Connect with us

Technology

Stuxnet: a New Era in Global Security

Alexandra Goman

Published

on

Stuxnet was a malware which affected an Iranian nuclear facility (along with couple of other industrial sites across the world). It was found in 2010 but it took quite a while to actually discover it. What is particular about it is the fact that it crossed the line between cyber and physical domain, showing that it was possible to use a code to damage a critical infrastructure.  Before it, a general debate in national / global security on how a critical infrastructure can be targeted and damaged through the information system has only been theoretical.  After Stuxnet it was evident that cyberspace could be exploited and used to launch cyberattacks in order to cause physical damage. So what actually happened?

On June 17, 2010 Sergey Ulazin from a small security company in Belarus received a help-request for technical support from a customer in Iran. Arbitrary BSODs (a stop error after a system crash) and computer reboots were reported. After careful examination and a regular check for system malfunction, it was discovered that a malware infection was probably involved (The Man Who Found Stuxnet – Sergey Ulasen in the Spotlight). Having a stealthy nature and strange payload, it was later named Stuxnet, according to the file-name found in the code. A computer worm infected at least 14 industrial sites in Iran along with the uranium-enrichment plant in Natanz.

It carried genuine digital certificates (they guarantee that you can trust a file) from recognized companies, and it was well-developed and direct. The malware was able to determine the target it was looking for. In case, it was not, it did nothing and moved on to another system. This “fingerprinting of the control systems” proved that it was not just an average malicious program, but a targeted malware that meant to destroy.

Although Stuxnet relied on a physical person to install it (via USB flash drive), the worm spreads on its own between computers with Windows operating system. It affects other machines, regardless of the connection to the Internet though a local computer network. It could also infect other USB flash drives and jump into other computers through it. Moreover, it proliferates very quickly.

Once the worm infects a system, it waits, checking if necessary parameters are met. As soon as they are, it activates a sequence that causes industrial process to self-destruct. Symantec, a software company that provides cyber security software and services, conducted a thorough analysis of Stuxnet and found that Iran, Indonesia and India were the most affected countries in the early days of infection. The nuclear facility at Natanz was one of the most affected.

Furthermore, the principle is that this malware identifies a target, then records the data and finally decides what normal operations are. After this, it plays pre-recorded data on the computers of the personnel so that they think that the centrifuges are running normally, when in fact they are not. In the end, it erases itself from the system so that it cannot be traced and/or found.

The International Atomic Energy Agency inspected the Natanz facility and confirmed (International Atomic Energy Agency (2010)) that the centrifuges were malfunctioning and producing less than 20% of enriched uranium. However, at that time, the reason for that was unknown. The most detailed damage assessment came later from the Institute for Science and International Security in Washington. It claimed that Stuxnet destroyed 984 centrifuges. However, Iran has not provided such a number, and the IAEA failed to give precise information on the damage.

Stuxnet crossed this line where a code infects software or digital programs, what it actually did, it affected the physical equipment. This has brought a new technological revolution. Before, viruses were used by cyber pranksters and minor rowdies to cause a system to crash on computers of innocent victims. But state-to-state attacks and a cyberwar were not discussed and were not thought of, as it was something out of science fiction scenarios. Stuxnet has changed this perception, and opened a new era in global security.

A former chief of industrial control systems cyber security research said that Stuxnet was “the first view of something … that doesn’t need outside guidance by a human – but can still take control of your infrastructure. This is the first direct example of weaponized software, highly customized and designed to find a particular target.” It is not hard to imagine that similar malicious programs can be developed in the future and used to achieve a military and/or political goal.

Many believe that the cyberattacks on Iran nuclear facility were meant to slow down Iran nuclear program. However, enrichment recovered within a year, and did not permanently damage nuclear program. Some experts also say that it had no effect on nuclear program whatsoever and the whole situation around Stuxnet was over-hyped by the media. Others are also saying that evidence on the malware has been inconclusive and Stuxnet may have, in fact, helped in speeding up Iranian nuclear program. The media reaction towards cyberattacks may have been exaggerated because of the secrecy around cyber issues but in end Stuxnet has made a good story.

As to the parties involved, the attack was not tied to a specific name and/or a country. Yet, it widely believed to be launched by U.S. and Israel. The sophistication of the program required considerable amount of resources, including extensive financial support and skilled specialists. This is why many security companies and experts agree on attributing the complex malware to one or more states. Among them is Kaspersky Lab, a multinational cyber security company, who says that the attack was launched with a specific motivation in mind. The attackers wanted to access industrial control systems which monitor and control infrastructure and processes of the facility. (Similar systems are used in power plants, communication systems, airports, and even military sites). Moreover, such an attack required significant amount of intelligence data so Kaspersky Lab is convinced that it was likely supported by a nation state.

