Hacker attacks in cinema and in reality
Sometimes it seems that the guys from Hollywood consider computers to be something magical, portraying hackers as real wizards who work wonders. In cinema, computers easily blow up skyscrapers, turn off electricity in megacities, block transport and turn Matthew Lillard (the film “Hackers”) into a subject of adoration for women. But sometimes what is shown on the screen really corresponds to reality. The world of information technology is full of surprises.
Logical bomb in Siberia
A lot of controversy and indignation caused a scene in the cult action movie "Die Hard 4" where, using computer "shamanism", the bad guys burned the gas pipeline. The pomposity was certainly inflated to the limits, but nonetheless - this story is not so fantastic. This actually happened ... in 1982, six years before the "nuts" epic.
At the height of the 1982 Cold War, American satellites spotted a big explosion in Siberia. Its power reached 3 kilotons (approximately one fifth of the strength of the atomic bomb dropped on Hiroshima). The cause of the explosion was a failed computer control system that was stolen by Soviet spies. But the brave guys did not know that the CIA detected an information leak and slipped them a fake - defective gas pipeline adjustment software, which was programmed to fail at some point. The CIA launched the so-called “Trojan horse”. As Thomas Reed, former Secretary of Air Force Affairs at the National Security Council, recalls:
Fortunately, the incident cost no physical casualties, but it dealt a severe blow to the Soviet economy and disabled the gas pipeline system. The developers of the logic bomb created a switch that switched the program to another mode after it completed several million cycles. Not stupid people worked in the KGB and of course they checked their trophy. Well, well, the program was programmed to work perfectly until all the cycles were completed. Which she did for several months. But after counting the desired number of cycles, the logic bomb was automatically launched. The program unexpectedly peddled, changed the speed of the pumps, the pressure value of the turbines and valves. Thus, the allowable pressure for joints and welds of the pipeline increased many times. The result is a big bang, just like in a movie ...
The laptop, which put on its knees the Ministry of Defense
To the unfortunate "Nut" in general, a lot of complaints. There is another controversial scene where Bruce Willis finds out that some rascal using a laptop is able to close the US Department of Defense. Funny, but it really can be done.
In 2008, the US Department of Defense posted a cyber attack on the Internet. A worm crawled into the local networks of the military departments - a self-replicating malicious code, which was dubbed Agent.btz (a variant of the SillyFDC worm).
It all started with a regular flash drive, which was carefully left in the parking lot of the US Department of Defense complex at the military base (in the Middle East). This small drive contained malicious code and was inserted into the USB port of a laptop connected to the computer network of the Central Command of the US Department of Defense. Everything is ingenious and simple!
Of course, the story of a flipped flash drive could be fake. But the fact of third-party infection remains undeniable. Like the fact that Agent.btz was a worm, not a trojan. Another important point is the existence of dozens of its various options.
The malicious Agent.btz could scan the computer for data, bypassing various levels and protection options, and then send the information it found to the remote command server of its creators. At the same time, the worm left open loopholes for others. It’s like some intruder who got into the house, carried out the things he liked and left the back door open for other thieves. He also sent out messages about open doors to everyone.
In the infected system, the worm created a file called “thumb.dd” on all connected flash drives. And in the form of a CAB file, he saved the following files there: “winview.ocx”, “wmcache.nld” and “mswmpdat.tlb”. They contained information about the infected system and the logs of worm activity in it. If you look, then “thumb.dd” was a container with data that was saved on a USB flash drive in the absence of the possibility of direct transfer via the Internet to a C&C server.
In addition, Agent.btz constantly mutated, downloading new and new code. Thus, he changed the "signature", avoiding detection. And while old versions were deleted, new, more complex Agent.btz appeared on the network. No matter how the great and mighty Pentagon tried to identify and destroy the malicious worm, the last year and a half has worked successfully, damaging confidential information and documents. This continued until hundreds of machines were reformatted and thousands of infected flash drives were confiscated.
The operation to protect against cyber attacks was called Operation Buckshot Yankee. Actually, it then became the starting point for the creation of the United States Cyber Command.
Redemption for "release" of medical results
It is hard to imagine that hackers outside the films compose notes-applications from magazine clippings for the ransom ... of medical results. “If you want to see your tests, pay $ 50,000,” something like that. Nevertheless, this happened in one Illinois clinic.
The more medical institutions convert records to digital, the brighter the hacker attacks. As in July 2012, a group of hackers entered the computer networks of the surgery department of Lake County Hospital, located in a rich part of Illinois (a suburb of Libertyville). Hackers climbed onto the clinic’s server and gained access to the patient database, including email addresses and medical records.
The attackers did not even think of hiding, proudly declaring their hacking and that from now on all the useful medical data was encrypted by them. They posted a digital note made up of magazine clippings, where they demanded a ransom for providing a password-access to vital information. But the hospital staff decided to turn off the server, notifying the authorities and patients about what happened and that the hospital would not pay the ransom.
Lake County surgeons were not the first victims of this kind of hacker attack. In the same 2008, an unpleasant incident occurred with the pharmacy chain Express Scripts. They also demanded a ransom for the personal information of customers. For the sake of solidity and persuasiveness, the attackers sent the company data to 75 customers, which contained the numbers of social security cards and the history of the issued recipes. In exchange for safety and avoiding scandal, computer fraudsters demanded a ransom. Although the company put the interests of its customers above all else, she refused to pay the amount. And she notified nearly 700,000 of her clients that their information could have become the property of cybercriminals.
