When first discovered in 2010, the Stuxnet computer worm posed a baffling puzzle. Beyond its unusually high level of sophistication loomed a more troubling mystery: its purpose. Ralph Langner and team helped crack the code that revealed this digital warhead’s final target — and its covert origins. In a fascinating look inside cyber-forensics, he explains how.
Ralph Langner is a German control system security consultant. He has received worldwide recognition for his analysis of the Stuxnet malware.
The second half of the year 2010 saw stuxnet all over the news. Stuxnet, a cyber worm, is believed to be the world’s first publicly identified known cyber weapon. Such worms are designed to destroy the control system in a factory, refinery or even a nuclear power plant.
Computers are infected with such worm through websites, USB sticks or other external media drives connected to it. The worm causes no harm to its host and uses the host computer as a launch pad to attack a primary target. A botnet is created when the same worm infects multiple computers on a network. The primary target and the time of attack are set by a command center from where the botnet is controlled.
Since the worm behaves like any other legitimate software (uses stolen certificate) installed on the computer, antivirus software would have hard time identifying them. The worm has the tendency to change its characteristics to fit the environment of the host. Once it gets into a computer, it tends to go into a sleeping mode waiting for commands from the control center. However, the moment command is received from the command center; it wakes up and starts attacking a specific target. By the time an antivirus or a firewall picks up that behavior, it’s already late – the damage is already done at the target from a host system. If your computers are part of the host system of botnets, then you are liable for the damages.
Identity card issued by the employer is the typical mechanism to identify an employee. However, verifying each and every card presented by personnel requires a dedicated person or an automated system. Credentials, such as an identity card, are more effectively verified using an automated system. However, most of the verification systems are incapable of verifying if the person who presented the credential is actually its owner. Similar is the case where passwords or PINs are used as credentials.
Buddy punching, otherwise known as ghost punching or proxy punching, is an activity where tardy and absent employees will have their co-workers “punch” the time clock for them. This activity alone will significantly impact the profitability of a company that ends up paying wages of employees who never showed up for work. The company not only get ripped off, but the entire operation may be degraded by a shortage of personnel.
There is always a chance of sharing any type of information or material, which the employee is required to know or carry, granting unauthorized access to employer facilities. Use of biometrics will avoid such chances as the verification of the credential is what the employee is – not on what they know or have. Fingerprint, hand print, face, and eye are some of the popular biometrics used for personnel identification.