Reliable Security Information

Friday's Mixed Nuts: Stuxnet and an amusing WikiLeaks web review

The mythology of Stuxnet is indefatigable. Too many businesses are directly interested in the lasting perception that cyberwar can accomplish anything.

So it doesn't really matter that the famous weapons inspector, Charles Duelfer, warned that Iran was implacably marching forward with its nuclear program, anyway. The story of Stuxnet guarantees more and more people will be wanting to work on future versions of them.

From the web, Duelfer wrote:

The IAEA inspectors report that Iran continues to expand its activities and, in particular, its uranium enrichment seems to be continuing with plans for expansion. Tehran has not complied with requirements to explain suspected military nuclear work and seems unfazed by Security Council sanctions. Moreover, the IAEA reports that the output of the declared facilities continues--despite the affects of the Stuxnet cyber attack. The evidence is that despite increased sanctions, the effects of cyber attacks (and reportedly the sabotaging of imported equipment) and the assassinations in Iran of top scientists, the program marches the point where it is beginning to look inevitable rather than unacceptable as previous White House statements have declared.

However, the most recent example of private sector interest in cyberwar has been that of HBGary, the company that had its files pillaged by the Anonymous hacking group. Spread worldwide, these included material on Stuxnet.

At Cryptome, that material is archived here.

The zip-file at Cryptome contains some technical analysis and a directory of binaries, all of which should flag positive for malware.

I randomly tested it a day ago and Avast anti-virus quarantines all of them. Some of them are flagged as generic Windows malware, others as pieces of Stuxnet and infected files which look like its dropper, rootkit and hooks into the kernel and Windows firewall.

It's easy enough to test your anti-virus on it. A cursory scan of the file as it download won't flag it -- unless the on-access part of your protective suite burrows right into compressed archives.

But if you command the program to look in the archive, it will (or it should) find all of it.

The HBGary Stuxnet archive reveals an old, regular and necessary business practice: The sharing of virus library samples between security companies.

More recently interest beyond simple technical analysis and the fashioning of digital cures has entered the picture. That incudes the tinkering with and reverse-engineering of the samples with the aim of making new versions for potential or actual use by the military or government.

Many years ago creating, rewriting and modifying malware was exclusively the domain of amateur virus-writers. But it eventually moved into organized crime when it became possible to monetize the action of malware. And now it is also in the work product of computer security companies, like HBGary, in the business of cadging cyberwar and intelligence contracts from various official clients.

Moving along, yesterday's lunch hour saw Martin Bashir of MSNBC devoting some time to WikiLeaks, specifically Bradley Manning and additional charges brought against him by the Army. One of the guests was a friend of Manning's who related that solitary confinement was destroying the mind of the person he knew.

However, there's always an obvious problem with the ongoing WikiLeaks script. It has to do with the celebrity of the agency and the public aspect of the two associated most with that, Julian Assange and Bradley Manning.

Neither are sympathetic even though the treatment of Manning is unconscionable. Every time you see the now common pictures of him a little voice in the back of the head says: There's a kid who was the most senseless and fit for the job.

The accumulated fame, gained by the regular hyping of Cablegate and its use by the big mainstream media has apparently effectively choked WikiLeaks.

Where is the revelation on the ecosystem of corruption at a big US bank? Where's all the stuff the HBGary dirty tricks operation was aimed at discrediting?

Maybe -- hopefully -- it will arrive.

But if it does, will it make a difference? After the Guardian and the New York Times squeeze their rewards from it as official deliverers, framers and monetizers, does it have any other value?

Which makes a web review of the Guardian's tell-all book, Wikileaks: Inside Julian Assange's War On Secrecy, a necessary read. (Notice it's the review that's worth reading, not necessarily the book.)

The takedown is hilarious, encapsulating the reality left unspoken in the places of high celebrity:

It's a story, not of brave whistleblowers revealing a specific piece of explosive information, but of an agitated bloke, bored in his army base, Facebooking about how much he missed his boyfriend Tyler, deciding to take Washington's own disarray to its logical conclusion by vomiting all of its documentation into the hackers' arena. It was more Oprahite than it was principled, more therapeutic than tactical, more Jeremy Kyle than Daniel Ellsberg. In hilariously comparing this farcical leaking with the Pentagon Papers, describing it as a political event of unprecedented importance, 'Leigh' and 'Harding' nail the self-importance of Guardian hacks brilliantly. They kill with a satirical sword the attempts by the Guardian and others to doll up the contemporary, much-celebrated and thoughtless cult of let-it-all-out whistleblowing as a stand against warped political authority. I literally LOLed as I turned the page from reading about Manning's childish informational incontinence to pages containing words such as 'historic' and 'brave'. Brilliant.

