Lessons Learned from Stuxnet

Originally published in The Clarion | July 25, 2012

This week I would like to take a general look at one of the more recent and possibly most noteworthy and successful cyber attacks ever to be revealed to the public. In the interest of doing my best to be as politically correct as possible so as not to offend anyone on either side of the aisle, let me say that the information contined herin has simply been derived from online reporting. I cannot confirm nor discount that any of the information included in this article as being entirely accurate, although the details that I will provide have been reported by multiple credible sources countless times over the last many months.

If you keep up with U.S. and worldwide news, odds are good you have heard the term ‘Stuxnet’. If not, Stuxnet is a computer virus or malware that within the last couple of years was planted in and attacked nuclear reactors in Iran. While very similar to many of the viruses and malware that infect personal computers daily, Stuxnet has some very unique characteristics about it, making it probably the most specifically targeted piece of software to-date. More recent news about Stuxnet has provided intensely detailed information about the malware, aiding many individuals, news organizations and even nations around the world to with almost entire certainity attribute the production and implementation of Stuxnet to a joint venture between the United States and Israel.

Stuxnet was designed to only infect computers running the Microsoft Windows operating system. This is very common in the world of viruses and malware, but additional components of Stuxnet set it apart from the rest. Only machines with additional specific software installed were infected – if Stuxnet reached a machine that did not include this additional software, it simply moved its way on to the next. Once installed onto the computer, Stuxnet reportedly began “phoning home”, providing specific information about specific targets within Iran’s nuclear facilities to those behind it. Stuxnet would also, once connected to another specific piece of equipment, embed itself in a way that was essentially transparent. Unlike most viruses or malware, Stuxnet was designed to either be entirely invisible or to appear as a legitimate process on the infected machine. Thanks to this, Stuxnet went months if not years before anyone in Iran was able to identify it.

Its functionality was pretty simple – the malware instructed the centrifuges at Iranian nuclear sites to randomly slow down to a crawl then rapidly speed up again, resulting in an eventual hardware failure within the reactor. I will leave you with one key component of Stuxnet – one that I feel each and every one of us can learn a lesson from. Unlike most computer viruses and malware that is spread across the Internet via eMail, websites and other sources, the delivery of Stuxnet was only via a simple USB drive. Think about it – specific human actions were required to introduce Stuxnet into Iran’s nuclear facilities. Many lessons can be learned from this one simple but extraordinary fact.

Share

Cyber War – What is it Good For??

Originally published in The Clarion | July 18, 2012

War is a controversial subject to say the least. While some think that as a nation we should never put our brave women and men in harms way, others see it as a necessary evil to protect our freedoms. Over the centuries, countless wars have been fought for just as many countless reasons. Results of these wars have included an untold number of deaths, entire nations losing their soil to the enemy and even the complete annihilation of races. Unknown to many of us, our nation has been involved in a war for many years. I am not referring to the combative conflicts our soldiers are actively engaged in around the world. This war is a war of technology, an ongoing conflict similar to a chess game where day in and day out someone new reaches a pinnacle, only to be toppled off once again. This war, unlike any in the history of our world, engages some of the brightest minds around the globe. Call it what you want, but our country is actively involved in a Cyber War.

Many times I have mentioned the bad guys on the ‘net. Those folks, for any number of reasons, who simply enjoy wreaking havoc on computing systems. Some simply do it for the challenge, others have much more destructive goals. Typically, the result of a successful cyber attack does not result in physical damage or loss of human life. The eventual prize though is often almost as valuable. Every day simple people like you and I lose assets to cyber criminals. Whether our bank gets hacked, our home computer becomes compromised giving up extremely sensitive information, our our federal government loses highly classified information, cyber attacks typically result in very unfavorable outcomes to those who are victimized.

As technology has advanced over the years, entire nations have formed teams of highly intelligent, highly capable individuals whose sole purpose is to attack their foes. They work any and all hours of the day; unlike traditional warfare, there are no rules when it comes to cyber war. Alongside these teams – or armies, if you will – are teams of cyber defenders. While the attackers do everything within their technical know-how to gain access to information and assets of the enemy, the defenders spend all of their time working to protect the goods that are being sought. Along both sides, information is constantly gathered, much of which is seemingly invaluable at the moment it is secured, but could and often is found to be highly valuable at some point down the road. The ongoing cyber war is one that I imagine will never come to an end. I am very grateful that our nation has some of the most talented and intelligent individuals in the world, although sometimes even they cannot keep our assets entirely secured. Next week we will look at one of the more recent cyber attacks and try to better understand through this event how serious cyber war really is.

