The Stuxnet Story

Paul Raven @ 12-07-2011

In case you’ve not seen it already, Wired has a marvellous long-form piece about the discovery and analysis of the Stuxnet worm; well worth a look, whether you’re interested in the procedural side of malware analysis or just the storyable shape of a modern technothriller mystery-hook. Go read.

If that looks a bit TL;DR for you, there’s always the infographic video.


Stuxnet infographic video

Paul Raven @ 28-06-2011

I’m not sure that the graphics in this capsule video about the Stuxnet virus add a great deal of information to the narration, but they sure look pretty >[via FlowingData]. Almost pretty enough to distract you from the scary underlying message, namely that SOME NATION-STATE OR ANOTHER WENT AND DESIGNED A WEAPON TO SPIKE IRAN’S NUCLEAR WHEELS WITHOUT CONSIDERING THAT IT MIGHT GET RE-CODED, REVERSE ENGINEERED AND TURNED BACK ON THEM BY THEIR ENEMIES.

Just goes to show that spending a lot of money on 1337 black-hat h4x0rz doesn’t preclude you being a short-sighted fool… or perhaps simply being the sort of political actor whose idea of the long game is to give everyone in the room the same weapon and see who moves first. At this point, I’m not certain which is the scarier prospect.

 


Virus purge on your laptop? That’ll be US$20m, please

Paul Raven @ 11-11-2010

OK, just to pre-empt any angry emails, I’m not posting this to gloat or mock the victim, nor to suggest that this sort of outright bilking of the ignorant is in any way acceptable behaviour. I’m posting it because it’s an astonishing story that says something simple yet profound about the gap of knowledge between technology end-users and technology adepts.

So, the headline says it all, really: a guy from one of those shady “de-virus your computer for ya, mister?” companies managed to screw something approaching US$20million out of composer Roger Davidson, who – pity him as I might – can only be described as a bit on the naive side, and not just with respect to computers [via TechDirt]:

The saga began in August 2004 when Roger Davidson, 58 years old, a pianist and jazz composer who once won a Latin Grammy, took his computer to Datalink Computer Services in Mount Kisco, saying the machine had been infested with a virus. The owners of the company, Vickram Bedi, 36, and his girlfriend, Helga Invarsdottir, 39, became aware of Mr. Davidson’s high profile and allegedly proceeded to convince him that he was the target of an assassination plot ordered by Polish priests affiliated with Opus Dei, a conservative Roman Catholic organization, authorities said.

[…]

When asked to remove the virus from the laptop, Mr. Bedi allegedly told Mr. Davidson that his computer had in fact been attacked with a virus so virulent that it also damaged Datalink’s computers, according to prosecutors.

Mr. Bedi told Mr. Davidson that he had tracked the source of the virus to a remote village in Honduras and that Mr. Bedi’s uncle, purportedly an officer in the Indian military, had traveled there in a military aircraft and retrieved the suspicious hard drive, prosecutors said.

In addition, Mr. Bedi told the victim that his uncle had uncovered an assassination plot against Mr. Davidson by Polish priests tied to Opus Dei, according to prosecutors.

Opus Dei was depicted in the popular Dan Brown novel “The Da Vinci Code” as a murderous cult. Mr. Bedi allegedly told Mr. Davidson that his company had been contracted by the Central Intelligence Agency to perform security work that would prevent any attempts by Opus Dei to infiltrate the U.S. government, authorities said.

In addition to the thousands of dollars charged to secure Mr. Davidson’s computer, Mr. Bedi and Ms. Invarsdottir allegedly charged thousands more to provide 24-hour covert protection for Mr. Davidson and his family.

Davidosn’s naiveté is only matched here by the incredible chutzpah of Bedi and Invarsdottir, who – from the sound of it – could have called it quits after the first million and retired into blissful offshore obscurity with no one any the wiser.

But as I mentioned above, this really highlights the knowledge gap between people who simply use computers and those who understand how they work – a gap regularly exploited by botnet operators and other scammy types. The unanswered (and possibly unanswerable) question is: can we ever effectively legislate or educate against this sort of exploitation of ignorance? Or is the sphere of human knowledge simply too large for these sorts of gaps not to occur?


Kingdom-jumping viruses leap from plant to human

Paul Raven @ 14-04-2010

Another pulp skiffy trope turns out to be (possibly) a little less pulpy: is the pepper mild mottle virus making people sick?


Fabber viruses

Paul Raven @ 07-04-2010

Among the obligatory swathe of spoof posts for 1st April this year was one from 3D printing outfit Shapeways, who claimed to have fallen victim to the first proof-of-concept virus for fabricators[via Fabbaloo].

The best spoofs always have an element of truth, or at least truthiness. While Shapeways have fabricated this particular incident (arf!), its believability hinges on the fact that 3D printing is a networked technology, and that everything can and will be hacked.

Sven Johnson has already sent back reports from an imperfect future regarding 3D spam, which is likely to be as ubiquitous as it is for email and fax machines (which some people really do still use, apparently), but is there any scope for piggybacking illegal or exploitative content on legitimate 3D design files (like some form of steganography)? I don’t know enough about viruses or 3D design software to be certain, but my guess would be that if someone can think of a way to make a fast buck from it, it’s going to happen eventually.


Next Page »