Mar
31

2011

Ralph’s TED talk is online

You can now watch Ralph’s TED talk here.

Mar
14

2011

Meet Ralph Langner and Richard Clarke in Hamburg

Ralph will discuss cyberwar with Richard Clarke on March 28 in Hamburg. If you are interested in participating, please register here.

Mar
13

2011

TED review

It’s hard to imagine a greater crowd and a better organization than at TED. I hadn’t heard about TED before Chris Anderson called to invite me for a talk, but I understood quickly why this venue is sold out months in advance. Besides the opportunity to listen to great talks from movers and shakers, it is virtually impossible to not get involved in conversation with interesting people after one or two minutes. Experiences like ending up in a discussion on Stuxnet with the CEO of one of the biggest software companies in the world who happened to follow our blog closely can probably happen only at TED.

Contrary to the impression you might get from the comments on my talk, I did not focus on attribution. (After the talk, Chris asked me on stage if Mossad was responsible for Stuxnet.) The talk itself was mainly about cyber forensics – how we discovered that Stuxnet’s goal is Natanz, and only Natanz. At the end I explained how Stuxnet compromises a digital safety system, and the threat that this poses for critical infrastructure in the US, Europe, and Japan.

Once that the talk is online, don’t be confused when I refer to controllers as “grey boxes” and to the MITM attack as a “reality blocker” – this was for a mostly non-technical audience.

Ralph Langner

Mar
10

2011

Vanity Fair reporter freak-out

Vanity Fair had an article about Stuxnet. Here’s some background information on this creative piece of embarrassment.
Read more »

Feb
26

2011

Security bloggers network award finalist

I almost missed it, but our blog had been nominated as a finalist for the 2011 security bloggers network awards. Thanks to the jury (Bill Brenner of CSOOnline, Ellen Messmer of Network World, Kelly Jackson-Higgins of Dark Reading and Larry Walsh of Channelnomics) for recognizing our work.

Ralph Langner

Feb
25

2011

See Ralph at TED

Ralph is going to speak next week at TED conference. The challenging task: Explain Stuxnet in ten minutes or less.

Feb
22

2011

Intercept, infect, infiltrate

Several journalists had asked if it would be possible that the attackers intercepted some of the control system shipments to Iran, installed Stuxnet on the controllers, and let them loose again on their way to Natanz. After all, it is known that this had been done before as some kind of best practice for sabotage.

While that is possible, it doesn’t make sense, since new controllers will be fully configured by local engineers during commissioning. However, that doesn’t invalidate the intercept scenario as such. For years, Siemens uses USB sticks to deliver license keys. So when you purchase a license of the Simatic Manager engineering software, you’ll get a license key on USB along with the distribution medium (CD). You definitely got to plug that USB stick into the engineering station in order to install the software. Infecting the license keys from an intercepted shipment would guarantee that the virus ends up on good targets, from which it can spread further. We don’t say that this is the way it happened, we just say this is a valid scenario.

Note: Eric Byres, Andrew Ginter and Joel Langill have just released a very good joint white paper on infection paths.

Feb
21

2011

Matching Langner’s Stuxnet analysis and Symantec’s dossier update

Symantec recently issued an update on their Stuxnet dossier, and many people wonder how their updated information might fit together with ours, so let’s take a look. Read more »

Feb
19

2011

The cyber arms race and what we can do about it

Back in November 2010, Andrew Ginter wrote a blog post in which he put Symantec’s Stuxnet dossier in the context of irresponsible disclosure. In a nutshell, Andrew argued that publishing technical analysis of cyberwar weapons in the midst of an ongoing cyber battle may enable the victim to better defend against the attack. In other words, the good guys would publicly deliver cyber reconnaissance for free, and that could become a problem if the attacked are bad guys. Read more »

Feb
17

2011

RSA conference and DoD’s take on cyber terrorism

I was planning to attend RSA conference, but unfortunately it didn’t work out. In the end it boiled down mostly to a monetary issue. In a blunt attempt to save the $2000+ attendance fee, I offered to do a presentation, but RSA said the agenda had already been closed. So I couldn’t take the opportunity to meet several friends (I do have friends), several other people who may view me as an enemy, and a whole bunch of interesting people as well. If I had gone to the Moscone Center, one of the sessions that I would have attended was Tuesday’s presentation by William Lynn on DoD’s cyber strategy. Read more »

Older posts «

» Newer posts