WyzGuys Tech Talk

Today we continue our report on the history of cyber warfare.

Stuxnet or Olympic Games (2009-2010)

Cyber attack attributed to the United States, Israel, Germany, and possibly Great Britain.  Confirmed by General James Cartwright in November 2012.  Target was Iran, particularly the Nuclear Program facility at Natanz.  The excellent documentary Zero Days covers this operation in detail.

Since the Natanz facility was not connected to the Internet, the software payload was introduced into the facility using a social engineering exploit called “baiting.”  The bait was USB flash drives that were left in tea, coffee, and hookah bars that Natanz employees were know to frequent.

The software payload was a worm that  targeted the PLCs (programmable logic controllers) of Siemens systems running Step7 software.  It also had a built in “kill switch” which was supposed to cause the software to disappear at the certain time.  Modifications to the software cause the kill switch function to fail, and since a certain number of the flash drives were also plugged into Internet connected computers at homes or other office locations, Stuxnet was eventually released into the wild.

Tulip Revolution (December 2009 to April 2010)

Cyber attack attributed to the Kyrgyzstan Intelligence Service.  The targets were websites of political opposition parties and newspapers.

Bradley Manning (2010)

Attributed to PFC Bradley Manning.  Target was the United States.  PFC Manning was convicted of passing classified Army documents about the war in Iraq to the whistle-blower website Wikileaks.  The information trove included 250,000 US diplomatic cables, over 400,000 classified army reports from the Iraq War, approximately 90,000 army reports from the war in Afghanistan, and two videos of airstrikes.  Manning was sentences to 35 years in prison but his sentence was commuted by President Obama to 7 years.

Arab Spring or Jasmine Revolution (December 2010 – January 2011)

Cyber attacker and target information is not relevant.  Began in Tunisia on December 17, 2010,  and spread to Libya, Egypt, Yemen, Syria, and Bahrain.  In some cases it is still ongoing  as the civil wars in Syria and Yemen.  This was a popular revolt of the Arab people against their governments.  What makes this a cyber incident is the use of the Internet, and popular social networks such as Facebook and Twitter to allow the protesters to communicate, plan, and organize the street demonstrations and other actions.

Flame (2010-2012)

Attributed to US and Israel.  Targets were governmental organizations, educational institutions and prominent individuals in the middle eastern countries of Iran, Israel, Syria, Lebanon, Saudi Arabia, and Egypt.  Primarily an espionage operation.  Flame is a worm, and  can spread over wired and wireless networks, including Bluetooth, or via USB drives.  It is capable of recording audio including Skype sessions, turning on the onboard camera to record video, taking screenshots, and recording keystrokes as a keylogger.

Red October (2012)

Attributed to Russia or Israel.  Targets included Russian Federation member states, eastern European countries, the Middle East, Australia, east Africa, and Brazil.  Primarily an espionage campaign.

Shamoon (2012)

Attributed to Iran.  Target was the oil industry (Aramco) in Saudi Arabia.  The attack caused data destruction by wiping the drives and master boot records of about 30,000 computers in Saudi Arabia.  The initial infection was via a spearphishing email sent to an Aramco IT department employee.

On Friday we will finish our story on the history of cyber warfare.