Although the identity of the attacker is still unknown, many experts in international politics believe that the attack was clearly politically-motivated and aimed to slow down the development of Iran’s nuclear program. The United States and Israel both deny their involvement in Stuxnet, however, some leaked information (WikiLeaks, CBC interview with a former CIA director Michael Hayden etc.) suggests that the claims might have some credibility. Regardless the claims made, it is important to highlight that no country officially declared that it launched an offensive cyberattack.

All in all, Stuxnet has revolutionized the way we look at malicious digital programs and boosted a debate about cyber tools used for political purpose. After all, we are living in a highly digitalized world where we are dependent on technology. Military is no exception. Digital technologies are widely being incorporated into military planning and operations. Modern nuclear and conventional weapons systems rely and depend on information systems for launching, targeting, command and control, including technologies that govern safety and security. It is clear that future military conflicts will all include a digital aspect and cyber technologies. Stuxnet was just an early version of software that could potentially destroy an industrial site, specifically a nuclear facility. If malware actually achieved its goals, consequences would have been disastrous and could cause an international crisis.

 After all, as experts once have said, “Major concern is no longer weapons of mass destruction, but weapons of mass disruption” (Cetron and Davies, 2009).

Use your ← → (arrow) keys to browse

Specialist in global security and nuclear disarmament. Excited about international relations, curious about cognitive, psycho- & neuro-linguistics. A complete traveller.

Continue Reading
Comments

Technology

Be carefull! It is possible to read someone else’s WhatsApp conversations without getting caught

Published

on

Social media came into our lives a few years ago and they are here to stay: Facebook, Instagram or WhatsApp are essential applications for many of us nowadays, and we don’t imagine our smartphones lacking any of them. They are useful to communicate in our daily life with our family or coworkers, and they help us to easily catch up on what is happening in our long-distance friends’ lives by simply scrolling down their timelines. And while it is true that social media can be very useful in many cases, it is also true that there are situations where we’d like we could go a little further and use them to investigate. Let’s be honest: at some point, we all have wished we could spy whatsapp to find out what a certain person does –in order to corroborate if what they are telling us is real, or to know what they say about us when they talk to their friends.

Since everyone uses Whatsapp, Instagram or Facebook to have private conversations, it is easy to imagine the different reasons that could lead a person to want to read someone else’s private conversations. In the case of couples, if you think that your partner may be cheating on you, it is probably not enough for you to ask them questions to find out what you want to know, which will make very important for you to figure out what they might be hiding in their phone. Another frequent case are parents who fear for the safety of their adolescent children and want to know who they relate to through social media and what type of content they send and receive to make sure they stay safe from drugs, sexual predators, or bullies .

But the recurring question asked by most of the crowd who are trying to spy on someone else’s social media is: Is it actually possible to hack an smartphone to be able to read their conversations and see their pictures without getting caught? Fortunately for the “spys” –and unfortunately for their target’s privacy, there’s no system that can not be hacked by an experienced hacker. And even if you are not one, hacking WhatsApp without getting caught is now easier than ever with this guide on how to spy on WhatsApp Android.

There some free ways that you can use to spy on someone else’s WhatsApp: from the oldest software capable of intercepting conversations through WiFi, to more rudimentary methods such as scanning the WhatsApp’s QR code from the person whom you want to spy on and opening their session on another device. But the problem with all these methods is that you run the chance of being caught because they always leave a trail. Therefore, it is more advisable to use untraceable methods such as SpySocial, which is 100% undetectable.

The success of their system is based on a lot of hard work, and a very simple concept: you can’t get caught if you are not directly connected to the target’s phone.  The “spionage” is done through their servers, so you don’t even need to be close to the phone you want to spy on. Thus, as the entire system works through third-parties, you can spy on their online activities without there ever being a link between you and their phone. Plus, the company doesn’t keep any access logs at all, so they can’t know who you are – meaning the person you are spying on can’t figure it out either. The only thing you need to know and provide is the target’s phone number. With just this, you’ll have access to their WhatsApp chat messages and images, and you’ll also be able to see their location and cameras in real time, and also have their future WhatsApp calls recorded for you.

Besides WhatsApp, with this tool you can also easily spy on Instagram accounts, Facebook. You’ll have access immediately to their messages, pictures and private stories in Instagram, or to all the information that a Facebook profile can provide: personal information, photos and videos, status updates, Friends list and even watch them use Facebook in real-time. If you are not interested that much on the profile but you’d like to see who they speak to most regularly on Facebook Messenger, you will be able to do so, as well as downloading the photos and videos sent via Facebook Messenger and spying on their Facebook Messenger chats as they happen.

Sounds cool, right? The process is easy: you enter the target’s WhatsApp phone number, Instagram username or their Facebook URL, wait for the Spysocial servers to connect to their device, and then they create a connection package for you. After that, just enter your details, download the associated file install the connection tool… And let the spying begin.

Prev postNext post
Use your ← → (arrow) keys to browse

Continue Reading

Technology

Nanomaterials: the biotechnology of today and tomorrow

Published

on

Nano technology

There is a huge amount of interest in the development and use of nanomaterials, across a wide range of sectors. The properties of the micro-sized particles are perfect for application in everything from medical and pharmaceutical to clothing creation and the manufacture of filters, produced using the method of electrospinning.

