HDT (stands for Hardware Detection Tool) is a Syslinux com32 module that displays low-level information for any x86 compatible system. It provides both a command line interface and a semi-graphical menu mode for browsing.
When first discovered in 2010, the Stuxnet computer worm posed a baffling puzzle. Beyond its sophistication loomed a more troubling mystery: its purpose. Ralph Langner and team helped crack the code that revealed this digital warhead’s final target. In a fascinating look inside cyber-forensics, he explains how — and makes a bold (and, it turns out, correct) guess at its shocking origins.
Ralph Langner’s Stuxnet Deep Dive is the definitive technical presentation on the PLC attack portion of Stuxnet. He did a good job of showing very technical details in a readable and logical presentation that you can follow in the video if you know something about programming and PLC’s.
The main purpose of Ralph’s talk was to convince the audience with “100% certainty” that Stuxnet was designed specifically to attack the Natanz facility. He does this at least four different ways, and I have to agree there is no doubt.
Ralph Langner is a German control system security consultant. He has received worldwide recognition for his analysis of the Stuxnet malware.
- Stuxnet worm hits Iranian centrifuges – from mid-2009 to late 2010
- Iran complains facilities hit by Stars malware – April 2011
- Duqu trojan hits Iran’s computer systems – November 2011
- Flame virus targets computers in PCs across the Middle East, including Iran and Israel – June 2012
- Iran says Stuxnet worm returns – December 2012
25 December 2012 15:19 GMT
A power plant and other industries in southern Iran have been targeted by the Stuxnet computer worm, an Iranian civil defence official says.
But the cyber attack has been successfully rebuffed and prevented from spreading, Iranian media report.
Iran’s nuclear enrichment efforts were hit hard in 2010 by the Stuxnet worm, which was also blamed for problems at industrial plants and factories.
Tehran accused Israel and the US of planting the malware.
Provincial civil defence chief Ali Akbar Akhavan said Iranian industry was constantly being targeted by “enemy cyber attacks” and companies in Hormozgan province had recently been infiltrated, the semi-official Isna news agency reported.
“The Bandar Abbas electricity supply company has come under cyber attack,” he told a news conference. “But we were able to prevent its expansion owing to our timely measures and the co-operation of skilled hackers.”
The Bandar Abbas plant, on Iran’s southern coast in the Strait of Hormuz, is said to supply power to neighbouring provinces as well as Hormozgan.
Iran has regularly claimed success in defeating computer viruses, such as Stuxnet and Flame, which have affected its industries.
In April, a malware attack on Iran’s oil ministry and national oil company forced the government to disconnect key oil facilities, including the Kharg Island oil terminal that handles most of Tehran’s exports.
Late last year, Iran said some of its computer systems were infected by the Duqu spyware which was believed to have been designed to steal data to help launch further cyber attacks.
The attacks have affected its energy exports as well as its controversial uranium enrichment programme, which Western countries suspect is aimed at constructing nuclear weapons. Tehran insists it is solely for peaceful purposes.
the U.S. government have continued covert cyberwar against Iran with a new computer virus called “Flame” which is designed to sabotage that nation’s computers.
According to an announcement by anti-virus company Symantec Corp, and reported in the Washington Post, a component of “Flame” allows operators to delete files from computers and that Israel and the U.S. government have co-operated in creating the virus.
The Flame computer virus is not only capable of espionage but it can also sabotage computer systems and likely was used to attack Iran in April, according to Symantec Corp.
Iran had previously blamed Flame for causing data loss on computers in the country’s main oil export terminal and Oil Ministry. But prior to Symantec’s discovery, cyber experts had only unearthed evidence that proved the mysterious virus was capable of espionage.
Symantec researcher Vikram Thakur said that the company has now identified a component of Flame that allows operators to delete files from computers.
”These guys have the capability to delete everything on the computer,” Thakur said. ”This is not something that is theoretical. It is absolutely there.”
Iran complained about the threat of cyber attacks again on Thursday, saying it had detected plans by the United States, Israel and Britain to launch a ”massive” strike after the breakdown of talks over Tehran’s nuclear activities.
Thakur’s comments came after, on Thursday, Iran’s intelligence minister accused the United States, Israel, and Britain of planning to launch a cyber attack against Iran following the latest round of nuclear talks in Moscow.
Speaking to the Iranian state run television network Press TV, Iranian Intelligence Minister Heidar Moslehi said: “Based on obtained information, the U.S. and the Zionist regime along with the MI6 planned an operation to launch a massive cyber attack against Iran’s facilities following the meeting between Iran and the P5+1 in Moscow.”
According to Moslehi, the alleged attempt to strike Iran’s nuclear facilities failed over Iranian measures, adding: “They still seek to carry out the plan, but we have taken necessary measures.”
The top Iranian official’s comments came after, earlier this week, Moscow hosted the latest round of P5+1 nuclear talks, which ended in the apparent breakdown of talks.
