Anonymous Has the Bomb

we need to all remain diligent as ATS users and seek out the most compelling answers and credible sources.

Bruce Schneier is a very well known and credible technology security expert...

Regularly quoted in the media -- and subject of an Internet meme -- he has testified on security before the United States Congress on several occasions and has written articles and op eds for many major publications, including The New York Times, The Guardian, Forbes, Wired, Nature, The Bulletin of the Atomic Scientists, The Sydney Morning Herald, The Boston Globe, The San Francisco Chronicle, and The Washington Post.

Schneier also publishes a free monthly newsletter, Crypto-Gram, with over 150,000 readers. In its ten years of regular publication, Crypto-Gram has become one of the most widely read forums for free-wheeling discussions, pointed critiques, and serious debate about security. As head curmudgeon at the table, Schneier explains, debunks, and draws lessons from security stories that make the news.

www.schneier.com...

here is what Schneire has to say regarding stuxnet as reported from forbes blog..

Here’s what we do know: Stuxnet is an Internet worm that infects Windows computers. It primarily spreads via USB sticks, which allows it to get into computers and networks not normally connected to the Internet. Once inside a network, it uses a variety of mechanisms to propagate to other machines within that network and gain privilege once it has infected those machines. These mechanisms include both known and patched vulnerabilities, and four “zero-day exploits”: vulnerabilities that were unknown and unpatched when the worm was released. (All the infection vulnerabilities have since been patched.)

Stuxnet doesn’t actually do anything on those infected Windows computers, because they’re not the real target. What Stuxnet looks for is a particular model of Programmable Logic Controller (PLC) made by Siemens (the press often refers to these as SCADA systems, which is technically incorrect). These are small embedded industrial control systems that run all sorts of automated processes: on factory floors, in chemical plants, in oil refineries, at pipelines–and, yes, in nuclear power plants. These PLCs are often controlled by computers, and Stuxnet looks for Siemens SIMATIC WinCC/Step 7 controller software. If it doesn’t find one, it does nothing.

blogs.forbes.com...

although i do think the credibility and potentiality of this threat is still very real..

So, unless the Anonymous hackers want to control industrial centrifuges, we should be alright? Not so fast. Theoretically, it would be possible to dismantle the virus and implant a separate payload, effectively piggy-backing another virus on the Windows-based attack code. This is no walk in the park coding exercise, to be sure, but Anonymous has proven their impressive abilities in the past. If such a deconstruction and reconstruction were to be pulled off, it could have wide-reaching consequences. In August 2010, the Stuxnet virus was reportedly infecting over 60,000 computers in Iran, not causing any harm but eager to spread until it found a place to release its payload.

For now, we’re largely dealing in hypotheticals. Since Stuxnet has been discovered, efforts are being put against it at high levels to prevent such attacks in the future. But if Anonymous does, in fact, have possession of the worm, it could have massive repercussions for both online and offline security. As Mort Zuckerman said late last year, though, “Malicious programmers are always able to find weaknesses and challenge security measures. The defender is always lagging behind the attacker.”

blogs.forbes.com...

next i looked up the info at www.symantec.com, their paper chronicling the iranian stuxnet saga..

www.symantec.com...

the pdf is here:

www.symantec.com...
just trying to keep the info flowing..

Many times I've thought about how technology is already eclipsing human's ability to comprehend what is fully going on. It's your grandparents not understanding these confangled new contraptions. It's your parents not understanding how to use a Smartphone. And now, it's people that supposedly run "security" firms that have never been on IRC and don't get what a "torrent" is.

The fact is we're headed exponentially into a realm where if you're not stuck on top of this wave of tech and understanding how it all works, you're about to be swallowed whole. Ying and yang. For every ounce of enjoyment you derive from technology underlies a very dangerous side. We love how computerized our modern lives are without realizing how much we depend on said computerization to the point that if the stuff hits the fan in just the right way, it's all gone and only a handful of people will literally comprehend why and what it will take to remedy the situation.

Reading the chatlogs of Anon with "Penny" speaking to them gives the reader a near tactile representation of how far behind she is with technology. Only having a basic understanding of how fire works but not understanding that you don't play with fire while drenched in gasoline. She owns a security firm yet was told many times that "It's a torrent now and it's too late" and she struggled to grasp other basic concepts that have evolved in technology in the past 7-10 years. 12-16 year old kids run laps virtually and socially around her mind and plenty of people in her age group that have other things to worry about than staying on top of technology.

It's the horse and carriage being replaced with hover cars in the blink of an eye, leaving the carriage driver's head spinning. Exponential advancements; creating programs meant to infect systems is fine and dandy until you realize that much like any other weapon, it's not something you can own. Once the info gets out, it's anyones and it can be rendered just as dangerous as a physical weapon. Failure to understand these implications is where the ignorance lay and labels the ones that fail to understand as the ones washed away in the tide that recedes, pulling those that fail to stay on top of this technology away with it into the depths of the sea.

