At
work at the NSA where cyber-defensive software is assessed and developed and also malware.
---
Combining
the current international ransomware scare and nuclear missile submarines
(SSBNs) is the following:
GLOBAL
RESEARCH ARTICLE
Graham Vanbergen
for Canada based Global Research, May 14, 2017 reports
in part:
“British
Nuclear Submarines, Microsoft and That Ransomware Attack”
[The BBC has reported that the
recent ransomware attack hit 100 countries. Cyber-security firm Avast said it
had seen 75,000 cases of the ransomware worm – known as ‘WannaCry’ and variants of
that name – around the world. The ransomware worm parasitically spreads
by itself between computers with alarming speed and effectiveness. So fast,
that this cyber-attack had the potential to hit critical infrastructure that
supports human life and disable it.] “Microsoft was[and is] the only fully vulnerable operating system...”
"“Who are culprits? The BBC blame hackers known
as ‘The Shadow Brokers’, who made it freely
available in April, saying it was a “protest”
about US President Donald Trump... The NSA in America lost all of these
hacking tools, specifically the one that caused this attack and subsequent
mayhem across the world. The hackers exploited a piece of NSA code known as
“Eternal Blue.”... This extraordinary collection,
which amounts to more than several hundred million lines of code, gives its
possessor the entire hacking capacity of the CIA. The archive appears to have
been circulated among former U.S. government hackers and contractors in an
unauthorized manner, one of whom has provided WikiLeaks with portions of the
archive.”
From a 2008 article by The
Register reported:
“[Britain’s Vanguard class SSBNs use Microsoft’s Windows for Submarines] The programme is called Submarine
Command System Next Generation (SMCS NG), and uses varying numbers of standard
multifunction consoles with two LCD screens, hooked up on an internal Ethernet
network installed on each sub. Initial reports as the programme developed
suggested that the OS in question would be Windows 2000, but those who have
worked on it have since informed the Reg that in fact it is mostly based on
XP.”
Windows were so chuffed at “Windows for Submarines” they even advertised
the fact to the entire world (HERE)
“Windows
for Submarines is the programme undertaken by the Royal Navy and BAE Systems to
equip the nuclear-propelled and nuclear-armed warship fleet with a
Windows-based command system. The transition to the Windows for
Submarines command system on HMS Vigilant, a Trident nuclear missile submarine,
was completed in just 18 days.”
PETE’S COMMENT
The possible ransomware threat to the SSBNs' Microsoft software depends on many factors, including:
- how similar the software is to software already effected by the ransomware
- how difficult it is for an infiltrator to access any thumdrive ports or other points of access to the
SSBNs' computer hardware and software.
The ransomware used in this current crisis may have been adapted by well organised hacker networks from the almost decade old Stuxnet worm:
- how similar the software is to software already effected by the ransomware
- how difficult it is for an infiltrator to access any thumdrive ports or other points of access to the
SSBNs' computer hardware and software.
The ransomware used in this current crisis may have been adapted by well organised hacker networks from the almost decade old Stuxnet worm:
“Stuxnet
functions by targeting machines using the Microsoft Windows operating
system and networks...”
Stuxnet became most famous in 2010 for causing thousands of centrifuges (used for boosting levels of bomb-grade Uranium-235) to spin erratically and destructively at Natanz and other Iranian sites.
The three country organisations that may have Stuxnet were the US NSA and Israel’s
Unit 8200 with Middle Eastern and Iranian targets in mind.
All developed countries have their NSA equivalents, including Russia (FSB-IT but mainly GRU-IT) and China (including PLA Unit 61398 within the broader PLA Third Department).
Pete
Dear Pete,
ReplyDeleteI first thought I read a late 1. of April article. "Windows for submarines" Oh, no. That raises the question: How deep can Microsoft sink?
The problem for British submarines could be availability of USB ports. Nice feature to transfer data but not quite secure. The reason should be obvious. There are not only USB-sticks for data but also keyboards and mice for the same port. So a stick could tell the computer: I'm a keyboard and a mice. And what can you do with keyboard and mice after log in? As an admin everything. The Stuxnet malware was also delivered via USB-stick.
Windows on submarines? So the need for a nuclear reactor is evident...
Regards,
MHalblaub
Hi MHalblaub
ReplyDeleteMicrosoft is, of course, an admirable naval outfit that admirals love.
Yes the USB sticks beating the mice would be bloody indeed.
"Windows on Submarines"? in Hawaii or Tahiti. Why not!
All those colourful tropical fish https://www.carnival.com/~/media/Images/PreSales/Excursions/Ports_A-F/CZM/304002/Pictures/atlantis-submarine-cozumel-mexico-1.jpg
Cheers
Pete
You need to look at what the particular ransomware does
ReplyDelete"When a computer is infected, the ransomware typically contacts a central server for the information it needs to activate, and then begins encrypting files on the infected computer with that information. Once all the files are encrypted, it posts a message asking for payment to decrypt the files – "
https://www.theguardian.com/technology/2017/may/12/nhs-ransomware-cyber-attack-what-is-wanacrypt0r-20
Having a look at how a closed system like the Windows for Submarines would likely work we can see some likely differences from your typical home network.
Usually ransomware would come from an email based infection. So we can rule out using WfS for reading emails
Secondly they wont be possible to contact another site on the web.
Thirdly a standard Windows encryption tool wont be resident on WfS.
Without knowing what software is loaded onto the windows operating system used in the subs, its likely to be restricted to the specific applications it runs without all the rubbish that is used on business/home systems.
White-hat wise, much would depend on:
ReplyDelete- inside job (a technically skilled SSBN maintainer/repairman or crewman)
- backed by a large state sponsor (Russia) with a large FSB/GRU-IT to write the million line malware
- USB ports or more exotic points of entry into the SSBN's electronics
- to inject sleeper malware that reacts to certain real-war software programs being run