Share

Laptops – Choosing the Right Tool for the Job

Originally published in The Clarion | July 11, 2012

I am often asked things like “What is the best laptop I can buy for the money?”. Questions such as this are quite difficult at best to answer without additional information. It would be similar to asking a mechanic the same type of question, except about automobiles, when he doesn’t know the primary reasons for your wanting a new ride. When it comes to laptop computers, or any computing device for that matter, there are many factors to consider in choosing the right device for the situation. While most computers serve very similar functions, it is the details that are most important in choosing the right tool for the job.

Let’s get a couple things out of the way up front. When it comes to devices like laptops, there are only a small handful of manufacturers who actually produce the hardware. If you are a Mac fan or interested in purchasing a MacBook, rest assured that only Apple Corporation (actually the companies they hire to do the work for them) produces their products. For PC-based machines, there are many companies who sell laptops, and while they may look quite different on the outside, most are manufactured by only a few overseas corporations. With the exception of a few vendors who (finally) are selling machines with some flavor of the Linux Operating System installed, a typical consumer is going to find many laptop vendors selling many different looking devices on the outside that are essentially identical on the inside including the latest Windows Operating System.

I must admit that Apple makes a very nice line of hardware. Unfortunately though, by rule Mac devices are pricey when compared to PC-based alternatives. With that, if you are willing to pay the price, I feel that you cannot go wrong with purchasing a laptop from Apple. Since going to an Intel-based architecture, software incompatibility on Mac’s with the Windows and Linux operating systems is no longer an issue. Mac devices are known for their superior graphics capabilities and to be honest, if someone were to give me a MacBook I am sure I would use it. In the PC/Windows world, choosing the right device for the job simply comes down to what the device will primarily be used for. For simple Web browsing, eMail and other Web-based jobs, a screaming high-dollar machine is simply not necessary. On the other hand, you might want to use your laptop to stream High Definition video and audio from the Web and send those signals to an HD television in your home. The latter scenario most definitely would require a speedier processor, more RAM and the proper hardware to get the signals to your television. Other requirements like gaming and graphics manipulation would also dictate a more robust machine. Whatever your needs, simply take the time to explore all of the available options in the market before making your purchase and most likely you will be happy with your new device for many years to come.

Share

NTP – The Solution to Accurate Time

Originally published in The Clarion | July 04, 2012

Time is an interesting thing. We have tons of it until we have none, at which point it really doesn’t matter. Our daily lives revolve around time – appointments are scheduled for specific times, we must show up to work on time, assuming we wake up on time of course. We typically eat meals at specific times, at least at certain times of the day. A world without a measure of time is one that is hard to imagine, and to many of us being on time is of very high importance. In the realm of technology, time is critical. Even a few milliseconds (one thousandth of a second) can be the difference in a functioning system and one that fails to produce.

As we have become ever-so-dependant on electronic gadgetry in our daily routines, having the correct time on the devices we use and depend on for many aspects in our lives is critical. Wristwatches and alarm clocks have been replaced by cellphones. It’s somewhat humorous to consider all of the devices that have been replaced by one simple device like a cellphone – but one must admit this is most definitely a fact of life in the 21st Century. The key to having all of our gadgets function properly when considering time is the Network Time Procol of NTP. Our wireless devices are highly dependant on NTP, either directly or via a remote server, to keep the clocks in our gadgets as accurate as possible. Without NTP, those of us who are highly sensitive to being on time would have to regularly check and adjust our clocks to ensure their accuracy. I remember growing up and setting our home VCR to record specific television programs when we weren’t able to be home. Making sure the VCR clock was accurate was of utmost importance – if the clock was wrong, I would most definitely miss my favorite show. This is just one example of the importance of accurate time.

Thanks to NTP, most of us don’t have to worry about having the correct time (unless, of course, the NTP server fails to communicate with our devices). Along with our cellphones, our computing devices, Digital Video Recorders, servers of all kinds and many other devices routinely use NTP to sync their internal clocks. A server with the incorrect time can cause all sorts of problems on a data network, services might simpy shut down if the server’s clock is inaccurate. Even having the wrong time on your personal computer can cause eMail messages you send to be rejected if the timestamp in the message is off by more than a few minutes. As they say, timing is critical – and ensuring all of our devices have the correct time is something none of us typically wish to fool with. Thanks to NTP, our lives are much simpler and on schedule.

Share