General Discussion
Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region ForumsCyber War and Russia is kicking our Asses. McCain has scheduled a cyber attack hearing next week.
Fake news helped put Trump in power.
Hack an electrical grid.
We're in a Cyberwar folks.
Looking forward to the hearing next week.
http://www.politico.com/story/2016/12/russian-hackers-electricity-grid-vermont-233085
http://www.nytimes.com/2016/12/29/world/europe/how-russia-recruited-elite-hackers-for-its-cyberwar.html
http://www.cnbc.com/2016/12/30/mccain-sets-hearing-on-cyberattacks-for-next-week.html
HoneyBadger
(2,297 posts)I would trust that the US, Russia, Israel and China all have a great deal of parity in cyber. In fact, Israel, in conjunction with the US, are considered responsible for the greatest known cyber of all, Stuxnet.
Kapersky is of course Russian......and they feel that the Equation Group; i.e. US, is superior.
Stuxnet is a malicious computer worm believed to be a jointly built American-Israeli cyberweapon, although no organization or state has officially admitted responsibility. Anonymous US officials speaking to The Washington Post claimed the worm was developed during the Bush administration to sabotage Irans nuclear program with what would seem like a long series of unfortunate accidents.
Stuxnet specifically targets programmable logic controllers (PLCs), which allow the automation of electromechanical processes such as those used to control machinery on factory assembly lines, amusement rides, or centrifuges for separating nuclear material. Exploiting four zero-day flaws, Stuxnet functions by targeting machines using the Microsoft Windows operating system and networks, then seeking out Siemens Step7 software. Stuxnet reportedly compromised Iranian PLCs, collecting information on industrial systems and causing the fast-spinning centrifuges to tear themselves apart. Stuxnets design and architecture are not domain-specific and it could be tailored as a platform for attacking modern SCADA and PLC systems (e.g., in automobile assembly lines[vague] or power plants), the majority of which reside in Europe, Japan and the US. Stuxnet reportedly ruined almost one fifth of Iran's nuclear centrifuges.
Stuxnet has three modules: a worm that executes all routines related to the main payload of the attack; a link file that automatically executes the propagated copies of the worm; and a rootkit component responsible for hiding all malicious files and processes, preventing detection of the presence of Stuxnet.
Stuxnet is typically introduced to the target environment via an infected USB flash drive. The worm then propagates across the network, scanning for Siemens Step7 software on computers controlling a PLC. In the absence of either criterion, Stuxnet becomes dormant inside the computer. If both the conditions are fulfilled, Stuxnet introduces the infected rootkit onto the PLC and Step7 software, modifying the codes and giving unexpected commands to the PLC while returning a loop of normal operations system values feedback to the users.
In 2015, Kaspersky Labs' research findings on another highly sophisticated espionage platform created by what they called the Equation Group, noted that the group had used two of the same zero-day attacks used by Stuxnet, before they were used in Stuxnet, and their use in both programs was similar. The researchers reported that "the similar type of usage of both exploits together in different computer worms, at around the same time, indicates that the Equation Group and the Stuxnet developers are either the same or working closely together".:13 Costin Raiu, the director of Kaspersky Lab's global research and analysis team, believes that the Equation Group cooperates with them only from a position of clear superiority, giving them their "bread crumbs".
HoneyBadger
(2,297 posts)The Equation Group is a highly sophisticated threat actor described by its discoverers at Kaspersky Labs aka Russia, as one of the most sophisticated cyber attack groups in the world and "the most advanced ... we have seen", operating alongside but always from a position of superiority with the creators of Stuxnet and Flame.
The name Equation Group was chosen because of the group's predilection for strong encryption methods in their operations. By 2015, Kaspersky documented 500 malware infections by the group in at least 42 countries, while acknowledging that the actual number could be in the tens of thousands due to its self-terminating protocol.
They are suspected of being tied to the United States National Security Agency (NSA). The Intercept has run a paper where they link the Equation Group to the NSA, citing the Snowden leaks. By 2015, most of their targets had been in Iran, Russia, Pakistan, Afghanistan, India, Syria, and Mali.