1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How Digital Detectives Deciphered Stuxnet, the Most Menacing Malware in History

Discussion in 'BlackHat Lounge' started by G-S-T, Dec 29, 2011.

  1. G-S-T

    G-S-T Executive VIP Jr. VIP

    Joined:
    Jan 20, 2011
    Messages:
    1,831
    Likes Received:
    8,794
    Occupation:
    Full time IM
    Location:
    Heavy in the game
    • Thanks Thanks x 6
  2. G-S-T

    G-S-T Executive VIP Jr. VIP

    Joined:
    Jan 20, 2011
    Messages:
    1,831
    Likes Received:
    8,794
    Occupation:
    Full time IM
    Location:
    Heavy in the game
    "After all of the effort put into deciphering Stuxnet, the code itself still holds a couple of mysteries — two small encrypted files that researchers have yet to crack. One file is 90 bytes, and gets copied to every system Stuxnet infects. The other is 24 bytes and gets copied to Step7 machines when Stuxnet's malicious DLL file gets installed. The two files could hold additional clues to Stuxnet's aims or origins, but we might never discover them. Symantec's researchers have tried repeatedly to crack their encryption, but have never succeeded."

    I badly want to know what was in those encrypted files.
     
  3. royalslim

    royalslim Regular Member

    Joined:
    Dec 20, 2009
    Messages:
    237
    Likes Received:
    39
    Occupation:
    Website Design and Internet Consulting
    Location:
    United States
    There was a documentary on this on CNBC, really interesting. One of them claimed that the origins is from Israel because there are some references/terms from the Tora. It also baffles me how encrypted this thing is, I feel like the anti-virus companies themselves make these things...idk haha
     
    • Thanks Thanks x 1
    Last edited: Dec 29, 2011
  4. mrwho

    mrwho Junior Member

    Joined:
    Apr 3, 2008
    Messages:
    122
    Likes Received:
    39
    Is there a torrent or anything for the CNBC documentary? And it surprises me that the anti-virus companies haven't put out a bounty for the decryption of the 2 files yet.
     
    • Thanks Thanks x 1
  5. royalslim

    royalslim Regular Member

    Joined:
    Dec 20, 2009
    Messages:
    237
    Likes Received:
    39
    Occupation:
    Website Design and Internet Consulting
    Location:
    United States
    I think its this one.

    Code:
    http://www.dailymotion.com/video/xjw4ma_cnbc-originals-code-wars_news
    It talks about Stuxnet plus other things that happen in the CYBER wars, let me know if I am wrong and I can try to find another video, but I'm like 80% sure its in that link above.
     
    • Thanks Thanks x 1
    Last edited: Dec 29, 2011
  6. davids355

    davids355 Jr. VIP Jr. VIP Premium Member

    Joined:
    Apr 25, 2011
    Messages:
    8,777
    Likes Received:
    6,308
    Home Page:
    Interesting!
     
  7. G-S-T

    G-S-T Executive VIP Jr. VIP

    Joined:
    Jan 20, 2011
    Messages:
    1,831
    Likes Received:
    8,794
    Occupation:
    Full time IM
    Location:
    Heavy in the game
    Just cleared my schedule for the next 45 mins. Gonna give it a watch now. Thanks

    Edit: its not the Stuxnet one, this one is industrial espionage from China.

    Edit the edit: Stuxnet is in part 2. Interesting stuff.
     
    • Thanks Thanks x 1
    Last edited: Dec 29, 2011
  8. davids355

    davids355 Jr. VIP Jr. VIP Premium Member

    Joined:
    Apr 25, 2011
    Messages:
    8,777
    Likes Received:
    6,308
    Home Page:
    Any YouTube link so I can watch on iPhone..?? :)
     
  9. eshelt

    eshelt Junior Member

    Joined:
    Jan 11, 2010
    Messages:
    146
    Likes Received:
    87
    very interesting. this has government conspiracy written all over it.
     
  10. G-S-T

    G-S-T Executive VIP Jr. VIP

    Joined:
    Jan 20, 2011
    Messages:
    1,831
    Likes Received:
    8,794
    Occupation:
    Full time IM
    Location:
    Heavy in the game
    • Thanks Thanks x 2
  11. royalslim

    royalslim Regular Member

    Joined:
    Dec 20, 2009
    Messages:
    237
    Likes Received:
    39
    Occupation:
    Website Design and Internet Consulting
    Location:
    United States
    Looks like its the same video.