According to the Washington Post, the virus was developed in a joint effort involving the National Security Agency, the CIA and Israel’s military.
The emerging details about Flame provide new clues to what is thought to be the first sustained campaign of cyber-sabotage against an adversary of the United States.
Flame came to light last month after Iran detected a series of cyberattacks on its oil industry. The disruption was directed by Israel in a unilateral operation that apparently caught its American partners off guard, according to several U.S. and Western officials who spoke on the condition of anonymity.
There has been speculation that Washington had a role in developing Flame, but the collaboration on the virus between the United States and Israel has not been previously confirmed.
Commercial security researchers reported last week that Flame contained some of the same code as Stuxnet. Experts described the overlap as DNA-like evidence that the two sets of malware were parallel projects run by the same entity.
The virus is among the most sophisticated and subversive pieces of malware to be exposed to date. Experts said the program was designed to replicate across even highly secure networks, then control everyday computer functions to send secrets back to its creators. The code could activate computer microphones and cameras, log keyboard strokes, take screen shots, extract geolocation data from images, and send and receive commands and data through Bluetooth wireless technology.
Flame was designed to do all this while masquerading as a routine Microsoft software update; it evaded detection for several years by using a sophisticated program to crack an encryption algorithm.
“This is not something that most security researchers have the skills or resources to do,” said Tom Parker, chief technology officer for FusionX, a security firm that specializes in simulating state-sponsored cyberattacks. “You’d expect that of only the most advanced cryptomathematicians, such as those working at NSA.”
Flame was developed at least five years ago as part of a classified effort code-named Olympic Games, according to officials familiar with U.S. cyber-operations and experts who have scrutinized its code. The U.S.-Israeli collaboration was intended to slow Iran’s nuclear program, reduce the pressure for a conventional military attack and extend the timetable for diplomacy and sanctions.
The cyber attacks augmented conventional sabotage efforts by both countries, including inserting flawed centrifuge parts and other components into Iran’s nuclear supply chain.
The best-known cyberweapon let loose on Iran was Stuxnet, a name coined by researchers in the antivirus industry who discovered it two years ago.
It infected a specific type of industrial controller at Iran’s uranium-enrichment plant in Natanz, causing almost 1,000 centrifuges to spin out of control. The damage occurred gradually, over months, and Iranian officials initially thought it was the result of incompetence.
The scale of the espionage and sabotage effort “is proportionate to the problem that’s trying to be resolved,” the former intelligence official said, referring to the Iranian nuclear program. Although Stuxnet and Flame infections can be countered, “it doesn’t mean that other tools aren’t in play or performing effectively,” he said.
To develop these tools, the United States relies on two of its elite spy agencies. The NSA, known mainly for its electronic eavesdropping and code-breaking capabilities, has extensive expertise in developing malicious code that can be aimed at U.S. adversaries, including Iran. The CIA lacks the NSA’s sophistication in building malware but is deeply involved in the cyber-campaign.
Despite their collaboration on developing the malicious code, the United States and Israel have not always coordinated their attacks. Israel’s April assaults on Iran’s Oil Ministry and oil-export facilities caused only minor disruptions. The episode led Iran to investigate and ultimately discover Flame.
Some U.S. intelligence officials were dismayed that Israel’s unilateral incursion led to the discovery of the virus, prompting countermeasures.
The disruptions led Iran to ask a Russian security firm and a Hungarian cyber-lab for help, according to U.S. and international officials familiar with the incident.
Last week, researchers with Kaspersky Lab, the Russian security firm, reported their conclusion that Flame — a name they came up with — was created by the same group or groups that built Stuxnet.
“We are now 100 percent sure that the Stuxnet and Flame groups worked together,” said Roel Schouwenberg, a Boston-based senior researcher with Kaspersky Lab.
The firm also determined that the Flame malware predates Stuxnet. “It looks like the Flame platform was used as a kickstarter of sorts to get the Stuxnet project going,” Schouwenberg said.
Apple has been ordered to pay damages to rival Samsung Electronics by a court in the Netherlands.
The court said that Apple had infringed a patent held by Samsung relating to the way phones and tablet PCs connect to the internet.
Apple, which recently became the world’s most valuable firm, has been facing various legal issues.
In a separate case, it was fined $2.3m (£1.5m) in Australia for its claims on 4G capabilities of the iPad.
And it is still not clear how much it may have to pay to Samsung in damages.
The Dutch court did not specify any amount, but the damages will be calculated based on sales of Apple’s iPhone and iPad in the Netherlands.
“Samsung welcomes the court’s ruling, which reaffirmed Apple’s free-riding of our technological innovation,” the South Korean manufacturer said in an emailed statement to the BBC.
“In accordance with the ruling, we will seek adequate compensation for the damages Apple and its products have caused.”
Samsung had claimed that Apple had infringed four of its patents. However, the Dutch court said that only one of those had been breached.
By Charlotte Eyre
Radio frequency identification (RFID) has now been adapted to track Spanish blue cheese as it travels along the food chain.
