Army Rumour Service

Register a free account today to become a member! Once signed in, you'll be able to participate on this site by adding your own topics and posts, as well as connect with other members through your own private inbox!

Cyber attack 'collateral damage'

To be fair, 'back door' is an old one, and they pretty much lived up to the name. It used to be quite trivial to Trojan a bit of innocuous software with a copy of netcat and get a command line for the 'infected' machine while hiding it from Task Manager.



#fascinating
 
Especially when the have a HDD, recording every document scanned. I've never come across that. No siree. Especially not in an office with an air gapped network handling Secret level data.

Phew.

Dodged a bullet there, and no mistake.
 

A.N.Other

Old-Salt
Phew.

Dodged a bullet there, and no mistake.
You expect the business users will not understand the risk. But the security team? I had raised this risk/breach, only to find it hadn't been resolved over 6 months later. The "fix" given to the guys using the MFD was to unplug the network cable when scanning!

I went to the business Snr management and it was fixed pretty damn quick.

T
 
From 2014.
German politicians are considering a return to using manual typewriters for sensitive documents in the wake of the US surveillance scandal.
That's not very secure, about 30 years ago something strange was going on at work that we weren't told about.

One guy replaced the ribbons in the secretary's typewriter and opened the used one up. It was like a transfer film and where the character had been typed there was clear film. Simple matter to see exactly what had been typed.

Sent from my SM-T510 using Tapatalk
 
That's not very secure, about 30 years ago something strange was going on at work that we weren't told about.

One guy replaced the ribbons in the secretary's typewriter and opened the used one up. It was like a transfer film and where the character had been typed there was clear film. Simple matter to see exactly what had been typed.

Sent from my SM-T510 using Tapatalk

It's a bit difficult to do that over the internet though
 
That's not very secure, about 30 years ago something strange was going on at work that we weren't told about.

One guy replaced the ribbons in the secretary's typewriter and opened the used one up. It was like a transfer film and where the character had been typed there was clear film. Simple matter to see exactly what had been typed.

Sent from my SM-T510 using Tapatalk
Depends, if you get the reversible ribbon type you can over type repeatedly, and then burn after use.
 
If I want to download dodgy stuff and test it out - I just open a sandbox and do it all from that, that way it doesn't mess with your computers files. Also you can use a virtual Machine for doing the same thing....just saying.
Good luck with that



 

Wordsmith

LE
Book Reviewer
Truly effective security is possible bit it requires professionals, who are in short supply, and constant vigilance which is expensive. It is, to use an oft-repeated cliche, an arms race. And at the risk of stretching an analogy the key to winning it is threat intelligence.

Yep. And an underlying problems is that companies wanting cyber security assessments and many of the companies providing them don't look at things from a strategic perspective. It's "I'll have five web application pen tests and a couple of server build reviews this month please".

Never "I'll have fewer security assessments, and with the money I'm not spending on those, I'll ask you to do a review of our secure development practices, so we get less instances of vulnerable code in our code case in the first place".

Wordsmith
 

Wordsmith

LE
Book Reviewer
Especially when the have a HDD, recording every document scanned. I've never come across that. No siree. Especially not in an office with an air gapped network handling Secret level data.

Heard an interesting (internal) presentation a couple of years back about how you could theoretically use SDR (Software Defined Radio) to exfiltrate data at high speed off an air gapped network, providing you could get the SDR onto the air gapped network n the first place. Convert your data to ultrasound (above everyone's range of hearing), transmit it and collect the ultrasound on a suitable receiver, then recover the data.

Wordsmith
 
Heard an interesting (internal) presentation a couple of years back about how you could theoretically use SDR (Software Defined Radio) to exfiltrate data at high speed off an air gapped network, providing you could get the SDR onto the air gapped network n the first place. Convert your data to ultrasound (above everyone's range of hearing), transmit it and collect the ultrasound on a suitable receiver, then recover the data.

Wordsmith

So similar to hiding data in images within the binary data that to the naked eye will look no different than expected, data hiding in plain sight really
 
People talking about "air gaps" as a security solution might want to remember that the systems that were the target of the Stuxnet attack were air gapped.
 

Yokel

LE
People talking about "air gaps" as a security solution might want to remember that the systems that were the target of the Stuxnet attack were air gapped.

If I remember correctly, the system was not connected to the internet in any way, so investigators reckoned it must have been introduced by some sort of media device smuggled in to the plant.

I am sure I remember attending lectures talking about 'sheep dipping' incoming media on a machine not connected to the network.
 
Hey, some idiot from Accounts just dropped this USB stick in the car park. It says "2020 Salary Reviews".
 
If I remember correctly, the system was not connected to the internet in any way, so investigators reckoned it must have been introduced by some sort of media device smuggled in to the plant.

I am sure I remember attending lectures talking about 'sheep dipping' incoming media on a machine not connected to the network.
The centrifuge system was controlled by bog standard industrial controls, Siemens S7-315s if I recall correctly. The PLC and HMI programs (software) was written by a contractor in Europe (I think Russia, but possibly elsewhere).

As I recall the explanation it was simply a matter of finding out who had the contract and sending him an email with a bog standard Windows virus containing Stuxnet as a payload. He would have read the email on the same laptop he was using to write the software for the control system. When he loaded the programs into the equipment in Iran the virus got carried along into the equipment. "Air gapped" is never 100% air gapped, because there otherwise would be no means of getting the equipment to work.

Other unrelated plants in various parts of the world (I seem to recall Germany, India, Indonesia, and others) got hit with Stuxnet as well, producing collateral damage, so either the Americans were using a shotgun approach to sending it out or it was getting spread by means other than just a targetted email.
 
The centrifuge system was controlled by bog standard industrial controls, Siemens S7-315s if I recall correctly. The PLC and HMI programs (software) was written by a contractor in Europe (I think Russia, but possibly elsewhere).

As I recall the explanation it was simply a matter of finding out who had the contract and sending him an email with a bog standard Windows virus containing Stuxnet as a payload. He would have read the email on the same laptop he was using to write the software for the control system. When he loaded the programs into the equipment in Iran the virus got carried along into the equipment. "Air gapped" is never 100% air gapped, because there otherwise would be no means of getting the equipment to work.

Other unrelated plants in various parts of the world (I seem to recall Germany, India, Indonesia, and others) got hit with Stuxnet as well, producing collateral damage, so either the Americans were using a shotgun approach to sending it out or it was getting spread by means other than just a targetted email.

Maybe the source was on a repository on the likes of Github, if the virus go onto the software for the control system and he pushed an update it wouldn't be hard for it to spread
 

Yokel

LE
The centrifuge system was controlled by bog standard industrial controls, Siemens S7-315s if I recall correctly. The PLC and HMI programs (software) was written by a contractor in Europe (I think Russia, but possibly elsewhere).

As I recall the explanation it was simply a matter of finding out who had the contract and sending him an email with a bog standard Windows virus containing Stuxnet as a payload. He would have read the email on the same laptop he was using to write the software for the control system. When he loaded the programs into the equipment in Iran the virus got carried along into the equipment. "Air gapped" is never 100% air gapped, because there otherwise would be no means of getting the equipment to work.

Other unrelated plants in various parts of the world (I seem to recall Germany, India, Indonesia, and others) got hit with Stuxnet as well, producing collateral damage, so either the Americans were using a shotgun approach to sending it out or it was getting spread by means other than just a targetted email.

Why not use one laptop for program development and uploading it to the customer system, and another one for e-mail and admin jobs? Just like separating admin and operational functions in an organisation, or separating power and signal cables, or using only sterile equipment in an operating theatre...
 

Latest Threads

Top