-
Multi-million dollar Cheyenne supercomputer auction ends with $480,085 bid — buyer walked away with 8,064 Intel Xeon Broadwell CPUs, 313TB DDR4-2400 ECC RAM, and some water leaks
Meet Flame
- Thread starter wanamingo
- Start date
- Jan 21, 2011
- 2,984
- 1
- 20,810
If they are running windows 98 machines we should just leave them alone. Never tell them about XP......
Im not a security expert (I just play one behind the desk) but are they running like server 2008 environments? Or 2003? A bunch of millenium edition white boxes with brand new zip drives and 450 MHz cpu's? Tons of old iMacs connected with tons of hubs?
Im not a security expert (I just play one behind the desk) but are they running like server 2008 environments? Or 2003? A bunch of millenium edition white boxes with brand new zip drives and 450 MHz cpu's? Tons of old iMacs connected with tons of hubs?
riser
Illustrious
- Feb 17, 2001
- 14,175
- 0
- 40,960
They have advanced equipment over there. 2003/2008 but they're still learning current security measures.
The disadvantage to them is that they're using software mainly created in the US or where the US has an advantage.
Stuxnet was more of a honeypot distraction - it mapped everything and found everything for another virus to enter. Enter "Flame" and Stuxnet is the scapegoat to cover it.
This is an advanced method of getting through basic security. It was executed nicely and I wouldn't be surprised if additional things come out of all of this.
The disadvantage to them is that they're using software mainly created in the US or where the US has an advantage.
Stuxnet was more of a honeypot distraction - it mapped everything and found everything for another virus to enter. Enter "Flame" and Stuxnet is the scapegoat to cover it.
This is an advanced method of getting through basic security. It was executed nicely and I wouldn't be surprised if additional things come out of all of this.
dogman_1234
Splendid
- Oct 31, 2009
- 5,161
- 0
- 25,860
I take it riser has security knowledge.
I still do not understand why world governments have infrastructure connected via the Internet or other international networks?
I still do not understand why world governments have infrastructure connected via the Internet or other international networks?
riser
Illustrious
- Feb 17, 2001
- 14,175
- 0
- 40,960
Considering I work in the role of an enterprise architect, I get it. 
Many places have what is called an "air gapped" network. This is essentially a non-internet connected network. In healthcare we one way systems where we could move patient data/PPI/PII from Alpha to Bravo for storage and/or for those working on that patient. This way they couldn't accidently email information out or install things from the internet.
If you read the article they often say they don't know how the virus got in, but expect that it was likely from a USB thumb drive. The reason that is the most likely is due to the air gap network.
Iran earlier didn't have this. Only very recently did they annouce that getting viruses off the internet was no longer a threat. They recently made this change with the Stuxnet discovery.
Moving to IPv6 you get DirectAccess. A lot of companies in Europe are using this technology. It seems pretty cool and is a lot more secure. Eventually all your devices will be IPv6 enabled which is expected to limit a lot of current threats.
Many places have what is called an "air gapped" network. This is essentially a non-internet connected network. In healthcare we one way systems where we could move patient data/PPI/PII from Alpha to Bravo for storage and/or for those working on that patient. This way they couldn't accidently email information out or install things from the internet.
If you read the article they often say they don't know how the virus got in, but expect that it was likely from a USB thumb drive. The reason that is the most likely is due to the air gap network.
Iran earlier didn't have this. Only very recently did they annouce that getting viruses off the internet was no longer a threat. They recently made this change with the Stuxnet discovery.
Moving to IPv6 you get DirectAccess. A lot of companies in Europe are using this technology. It seems pretty cool and is a lot more secure. Eventually all your devices will be IPv6 enabled which is expected to limit a lot of current threats.
- Jan 21, 2011
- 2,984
- 1
- 20,810
riser :
Considering I work in the role of an enterprise architect, I get it.
Many places have what is called an "air gapped" network. This is essentially a non-internet connected network. In healthcare we one way systems where we could move patient data/PPI/PII from Alpha to Bravo for storage and/or for those working on that patient. This way they couldn't accidently email information out or install things from the internet.
If you read the article they often say they don't know how the virus got in, but expect that it was likely from a USB thumb drive. The reason that is the most likely is due to the air gap network.
Iran earlier didn't have this. Only very recently did they annouce that getting viruses off the internet was no longer a threat. They recently made this change with the Stuxnet discovery.
Moving to IPv6 you get DirectAccess. A lot of companies in Europe are using this technology. It seems pretty cool and is a lot more secure. Eventually all your devices will be IPv6 enabled which is expected to limit a lot of current threats.
Many places have what is called an "air gapped" network. This is essentially a non-internet connected network. In healthcare we one way systems where we could move patient data/PPI/PII from Alpha to Bravo for storage and/or for those working on that patient. This way they couldn't accidently email information out or install things from the internet.
If you read the article they often say they don't know how the virus got in, but expect that it was likely from a USB thumb drive. The reason that is the most likely is due to the air gap network.
Iran earlier didn't have this. Only very recently did they annouce that getting viruses off the internet was no longer a threat. They recently made this change with the Stuxnet discovery.