A team of scientists from the University of Dortmund department of logistics, said yesterday that they have developed a method of tracking and tracing the production of “Queso Cabrales”, a blue cheese from northern Spain.As stricter laws force companies to invest in ways of tracking the food they sell, RFID is becoming a necessity not only for large, international companies, but also a for smaller, family-owned businesses.Cheese-makers using the new system will be able to put an RFID transponder on the product, which is then replaced by a serial number during packaging.“The goal of the project is to develop a reliable labelling for each individual cheese which is applied at the first stage of production – filling the raw milk into the mould – survives the ripening process and finally follows the cheese on the wrapping into food shops,” said Thomas Jansen, who led the team in its experiments.
Customers purchasing the cheese can then use the serial number to track the stages of its journey to their table. The number will allow them to identify which farmer supplied the milk, when the cheese was produced and for how long the cheese was in the ripening cellar.
During the development of the new system, the scientists had to deal with problems such as using RFID on fresh cheese, and creating a transponder that survives the ripening process, Jansen said.
RFID was created in response to the EU guideline 178/2002, he added. This legislation stipulates that all companies in the food and feeding stuff industry have to completely track and document the flow of their ingredients, including the food as well as materials and wrappings coming into contact with the food.
“And these European guidelines don’t make exceptions for the small farmers in Asturias”, he said.
RFID uses a wireless system that helps enterprises track products, parts, expensive items and temperature-and time-sensitive goods. Transponders, or RFID tags, are attached to objects. The tag will identify itself when it detects a signal from a reader that emits a radio frequency transmission.
Each RFID tag carries information on it such as a serial number, model number, colour, place of assembly or other types of data. When these tags pass through a field generated by a compatible reader, they transmit this information back to the reader, thereby identifying the object.
The use of RDID along the food chain is set to rise to $5.8bn (€4.3bn) in 2017, and it will become most important new food technology, according to a new report by IDTechEx.
Bottle-squealer tech stops you hiding the good stuff
Published Wednesday 1st August 2007 10:48 GMT
What’s the best way to tell if you’re being given duff whisky? Ask your mobile phone, of course. At least, it is if you’re in South Korea.
The Korea Times last week reported that the South Korean government intends to crack down on fraudulent whisky sales by making producers put Radio-Frequency Identification (RFID) chips in premium bottles.
“Starting next year, we plan to recommend local distillers incorporate RFID chips to their 21-year-old whiskey blends,” Assistant Minister of Information and Communication Yang Jun-cheol told the Times.
“Then people will easily be able to check through their cell phones whether or not any whiskey is genuine. Plus, the tag will show other data like the distiller and the production date,” Yang added.
This seems like lunacy at first, as the RFID chip would be attached to the bottle not the booze. Unscrupulous bartenders could still siphon off the good stuff and replace it with swill, and their luckless thirsty dupes’ attempts to expose them using mobiles would be unavailing.
Presumably some crooked retailers, in the habit of putting fake labels on bottles of cheap rotgut, might be frustrated by this ploy. That said, the scoundrels could always use mobiles to find empty tagged bottles in rubbish bins, fill them up again with cheap pop and fool phone-toting connoisseurs with impunity.
To be fair to the Koreans, they don’t actually seem all that bothered about people who’ll buy top-end Scotch but need a mobile phone to tell them whether it’s pukka. Twenty-year whisky is being pushed for tagging simply because it’s expensive, and so the cost of the RFID tech might be worthwhile. As more chips get made, costs will fall and more products will become eligible.
“An RFID chip sold for 2,000 won (£1) in 2004 and the price fell to as low as 300 won (15p) now. However, it is still too expensive to use broadly,” Yang said.
“The government looks to channel 311.9 billion won (£155m) to 16 RFID-related projects through 2012. This will prompt the shift to RFID,” he added.
This suggests worrying social implications for this technology. Say you’re visiting a friend’s house, and he pours you a large gold medal. For whatever reason, you don’t see the bottle – perhaps he uses a decanter, perhaps the drinks get brought through from the kitchen. Do you sneakily use your phone to scan his house for RFID tags? Imagine the horror as you taste cheap blended crap in your glass but detect several bottles of aged single malt in the swine’s drinks cabinet.
And imagine the horrors of the future, once Yang’s frightful government schemes have come to fruition and all kinds of stuff is tagged up. Intending merely to spy on your host’s liquor supplies, you inadvertently scoop in full details of his afternoon purchases at the marital-aids emporium or the specialist lingerie supplier.
Even the famously unbothered-about-privacy Koreans might find they’ve got a tiger economy by the tail here.
The Korea Times report is here.®
RFID Helps Mexican University Retain, Maintain Equipment
RFID Journal – Melville,NY,USA
By Claire Swedberg July 19, 2007–Regiomontana University (UR), located in Monterrey, Mexico, is employing an RFID system to track laptops and video …
See all stories on this topic
Noticias sobre RFID 09/07/2007
Tuesday, July 3 2007