Stuxnet and bitcoin...

[iluvpie60]

Why are you posting something so stupid? Honestly, can you give us a real answer on why you felt the need to disappoint so many people in this forum today?

Stuxnet lol....

[1714599745]

1714599745

[1714599745]

1714599745

[1714599745]

1714599745

[Vessko]

My understanding of Stux is that it had a powerful basic core

Well, it depends how you define "powerful". It was one big mess of a code. Built from a framework of modules. A mouse built to government specifications.

that included at least two zero day exploits.

Four, if I remember correctly.

That is rare and why I consider it to be sophisticated.

Yeah, well, attacking a country's uranium enrichment equipment is unusual too, but that doesn't make the virus particularly sophisticated. Maybe I'm just biased, having seen so many really sophisticated tricks in viruses over the last quarter of a century... I still think that as a virus (i.e., as self-replicating code) Stuxnet was nothing special, no matter what else the code did.

This basic code was then elaborately modified to target specific hardware.

No, it wasn't modified. It was designed to do so from the get-go.

[Flashman]

Really, it was the oldskool "walking disk drive" hack applied to centrifuges.

[Hazard]

Not a chance

[RodeoX]

A PLC attacking worm with 4 zero day exploits is not sophisticated? I have to disagree. By the way, I don't think that the actual stuxnet code is a danger to bitcoin. But the idea of a malicious attack with similar code could be. Imagine if it were programed to find bitcoin ASICs. 

[Vessko]

A PLC attacking worm with 4 zero day exploits is not sophisticated? I have to disagree.

Then we'll have to agree to disagree. Have you actually analyzed the Stuxnet code? How many other computer viruses have you analyzed? Just trying to establish a basis of comparison here, you see.

I've been analyzing viruses since 1989. I've seen some pretty incredible things. Viruses that did not reside in any file or boot sector, or, in fact, anywhere on the disk (CodeRed). Viruses that resided in the unused disk space of the last cluster of the file (Number of the Beast). Viruses that infected directories, instead of files (Dir_II). Viruses that hid into unused areas of zeroes in the infected file (Lehigh). Viruses that hid in the header of the infected EXE files (TheRat) or even optimized that header in order to shorten it and free up space for themselves (Phoenix). Viruses that compressed the infected files (Cruncher). Viruses that infected the master boot sector by changing just one byte in a data area (Starship). Viruses that didn't save the original boot sector anywhere and performed its function themselves, instead. Viruses that infected documents (Concept) or spreadsheets (Laroux) or JPEG images (Perrun). Viruses that were just 29 bytes long (Trivial). Viruses that had cryptographically protected payload, so that we still don't know what they were supposed to do (Gauss). Viruses that infected multiple fundamentally different platforms, like both Windows and Linux, or Windows, MacOS and Android. Viruses that rewrite themselves to look different every time they replicate (V2P6). Viruses that chopped their own code into many parts and spread them all over the infected file (Commander_Bomber). Viruses that brute-forced their own encrypted code (i.e., didn't contain the decryption key) in order to slow down anti-virus products that use emulation (RDA_Fighter). And so on, and so on...

Compared to some of the stuff I've seen, a virus that is a humongous mess of code and replicates via USB sticks doesn't rate as "sophisticated", even if it uses 4 zero-day exploits, attacks unusual hardware configurations, and was used as a weapon against a nation-state.

But then I'm probably just biased. For most common people probably even just the ability to replicate makes a program "sophisticated"...

[RodeoX]

A PLC attacking worm with 4 zero day exploits is not sophisticated? I have to disagree.

Then we'll have to agree to disagree. Have you actually analyzed the Stuxnet code? How many other computer viruses have you analyzed? Just trying to establish...

That was a nice write-up. I have not truly analyzed any virus. But what I mostly see in the wild are simple script kiddy versions of well known viri. Perhaps we do not disagree so much. The examples you noted are very complex viri and compared to those stux is not so special. But it must be in the top percentile compared with viri in general?

[Flashman]

Well it seems to me that stuxnet was a tailored threat, aimed at systems of somewhat known configuration, whereas your generic virus has to proliferate on a number of wildly varying configurations that may have commonalities, but are different. Ergo, those have to be "smarter".

Now, a tailored threat for bitcoin mining? Well maybe you could take out KNC's operation or something, given enough intel about it, but different ASICs different mining programs, different OSes, different CPU instruction sets even (cgminer has been compiled for MIPsel, ARM, x86...) ... well let's just say it might have to be AI complete rather than merely smart to take out more than 50% and then it's only temporary disruption.

