A recommendation and warning: Zero Days

Discussion in 'General Discussion' started by Bandit99, Apr 8, 2018.


  1. Bandit99

    Bandit99 Monkey+++ Site Supporter+

    By chance, I happened to pick up the documentary film, 'Zero Days' (DVD), last evening and viewed it. I felt the need to ensure others have heard of it for it is not fiction but a very dangerous reality.

    Like other technicians/engineers here on the Monkey will tell you: this is no Hollywood/media hype, it is real, possible and currently happening. I have worked in the Computer and Communication industry for ~40 years and my degree is in Computer Science so I do have a bit of knowledge in the subject.

    Most know about the virus attack on Iranian Nuclear faculties (Natanz) in 2010 which caused some minor damage, destroying 984 uranium enriching centrifuges, but most do not know the rest of the story such as Iran's retaliatory attacks on Saudi Arabia and the USA. And, what I consider the most important aspect of the problem the real possibility of it happening here at any time but on a much grander scale.

    Should an EMP event occur, natural or manmade, most understand the effects. I assure you the effects and devastation of a major cyber attack would be equal or far greater; furthermore, the chance of it occurring is much, much higher.

    So, my point and purpose for this post is simple, while many might not prepare for an EMP because of the small chance of occurrence, all should prepare for a Cyber attack because it will happen, probably sooner rather than later. And, I would remind all, the USA has the most to lose in a cyber attack and the fact that we are more automated and advanced than some countries makes us more venerable not less. So, prepare...

    I greatly enjoyed the film, found it thought provoking, and I think all will be quite amazed at some of the interviewees and speakers. They made their point: there is a Cyber arms race going on right now and these weapons are very real and very dangerous and unlike nuclear, bio and chemical there is no agreement in their use.

    Synapsis of the film 'Zero Days' from IMDB:
    "A documentary focused on Stuxnet, a piece of self-replicating computer malware that the U.S. and Israel unleashed to destroy a key part of an Iranian nuclear facility, and which ultimately spread beyond its intended target." (Note by Bandit: It has not been proven it was the U.S. and Israel that wrote and unleashed Stuxnet on Iran...but the shoe does fit.)

    Definition of the term 'Zero Day':
    "A zero-day exploit is an attack that exploits a previously unknown security vulnerability. A zero-day attack is also sometimes defined as an attack that takes advantage of a security vulnerability on the same day that the vulnerability becomes generally known."
     
    Motomom34, Zimmy, Dont and 6 others like this.
  2. DKR

    DKR Raconteur of the first stripe

    Zimmy, Bandit99, Ura-Ki and 1 other person like this.
  3. Tempstar

    Tempstar Monkey+++

    So, a ban on assault style laptops is coming?
     
    Dont, Tully Mars, Bandit99 and 2 others like this.
  4. ochit

    ochit Monkey+

    Cyber = bad this is an infrastructure attack mostly the power grid although it could cascade to or from other utilities.
    This is exactly why I detest a smart grid you cannot attack a manual system with a cyber attack we can use electronic controls as long as they are underpinned with manual overrides or defaults. with employment in the state it's in we do not need to hand over jobs to computers or robots in this sector.

    There are hundreds of scenarios that do not effect the grid that could cost billions kill hundreds of thousands in a day. I have zero faith in our alphabet agencies or commercial internal cyber divisions to stop or handle intrusions to a vulnerability that was prearranged as we have so many H1B visa holders infesting programing, software and cyber security i may be an inside job I recall a breach in 1995 that if a malicious attack was planned could take down any system that was targeted. Blind faith in software and updates from the source via any network or the internet is accomplished without the intent consideration it should attract. I recent Iphone vulnerability with a bit of help could have taken down the whole enchilada or apple.

    Stuxnet should have been a wakeup call, but moreover automatic updating or upgrading without a full verification of the source and origin then to scan before implementation. The cat is out of the bag we cannot supe glue a plug in USB ports to secure from Ubiquitous hardware and the cloud is not an Ark in my opinion it is Pandora's box.
     
