Week in Security: Stuxnet Revelations and Black Hat Happenings

Stuxnet chat saturated the news this week after the New York Times got the cyber security echo chamber going with a story delving into the mysterious worm. But Stuxnet was hardly the only news this week, which also saw new research from the Black Hat Briefings conference in Washington D.C. and progress on the strange disappearance of security researcher Dancho Danchev. Read on for the full week in review.

Week in securityStuxnet chat saturated the news this week after the New York Times got the cyber security echo chamber going with a story delving into the mysterious worm. But Stuxnet was hardly the only news this week, which also saw new research from the Black Hat Briefings conference in Washington D.C. and progress on the strange disappearance of security researcher Dancho Danchev. Read on for the full week in review.

Stuxnet led the headlines this week, after the New York Time suggested the worm was the product of a joint U.S.-Israeli operation to hamper Iran’s uranium enrichment program. But in a Black Hat talk given Tuesday, security consultant Tom Parker delved into Stuxnet and concluded that the worm wasn’t “all that.” In particular, Parker argued that its developers may have not been as advanced as the press has purported. After using a tool he created to analyze code in Stuxnet and other popular worms, Parker called Stuxnet fairly low quality and reasoned: “This was probably not a western state. There were too many mistakes made. There’s a lot that went wrong.”

Cryptographer Nate Lawson chipped in with his own thoughts on Monday, alluding to the laziness of the worm’s authors when it came to concealing the payload and targets.

“Rather than being proud of its stealth and targeting, the authors should be embarrassed at their amateur approach to hiding the payload,” Lawson wrote.

A post on Wednesday examined theories on the Stuxnet from journalists Catherine Collins and Douglas Frantz. In their new book, Fallout: The True Story of the CIA’s Secret War on Nuclear Trafficking, they posit that Stuxnet is just the latest in a years-long effort by the U.S. and its allies to prevent nuclear proliferation.

Attacks against mobile devices were a hit this week at Black Hat. One of the more out of the ordinary attacks was developed by researcher Ralf-Philipp Weinmann. The attack allows Weinmann to send packets over the air, crash a phone, reboot it and allow an attacker to install a rootkit or backdoor. Technical in nature, the attack took nearly a year to perfect, according to the researcher.

The news falls in line with predictions culled from Cisco System’s 2010 Annual Report, released on Wednesday. The report foresees 2011 being fraught with mobile device insecurities, particularly on iPhones and Android phones, as well as the further proliferation of the Zeus botnet.

It’s clear Zeus isn’t slowing down, but is expanding on more fronts. There was the news, this week, that the botnet has partnered with SpyEye to create a mega-botnet, it wouldn’t be surprising if we saw more intricate bots surface as the months go on. A report by Trusteer this week asserts the botnet has evolved so much it’s even begun targeting online payment systems. Firms like Nochex, Web Money and Money Booker have been hit over the last few months, suggesting a new pattern for the New Year.

What did you find interesting this week? Dennis continued reporting from Black Hat on Thursday and covered a talk where Ryan Kazanciyan and Sean Coyne, consultants from Mandiant, reviewed just how attackers steal data from their victims.

Suggested articles

biggest headlines 2020

The 5 Most-Wanted Threatpost Stories of 2020

A look back at what was hot with readers — offering a snapshot of the security stories that were most top-of-mind for security professionals and consumers throughout the year.

Discussion

  • Anonymous on

    If your trying to destroy a nuclear computer system and you have a worm on a USB stick, you don't care if they reverse engineer it. you get your worm in there anyway you can to format c: /u

     

    Come on threatpost, YACSPS!

    (yet another crap stuxnet propaganda story)

     

    How about threatpost explain how a worm which was brought in via usb should be reason for Obama to have:

    Internet ID

    Internet Killswitch

    Internet Takeover

    http://www.infowars.com/confirmed-stuxnet-was-false-flag-launched-by-israel-and-u-s/

    Want me to keep buying your Kaspersky?  Better stop with the propaganda.  Your time is running out.

     

  • Anonymous on

    Actually, IIRC I already warned you about this stuxnet propaganda.  

    I'm done with your propaganda.  Do you hear me!?

    Your netblock will be blocked.  I won't renew KIS. I won't recommend it.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.