Center for Strategic Assessment and forecasts

Autonomous non-profit organization

Home / Defence and security / / Articles
The super viruses - merciless weapons intelligence in cyber warfare
Material posted: Publication date: 29-09-2012

They can enter a network that is not connected to the Internet, hit highly secure computing systems and mobile phones of people passing by the infected computers. Even antivirus software may not protect from super viruses, developed with the participation of intelligence agencies of different governments. CHIP will tell you what technologies are behind Stuxnet, Duqu and Flame.


Purpose: destruction of Iranian centrifuges for uranium enrichment

100 000 industrial computers infected by Stuxnet, but his goal was only one — the one that worked in the underground factory on uranium enrichment in the Iranian city of Natanz. This virus was a weapon in the first of which became known to the cyber war, According to a Washington Post article, the attack was organized by joint efforts of the NSA, the CIA and Israel's "Unit 8200". The cyber operation began in 2006 under President George W. Bush and codenamed "Olympic games".

Mechanism of action

1. The Stuxnet INFECTION gets into the primary network on a USB stick, most likely with the help of insider.

2. MANIPULATION Using vulnerabilities "zero day", the virus establishes control of the computer and implements the control program.

3. UPRAVLAUSHIY CODE control code into a computer by means of USB drive, gets to the second protected network.

4. ATTACK ROUTER once the code gets to the router industrial network, the virus takes control.

5. The DESTRUCTION of the Virus instructs the centrifuges to increase the speed that destroys the installation.

Duqu and Flame

Objective: collect information for further attacks

Duqu 500 000 euros would be worth on the black market vulnerability, using which the developers of the Duqu Trojan was turned the wrong PC in and zombie computers. It was enough to click on the Word file to get full access to the operating system kernel. Even the Microsoft experts took two weeks to understand how the malicious program. A former employee of the NSA at a conference Defcon told CHIP that the special division in the us secret service investigates vulnerabilities "zero-day" in order to then use them in attacks on foreign industrial system. The case even attracted resources outsourcing. According to Forbes, the company Vupen specialising on security issues, only in December last year earned $250,000 on the sale of the state identified vulnerabilities.

Flame 80 domain names used the latest "official" BSOD Flame for communication between the programmer and the infected computers. All domains were registered to dummy persons in Germany and Austria. Effort and money spent on such a project, clearly indicate on the government, say experts from Symantec. Experts also believe that the successor of Stuxnet and its "relatives" is in development, if not already in use.

Mechanism of action

1. INFECTION Through specially prepared Word file, the attacker gains root rights for Duqu. Flame pretending to be an update for Windows.

2. KIDNAPPING Duqu and Flame install keyloggers to collect information about the system and network connections. In both cases, the infected systems are working as proxy servers.

3. INFECTION of the Flame also collects PHONES via Bluetooth content from mobile phones located near the PC. This worm uses a vulnerability of the Protocol, which is still not very well researched.

4. MANAGEMENT AND CONTROL of the Attacker retrieves the data and sends control commands to Duqu with servers in Belgium and India. Flame takes command with more than 80 domains.

Cyber warfare: facts and figures

1. "Chronicle"

2. 500 000 000 dollars the Pentagon spends annually to American cyber infrastructure. Part of that money allegedly was used to develop Stuxnet.
3. 3000 lines of code contains the Flame virus, according to "Kaspersky Lab". For comparison, Stuxnet consists of 15,000 lines. Flame but more complex library, so it is 20 times more.
4. 150 countries are currently developing measures to combat cyber attacks. The virtual space is regarded as a fourth area of hostilities — along with land, air and sea.

Viruses in finished devices

Network card hacking conference Guillaume Deluge, an expert security firm Sogeti ESEC, showed how a rootkit can be installed into the memory available on the market of network cards.

The periphery of the Experts of the firm Netragard were able to penetrate the corporate network of the enterprise, where they have expertise, with the help of a computer mouse. It was embedded Board with the microcontroller, starting after the device is malicious code.

Computer chips Researchers from Cambridge University found in Chinese chip backdoor, which can change the functionality of the devices.


RELATED MATERIALS: Defence and security