Countdown to Zero Day

Title:                      Countdown to Zero Day

Author:                 Zetter, Kim

Zetter, Kim (2014). Countdown to Zero Day: Stuxnet and the Launch of The World’s First Digital Weapon. New York: Crown Publishers

LCCN:    2014016640

UG593 .Z48 2014

Summary

  • “Top cybersecurity journalist Kim Zetter tells the story behind the virus that sabotaged Iran’s nuclear efforts and shows how its existence has ushered in a new age of warfare–one in which a digital attack can have the same destructive capability as a megaton bomb. In January 2010, inspectors with the International Atomic Energy Agency noticed that centrifuges at an Iranian uranium enrichment plant were failing at an unprecedented rate. The cause was a complete mystery–apparently as much to the technicians replacing the centrifuges as to the inspectors observing them. Then, five months later, a seemingly unrelated event occurred: A computer security firm in Belarus was called in to troubleshoot some computers in Iran that were crashing and rebooting repeatedly. At first, the firm’s programmers believed the malicious code on the machines was a simple, routine piece of malware. But as they and other experts around the world investigated, they discovered a mysterious virus of unparalleled complexity. They had, they soon learned, stumbled upon the world’s first digital weapon. For Stuxnet, as it came to be known, was unlike any other virus or worm built before: Rather than simply hijacking targeted computers or stealing information from them, it escaped the digital realm to wreak actual, physical destruction on a nuclear facility. In these pages, Wired journalist Kim Zetter draws on her extensive sources and expertise to tell the story behind Stuxnet’s planning, execution, and discovery, covering its genesis in the corridors of Bush’s White House and its unleashing on systems in Iran–and telling the spectacular, unlikely tale of the security geeks who managed to unravel a sabotage campaign years in the making. But Countdown to Zero Day ranges far beyond Stuxnet itself. Here, Zetter shows us how digital warfare developed in the US. She takes us inside today’s flourishing zero-day “grey markets,” in which intelligence agencies and militaries pay huge sums for the malicious code they need to carry out infiltrations and attacks. She reveals just how vulnerable many of our own critical systems are to Stuxnet-like strikes, from nation-state adversaries and anonymous hackers alike–and shows us just what might happen should our infrastructure be targeted by such an attack. Propelled by Zetter’s unique knowledge and access, and filled with eye-opening explanations of the technologies involved, Countdown to Zero Day is a comprehensive and prescient portrait of a world at the edge of a new kind of war. “– Provided by publisher.
  • “This story of the virus that destroyed Iran’s nuclear centrifuges, by top cybersecurity journalist Kim Zetter, shows that the door has been opened on a new age of warfare–one in which a digital attack can have the same destructive capability as a megaton bomb dropped from an airplane”– Provided by publisher.

Subjects

Date Posted:      July 14, 2016

Caveat. Perpendat itaque lector cavendum ( civilis ).[1]

Reviewed by Hayden B. Peake[2],

The 2 April 1965 issue of Time magazine featured an article entitled, “The Cybernated Generation” that conjectured about the kinds of things “cybernetics” would provide. While the term is now obsolete, many cyber-related forensic expressions have since come into being; examples include the words “phishing,” “phreaking,” “[an] exploit,” and “zero day.” When Microsoft developed the Windows operating system nearly 30 years ago, security was not a major consideration; thus, vulnerabilities were unintentionally left inside the millions of lines of code that made the system work—vulnerabilities that allowed the addition of programming instruction that would change the performance of the computer and the programs the computer was running. If a vulnerability was discovered and kept secret by the hacker as he wrote an “exploit” program to install viruses or other malicious software on a machine, he had found a “zero day”—that is, the victim would have “zero days” to take preventive measures.

Countdown to Zero Day tells the story of how the STUXNET worm—some call it a virus—was discovered by a small, obscure Belarus computer security firm called VirusBlokAda in June 2010, and the world-wide efforts to uncover its purpose and its originator. Author Kim Zetter, a journalist with Wired magazine, follows a chronologically crooked path from one security firm to another, all over the world, as they gradually deconstructed the incredible, complex STUXNET code. As is customary, VirusBlokAda notified Microsoft that a “zero-day exploit” had been located in their operating system and had been found in commercial software, though they didn’t know its purpose. When no response was forthcoming, VirusBlokAda posted a warning on an Internet security forum, warning of possible infections. Soon, infected customers were identified and Microsoft, after naming the worm STUXNET, began work on a fix.

But Microsoft couldn’t do it alone: STUXNET was far too complex. The American security firm Symantec played a major role as layer upon layer of complexity was revealed in fits and starts. They discovered that the code didn’t behave like most viruses or worms that steal or damage data. In fact, it appeared to do nothing at all except spread and replicate itself in other computers if those computers had certain characteristics; if not, no infection would be transmitted. When the code found a new home, it would notify its home base server, often in Asia, and reveal details of the new location so its originators would know which computer targets had been infected. For infected computers, STUXNET came to life only when it encountered certain industrial-control devices containing proprietary software produced by the German firm Siemens. Zetter tracks the complicated path to devices running that software; initially all of these devices were found to be installed in a very secure Iranian facility in Natanz.

Eventually, it became obvious to the security sleuths that STUXNET was so extraordinary that it had likely been state-sponsored. At one point espionage was suspected, (p. 17) and it would later develop that earlier variants of STUXNET, undetected or unreported, had been used for that purpose. (p. 259)

Even after the circuitous path to STUXNET exposed its purpose as intended to be used against Iranian centrifuges, there remained the outstanding question of who was responsible. After speculating about a White House role in its approval, Zetter asserts it was intelligence agencies in the United States and Israel, though the only direct support she provides is a 15 January 2011 article in the New York Times. She considers the blowback potential (e.g., others may do the same to the United States) and the moral implications analogous to those surrounding the use of the atom bomb. So far, she writes, “STUXNET still holds the distinction of being the only known case of cyber warfare on record.” (p. 408)

[1] On occasion, personal loyalties and opinions can be carved in stone and defended with a vengeance — at times with some venom thrown in. In these situations, the actual importance of the subject matter is dwarfed by the amount of aggression expressed. Retain a sense of proportion in all online and in-person discussions. [From The Intelligencer: Journal of U. S. Intelligence Studies.]

[2] Hayden Peake is the Curator of the CIA’s Historical Intelligence Collection. He has served in the Direc-torate of Science and Technology and the Directorate of Operations. Most of these reviews appeared in recent unclassified editions of CIA’s Studies in Intelligence, Other reviews and articles may be found online at http://www.cia.gov.

This entry was posted in Cybercrime and tagged , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s