Moving to IPv6 you get DirectAccess. A lot of companies in Europe are using this technology. It seems pretty cool and is a lot more secure. Eventually all your devices will be IPv6 enabled which is expected to limit a lot of current threats.
Lol I bow to your knowledge.
It just seems really really important that they not be compromised by a virus that will turn on you mic to listen to you. If what they say about stuxnet is true and it really did move Iran backwards years in the nuclear refinement process then I would go into full blown paranoia mode.
What about a bunch of custom linux installs? I imagine that whatever gov made this virus designed it for windows. I mean all they would need is inter-office email, word processor, and the interfaces for whatever machinery they are running. Anything not able to run or have a comparable title on Linux could be run in a windows environment that gets scrubbed constantly, and is in its own network.
riser
Illustrious
- Feb 17, 2001
- 14,175
- 0
- 40,960
The LUA code works on any platform and is therefore likely designed to infect any system it comes into contact with. More likely that the Windows systems were running the core applications while the Unix and other systems may have been covering the security aspect.
All the security in the world is worthless if you have someone's username and password. My experience, very few places have decent security in place, or even a good change management to know when something changes.
If you capture the hash and keep passing that, you don't ever need to even know the password. it is possible to hack AD to get that information and most people would really never had any idea it even happened unless you're specifically monitoring for it. I would go out and assume that based on Iran's computer system, security wasn't at the top since they have nothing to lose. They were far more likely working to get something up, running, and churning, as opposed to locking down and securing their environment. That would slow the entire process down which is what they want to avoid.
Aside from that, based on how this virus appears to work, it was looking for the most privileged user anyhow to access stuff. It takes months or years to implement a proper IDS, System Monitoring (thinking SolarWinds/Orion or SCOM). You don't know what you don't know.. most of the time you only know after a vulnerability has been exploited.
What's his face at BlackHat built a cell phone tower, live, in a presentation, took over a bunch of cell phones at the convention, and stored their information on a USB stick. He later burned the USB stick in front of everyone to prove their data was not stolen. He did it all for $1500 in basic hardware with the use of a cell phone.
Even if you 'turn off' wireless or 'turn off' bluetooth, it isn't off. It is still functioning, broadcasting, etc. If you tap into that broadcast single you can take over a system and do what you want. There is software out there designed to do that.
Actually, check out the applications for Droid phones that are used to control cameras on the Parrot RC helicopter things. Very small, only targeted to that specific system. Now, you get that info and point it to another system and you have access to anything.
All the security in the world is worthless if you have someone's username and password. My experience, very few places have decent security in place, or even a good change management to know when something changes.
If you capture the hash and keep passing that, you don't ever need to even know the password. it is possible to hack AD to get that information and most people would really never had any idea it even happened unless you're specifically monitoring for it. I would go out and assume that based on Iran's computer system, security wasn't at the top since they have nothing to lose. They were far more likely working to get something up, running, and churning, as opposed to locking down and securing their environment. That would slow the entire process down which is what they want to avoid.
Aside from that, based on how this virus appears to work, it was looking for the most privileged user anyhow to access stuff. It takes months or years to implement a proper IDS, System Monitoring (thinking SolarWinds/Orion or SCOM). You don't know what you don't know.. most of the time you only know after a vulnerability has been exploited.
What's his face at BlackHat built a cell phone tower, live, in a presentation, took over a bunch of cell phones at the convention, and stored their information on a USB stick. He later burned the USB stick in front of everyone to prove their data was not stolen. He did it all for $1500 in basic hardware with the use of a cell phone.
Even if you 'turn off' wireless or 'turn off' bluetooth, it isn't off. It is still functioning, broadcasting, etc. If you tap into that broadcast single you can take over a system and do what you want. There is software out there designed to do that.
Actually, check out the applications for Droid phones that are used to control cameras on the Parrot RC helicopter things. Very small, only targeted to that specific system. Now, you get that info and point it to another system and you have access to anything.
riser
Illustrious
- Feb 17, 2001
- 14,175
- 0
- 40,960
The amount of effort going into setting this up for a large scale production and backend work is huge. It would take 2-3 years to get to that point for most places trying to achieve this.
You could use Citrix provisioning service.. I'm sure Iran doesn't have a line over to Citrix. So the process would be slow and often the stuff is custom tailored to an environment. I would wager that their IT resources are very limited in their ability to think. Sure, they have a lot of people who can cookie cutter stuff, but when it comes down to actually thinking for the IT environment, many people fall down. The Chinese and Indians are notorious for not being able to think through a problem. Now the Russians on the other hand can think like we do in America.. again, the resources and commitment to keeping it running. Huge amount of resources.
TRENDING THREADS
-
-
Question Building the ultimate retro pc to run ms-dos 6.22 to windows Xp (Help)- Started by thatpcgamer1903
- Replies: 8
-
Question ALL Media Players Crashing During Video Playback- PLZ HELP!
- Started by michaelm101
- Replies: 6
-
-
News Firefox user loses 7,470 opened tabs saved over two years after they can’t restore browsing session- Started by Admin
- Replies: 58
Facebook
Twitter
Instagram