    Last edited: Apr 8, 2018
    Dont and Bandit99 like this.
  5. snake6264

    snake6264 Combat flip flop douchebag

    Going to watch it
     
    Motomom34 and Bandit99 like this.
  6. Lancer

    Lancer TANSTAFL! Site Supporter+++

    A worthwhile couple of hours.
    I too make my shekels from the IT nightmares we all use. I've had to help a few "large" Pharma companies recover from Wanna-cry infections, same thing that ate ATL a couple weeks ago, (sydadmins are morons BTW), and have spent the last five months unscrewing net driver issues caused by spectre/meltdown remediation kernel level code changes in virtual machines - 40% performance hit... :(
    The net is: there are far more embedded vulnerabilities than anyone is letting on. And there have been some issues with chip sets manufactured in good old China with designed in attack portals. All you Apple, Android, others users - beware.
    It makes me decent money but I have zero trust in it, and will not willing put any important data on any cloud provider.
    The power grid is at very serious risk. Commercial flight control, ie; FAA systems, ALL muni data systems, and most of the financial world. Basically any networked system with an internet gateway.
    I expect it will manifest as a "seeding" of first responder, municipal utilities, and financials. And then a deliberate attack on the power systems which will be the trigger tor the seedlings as it were. All the benefits of an EMP without destroying the physical infrastructure.
     
    Dont and Bandit99 like this.
  7. HK_User

    HK_User A Productive Monkey is a Happy Monkey

    Add the fact of incorrect and cheap installations of most industrial technology and you have a real problem.
     
    Bandit99 likes this.
  8. Bandit99

    Bandit99 Monkey+++ Site Supporter+

    Personally, I am not so worried about the run-of-the-mil Hacker and, in fact, they might be a good thing. They test the system(s) and are a excellent sales program to strengthen security; however, nation-states are a different animal all together. Whereas, the Hacker usually is after money or just kicks annoying someone, these nation-states mean serious harm and even physical harm. I think a nationwide major Cyber attack is in the very near future.
     
  9. SB21

    SB21 Monkey+++

    I am not a computer person. So it really amazes me at the things that can be done with one. A buddy of mine told me to look at a site called , Norse . It's supposed to be showing live , real time cyber attacks , where they start , and where they end. It's amazing the number of attacks happening at any given time.
     
    Motomom34 likes this.
  10. 3M-TA3

    3M-TA3 Cold Wet Monkey

    Only the black ones with high capacity RAM.
     
    Bandit99 and ochit like this.
  11. Tempstar

    Tempstar Monkey+++

    I showed our pompous ass IT manager a few months ago how a $39 Routerboard RB-750 could take over his beloved Cisco mess by simply plugging it in to an active port. He begged me to shut it down once it had assigned IP's to 73 PCs in less than 5 minutes. Of course I rubbed salt in his wounds by jumping on one of the PCs in medical records since the user was logged in. Next I went into the SCADA for the generators and chillers since he had those on a DMZ and demonstrated how easily they could be shut down. I am less than a run-of-the-mill hacker. Guess I'm a hardware hacker not software. They have now assigned static IP's to the PC's, done away with the DMZ's (they had 16!) and turned down all of the unused ports. Believe it or not, they installed their switches with all of the ports turned up. Now this was all on a secure hospital system. Imagine what one could do on a not so secure municipal or power plant system. Yeah, it ain't if but when.
     
  12. aardbewoner

    aardbewoner judge a human on how he act,not on look and talk.

    So please use wireless, much easier to hack manipulate and shut down.
    Your cashless money is safe,trust us.......... delete account.
     
  13. HK_User

    HK_User A Productive Monkey is a Happy Monkey

    Which is what I was talking about in my case. #7 "Add the fact of incorrect and cheap installations of most industrial technology and you have a real problem."
    Other hardware controls can easily be manipulated if installation safety protocols are not in place and followed.
     
    Bandit99 and 3M-TA3 like this.
  14. DarkLight

    DarkLight Live Long and Prosper - On Hiatus

    Nothing is any stronger than the weakest link in the chain. Security is no different and 99 times out of 99, that weak link is a human being either directly, ie:picking up a thumb drive and putting it in a work computer to see what's on it or clicking a link in an email, or indirectly via laziness or convenience.
     