    HTML:
    http://www.youtube.com/watch?v=VoTNQT203GA

    ^^ Why does it come out like this?
     
    Last edited: Dec 29, 2011
  12. davids355

    davids355 Jr. VIP Jr. VIP Premium Member

    Joined:
    Apr 25, 2011
    Messages:
    8,777
    Likes Received:
    6,308
    Home Page:
    Thanks:) you tried using the URL button in the wysiwyg toolbar?
     
  13. wrangler

    wrangler Regular Member

    Joined:
    Jun 14, 2010
    Messages:
    487
    Likes Received:
    599
    "references to the torah" my arse.

    First the logic to find said "references" is unscientific - starting more or less with a stated goal, and workign backwards to find an excuse for it - the inverse of scientific theory. If you stand on one leg and cover one eye you can see a letter in the text that's also found in the torah...etc.

    Second: whoever is professional enough to make this is not going to seed it with easter eggs.

    Third: If Israel (especially, but frankly, whoever did this) wanted it to be known who did this, they would not do so with childish "hints" open to misinterpretation. They'd just go "yup, it was us".

    Right?

    (puts Occam's razor away again)
     
  14. Roparadise

    Roparadise BANNED BANNED

    Joined:
    May 25, 2011
    Messages:
    786
    Likes Received:
    1,417
    I personally believe that virus makers need to be executed in public,they are messing around with to much stuff.
     
    Last edited: Dec 29, 2011
  15. cyberjunkie

    cyberjunkie Junior Member

    Joined:
    Oct 9, 2010
    Messages:
    170
    Likes Received:
    34
    Occupation:
    Racking up the Good Karma points
    Location:
    ✈Ocean Drive
    Financial Times ran an article about this. From what I
    remember it took the resources of a well funded
    and well organized nation to arrange this caliber of Malware.
    Iran & India had the most infections.

    The US could have launched this sort of Malware as an
    Offensive Information Warfare Attack, Cyber warfare etc.

    Would not surprise me one bit if this was an Israeli operation.

    Governments or Government supported intermediaries are
    very brazen these days, especially when the masses don't
    protest or hold them accountable. Too much TV to watch,
    to many bills to pay, too many other distractions in life etc.


    The Torah bit could have easily been an indulgent signature.
    Arrogance.
     
  16. Roparadise

    Roparadise BANNED BANNED

    Joined:
    May 25, 2011
    Messages:
    786
    Likes Received:
    1,417

    How much do you think it cost to have stuxnet made?
     
    Last edited: Dec 29, 2011
  17. sapo

    sapo Power Member

    Joined:
    Feb 25, 2008
    Messages:
    510
    Likes Received:
    281
    here these motherfuckers are taking over the world with 90 byte files and took me 3 hours today to figure out why my redirection script wasnt working LMFAO.
     
  18. spasovski

    spasovski Regular Member

    Joined:
    Mar 21, 2011
    Messages:
    394
    Likes Received:
    240
    Occupation:
    Web designer and Internet marketeer.
    I'm so amazed 0_0 The best article I've read so far.

    The amount if information included virtually put my brain in hyper mode.
     
  19. cyberjunkie

    cyberjunkie Junior Member

    Joined:
    Oct 9, 2010
    Messages:
    170
    Likes Received:
    34
    Occupation:
    Racking up the Good Karma points
    Location:
    ✈Ocean Drive

    The caliber of researchers who are even involved with
    with this class of virus are some of the worlds best minds in
    their field. I'm sure they are laboring with an 'incentive'
    a, 'spiff', or a bounty.
     
  20. cyberjunkie

    cyberjunkie Junior Member

    Joined:
    Oct 9, 2010
    Messages:
    170
    Likes Received:
    34
    Occupation:
    Racking up the Good Karma points
    Location:
    ✈Ocean Drive



    Impossible for an outsider to know. Too many moving
    parts. Too many factors to consider. I wouldn't hold
    my breath on any declassified disclosures from any
    alphabet agency.