Showing posts with label Stuxnet. Show all posts
Showing posts with label Stuxnet. Show all posts

Friday, July 14, 2017

A Federal Department of Cyber Security?

Op Ed in Wednesday's Wall Street Journal calls for creation of one.  The writers want to consolidate some 11 existing cyber security agencies into one new cabinet level department.  Like we did creating the Homeland Security Dept some 15 years ago.  Sounds cool. I wonder what such a new bureaucracy would do, other than draw their pay.  The writers by the way, both work for Sullivan and Cromwell, a law firm doing cyber security work.  They probably figure that a big cyber security department could write bigger contracts that 11 smaller ones. 
  There are probably 300 million computers in the country, pretty much all of 'em running Windows, the world's most vulnerable operating system.  Some fraction of these (1/10th? 1/4?, maybe even 1/2?) have critical data, voter registration, credit card data, phone bills, driver registrations, title deeds, stock ownership, bank accounts, and more.  Destruction or even just tampering with any of this stuff would cause all sorts of havoc.  Not to forget national security stuff , codes, ciphers, location and numbers of nuclear weapons, plans for warplanes, operational orders, size and strength of the armed forces, war plans, effectiveness of weapons, and more.   And finally there is control of things like the electric power grid, nuclear power plants, the phone network, the Internet, even city traffic lights.  Putting out the lights, even just fouling up the NYC traffic lights would be very very expensive. 
  Keeping all this stuff secure is low level work, the system administrator of each of how many million computers, has to insist on strong user passwords, disabling passwords of employees leaving the outfit, weekly backup, keeping each machine up-to-date on Microsoft patches, keeping critical machines in locked rooms, insisting on periodic password changes, searching for and eradicating malware, insisting that only one firewall machine be on the public internet all the rest go thru the firewall machine to get to the net.  It's the unsung efforts of a vast number of low level workers that keeps us as secure as we are.  I don't see how a high level  cyber security department would help out here. 
   Users, commercial, military, and state, ought to come together and pressure Microsoft to close the many gaping holes in Windows security.  Microsoft ought to disable autorun (we spread Stuxnet on the Iranians via autorun).  Microsoft ought to remove the Basic language interpreters inside Word, Excel, and probably other stuff.  The Basic capability is never used by real users, and allows damaging malware to be hidden inside harmless looking documents, sent as e-mail attachments to infect victim computers.  And there are dozens of other Windows loopholes that anyone versed in Windows internals can tell you about.  Concerted pressure from all users might shape the Microsofties up.  
   As for the controlling of things, electric power generators, transfomers, trains, rolling mills, air traffic, etc. One simple rule will do a lot of good.  Never pass control or monitoring signals over the public internet or the public telephone network.  Run your own dedicated line, preferable fiber optic, preferably on your own poles.   Make it so hackers would have to climb a pole and tap a line to gain control.  Fiber optic is much harder to tap than traditional copper pairs. 
   We have a huge army of under employed lawyers in this country.  Tell the affected companies that we will sic those lawyers on them should they equipment fail because some hacker gained control over the internet. Keep it off the internet and we will be much safer. 

Saturday, March 7, 2015

Beware the malware spreading flashdrive

Flashdrives, very convenient, very big, and deadly.  It was flashdrives that spread the Stuxnet virus into Iranian secure nuclear enrichment network.  Flashdrives with the virus were scattered in the parking lot.  Sharp eyed employees spotted them, picked them up, and took them into work.   Once the flashdrive was inserted into a computer, Stuxnet was sucked off the drive and started up. 
   Why does this work?  Blame Micro$oft.  Way back, about Win 95 time, the microsofties put "Autorun" into Windows.  It's still there.  Back in Win 95 days, before flashdrives, Autorun would scan every CD inserted in the CD drive and attempt to run program disks (say a new copy of Office) or to play music disks.  Automatically, hands off.  It was possible to turn off Autorun, but the turn off wasn't reliable, Autorun would come back to life at unexpected times. 
   Now that we have flashdrives, Autorun attempts to run any program it finds on the flash drive.  For that matter it still tries to run CD's, and floppy disks. 
   So, inserting a flashdrive in your computer can open it up to hackers, to use in bot nets, to launch Distributed Denial of Service attacks, to read all your email and suck up all your passwords.  And post any embarrassing photos they may find on your hard drive.  If I was running a secure network, I would use a pair of diagonal cutters to snip off all the USB ports on all the secured machines. 

Sunday, May 19, 2013

Microsoft Malicious Software Removal Tool

It's right up to date.  It even looks for Stuxnet, that nobody-but-the-Americans-will-own-up
-to virus that  did such a good job slowing down the Iranian nuclear weapons program.

Wednesday, March 6, 2013


Op Ed in today's Wall St Journal calling for new federal laws to harden up cybersecurity.  Author is a Texas Republican congressman on the Homeland Security Committee.  He talks about the risks, which are real.  Then he wants new laws.  Just what he wants to make law is less clear.  He mentions "necessary liability protections" and "streamlining processes" which don't mean much to me.  I am suspicious of "necessary liability protection".  Fear of tort lawyers suing the company down to its socks is a good motivator to tighten up security. 
   In the real world what cyber security means is the computer administrators all across the private and public sectors tightening up on passwords, disallowing login from the public internet, and paying real bucks to buy private lines to remote sites rather than passing everything over the wide open public internet.
  It means Microsoft has to close the gaping holes in Windows security.  Right now you can plug a CD or a flashdrive into a Windows computer and Windows will automatically and secretly load and execute what ever malware is on that media.  This is how the hard hitting Stuxnet worm was loaded onto Iranian computers.  Flash drives with Stuxnet in them were scattered about the parking lot and sharp eyed employees walking from their cars picked them up and took them into work.  There are dozens of other holes in Windows, it's like Swiss cheese.  Any high school kid can break into Windows  without working up a sweat.