idea behind the stuxnet computer worm is actually quite simple
now if we manage to compromise these systems that control drive speeds
place a good windows virus on a notebook that is used by a maintenance engineer to configure
i want to tell you how we found that out when we started our research on stuxnet six months ago it was completely unknown what the purpose of this thing was
the only thing that was known is it 's very very complex on the windows part the dropper part used multiple zero day vulnerabilities
and it seemed to want to do something with these gray boxes these real time control systems so that got our attention and we started a lab project where we infected our environment with stuxnet and checked this thing out
program code that it 's trying to infect is actuallyrunning on that target and if not
stuxnet does nothing so that really got my attention and we started to work on this nearly around the clock because i thought well we don 't know what the target is it could be let 's say for example a u s power plant or a chemical plant in germany so we better find out what the target is soon
so we extracted and decompiled the attack code and we discovered that it 's structured in two digital bombs a smaller one and a bigger one
and we also saw that they are very professionally engineered by people who obviously had all insider information they knew all the bits and bites that they had to attack
they probably even know the shoe size of the operator so they know everything and if you have heard that the dropper of stuxnet is complex and high tech let me tell you this the payload is rocket science it 's way above everything that we have ever seen before
in order to get target theories we remember that it 's definitely hardcore sabotage
it must be a high value target and it is most likely located in iran because that 's where most of the infections had been reported
now you don 't find several thousand targets in that area it basically boils down to the bushehr nuclear power plant and to the natanz fuel enrichment plant so i told my assistant get me a list of all centrifuge and power plant experts from our client base
and i phoned them up and picked their brain in an effort to match
their expertise with what we found in code and data
and that worked pretty well so we were able to associate the small digital warhead with the rotor control the rotor is that moving part within the centrifuge that black object that you see
and if you manipulate the speed of this rotor you are actually able to crack the rotor and eventually even have the centrifuge explode
what we also saw is that the goal of the attack was really to do it slowly and creepy obviously in an effort to drive maintenance engineers crazy that they would not be able to figure this out quickly
the big digital warhead we had a shot at this by looking very closely at data and data structures so for example the number one hundred and sixty four really stands out in that code you can 't overlook it
i started to researchscientificliterature on how these centrifuges are actually built in natanz and found they are structured in what is called a cascade and each cascade holds one hundred and sixty four centrifuges so that made sense that was a match and it even got better
these centrifuges in iran are subdivided into fifteen what is called stages
and guess what we found in the attack code an almost identicalstructure so again that was a real good match
anyway so we figured out that both digital warheads were actually aiming at one and the same target but from different angles
the small warhead is taking one cascade and spinning up the rotors and slowing them down and the big warhead is talking to six cascades and manipulating valves
so in all we are very confident that we have actually determined what the target is it is natanz and it is only natanz so we don 't have to worry that other targets might be hit by stuxnet here 's some very cool stuff that we saw
now what this thing does is it intercepts the input values from sensors so for example from pressure sensors and vibration sensors
and it provides legitimateprogram code which is still running during the attack with fake input data
and as a matter of fact this fake input data is actually prerecorded by stuxnet so it 's just like from the hollywood movies where during the heist the observation camera is fed with prerecorded video
that 's cool
the
idea here is obviously not only to fool the operators in the control room it actually is much more dangerous and aggressive the idea is to circumvent a digital safety system