[Vessko]

Well it seems to me that stuxnet was a tailored threat, aimed at systems of somewhat known configuration

Yup. It didn't attack just any SCADA system. It didn't even attack just any SCADA system made by Siemens. It attacked a SCADA system made by Siemens that was used to control industrial regulators in a very specific configuration. We had an inkling that Iran's uranium enrichment facility was the target, but we had no proof. After all, we couldn't go to the Iranians and ask them "Hey, buddy, does your uranium enrichment setup happen to have this particular configuration of industrial controllers?". Until a colleague found an image on the site of the Iranian president, depicting his visit to the uranium enrichment facility:



See that computer screen in the foreground (the left one)? It's the screen of a PC controlling the centrifuges. The image on the screen shows graphically the configuration of the controllers - and it matched exactly the one Stuxnet was looking for.

As another colleague of mine joked once, we call this "open source intelligence".

whereas your generic virus has to proliferate on a number of wildly varying configurations that may have commonalities, but are different. Ergo, those have to be "smarter".

Ah, not really. If you read what I've written so far on this subject, you might notice that I said that Stuxnet was not very sophisticated as a virus. There is a reason why I used this specific phrase. You see, most people equate "virus" with "damaging program". This is ignorant at best. A virus is a self-replicating program. While it is true that the mere act of self-replication tends to cause damages of various kind, it is important to note that a virus doesn't have to be intentionally destructive, in order to be a virus. It can do nothing else besides replicating - and will still be a virus. The opposite is also true - a malicious program, no matter how destructive, is not a virus if it lacks the ability to replicate itself.

So, when I say that a virus is sophisticated, it means that it has a clever and unusual self-replication mechanism - or at least some clever mechanism for hiding its spread. Stuxnet had nothing of the sort. Stuxnet had a sophisticated payload - but for me what a virus does besides replicating is pretty much irrelevant. The self-replicating property is what classifies a program as a virus, so this is what is important to me when analyzing one.

[Flashman]

Shame the photog didn't aim a bit lower, coulda got the password on the post it note on the bottom of the monitor too

[mistercoin]

In theory, anything is possible. But probable ? Nope.

[mistercoin]

Well it seems to me that stuxnet was a tailored threat, aimed at systems of somewhat known configuration

Yup. It didn't attack just any SCADA system. It didn't even attack just any SCADA system made by Siemens. It attacked a SCADA system made by Siemens that was used to control industrial regulators in a very specific configuration. We had an inkling that Iran's uranium enrichment facility was the target, but we had no proof. After all, we couldn't go to the Iranians and ask them "Hey, buddy, does your uranium enrichment setup happen to have this particular configuration of industrial controllers?". Until a colleague found an image on the site of the Iranian president, depicting his visit to the uranium enrichment facility:



See that computer screen in the foreground (the left one)? It's the screen of a PC controlling the centrifuges. The image on the screen shows graphically the configuration of the controllers - and it matched exactly the one Stuxnet was looking for.

As another colleague of mine joked once, we call this "open source intelligence".

whereas your generic virus has to proliferate on a number of wildly varying configurations that may have commonalities, but are different. Ergo, those have to be "smarter".

Ah, not really. If you read what I've written so far on this subject, you might notice that I said that Stuxnet was not very sophisticated as a virus. There is a reason why I used this specific phrase. You see, most people equate "virus" with "damaging program". This is ignorant at best. A virus is a self-replicating program. While it is true that the mere act of self-replication tends to cause damages of various kind, it is important to note that a virus doesn't have to be intentionally destructive, in order to be a virus. It can do nothing else besides replicating - and will still be a virus. The opposite is also true - a malicious program, no matter how destructive, is not a virus if it lacks the ability to replicate itself.

So, when I say that a virus is sophisticated, it means that it has a clever and unusual self-replication mechanism - or at least some clever mechanism for hiding its spread. Stuxnet had nothing of the sort. Stuxnet had a sophisticated payload - but for me what a virus does besides replicating is pretty much irrelevant. The self-replicating property is what classifies a program as a virus, so this is what is important to me when analyzing one.

Does anyone else think that ahmadinejad is charismatic? In an evil, taking over the world, type of way?

[Flashman]

Does anyone else think that ahmadinejad is charismatic? In an evil, taking over the world, type of way?

How's his maniacal laugh? Does he monolog? Does he have a white persian cat? ... oh nvm, we can buy him one.