Electrospinning, sometimes known as EHDP is method for the production of nano and micro-structures, and has huge benefits in industry. It can also be used for a range of materials to suit the intended purpose.

What are the benefits of using nano materials?

There are many benefits to electrospinning processes to produce nanomaterials. For example the surface area to volume ratio of nanofiber, due to the nanodimension of the fibers, is very high. Different materials, such as polymers, metals and ceramics can be spun together to give excellent results.

There is also a huge cost saving benefit. Although at the forefront of modern technology, setting up a lab or a clean room to carry out electrospinning is very cheap when compared with the set up of other industrial processes. Several companies have even scaled up the production of the nanofibrous membrane, to enable mass production at low cost. And setting up an electrospinning company is surprisingly simple, as staff can be upskilled quickly and efficiently to manage the process. Especially as there are machines now with incredibly easy user controls.

How does it work in practice?

If those who are are unfamiliar with the method behind electrospinning of nanomaterials can understand the process relatively simply. It involves using an electrical force to pull charged threads of polymer melts or solutions.

The solution of polymers, solvents and the other components is prepared. At this stage molecular chair entanglement takes place. Next is the electrospinning itself. The solution is fed through the capillaries and a high voltage is applied which creates a jet. The jet is then whipped and stretched into fibers. It is at this point the solvent is evaporated.

Finally the dry fiber is formed into a membrane or material, depending on the intended use. This can be quite wide ranging, and so although the science behind it all remains exactly the same, the electrospinning machines must be correct for the type of usage as defined by the manufacturer.

What are nanomaterials actually used for?

The materials are huge versatile. The limit for future innovations is only as small as the next person’s imagination.  It is currently used across medicine, for example growing artificial tissues that can mold with living tissue for example in place of a skin graft, or to create a barrier around an organ. It is also used in biomedical implants that sit under the skin and release a slow stream of drugs into the body.

They are of course also used in the production of fabric, particularly whether that fabric needs to be lightweight and breathable. In fact the initial development of electrospinning and micro or nano materials was initially developed by the textile industry. Especially where the wearer needs to be protected by toxic substances. It is the perfect way to make seamless non-woven garments.

It is also often used as coatings for other items, for example furniture, or pharmaceutical drugs. The process helps give products protection from the environment around it but also maintain the quality of the interior product within.

This is because of the properties of nanofiber. The previously mentioned high surface to volume ratio, and the fact that due to the electrospinning process at a molecular level the material is virtually defect free.

It is vital that, in order to achieve outstanding results, the chosen manufacturer of machinery is of the highest quality. It is very important. Particularly when trusting the machinery to produce highly technical fibers, with the right polymers, but the right equipment.

Nano materials bring to humanity technological advances that revolutionize industries, such as medicine, that greatly benefit the health of human beings. At the forefront of modern technology and its development and production, the potential for vastly improving human quality of life is huge. Even the current uses are just the tip of the iceberg as to what could be achieved in the future.

Use your ← → (arrow) keys to browse

Continue Reading

Technology

Why an Email Verifier Is A Necessary Tool for Your Business

Published

on

business email verifier

Most people promoting their businesses through email have realized they need to use an email verifier to keep their email lists clean. There are several reasons why your emails bounce or are reported as Spam, thus affecting your sending reputation. That’s why an email cleaning service is a necessary tool for any email marketer. But the question arises, what exactly is an email verifier and how does it help you?

To understand what an email verifier does, let’s talk about the several features it provides:

  • Email Bounce Checker: Online marketing and email promotions have become an integral part of any business advertisement model. However, if your emails are unable to reach genuine users and your email bounce backs are increasing day by day, an email verifier can save the day. It removes fake and invalid email addresses from your list, helping you reach your customers and increase your conversions.
  • Spam Trap and Abuse E-mail Checker: Spam traps and abuse emails will get you a bad reputation and might even get you blacklisted. An email verifier checks your email contacts and identifies any kind of risk prevailing email addresses. Otherwise, sending emails to spam complainers will cause your emails to land into the Spam folder, even when you’re emailing users who want to hear from you.
  • A.I. Email Scoring & Catch-All Validation: Email verifier ZeroBounce offers an email scoring system that incorporates the use of artificial intelligence to validate your email addresses. The system tells you which leads pose a high risk and which ones are safe to use.
  • E-mail Address List Append: This feature adds missing users’ data to your database. This process not only reveals full-fledged data about subscribers, but also helps you eradicate fake or inactive email accounts. Moreover, knowing your users or recipients allows you to personalize your emails according to their needs and expectations.

A good email verifier helps email marketers maintain a clean sending reputation with ISPs and ESPs. It also helps you reach a broader, genuine audience and eliminate inactive and fake leads.

Use your ← → (arrow) keys to browse

Continue Reading

Trending