    Bandit99 and Ganado like this.
  15. arleigh

    arleigh Goophy monkey

    Companies are getting more picky about who they hire even demanding access to personal on line accounts .
    HR departments are under pressure to find and keep track of liabilities ,even off work behavior matters. Being an employee you represent the company .
    If some moron has the indiscretion to use the company computer to use it for personal entertainment or personal business he might soon be walking out hat in hand, If he's lucky .
    Having trustworthy people in the loupe is critical .
    I was just reading that the expectation of people choosing autonomous cars for travel over driving them selves is coming. However ,I think its a mistake.
    If the technology exists to program where a car goes automatically, being able to hack that direction can be abused too.
    It does not matter if you out law such use , outlaws will use it.
    It's bad enough that if an EMP or CME hits some cars will go dead , and even if they might be able to restart , it's those in motion @ 70 MPH that loose control and some already have electronic steering and brakes.
    Another phase of Pandora's box .
     
  16. HK_User

    HK_User A Productive Monkey is a Happy Monkey

    Way back in 1990 when my company wanted to go with IBM for system wide controls I went Head to Head with a VP whose DAD was a IBM Big Wig.

    I explained my position in a Gut Retching meeting.

    Two days later my design was approved, the VP never forgave me but we had and still have an unconnected system control.

    The basis for my design and against the PDP8I used for the output of all our products was the frailty of the tracking of those products.
     
    Motomom34 and Bandit99 like this.
  17. apache235

    apache235 Monkey+++

    this was Ted Koppel's big fear in "Lights Out". He admitted that an EMP would be the ultimate bad day, but the computer hack or deliberate assault on 9 sub-stations was FAR more likely. While an EMP would surely be a rogue state event (or China or Russia) the hack could come from who knows where. When not if, indeed
     
    Motomom34, Bandit99 and HK_User like this.
  18. ochit

    ochit Monkey+

    America just ejected 60 Russian diplomats and staff to the unenlightened it's not even as interesting as a laser to a cat, one of the functions of a good diplomat is to spy they don't need agents they can get a phone of anyone even a wife or lovers and the tail has just been pinned on the jackass. intrusion is happening every second in airports, agencies or much worse infrastructure centers. Ubiquitous (existing or being everywhere at the same time constantly encountered widespread) The, their, your phone is the fly on the wall. people put tape over their notebook camera lens, most phones have 2 cameras and some even have night vision a really nice microphone bluetooth and WIFI.

    my moniker expresses that, "the devils in the details" well there is one of your devils.
     
  19. HK_User

    HK_User A Productive Monkey is a Happy Monkey

    So what does your post have to do with this Thread?
     
    Ganado likes this.
  20. ochit

    ochit Monkey+

    That the threat of an EMP weapon is not the only problem and if it is, then the initiator would want to know the vital area to strike. Informational sciences would expose that target/s, EMP's do not need to be nuclear they can be local and non nuclear since the grid was mentioned I thought it appropriate to shed light on the fact that this is not a single pronged plan from any enemy, Nor is it simple our grid is endangered by everyday people that so not keep security or consider their position a linchpin or touchstone to invading our grid.

    Our infrastructure is like chain mail looks protective but it has chinks a bunch of them some are analog others digital but flesh & blood can control, protect or undermine any system, if security is an umbrella and not a bubble as it is in most cases considering EMP's are distracting if thats all that concentrated on.

    this quote from bandit99's original post starting this thread allowed inferred that others could make additional comments on other vulnerabilities.
     
  1. Radio
  2. DKR
  3. OldDude49
  4. Asia-Off-Grid
  5. DKR
  6. Oltymer
  7. GhostX
    [MEDIA]
    Thread by: GhostX, Oct 8, 2016, 26 replies, in forum: General Discussion
  8. Asia-Off-Grid
  9. Tikka
  10. phorisc
  11. melbo
  12. Mindgrinder
    [media]
    Thread by: Mindgrinder, Sep 11, 2013, 1 replies, in forum: General Discussion
  13. stg58
  14. Brokor
  15. fortunateson
survivalmonkey SSL seal        survivalmonkey.com warrant canary
17282WuJHksJ9798f34razfKbPATqTq9E7