Jun
03

2011

A declaration of bankruptcy for US critical infrastructure protection

According to the Wall Street Journal, DoD’s first formal cyber strategy is based on the doctrine that a cyber attack on US critical infrastructure can be retaliated by a conventional military strike. The article is decorated with macho statements from unidentified military officials, such as “if you shut down our power grid, maybe we will put a missile down one of your smokestacks.” The military person who said that may have had full confidence in how deterring and frightening his or her line would be to wannabe attackers, and yet could not be more off the mark. Here is what everybody can read from DoD’s cyber strategy, given that the WSJ’s report is authentic (which I don’t call in question):

Read more »

May
31

2011

Meet Ralph in Tallinn

Ralph is going to talk next week at NATO’s International Conference on Cyber Conflict in Tallinn, Estonia.

Mar
31

2011

Ralph’s TED talk is online

You can now watch Ralph’s TED talk here.

Mar
14

2011

Meet Ralph Langner and Richard Clarke in Hamburg

Ralph will discuss cyberwar with Richard Clarke on March 28 in Hamburg. If you are interested in participating, please register here.

Mar
13

2011

TED review

It’s hard to imagine a greater crowd and a better organization than at TED. I hadn’t heard about TED before Chris Anderson called to invite me for a talk, but I understood quickly why this venue is sold out months in advance. Besides the opportunity to listen to great talks from movers and shakers, it is virtually impossible to not get involved in conversation with interesting people after one or two minutes. Experiences like ending up in a discussion on Stuxnet with the CEO of one of the biggest software companies in the world who happened to follow our blog closely can probably happen only at TED.

Contrary to the impression you might get from the comments on my talk, I did not focus on attribution. (After the talk, Chris asked me on stage if Mossad was responsible for Stuxnet.) The talk itself was mainly about cyber forensics – how we discovered that Stuxnet’s goal is Natanz, and only Natanz. At the end I explained how Stuxnet compromises a digital safety system, and the threat that this poses for critical infrastructure in the US, Europe, and Japan.

Once that the talk is online, don’t be confused when I refer to controllers as “grey boxes” and to the MITM attack as a “reality blocker” – this was for a mostly non-technical audience.

Ralph Langner

Mar
10

2011

Vanity Fair reporter freak-out

Vanity Fair had an article about Stuxnet. Here’s some background information on this creative piece of embarrassment.
Read more »

Feb
26

2011

Security bloggers network award finalist

I almost missed it, but our blog had been nominated as a finalist for the 2011 security bloggers network awards. Thanks to the jury (Bill Brenner of CSOOnline, Ellen Messmer of Network World, Kelly Jackson-Higgins of Dark Reading and Larry Walsh of Channelnomics) for recognizing our work.

Ralph Langner

Feb
25

2011

See Ralph at TED

Ralph is going to speak next week at TED conference. The challenging task: Explain Stuxnet in ten minutes or less.

Feb
22

2011

Intercept, infect, infiltrate

Several journalists had asked if it would be possible that the attackers intercepted some of the control system shipments to Iran, installed Stuxnet on the controllers, and let them loose again on their way to Natanz. After all, it is known that this had been done before as some kind of best practice for sabotage.

While that is possible, it doesn’t make sense, since new controllers will be fully configured by local engineers during commissioning. However, that doesn’t invalidate the intercept scenario as such. For years, Siemens uses USB sticks to deliver license keys. So when you purchase a license of the Simatic Manager engineering software, you’ll get a license key on USB along with the distribution medium (CD). You definitely got to plug that USB stick into the engineering station in order to install the software. Infecting the license keys from an intercepted shipment would guarantee that the virus ends up on good targets, from which it can spread further. We don’t say that this is the way it happened, we just say this is a valid scenario.

Note: Eric Byres, Andrew Ginter and Joel Langill have just released a very good joint white paper on infection paths.

Feb
21

2011

Matching Langner’s Stuxnet analysis and Symantec’s dossier update

Symantec recently issued an update on their Stuxnet dossier, and many people wonder how their updated information might fit together with ours, so let’s take a look. Read more »

Older posts «

» Newer posts