The spoofers are also excellent at capturing the media's cult-like embrace of Assange. 'Harding' and 'Leigh' recount what a creep Assange is, yet they then profess their 'own' and other Guardian journalists' borderline crush on him!

Hindmost but certainly not least was a revelation you received if you were walking the streets of our nation's capitol on March 1.

The Great Recession -- the economic collapse -- you learned, was perhaps not caused by Wall Street! No, we've been looking in the wrong place, according to the Washington Times.

"Financial terrorism suspected in 2008 economic crash," it read on-line.

The terrorists here weren't the banksters. Nope, they were from China, maybe Russian criminals, or also the forces of "shariah compliant finance."

"This is a front-page story in the paper, and the headline can be seen in vending machines all over DC," reported one reader who I shall keep anonymous. "I walked past one this morning and thought, 'Huh?'"

For this bit of mischief readers saw a touching upon of some of the hobby-horses of the of the lunatic right, conveniently furnished by an analytic paper we have all unjustly ignored, apparently.

The paper in question was produced by small business contract with the Department of Defense in 2009.

Generally speaking, you can view articles and analyses generated in this manner as nuisances, ways for the small to take on a validation by being paid cash money by the US government for revelations and insights to be eventually tossed in the trash.

There such reports languish until a journalist of some repute, like Bill Gertz, runs across them at the WaTimes.

In this case, the paper setting off the story, entitled "Economic Warfare: Risks and Responses" is by one Kevin D. Freeman of Keller, TX. Gertz's story never actually gets around to mentioning the bit that this isn't from some inside-the-Beltway think-tanker.

I am going to skip most of the fine detail of the thing. You can read it on ScribD, just Google the title.

The WaTimes article sums up well enough the intent: To get us looking somewhere else because no one has ruled out a direct attack on Wall Street.

"Evidence outlined in a Pentagon contractor report suggests that financial subversion carried out by unknown parties, such as terrorists or hostile nations, contributed to the 2008 economic crash by covertly using vulnerabilities in the U.S. financial system," reads the lede graf at the Times.

But here's what you really want to know.

There's no proof at all offered for the implication in the WaTimes as to the nature of the 2008 economic collapse.

Much time is devoted to the creeping advance of "shariah-compliant finance" as a danger to capitalism. For this part, notable Islam-o-phobe Frank Gaffney gets cited.

Hugo Chavez and Iran get some space on the marquee, too.

And there are bits one usually finds coming from the Tea Party.

Namely, the "third phase" of an attack on the American economy will come through the printing of too much money and the revenge of bond vigilantes who will magically show up, causing a mass dump of Treasury bonds. The dollar will become worthless.

The "Ah-ha!" moment is furnished by a quick search of the Web for Kevin Freeman in Keller, TX.

A list of political contributions, conveniently from here:

Kevin Freeman (Freedom Global Investment/Counsel), (Zip code: 76248) $250 to BACHMANN FOR CONGRESS on 10/16/06

Kevin Freeman (Artist/Cross Graphics), (Zip code: 76248) $500 to BACHMANN FOR CONGRESS on 06/27/05

Kevin Freeman (Cross Graphics/Artist), (Zip code: 76248) $527 to BACHMANN FOR CONGRESS on 05/18/06

Kevin Freeman (Cross Graphics/Artist), (Zip code: 76248) $750 to BACHMANN FOR CONGRESS on 05/18/06

Marnie Freeman (Cross Graphics/Artist), (Zip code: 76248) $1800 to BACHMANN FOR CONGRESS on 05/18/06

The paper's author, Kevin D. Freeman, identifies on its title page as belonging to Cross Consulting and Services, LLC.

The Internet domain whois entry for the e-mail domain provided on the paper's cover page points to Keller, TX, at GoDaddy.

This post was originally published at Dick Destiny blog.

Subscribe to SitRep: SitRep RSS Feed SitRep ATOM Feed