A security researcher examining the website of North Korea’s official news service, the Korean Central News Agency, has discovered that the site delivers more than just the latest photo spread of Democratic Peoples’ Republic of Korea leader Kim Jong Un inspecting mushroom farms. There’s a little extra surprise hidden in the site’s code—malware. The news site appears to double as a way for North Korea to deliver a “watering hole” attack against individuals who want to keep tabs on the “activities” of the DPRK’s dear leader.
Renowned security expert Eugene Kaspersky reveals that the International Space Station was infected by a USB stick carried into space by a Russian astronaut.
the International Space Station was infected by malware held on a USB stick and carried by Russian astronauts (Reuters)
Russian security expert Eugene Kaspersky has also told journalists that the infamous Stuxnet had infected an unnamed Russian nuclear plant and that in terms of cyber-espionage “all the data is stolen globally… at least twice.”
Kaspersky revealed that Russian astronauts carried a removable device into space which infected systems on the space station. He did not elaborate on the impact of the infection on operations of the International Space Station (ISS).
Kaspersky said he had been told that from time to time there were “virus epidemics” on the station.
Kaspersky doesn’t give any details about when the infection he was told about took place, but it appears as if it was prior to May of this year when the United Space Alliance, the group which oversees the operaiton of the ISS, moved all systems entirely to Linux to make them more “stable and reliable.”
Windows XP
Prior to this move the “dozens of laptops” used on board the space station had been using Windows XP, which is inherently more vulnerable to infection from malware than Linux.
According to Kaspersky the infections occurred on laptops used by scientists who used Windows as their main platform and carried USB sticks into space when visiting the ISS.
The ISS’s control systems (known generally as SCADA systems) were already running various flavours of Linux prior to this switch for laptops last May.
According to a report on ExtremeTech, as far back as 2008 a Windows XP laptop was brought onto the ISS by a Russian astronaut infected with the W32.Gammima.AG worm, which quickly spread to other laptops on the station – all of which were running Windows XP.
Stuxnet
The Russian said this example shows that not being connected to the internet does not prevent you from being infected. In another example, Kaspersky revealed that an unnamed Russian nuclear facility, which is also cut off from the public internet, was infected with the infamous Stuxnet malware.
Founder of Kaspersky security company, Eugene Kaspersky, reveals the International Space Station was infected with malware carried on USB sticks. (Screengrab)
Quoting an employee of the plant, Kaspersky said:
“[The staffer said] their nuclear plant network which was disconnected from the internet … was badly infected by Stuxnet. So unfortunately these people who were responsible for offensive technologies, they recognise cyber weapons as an opportunity.”
Infamous
Stuxnet is one of the most infamous pieces of malware ever created, though it was never designed to come to the attention of the public.
Never officially confirmed by either government, the widely-held belief is that Stuxnet was created jointly by the US and Israeli governments to target and disable the Natanz nuclear enrichment facility in Iran, in a bid to disrupt the country’s development of nuclear weapons.
The malware was introduced to the Natanz facility, which is also disconnected from the internet, through a USB stick and went on to force centrifuges to spin out of control and cause physcial damage to the plant.
Stuxnet only became known to the public when an employee of the Natanz facility took an infected work laptop home and connected to the internet, with the malware quickly spreading around the globe infecting millions of PCs.
Expensive
Kaspersky told the Press Club that creating malware like Stuxnet, Gauss, Flame and Red October is a highly complex process which would cost up to $10 million to develop.
Speaking about cyber-crime, Kaspersky said that half of all criminal malware was written in Chinese, with a third written in Spanish or Portuguese. Kaspersky added that Russian-based malware was the next most prevalent threat, but that it was also the most sophisticated.
He also added that Chinese malware authors were not very interested in security with some adding social media accounts and personal photos on servers hosting the malware.
New tool lets single server map entire internet in 45 minutes
Researchers at the University of Michigan have developed a new tool that allows a single server with a gigabit Ethernet port to scan the internet so quickly that it can map 98 per cent of the world’s IPv4 connections in under 45 minutes.
Mapping internet nodes is nothing new – companies and researchers have been doing it for years. But the sheer scale of the internet’s reach meant that full scans could take months, or require the setting up of a specialized botnet using cloud computing to get the job done. But the new tool, dubbed Zmap, uses smart programming and Ethernet efficiency to get the job done in minutes.
While those two paragraphs might not seem like any big deal, and pretty damn cool (which is is) but it was further reading that should scare the crap out of you!
A scan using a module that attempts a discovery handshake via UPnP showed that over 20 per cent of internet-facing hardware was unpatched, and the discovery process for all these machines took less than two hours. A cunning cracker could use such a process to spam out attack code to vulnerable machines, creating vast botnets simply and speedily.
Will people finally start to understand how security works? I doubt it. Best chance the average person has is that hopefully ISPs and router manufacturers have a tighter setup.
Eyagee's Blog 