Your time is done in these matters, enjoy the tech you have but know that until you fully understand what you're dealing with on any level, you cannot possibly comprehend the ability for what you enjoy to completely f you in the a. In short - keep your mind right and don't trifle with things you know little about. Open that mind up and learn, learn, learn with intentions of good will and not deception or deceit. Penny was completely vulnerable, still is, yet carried on with bravado as if "her side" was on top of things (as ignorant as they apparently are). This blind ignorance is going to be the end as technology continues to exponentially advance and evolve into things that less and less humans have the time nor want to fully comprehend.

Explanation: S&F!

Hmmm?

This "Bomb" is bad for everybody! Here is potentially where it starts...

Grey Goo :- Computing [wiki]

ComputingDenial-of-service attacks in the virtual world Second Life which work by infinitely replicating objects until the server crashes are referred to as grey goo attacks. This reference refers to the self-replicating aspects of grey goo. It is one example of the widespread convention of drawing analogies between certain Second Life concepts and the theories of radical nanotechnology.

And here is where it ends ...

Grey Goo [wiki]

Grey goo (alternatively spelled gray goo) is a hypothetical end-of-the-world scenario involving molecular nanotechnology in which out-of-control self-replicating robots consume all matter on Earth while building more of themselves, a scenario known as ecophagy ("eating the environment").

And here is why...

Grey Goo :- Dangers and Terrorism [crnano.org]

Although grey goo has essentially no military and no commercial value, and only limited terrorist value, it could be used as a tool for blackmail. Cleaning up a single grey goo outbreak would be quite expensive and might require severe physical disruption of the area of the outbreak (atmospheric and oceanic goos deserve special concern for this reason). Another possible source of grey goo release is irresponsible hobbyists. The challenge of creating and releasing a self-replicating entity apparently is irresistible to a certain personality type, as shown by the large number of computer viruses and worms in existence. We probably cannot tolerate a community of "script kiddies" releasing many modified versions of goo.

Personal Disclosure: I just spent 1 week in an Asylum ward due to this concept breaking me hardcore.

P.S. I will never look at a laundry/kitchen sink and microwave oven the same EVER again!

Anonymous is Legion. Just like grey goo! Don't say you havent been warned ok. Mind you it would be your last words anyway!

i do agree that all of these leaks and incidents to tend to push the internet towards stricter regulations as evidenced by this article by Q1 labs.

According to Q1 Labs, previous high profile attacks such as Stuxnet, the Google (News - Alert) breach, Wikileaks, NASDAQ and others are all connected. All the attacks, according to the security intelligence provider have a common theme and that is- low and slow APTs. These breaches points out the pressing need for Security Intelligence - the ability to see every action taking place on a network.

sip-trunking.tmcnet.com...

the types of regulations proposed read like a TSA directive..

Q1 Labs claims that as the only Security Information and Event Management (SIEM) provider to integrate Application Layer Behavior Analysis, it is uniquely positioned to provide effective visibility and context by correlating network and application activity against log events and other security telemetry across entire networks.

Q1 Lab’s recommendations regarding network security in order to prevent a breach include: break down technology silos through the integration and analysis of a broad spectrum of information including network, virtual network, security, vulnerability, asset, application, and configuration data, among others, bridge operational silos and deliver the most appropriate security functions to meet the requirements of a broad spectrum of users including operators, analysts, auditors, managers, and executives, among others, have all the contextual information needed to prioritize the risk of a security incident based on the overall impact to the business, automate the detection and notification of newly introduced risks on the network, and seek to establish an integrated security intelligence framework for assessing risk across all relevant information.

this all coinciding with the upcoming national personal / internet i.d. card this year.

What's to come in 2011
specifically the National Strategy for Trusted Identities in Cyberspace (NSTIC) and the Federal Identity, Credential and Access Management (FICAM) initiatives...

We will begin to see the early stages of issuance of Personal Identity Verification – Interoperable (PIV-I) credentials in 2011 which will help increase security between government, business and individuals in conducting online and physical transactions. Digital signatures should begin to proliferate in lieu of wet signatures as the capability to perform digital signatures expands at least within the federal government. This will help streamline business processes and move traditional manual, labor intensive processes to more automated online transactions.

reply to post by purplemer

Remember when Anon hacked into HGbary the internet security company last week in a revenge attack for them trying to sell Anon info to the FBI. Well apparntly Anon got hold of the Stuxnet virus code.
Now this is really stupid.

The way that the MSM talk about anon, is like this group is just a few school boys bored with a laptop and bit of time on their hands.

