Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon - Softcover

Zetter, Kim

 
9780770436193: Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon
Softcover
ISBN 10: 0770436196 ISBN 13: 9780770436193
Verlag: Crown, 2015

Inhaltsangabe

A top cybersecurity journalist tells the story behind the virus that sabotaged Iran’s nuclear efforts and shows how its existence has ushered in a new age of warfare—one in which a digital attack can have the same destructive capability as a megaton bomb. 

“Immensely enjoyable . . . Zetter turns a complicated and technical cyber story into an engrossing whodunit.”—The Washington Post
 
The virus now known as Stuxnet was unlike any other piece of malware built before: Rather than simply hijacking targeted computers or stealing information from them, it proved that a piece of code could escape the digital realm and wreak actual, physical destruction—in this case, on an Iranian nuclear facility.
 
In these pages, journalist Kim Zetter tells the whole story behind the world’s first cyberweapon, covering its genesis in the corridors of the White House and its effects in Iran—and telling the spectacular, unlikely tale of the security geeks who managed to unravel a top secret sabotage campaign years in the making.
 
But Countdown to Zero Day also ranges beyond Stuxnet itself, exploring the history of cyberwarfare and its future, showing us what might happen should our infrastructure be targeted by a Stuxnet-style attack, and ultimately, providing a portrait of a world at the edge of a new kind of war.

Die Inhaltsangabe kann sich auf eine andere Ausgabe dieses Titels beziehen.

Über die Autorin bzw. den Autor

Kim Zetter is an award-winning journalist who covers cybercrime, civil liberties, privacy, and security for Wired. She was among the first journalists to cover Stuxnet after its discovery and has authored many of the most comprehensive articles about it. She has also broken numerous stories over the years about WikiLeaks and Bradley Manning, NSA surveillance, and the hacker underground.

Auszug. © Genehmigter Nachdruck. Alle Rechte vorbehalten.

CHAPTER 1

EARLY WARNING

Sergey Ulasen is not the sort of person you’d expect to find at the center of an international incident. The thirty-one-year-old Belarusian has close-cropped blond hair, a lean boyish frame, and the open face and affable demeanor of someone who goes through life attracting few enemies and even fewer controversies. One of his favorite pastimes is spending the weekend at his grandmother’s country house outside Minsk, where he decompresses from weekday stresses, far from the reach of cell phones and the internet. But in June 2010, Ulasen encountered something unusual that soon propelled him into the international spotlight and into a world of new stress.1

It was a warm Thursday afternoon, and Ulasen, who headed the antivirus division of a small computer security firm in Belarus called Virus–BlokAda, was seated with his colleague Oleg Kupreev in their lab in downtown Minsk inside a drab, Soviet-era building about a block from the Svisloch River. They were sifting methodically through suspicious computer files they had recently found on a machine in Iran when something striking leapt out at Kupreev. He sat back in his chair and called Ulasen over to take a look. Ulasen scrolled through the code once, then again, to make sure he was seeing what he thought he saw. A tiny gasp escaped his throat. The code they had been inspecting the past few days, something they had until now considered a mildly interesting but nonetheless run-of-the-mill virus, had just revealed itself to be a work of quiet and diabolical genius.

Not only was it using a skillful rootkit to cloak itself and make it invisible to antivirus engines, it was using a shrewd zero-day exploit to propagate from machine to machine--an exploit that attacked a function so fundamental to the Windows operating system, it put millions of computers at risk of infection.

Exploits are attack code that hackers use to install viruses and other malicious tools onto machines. They take advantage of security vulnerabilities in browser software like Internet Explorer or applications like Adobe PDF Reader to slip a virus or Trojan horse onto a system, like a burglar using a crowbar to pry open a window and break into a house. If a victim visits a malicious website where the exploit lurks or clicks on a malicious e‑mail attachment containing an exploit, the exploit uses the security hole in the software to drop a malicious file onto their system. When software makers learn about such holes in their products, they generally produce “patches” to close them up and seal the intruders out, while antivirus firms like Ulasen’s add signatures to their scanners to detect any exploits that try to attack the vulnerabilities.

Zero-day exploits, however, aren’t ordinary exploits but are the hacking world’s most prized possession because they attack holes that are still unknown to the software maker and to the antivirus vendors--which means there are no antivirus signatures yet to detect the exploits and no patches available to fix the holes they attack.

