride_of_the_Bluegrass
[ Post Reply | Private Reply | To 21 | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson