Slashdot Mirror

← Back to Stories (view on slashdot.org)

In an Age of Cyber War, Where Are the Cyber Weapons?

Posted by Soulskill on from the left-them-in-my-other-cyber-pants dept.

chicksdaddy writes "MIT Tech Review has an interesting piece that asks an obvious, but intriguing question: if we're living in an age of cyber warfare, where are all the cyber weapons? Like the dawn of the nuclear age that started with the bombs over Hiroshima and Nagasaki, the use of the Stuxnet worm reportedly launched a global cyber arms race involving everyone from Syria to Iran and North Korea. But almost four years after it was first publicly identified, Stuxnet is an anomaly: the first and only cyber weapon known to have been deployed. Experts in securing critical infrastructure including industrial control systems are wondering why. If Stuxnet was the world's cyber 'Little Boy,' where is the 'Fat Man'? Speaking at the recent S4 Conference, Ralph Langner, perhaps the world's top authority on the Stuxnet worm, argues that the mere hacking of critical systems is just a kind of 'hooliganism' that doesn't count as cyber warfare. True cyber weapons capable of inflicting cyber-physical damage require extraordinary expertise. Stuxnet, he notes, made headlines for using four exploits for "zero day" (or previously undiscovered) holes in the Windows operating system. Far more impressive was the metallurgic expertise needed to understand the construction of Iran's centrifuges. Those who created and programmed Stuxnet needed to know the exact amount of pressure or torque needed to damage aluminum rotors within them, sabotaging the country's uranium enrichment operation."

19 of 94 comments (clear)

  1. Really? by Anonymous Coward · · Score: 3, Interesting

    Haven't you been watching the news for the last six months?

    1. Re:Really? by icebike · · Score: 4, Interesting

      MIT Tech Review, (of all organizations) should know that cyber weapons aren't loaded onto airplanes and dropped like bombs, nor do they make a big noise.

      When you read the article they don't sound quite as clueless as the summary makes them out to be. Yet the comparison with nuclear weapons is one the article made right off the top.

      They speculate that Stuxnet was an anomaly not likely to be repeated. But that is only because Stuxnet was intended to be stealth and un-traceable. It is hardly the platform you would expect for a WAR time attack.

      Such weapons probably already exist, but since nobody with the cyber-weapon capability is actually at war with any other cyber target country, the weapons aren't being used. Its not like we used nuclear weapons on Iraq. Its not like the Syrian Electronic Army is much besides a bunch of script kiddies looking for weak spots.

      To use Cyber weapons, (as opposed to stealth cyber sabotage) you pretty much have to be at war. No one is willing to start one just to test a weapon. You can use clean room labs for that, and you are not likely to invite the MIT Tech Review to watch.

      --
      Sig Battery depleted. Reverting to safe mode.
    2. Re:Really? by rusty0101 · · Score: 2

      As fast as the internet generations flash by, I hate to say it, but cyber weapons are still at the throw rocks, wave spears and scream cat calls level. Think of cyber weapons (for now anyway) more as PC based biological warfare.

      We currently have limited vectors available. Stuxnet was sneakernet delivered to the systems it was designed to attack. It was essentially at the VD level of disease propagation. Yes it reached a large number of systems, but look at how many people end up with Syphilis and Gonorrhea every year.

      Botnets are fundamentally the common cold. You find out your system was infected, get it cleaned up, commit to washing your hands (install personal firewall software at least) and find out all your neighbors picked it up from somewhere as well, it sort of runs it's course, the immune system figures out how to take it out (AV software gets new signatures) and the virus mutates starting the cycle over again.

      We're a long way from the smallpox to ebola level of contagion. And the types of attacks that we're being told are cycber warfare attacks are substantially similar to monkeys throwing crap at the people watching them.

      --
      You never know...
  2. Classified by Anonymous Coward · · Score: 2, Interesting

    REALLY stupid question. It is not like they are going to wave them about for everyone to see. They most likely exist.

    1. Re:Classified by NFN_NLN · · Score: 2

      If Stuxnet was the world's cyber 'Little Boy,' where is the 'Fat Man'?

      Cisco gear is deployed in enterprise environments throughout the world.
      Windows dominates most desktops and has a large foot print for servers.

      The NSA has back-doors into all of them.

  3. LOIC? HOIC? by ganjadude · · Score: 2

    We have E-cannons already, skript kiddies have been using them for years now.

    --
    have you seen my sig? there are many others like it but none that are the same
  4. Backhoes? by TheVillageIdiot · · Score: 3, Informative

    Is there a doubt in anyone's mind?

    --
    Perception is reality
  5. The weapons are on chips, firmware or in the OS! by RocketRabbit · · Score: 5, Informative

    The weapons are on chips, firmware or in the OS! Did you not read that catalog that the Snowden fella kindly leaked for us?

    Ask Intel about iAMT and vPro. Ask China about Manchurian Microchips. Ask Microsoft about NSAKEY again, because if we didn't believe their lame excuses 10 years ago, we REALLY don't buy them today.

    Sure, the NSA probably has a large virus arsenal too, but when you can issue a National Security Letter to MS or Apple or Google or Mozilla, or simply activate one of our many programmer agents in place (such as in the IETF or at MS or Google) and just put the exploits wherever you like, viruses start seeming pretty silly. Heck, even our geopolitical adversaries are using US-made cyber-weapons - ahem, I mean operating systems and applications.

  6. Here's where they are. by Animats · · Score: 4, Informative

    Where are the cyber weapons? Already deployed and awaiting activation. Undocumented errata in major CPUs which allow bypassing memory protection. Preset keys in network cards allowing remote administration. Undocumented admin passwords in network firmware. Code signing certs in the hands of intelligence agencies. That's where.

  7. Re:The weapons are on chips, firmware or in the OS by deconfliction · · Score: 2

    Wow, parent god modded to -1 ...

    http://cryptome.org/2014/01/nsa-codenames.htm

    http://www.spiegel.de/international/world/catalog-reveals-nsa-has-back-doors-for-numerous-devices-a-940994.html

    http://www.wired.com/threatlevel/2013/12/nsa-hacking-catalogue/

  8. First Cyber-Weapon? by kenwd0elq · · Score: 2

    Wouldn't the Morris Worm qualify as the first "cyber weapon"? Granted it was crude and uncontrollable, but I'd bet that the same could have been made for the Mark 1 Mod 0 Blunderbuss 500 years ago.

    And I think that the power of a cyber-weapon would lie primarily in secrecy, like land mines; you don't know you're under attack until you've already taken considerable damage.

    1. Re:First Cyber-Weapon? by ark1 · · Score: 3, Informative

      US software 'blew up Russian gas pipeline' in 1982 is I believe the first instance of what can be considered cyber war (or sabotage).

  9. There have been other since Stuxnet by seibai · · Score: 4, Informative
    Stuxnet was in 2010. Since then we have at the very least:
    1. 1. Duqu in 2011
    2. 2. Finfisher in 2011
    3. 3. Flame in 2012

    All of those were used by governments. One was used for industrial sabotage; the other two to spy on people who were then assassinated. Are these not "cyber-weapons"? What makes them different from Stuxnet but the degree of press they received?

  10. Where else? by Chris+Mattern · · Score: 2

    In the hands of the Cybermen, of course.

  11. Self weaponizing infrastructure. by ka9dgx · · Score: 3, Interesting

    If we started building bunkers out of blocks of TNT, someone would rapidly figure out it was a bad idea.... but not so when it's abstracted several layers deep.

    In conventional munitions, it's necessary to deliver an explosive to a target. Thanks to the Unix security model, with its lack of any notion of multi-level security, we've created an entire infrastructure that's ready to self-destruct at a moment's notice. The military went on to actually procure and use multi-level security in a number of cases, while the idea is perceived as impossible, or unnecessary in the civilian space.

    All of our Linux, Mac OS, and Windows machines share the same brain dead security model. When you run code, you have to trust it not to be a virtual grenade, each and every time.

    The existence of billions of computers which blindly run code without actual security protecting the operating system (as a multi-level secure system does) is astoundingly stupid, and yet 99.9% of the "tech" community is just fine with this state of affairs.

    The infrastructure IS the weapon, its your job to change that over the next 20 years.... get crackin'

  12. Re:Well that's obvious... by Tablizer · · Score: 2

    I found the weapon!

    --
    Table-ized A.I.
  13. cold cyber war - 100,000 attacks from China daily by raymorris · · Score: 3, Interesting

    I'd guesstimate on average, we log about 50-100 attack attempts from Chinese IPs per server per day. Our sample size is only several thousand customer servers, but that's enough to get a rough idea of what's happening on the internet generally.

    There IS cyber war going on, much like the Cold War. It's not on the news every day, but it's happening just as much as Reagan was trying to defeat the USSR. The weapons aren't that advanced most of the time simply because they don't need to be - the targets very cooperatively run PHP scripts written by kids with NO security training whatsoever. When your admin interface is open to brute force and SQL injection attacks, advanced weapons aren't needed. The secretary of state and chairman of the senate defense committee have the same unpatched Linksys router at home as any random person. How many high level bureaucrats have VoIP at home? VoIP "protected" by Netgear's firewall?

  14. Where are they? by PPH · · Score: 3, Interesting

    Sitting in some cyber arsenal, awaiting use. The problem with cyber attacks is that once discovered, they can be defended against. So from a tactical point of view, they are best kept in reserve until the case for their use is overwhelming.

    As a part of Operation Orchard, it is theorized that Israel may have disabled Syrian air defense via back doors in their IT systems. If so, the existance of such back doors was revealed by a post mortem analysis and the holes in the systems plugged. So that would be a case of a one time use. It had better be worthwhile (and arguably, it was).

    The cyber weapons in the hands of criminal organizations are best used in a very low key manner, so as not to attract attention and patches. Criminals are probably continuing to bleed some credit cards for $9.85 here and there, hoping to stay under the radar for as long as possible.

    --
    Have gnu, will travel.
  15. why go through double firewalls unnecessarily by raymorris · · Score: 2

    All available evidence suggests that the vast majority originate in China. That makes sense - it would be silly to go through the great firewall, twice, and slow yourself down by going around the world and back, when you could just as easily use a US zombie.