obviously this cannot be done by a human operator so this is where we need digital safety systems and when they are compromised then real bad things can happen your plant can blow up and neither your operators nor your safety system will notice it that 's scary but it gets worse
and this is very important what i 'm going to say
think about this this attack
is generic
it is generic
and you don 't have as an attacker you don 't have to deliver this payload by a usb stick as we saw it in the case of stuxnet you could also use conventional worm technology for spreading just spread it as wide as possible and if you do that what you end up with is
that 's the consequence that we have to face
so unfortunately
the biggest number of targets for such attacks are not in the middle east
so all of the green areas these are your target rich environments
we have to face the consequences and we better start to prepare right now thanks
there is only one and that 's the united states
fortunately fortunately
because otherwise our problems would even be bigger
生词表:computer [kəm´pju:tə] 
n.计算机;电子计算器 (初中英语单词) actually [´æktʃuəli] ad.事实上;实际上 (初中英语单词) research [ri´sə:tʃ] n.&vi.调查;探究;研究 (初中英语单词) complex [´kɔmpleks] a.复杂的 n.综合企业 (初中英语单词) project [prə´dʒekt, ´prɔdʒekt] v.设计;投掷 n.计划 (初中英语单词) running [´rʌniŋ] a.奔跑的;流动的 (初中英语单词) chemical [´kemikəl] a.化学的 n.化学制品 (初中英语单词) obviously [´ɔbviəsli] ad.明显地;显而易见地 (初中英语单词) operator [´ɔpəreitə] n.操作者;接线员 (初中英语单词) definitely [´definitli] ad.明确地;绝对 (初中英语单词) assistant [ə´sistənt] n.助手;助理;助教 (初中英语单词) associate [ə´səuʃieit] v.联合a.同伴的n.伙伴 (初中英语单词) overlook [,əuvə´luk] vt.&n.俯瞰;忽略;观察 (初中英语单词) scientific [,saiən´tifik] a.科学(上)的 (初中英语单词) literature [´litərətʃə] n.文学;文献;著作 (初中英语单词) structure [´strʌktʃə] n.结构,构造;组织 (初中英语单词) pressure [´preʃə] n.压榨 vt.对…施压力 (初中英语单词) program [´prəugræm] n.说明v.为…安排节目 (初中英语单词) observation [,ɔbzə´veiʃən] n.观测;注意;意义 (初中英语单词) system [´sistəm] n.系统,体系,制度 (初中英语单词) consequence [´kɔnsikwəns] n.结果;后果;推断 (初中英语单词) otherwise [´ʌðəwaiz] ad.另外 conj.否则 (初中英语单词) compromise [´kɔmprəmaiz] n.妥协,和解 (高中英语单词) maintenance [´meintinəns] n.保持;主张;保养 (高中英语单词) environment [in´vaiərənmənt] n.郊区;周围;条件 (高中英语单词) client [´klaiənt] n.委托人;顾客 (高中英语单词) identical [ai´dentikəl] a.完全相同的 (高中英语单词) spinning [´spiniŋ] n.纺织 a.纺织品的 (高中英语单词) confident [´kɔnfidənt] a.有信心的,自信的 (高中英语单词) legitimate [li´dʒitimit] a.合法的 vt.使合法 (高中英语单词) hollywood [´hɔliwud] n.好莱坞 (高中英语单词) notebook [´nəutbuk] n.笔记本 (英语四级单词) trying [´traiiŋ] a.难堪的;费劲的 (英语四级单词) infect [in´fekt] vt.传染;使受影响 (英语四级单词) eventually [i´ventʃuəli] ad.最后,终于 (英语四级单词) cascade [kæ´skeid] n.小瀑布;喷流 (英语四级单词) vibration [vai´breiʃən] n.颤动;振动;摇动 (英语四级单词) aggressive [ə´gresiv] a.进攻的;侵略的 (英语四级单词) conventional [kən´venʃənəl] a.常规的;协定的 (英语四级单词) rocket [´rɔkit] n.火箭;火箭发动机 (英语六级单词) taking [´teikiŋ] a.迷人的 n.捕获物 (英语六级单词)
now if we manage to compromise these systems that control drive speeds
place a good windows virus on a notebook that is used by a maintenance engineer to configure
i want to tell you how we found that out when we started our research on stuxnet six months ago it was completely unknown what the purpose of this thing was
the only thing that was known is it 's very very complex on the windows part the dropper part used multiple zero day vulnerabilities
and it seemed to want to do something with these gray boxes these real time control systems so that got our attention and we started a lab project where we infected our environment with stuxnet and checked this thing out
program code that it 's trying to infect is actuallyrunning on that target and if not
stuxnet does nothing so that really got my attention and we started to work on this nearly around the clock because i thought well we don 't know what the target is it could be let 's say for example a u s power plant or a chemical plant in germany so we better find out what the target is soon
so we extracted and decompiled the attack code and we discovered that it 's structured in two digital bombs a smaller one and a bigger one
and we also saw that they are very professionally engineered by people who obviously had all insider information they knew all the bits and bites that they had to attack
they probably even know the shoe size of the operator so they know everything and if you have heard that the dropper of stuxnet is complex and high tech let me tell you this the payload is rocket science it 's way above everything that we have ever seen before
in order to get target theories we remember that it 's definitely hardcore sabotage
it must be a high value target and it is most likely located in iran because that 's where most of the infections had been reported