Looking deeper into the group 'anon' it is clear, at least to me, that this is another tool to yet fulfil another agenda. I wouldn't be at all surprised to find out later on down the line that the very people who are allegedly trying to crack down on 'anon' are the ones responsible for this increased 'cyber warfare'

what better way to push control measures on piracy than to regulate the net in order to stop 'cyber criminals' from hacking in to your bank account

Here is an insidious short cartoon that demonstrates our future realities that we currently take for granted like just coming home from work after a hard day and getting on the ole 'puter for some web surfing & unwind time. it will be like checking into a hotel just to come home! lol!

www.authasas.com...

reply to post by franspeakfree
both

the intelligence is collecting and focusing the bored kid with laptop to act in ways said kid has no clue about in regards to the big picture.

and the kids, wanting to be cool and impress the uber hackers, fall in lock step. total setup...shooting themselves in the foot

reply to post by franspeakfree


Explanation: You earned a St*r!

Personal Disclosure: Anon. is both and your completely correct to look deeper at the DEROGATORY 'kiddies" part of the equation as Zombie Script Legion [aka anon.] includes all demographics regardless of age and or agreeableness between those demographics. Your totally dead bang on target as to who is behind it! Well Done!!!

reply to post by OmegaLogos


OL!

No need to worry about the gray goo concept with anon. In order for something to be that destructive it has to be of uniform purpose and intent.

Anon is a loose collective of people with varied interests and bent. They often are at odds with one another over what to do. And where there is dissent there cannot be that particular kind of power or action.

~Heff

reply to post by OmegaLogos


I always wondered what this grey goo you spoke of often was and now I know. Thanks for denying my ignorance OL and hope to learn more.

Originally posted by ballsdeep
I haven't read the whole thread, but has anyone mentioned the fact that the term 'anon' is inherently inert; that chances are no-one has stolen stuxnet and the US are just preparing to infect someone other than Iran and blame 'anon'?

Haha. I guess blaming 'anonymous' isnt a very concise public statement.

Oh [insert name here], you and your crazy schemes!

Anonymous may be described as chaotic neutral in character, but they usually aren't the types to crap in their own food dish. In other words, I wouldn't worry too much about the internet and electrical grid. (Somebody may blame them for it, but to shut down the things that empower them would be contrary to their ideals - if you could call them that.)

Now if Anonymous were to do some serious hacking to annoy the gov't... You'd see many things that aren't intended to be publicly accessible showing up on various gov't servers and websites. (If they can get at it, we're talking Wikileaks grade material.) And if it was found that the FBI servers suddenly became a huge torrent hub for recent copyrighted movies or something like that, and was done via hacking... I wouldn't put that past them. Doing things that seem ironic in nature or are entirely embarrassing sounds more like their style.

Using a virus to blow up stuff or wreck something doesn't seem their style. But saying they've found the source of such a virus in regards to catching somebody else with their pants down, that's another matter.

Now where's that popcorn?

reply to post by purplemer


playing games with the world like that through IT viruses is simply plain silly. it could do some real damage and bad stuff could ensue... (or would that be ensure?)

reply to post by purplemer


Anonymous has a potentially damaging worm, you say? Well that's exactly why I'm on a Mac

Actually if Anon knows what they are doing, I would definitely support them debilitating all the nuclear facilities around the globe. Someone's got to do it sometime. Sucks if Anon turned out to be a totally evil organization and reconstructed the virus in a way that allowed them to take control over it all. This is reminding me so much of Skynet AI and the nuclear holocaust it caused.

If Anonymous did have such a weapon I doubt they would use it for such evil means, it would be incredibly counter-intuitive on their part. I don't see why a freedom fighting group would unleash such a weapon, it would be like the USA unleashing its arsenal on some other country, if they do have such a weapon I think it stands to reason that they would only use it as leverage or a scare tactic/psych tactic.

That is even if they do have the weapon itself.

However you still cant count out the very large percent of idiots in the world, statistically speaking Anonymous must have some of those. Then again if they did have the weapon I doubt they would give it out all willy nilly.

We just have to hope the people in control of the weapon itself are intelligent enough to know its power and limit its spread. I doubt you'll see it on TPB like you did the HBGary Federal E-Mails.

Originally posted by hillynilly
We are the resistance!
Anon wouldn't attack the citizens with stuxnet (the real anon)..
We don't have anything to worry about there.
They would drop it on paypal, amazon, ect....

Unless this is a CIA con,
Say *anon the hackers* have stuxnet
unleash it on anyone/thing/company/ in your way...
Blame it on anon...
Someone could be setting us up for the internet kill switch..
*OH NO stuxnet is everywhere we must shut down the internet*

edit on 14-2-2011 by hillynilly because: (no reason given)

The issue here is the unpredictability of anon, simply because they arent a small group of people, but a large random group of different people. if this code is really out in the wild, all it takes is one moron to alter it to what they want to do and bring something horrible down. if one person wants to target something, all they need to do is release their version of the compiled source code, and tell the 4chan monkeys "this will do x" when in reality it really does "y".. dangerous stuff cause lets face it, the 15 year old kids get caught up in the hype and will do stupid stuff.

I honestly hope nothing comes out of this - anon were something to laugh @ originally, with ddos attacks on random crap, but hacking something for code developed by a government that was designed for what is modern day warfare is just plain dangerous.

im for freedom on the internet, but im not for morons with power.