Wednesday, December 1, 2010

"Jester" who claims DDOS attack arrested...

A self-styled 'hacktivist for good' who claimed to have carried out the denial of service attacks which took down WikiLeaks over the weekend has been raided by police.

A posting on The Jester's Blog says:

"So much for being quiet around here. The fire is starting to stir. As many of you already are aware my door was kicked in and all of my equipment was seized. The weird thing is it was the local sheriff's office not the government. Hmmm.

"In the mean time, my email and WordPress accounts are probably jeopardized so I decided to launch on my own server since nothing can be trusted at this time. I still have copies of all utilities, code, and web backups.

"I will keep everyone posted as things start to unfold. I am not sure what's going to happen, no charges have been filed as of yet. Thanks for all your support!"

It's not clear whether the raid was part of an ongoing action on the part of local law enforcement or was prompted by the DoS attack on whistle-blowing outfit WikiLeaks. Either way, the fact that WikiLeaks was unavailable for several hours on Sunday and again on Tuesday is of little consequence as the dossier of 250,000 or more secret Government wires had already been distributed to newspapers all over the world.

The Jester, who has previously attacked militant jihadist web sites, is now trying to raise the $10,000 in lawyer's fees he reckons he'll need to get out of this particular pickle.

South Korea expecting another attack from North

Seoul, South Korea (CNN) -- South Korea's spy chief said Wednesday that there is a high chance that North Korea will attack again following a strike last month that has led to renewed tensions on the peninsula, the Yonhap news agency reported.

South Korean lawmaker Rhee Beum-Kwan quoted National Intelligence Service chief Won Sei-hoon as making the prediction, Yonhap reported.
"North Korea pushed for reckless actions as internal complaints grew over its hereditary power succession and economic situations worsened," the lawmaker quoted Won as saying.

Meanwhile, South Korea and the United States wrapped up joint military exercises on the Yellow Sea, while South Korea carried on with plans for artillery firing drills next week amid simmering tensions with Pyongyang.
U.S. firepower on display Onboard the USS George Washington South Korean president talks tough WikiLeaks: China's N. Korea stance

The live fire drills are a routine monthly exercise aimed at securing the safety of ships in the area, the South's Joint Chiefs of Staff told CNN. They are scheduled to begin Monday.

Computer Worm Shuts Down Iranian Centrifuge Plant

By Ken Timmerman

The secretary general of the International Atomic Energy Agency stunned Iran watchers on Nov. 23, 2010, when he announced officially that Iran had been forced to shut down its main uranium enrichment plant at Natanz for seven days earlier this month.

The revelation was buried in a footnote of the latest report from the IAEA on Iran’s nuclear program, and was immediately interpreted by computer security analysts and others as an indication that Iran’s uranium enrichment program was the main intended target of the Stuxnet computer worm attack.

The report by IAEA Director General Yukiya Amano revealed that Iran slowed down enrichment operations in the beginning of November then brought them to a total halt by Nov. 16 and kept the entire facility offline for six days.

The effect of the Stuxnet attack was like as “digital warhead,” the CEO of the National Board of Information Security Examiners of the United States, Inc., Michael J. Assante, told a Senate Governmental Affairs hearing last week.

Experts from the virus protection firm Symantec believe that Stuxnet was specifically designed to attack systems at Iran’s Natanz uranium enrichment plant that control the speed at which the enrichment centrifuges spin.

“We speculate that the ultimate goal of Stuxnet is to sabotage that facility by reprogramming programmable logic controllers to operate as the attackers intend them to, most likely out of their specified boundaries, and to hide those changes from the operator of the equipment,” Dean Turner, director of Symantec’s Global Intelligence Network, told a Senate Governmental Affairs committee hearing last week.

The worm causes the centrifuges to speed up beyond their normal tolerance, and then jams on the brakes to bring them to a screeching halt, before returning them to their normal operating speed.

If the centrifuges spin too fast, they can explode. If they survive the first speed-up, then the abrupt braking and subsequent re-acceleration can throw them off balance, also causing them to crash.

If such a crash occurs when the centrifuges are loaded with hot uranium hexafluoride gas, the accident could have catastrophic results.

“Stuxnet sabotages the system,” a white paper by chief Symantec analyst Eric Chien found.

Symantec also found that Stuxnet was designed to attack only frequency converter drives manufactured by two companies: Fararo Paya in Tehran, and Vacon based in Finland. Because these devices are used in uranium enrichment plants, the Nuclear Suppliers Group forbids their export to Iran.

So whoever designed Stuxnet intended it to attack Iran’s nuclear enrichment program, Symantec concluded.

German computer security analyst Ralph Langner believes Stuxnet actually contains two separate digital warheads, each aimed at different targets and possibly even developed by different teams.

Taken together, the two digital bombs “were deployed in combination as an all-out cyberstrike against the Iranian nuclear program,” he said. The first warhead attacked the centrifuge controllers, and “would very likely be able to attack and destroy centrifuge facilities that are unknown to IAEA inspectors and the world.”

The ability to cripple secret nuclear facilities in Iran “was a major strategic aspect in developing warhead one,” he believes.

The second digital warhead was targeted at non-nuclear control systems at the Bushehr nuclear power plant, which was hit by Stuxnet over the summer.

Langner believes Stuxnet was designed to attack the gigantic steam turbine used to generate electric power at Bushehr. “Manipulating this controller by malware as we see it in Stuxnet can destroy the turbine as effectively as an air strike,” Langner says.


Editor's note: Disregard the author's claim that this worm is a danger to U.S. systems. STUXNET is like a precision guided bomb - targeting certain frequency converter drives on centrifuges built by Finland and Iranian manufacturers and ONLY if there are a certain number (33) of them connected to a nuclear manufacturing network. Very precise.


Blog Widget by LinkWithin