web analytics

When the next virus comes along, we might not be so lucky.

By Patrick Van Roy On July 4th, 2020

Guest post by Dave

 

Sometime during the late 2000’s a new virus was spreading at an alarming rate. But masks and social distancing wouldn’t save you from infection. This virus was first identified in Belarus. Within just a few days it infected computers in almost every country in the world.

Most computer viruses usually have one, maybe two methods of transmission. But this new virus had seven methods it could use to infect other devices. This is unprecedented. Whilst it could be spread by usual methods, such as Email, file sharing and over the local network, even wireless networks, it could, without any user interaction, also replicate via any USB connection. The instant a USB dongle or computer was attached to the infected device, it was also infected. Another unusual thing about this virus was took advantage of something called a zero-day exploit. A zero-day is a security flaw in a piece of software or firmware that is unknown to the people created it. So when the virus exploits the security flaw, the programmer has spent zero days attempting to fix it. Zero-day exploits are incredibly rare. Amazingly, this virus contained four of them. Experts called this the greatest malware ever created.

For such an advanced virus however, this one wasn’t causing harm to almost all of the systems it was infecting. It was specifically looking for certain computers in a specific country, attached to specialist hardware, and by design the vast majority of computers infected by this virus, were in Iran. The goal of this virus was to infect a very specific piece of hardware called a Siemens PLC unit. This device controls and monitors centrifuges used in the enrichment of uranium. Whoever developed the logic for this virus had to know exactly how these incredibly complex control units and centrifuges worked. This is akin to rocket science.

Once this virus eventually found its way onto the intended target systems, it wasted no time getting to work. It started analysing and copying the logs that every centrifuge produced. After thirteen days of quietly doing this it started the second phase of its goal, it began to increase the spin speed of all the centrifuges, way beyond their safe limits for fifteen minutes at a time. It then quickly slowed down the centrifuges to just a few revolutions, for another fifteen minutes. This variance stressed the finely tuned machines far beyond their operational limits, cracks and fractures started to form in these sensitive aluminium devices. But this wasn’t the end of the virus’s deviousness. Like the plot straight out of a James Bond film, the virus took the log data it had recorded for the last two weeks and played it back over the real log data, to make it look like everything was working normally. This virus would repeat this procedure every twenty-seven days so as not to arouse suspicion in the engineers for as long as possible.

Whilst the amount of damage and time lost to Iran’s nuclear program is difficult to ascertain, there’s no doubt that this virus caused significant cost and delay to their nuclear program.

This virus, codenamed Olympic Games by the NSA was a multi-million dollar joint effort between the NSA, GCHQ in the UK and Unit 8200 in Israel.

Iran didn’t take this attack by a superpower, (and its allies) lying down. They hit back with concentrated cyber-attacks on Saudi oil refineries, American banks and big businesses and other western interests.

So what happened in 2010 was probably the world’s first small scale cyber war.

Can covert technological warfare cause as much damage as guns and bombs? Oh yes. By targeting critical infrastructure, enemy nations can cause massive disruption to our livers through no more than lines of computer code. And the potential for damage and disruption, is only going to get worse. We are seeing a world more reliant on, and using technology than ever before, with critical infrastructure everywhere. The vast majority of manufacturing facilities, finance and businesses are connected and reliant on it. With robots and self-driving vehicles, including commercial aircraft, as well as hundreds of millions of remotely controllable, connected devices, from smart devices in the home to complex industrial production lines becoming more commonplace, surly it’s only a matter of time before a malicious virus causes incredible damage and brings a country, or indeed, the world to a standstill. Or worse.

Stuxnet was just the beginning.

https://en.wikipedia.org/wiki/Stuxnet

28 Responses to “When the next virus comes along, we might not be so lucky.”

  1. An originally refreshing, well written blog Dave.

    Well done.

