When first discovered in 2010, the Stuxnet computer worm posed a baffling puzzle. Beyond its unusually high level of sophistication loomed a more troubling mystery: its purpose. Ralph Langner and team helped crack the code that revealed this digital warhead’s final target — and its covert origins. In a fascinating look inside cyber-forensics, he explains how.
Ralph Langner is a German control system security consultant. He has received worldwide recognition for his analysis of the Stuxnet malware.
The second half of the year 2010 saw stuxnet all over the news. Stuxnet, a cyber worm, is believed to be the world’s first publicly identified known cyber weapon. Such worms are designed to destroy the control system in a factory, refinery or even a nuclear power plant.
Computers are infected with such worm through websites, USB sticks or other external media drives connected to it. The worm causes no harm to its host and uses the host computer as a launch pad to attack a primary target. A botnet is created when the same worm infects multiple computers on a network. The primary target and the time of attack are set by a command center from where the botnet is controlled.
Since the worm behaves like any other legitimate software (uses stolen certificate) installed on the computer, antivirus software would have hard time identifying them. The worm has the tendency to change its characteristics to fit the environment of the host. Once it gets into a computer, it tends to go into a sleeping mode waiting for commands from the control center. However, the moment command is received from the command center; it wakes up and starts attacking a specific target. By the time an antivirus or a firewall picks up that behavior, it’s already late – the damage is already done at the target from a host system. If your computers are part of the host system of botnets, then you are liable for the damages.
With the introduction of cool mobile devices available for the corporate world, executives feel their existing blackberry out of fashion. For a while, blackberry devices ruled the corporate world for mobile communications. They are efficient and highly secure.
Blackberry security is still considered the gold standard for enterprise mobile communications. However, with generation Y taking over the corporate world, enterprise infrastructure have a hard time meeting their demand to have social networking and other mobile applications available on their mobile devices. RIM’s product is no more preferred; rather it is now one of the options that should be available to the corporate users.
There is also increasing demand among employees to use their personal mobile devices (individually liable) for enterprise use. They view pervasive wireless LAN (WLAN) and mobile cellular coverage as “must have” capabilities and consider smartphones as “must have” tools that would help integrate their personal and professional lives.
Until recently every enterprise had a web address advertised along with their products. Now, their applications are showing up in mobile device application (app) store and their mobile web addresses (example m.mycompany.com) are advertised along with their web address (example www.mycompany.com) increasing their competitiveness.
So how do we secure such diverse devices while making them available for corporate use?