now you don 't find several thousand targets in that area it basically boils down to the bushehr nuclear power plant and to the natanz fuel enrichment plant so i told my assistant get me a list of all centrifuge and power plant experts from our client base
and i phoned them up and picked their brain in an effort to match
their expertise with what we found in code and data
and that worked pretty well so we were able to associate the small digital warhead with the rotor control the rotor is that moving part within the centrifuge that black object that you see
and if you manipulate the speed of this rotor you are actually able to crack the rotor and eventually even have the centrifuge explode
what we also saw is that the goal of the attack was really to do it slowly and creepy obviously in an effort to drive maintenance engineers crazy that they would not be able to figure this out quickly
the big digital warhead we had a shot at this by looking very closely at data and data structures so for example the number one hundred and sixty four really stands out in that code you can 't overlook it
i started to researchscientificliterature on how these centrifuges are actually built in natanz and found they are structured in what is called a cascade and each cascade holds one hundred and sixty four centrifuges so that made sense that was a match and it even got better
these centrifuges in iran are subdivided into fifteen what is called stages
and guess what we found in the attack code an almost identicalstructure so again that was a real good match
anyway so we figured out that both digital warheads were actually aiming at one and the same target but from different angles
the small warhead is taking one cascade and spinning up the rotors and slowing them down and the big warhead is talking to six cascades and manipulating valves
so in all we are very confident that we have actually determined what the target is it is natanz and it is only natanz so we don 't have to worry that other targets might be hit by stuxnet here 's some very cool stuff that we saw
now what this thing does is it intercepts the input values from sensors so for example from pressure sensors and vibration sensors
and it provides legitimateprogram code which is still running during the attack with fake input data
and as a matter of fact this fake input data is actually prerecorded by stuxnet so it 's just like from the hollywood movies where during the heist the observation camera is fed with prerecorded video
that 's cool
the
idea here is obviously not only to fool the operators in the control room it actually is much more dangerous and aggressive the idea is to circumvent a digital safety system
obviously this cannot be done by a human operator so this is where we need digital safety systems and when they are compromised then real bad things can happen your plant can blow up and neither your operators nor your safety system will notice it that 's scary but it gets worse
and this is very important what i 'm going to say
think about this this attack
is generic
it is generic
and you don 't have as an attacker you don 't have to deliver this payload by a usb stick as we saw it in the case of stuxnet you could also use conventional worm technology for spreading just spread it as wide as possible and if you do that what you end up with is
that 's the consequence that we have to face
so unfortunately
the biggest number of targets for such attacks are not in the middle east
so all of the green areas these are your target rich environments
we have to face the consequences and we better start to prepare right now thanks
there is only one and that 's the united states
fortunately fortunately
because otherwise our problems would even be bigger
生词表:
n.计算机;电子计算器 (初中英语单词) ad.事实上;实际上 (初中英语单词) n.&vi.调查;探究;研究 (初中英语单词) a.复杂的 n.综合企业 (初中英语单词) v.设计;投掷 n.计划 (初中英语单词) a.奔跑的;流动的 (初中英语单词) a.化学的 n.化学制品 (初中英语单词) ad.明显地;显而易见地 (初中英语单词) n.操作者;接线员 (初中英语单词) ad.明确地;绝对 (初中英语单词) n.助手;助理;助教 (初中英语单词) v.联合a.同伴的n.伙伴 (初中英语单词) vt.&n.俯瞰;忽略;观察 (初中英语单词) a.科学(上)的 (初中英语单词) n.文学;文献;著作 (初中英语单词) n.结构,构造;组织 (初中英语单词) n.压榨 vt.对…施压力 (初中英语单词) n.说明v.为…安排节目 (初中英语单词) n.观测;注意;意义 (初中英语单词) n.系统,体系,制度 (初中英语单词) n.结果;后果;推断 (初中英语单词) ad.另外 conj.否则 (初中英语单词) n.妥协,和解 (高中英语单词) n.保持;主张;保养 (高中英语单词) n.郊区;周围;条件 (高中英语单词) n.委托人;顾客 (高中英语单词) a.完全相同的 (高中英语单词) n.纺织 a.纺织品的 (高中英语单词) a.有信心的,自信的 (高中英语单词) a.合法的 vt.使合法 (高中英语单词) n.好莱坞 (高中英语单词) n.笔记本 (英语四级单词) a.难堪的;费劲的 (英语四级单词) vt.传染;使受影响 (英语四级单词) ad.最后,终于 (英语四级单词) n.小瀑布;喷流 (英语四级单词) n.颤动;振动;摇动 (英语四级单词) a.进攻的;侵略的 (英语四级单词) a.常规的;协定的 (英语四级单词) n.火箭;火箭发动机 (英语六级单词) a.迷人的 n.捕获物 (英语六级单词)
京公网安备 11011202003401号