  2. Which is why GB&NI should, immediately, get the hell out of every Huawei contract, arrangement and equipment supply arrangement in use, in negotiation and in the future.

  3. Threats and vulnerabilities. So we got the Iranians – good . I don’t think anyone here is going to bemoan that operation . Of course Huawei is a worry.
    Potential spying and compromising systems.
    This course is good fun as an intro to cyber security and it’s free
    https://www.futurelearn.com/courses/introduction-to-cyber-security

  4. Dave I’m more worried about political inaction over what is in front of us on real time
    Murderer commie filth Putin has bots undermining our western democracies . His level of infiltration is unpresidented . But we have a senate in USA not only with its head in the sand but right up Trunks butt .No good will come of this inaction . Putin is many moves ahead . The fact that it has become a political football in the states must be why he always seems to have a snidy grin on his face .

  5. Very interesting post, Dave. Cheers for that.

  6. I know it’s a typo but I can’t resist….

    “…enemy nations can cause massive disruption to our livers…”

    …I’m afraid that friendly nations may have beaten them to it 🙂

  7. I noticed that typo too Frank and was going to comment how such a foreboding and depressing article would drive us all to drink and fulfil that prophecy.. 🙂

  8. Paul McMahon, Seimi.
    Thanks guys.

    Frank ODwyer, .
    “…enemy nations can cause massive disruption to our livers…”

    Thanks to my dyslexia, I missed that even after reading through he article several times.
    Frank, Do you mind if I send you an future articles to proof read? 🙂

  9. Patrick.
    Thanks for posting this.

  10. Good post Dave. Something different to think about!

  11. Mike Cunningham,

    Which is why GB&NI should, immediately, get the hell out of every Huawei contract, arrangement and equipment supply arrangement in use, in negotiation and in the future.

    I’ve had this conversation with Peter. Who is very knowledgeable on technical stuff.
    Stopping the he Huawei contract is a bit like shutting the stable door after the horse had bolted. Chinese technology is already widespread across the west. Giving Huawei, whose systems and software are open, access to our 5G network is the least of our worries.

  12. yes charles gives us all a break from the other virus 😉

  13. kurt,

    Dave I’m more worried about political inaction over what is in front of us on real time. Murderer commie filth Putin has bots undermining our western democracies …

    Putin is a different issue Kurt. Not one that should be ignored but from a technology standpoint, certainly not as big a threat as the Chinese.

  14. Thanks Charles.

  15. Dave

    is this the type of work you were/are involved in? Cyber security?

    I worked for a while with a US firm which used end-to-end encryption and various other tools to safely transfer payments through credit card transactions. Part of my job was to look at ‘Risk’ cases, where there appeared to have been multiple attempts at CC fraud. As part of on-going training, we would spend time with other departments, shadowing their work, whether it was the call handlers for smaller businesses, tech support for terminals and systems, or in the security department, where they constantly checked for any cyber attacks. They would observe at least 2 or three every day, usually what they called ‘small-time’ hackers, mostly from Asia (China in particular) who would bombard systems with multiple stolen CC numbers, until one successfully went through, after which they maxed the card. These minor threats were easily dealt with, but occasionally they would get word of a really bad one, like the ones used to gain access to Sony accounts, and then the whole place would go in to shutdown, as they checked every system and server in the business to make sure it hadn’t affected us. We were also sent phishing emails on a regular basis, from the cyber security team. Anyone who opened an email would be sent a warning that they had fallen foul of a test phishing email and they would be required to complete all training modules pertaining to cyber crime. A second mistakenly opened email could mean a disciplinary meeting with your manager and the cyber security manager. When your company deals with billions of dollars of clients’ money, they take security very seriously.

  16. yeah that’s right Dave I agree, the Chinese can actually make and engineer products that are dangerous, the russians don’t make stuff , but are damned good at utilising the backdoors, vulnerabilites and wrecking our systems .
    Its absolutely horrifies me to learn there are all these bills passed by the House sitting on McConnells desk unattended to ,and many of these would shore up the USA against the incoming cyber attacks. That is unforgivable to me . It cannot be a partisan issue , never !