But zero-day exploits are rarely found in the wild. It takes time and skill for hackers to discover new holes and write workable exploits to attack them, so the vast majority of hackers simply rely on old vulnerabilities and exploits to spread their malware, counting on the fact that most computer users don’t often patch their machines or have up-to-date antivirus software installed, and that it can take vendors weeks or months to produce a patch for a known hole. Although more than 12 million viruses and other malicious files are captured each year, only about a dozen or so zero-days are found among them. Yet here the attackers were using an extremely valuable zero-day exploit, and a skillful rootkit, for a virus that, as far as Ulasen and Kupreev could tell, had only been found on machines in Iran so far. Something didn’t add up.



THE MYSTERY FILES had come to their attention a week earlier when a reseller of VirusBlokAda’s security software in Iran reported a persistent problem with a customer’s machine in that country. The computer was caught in a reboot loop, crashing and rebooting repeatedly while defying the efforts of technicians to control it.2 VirusBlokAda’s tech-support team had scanned the system remotely from Minsk to look for any malware their antivirus software might have missed, but came up with nothing. That’s when they called in Ulasen.

Ulasen had been hired by the antivirus firm while still in college. He was hired to be a programmer, but the staff at VirusBlokAda was so small, and Ulasen’s skills so keen, that within three years, at the age of twenty-six, he found himself leading the team that developed and maintained its antivirus engine. He also occasionally worked with the research team that deconstructed malicious threats. This was his favorite part of the job, though it was something he rarely got to do. So when the tech-support team asked him to weigh in on their mystery from Iran, he was happy to help.3

Ulasen assumed the problem must be a misconfiguration of software or an incompatibility between an application installed on the machine and the operating system. But then he learned it wasn’t just one machine in Iran that was crashing but multiple machines, including ones that administrators had wiped clean and rebuilt with a fresh installation of the operating system. So he suspected the culprit might be a worm lurking on the victim’s network, reinfecting scrubbed machines each time they were cleaned. He also suspected a rootkit was hiding the intruder from their antivirus engine. Ulasen had written anti-rootkit tools for his company in the past, so he was confident he’d be able to hunt this one down if it was there.

After getting permission to connect to one of the machines in Iran and remotely examine it, Ulasen and Kupreev zeroed in on six suspicious files--two modules and four other files--they thought were the source of the problem.4 Then with help from several colleagues in their lab, they spent the next several days picking at the files in fits and starts, hurling curses at times as they struggled to decipher what turned out to be surprisingly sophisticated code. As employees of a small firm that mostly developed antivirus products for government customers, they weren’t accustomed to taking on such complex challenges: they spent most of their days providing routine tech support to customers, not analyzing malicious threats. But they pressed forward nonetheless and eventually determined that one of the modules, a driver, was actually a “kernel-level” rootkit, as Ulasen had suspected.5

Rootkits come in several varieties, but the most difficult to detect are kernel-level rootkits, which burrow deep into the core of a machine to set up shop at the same privileged level where antivirus scanners work. If you think of a computer’s structure like the concentric circles of an archer’s target, the kernel is the bull’s eye, the part of the operating system that makes everything work. Most hackers write rootkits that operate at a machine’s outer layers--the user level, where applications run--because this is easier to do. But virus scanners can detect these--so a truly skilled hacker places his rootkit at the kernel level of the machine, where it can subvert the scanner. There, it serves as a kind of wingman for malicious files, running interference against scanners so the malware can do its dirty work unhindered and undetected. Kernel-level rootkits aren’t uncommon, but it takes sophisticated knowledge and a deft touch to build one that works well. And this one worked very well.6

Kupreev determined that the rootkit was designed to hide four malicious .LNK files--the four...

„Über diesen Titel“ kann sich auf eine andere Ausgabe dieses Titels beziehen.

Verlag
Crown
Erscheinungsdatum
2015
Sprache
Englisch
ISBN 10 
0770436196
ISBN 13 
9780770436193
Einband
Taschenbuch
Anzahl der Seiten
448
Kontakt zum Hersteller
Nicht verfügbar
Verantwortliche Person
MUSIC STORE professional GmbH
022188841282
Lars.Mueller@musicstore.de

Istanbulstr. 22-26
Köln
51103
Deutschland

Weitere beliebte Ausgaben desselben Titels

9780770436179: Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon

Vorgestellte Ausgabe

ISBN 10:  077043617X ISBN 13:  9780770436179
Verlag: Crown Business, 2014
Hardcover