  17. Which is why GB&NI should, immediately, get the hell out of every Huawei contract, arrangement and equipment supply arrangement in use, in negotiation and in the future.

    Dave

    First of all, great post. Second of all, Mike is right (for once). Just because Huawei is already entangled in our comms systems is no reason to increase that entanglement by an order of magnitude by letting this Chinese state company into the heart of our 5G networks. Time to call a halt, and let them do their worst. They will notice it when we stop buying their stuff.

  18. Seimi,

    Dave

    is this the type of work you were/are involved in? Cyber security?

    That’s an interesting post mate. I’ve had similar experiences.
    In my 30 year IT career, I did a huge amount of different and interesting work.
    I never specifically did cyber security work, but I did a lot of banking work which involved high levels of security, so I had to learn about it. I found it really interesting and quite challenging.
    There was one rare time I was asked to examine a database because of a complex fraud at one of our banking data centres. We used triple key verification system for bank data at different sites. Lets just say the fraudsters, (who got away with almost a million pounds), must have had memories like rain man to pull of their crime.

  19. kurt,

    yeah that’s right Dave I agree, the Chinese can actually make and engineer products that are dangerous, the russians don’t make stuff , but are damned good at utilising the backdoors, vulnerabilites and wrecking our systems .

    There’s a channel I watch on YouTube called bigvlivedotcom. He’s a brilliant electronics engineer and he dismantles electronic stuff. The amour of stuff out of china that is badly made and/or dangerous is staggering. But in the west we love our cheep electronics. And China is at the forefront of that.

    Its absolutely horrifies me to learn there are all these bills passed by the House sitting on McConnells desk unattended to ,and many of these would shore up the USA against the incoming cyber attacks. That is unforgivable to me . It cannot be a partisan issue , never !

    I think the US and Europe are not taking the threat from China when it comes to cyber security seriously enough mate.

  20. Peter.

    First of all, great post.

    Thank you.

    Second of all, Mike is right (for once). Just because Huawei is already entangled in our comms systems is no reason to increase that entanglement by an order of magnitude by letting this Chinese state company into the heart of our 5G networks. Time to call a halt, and let them do their worst. They will notice it when we stop buying their stuff.

    As I said when we’ve had this conversation before mate, you might be right.
    Thing is, most of our cheap electronic goods come from China. And I don’t see that changing any time soon.

  21. Dave
    our place was put on high alert once, because of a supposed bug/virus which was going to affect 30,000+ credit card terminals, stopping them from processing cards. The money would be taken from the cardholder’s account, but wouldn’t make it to the business’ account. I was on nightshift at the time, and we spent four or five nights, contacting clients and walking them through the correct steps – on each individual terminal – to stop this from happening. Turned out it wasn’t a virus at all: it was an incorrectly programmed software update from the terminal manufacturer, which received the payment, but didn’t recognise the e2e encryption, so kept the money ‘in the ether’ until the correct command was sent. The terminal manufacturer kept insisting it wasn’t their fault, and we had teams of people taking shit for over a week from customers whose money had disappeared.

  22. Good post.

  23. Second of all, Mike is right (for once).

    Wotcha mean: ONCE?

    I demand a recount!

  24. Careful Mike. The recount could mean you lose even the ONCE 😉

  25. Seimi.

    That’s an interesting story mate. I didn’t realise you’ve been involved in IT related work to this level. We could definitely tell each other interesting work stories over a pint.

  26. Mahons.

    Thank you.

  27. Once does seem unlikely….

  28. Mahons
    Perhaps he rounded up?

    Dave

    I am miles away from being any sort of expert on the subject! That conversation would be like me speaking to you in Irish and expecting you to understand?! 😂
    However, a pint sounds good 😊