Spy virus, cooler agent 007
Imagine a piece of code that could surpass James Bond (Agent 007) along with Ethan Hunt (Mission Impossible).
This spyware virus is called Flame. It spread like wildfire all over the world, walking with its malicious 20 megabytes of spyware across several countries of the Near and Middle East. The first was Iran. While James Bond was having fun at some restaurant with another beauty, Flame was doing a real spy job. Namely, he was collecting information. This computer virus is able to copy data files, capturing sensitive screenshots and downloading instant message decryption, remotely turn on the computer’s microphone and cameras to record conversations taking place next to it.
In short, Flame is a computer virus that can infect personal programs running Microsoft Windows 7, Vista and XP with a full set of patches installed. It infiltrates a car using almost unknown vulnerabilities. And getting to a new place, he is able to use various tricks, spreading through USB-flash drives and a local network.
Flame receives commands and data via Bluetooth, but it also has the inherent ability to fake accounts to avoid being exposed. The virus is divided into library modules, uses its own database, actively uses cryptography, compression and script programming, and also connects elements of free software.
As a rule, in films, exposed spies bite a capsule with cyanide (or any other deadly poison) hidden under a seal in a denture or somewhere else. Man eliminates himself. Flame also comes in, launching a suicide command that automatically removes the virus and all traces from the infected computer. The caught virus does not just die, but at the same time burns its birth certificate.
Flame has been working underground for five years. Under the guise of Microsoft software updates, and as a real agent, he got a lot of classified information.
There was a person online and no
In 1995, Sandra Bullock in the film "Network" tried to convey to the audience the danger of storing personal information on the Internet. Using a computer hack, hackers were able to crash the plane and poison Dennis Miller. Actually, the famous heroine of the film adaptation (“The Girl with the Dragon Tattoo”) Lisbeth Salander deftly made human destinies using a laptop and a couple of hacking friends.
Yes, for some it may seem funny. But just not the American Matt Honan (senior writer on wired.com), he certainly is not laughing. The poor man felt on himself what it means in one day he will lose all possible access to accounts (Amazon, GMail, Apple and Twitter). In addition, all the information from his iPad, iPhone and MacBook also flew into the pipe. They did this using the writer’s phone number and information that was available on the network. Matt Honan disappeared from the Internet in less than an hour.
It all started with the fact that hackers deleted their Honan Google account (including all his correspondence in eight years, priceless photos of his 18-month-old daughter), and then use his Twitter to write racist and homophobic statements there. Next, the attackers used the Apple ID to turn on their iPhone, iPad and MacBook and turn them into shiny metal "bricks". For a person earning on the Internet, all this had serious consequences. In fact, hackers deftly blocked Matt's entire virtual life.
It is curious that one of the hackers subsequently contacted Honan and shared the details of the hack. He told the writer exactly how he had turned everything (and at that time Honan was probably mocking his voodoo doll). It was enough for the hacker to get the home address and credit card number. But this is the information that everyone provides when buying something on the Internet (food or things).
Hackers found Matt's address, which was easily discovered by the WhoIs service in information about his personal site. Next, they used his gmail to get an account that allowed him to see his partially closed alternate email address, which was Apple's identifier. Then one of the attackers called Amazon tech support on behalf of Matt to add a new credit card. Address, name and email provided. After that, the impostor called Amazon again, saying that access to Amazon account was lost. Amazon asked for a name, address, and credit card number. After providing this information, which was added before, the credit card number came up and the deceiving Mat was able to add a new email address to the account to which he restored the password. Amazon has the ability to view a list of saved credit cards, where only the last four digits of the number are displayed. After that, the hacker called AppleCare, where he called the name, address and last four digits of the credit card. And voila - they gave him a temporary password for a .me account! There, the impostor retrieved the GMail password, and the GMail password on Twitter. And already with the help of AppleId, he boldly deleted all information from the iPhone, iPad and MacBook using Find My Phone and Find My Mac services.
The saddest and most absurd thing in this story is that Honan suffered without any reason. Hackers had nothing against the writer, they just liked his Twitter posts and wanted to use it for trolling. They went through this whole complex process purely for fun.
Stuxnet destroys Iran’s nuclear plant plans
As stated earlier, hackers can create computer viruses that lead to explosions. The same American virus that turned the Siberian gas pipeline into a huge crater. What about paralyzing the country's nuclear potential?
One of the most scandalous stories is connected with the Stuxnet worm, which began to be used by US intelligence agencies around 2007. But it was in 2010 that this insidious worm disabled the engines of hundreds of uranium centrifuges at the Bushehr nuclear power plant, pushing back the development of Iran’s nuclear program.
In June 2010, the Stuxnet virus was found in networks of enterprises, power plants and traffic control systems around the world. This worm infects computers running the Microsoft Windows operating system. He could shut off large energy networks (for example, turn off the oil pipeline or stop the operation of a nuclear reactor) without warning operators.
Typically, viruses are less choosy. They, like robbers, burst in the door and begin to destroy things. Stuxnet was different, it pursued a specific goal - a centrifuge in the main facility for enriching Iran with uranium. After activating its program, the Stuxnet virus gained full control over the system and disabled hundreds of uranium centrifuge engines at the Bushehr nuclear power plant.
The astu team and the astsu team of Mr. Robot
Another interesting point was shown in the new series about the genius IT specialist ("Mr. Robot"). In the first series, the protagonist named Eliot goes to the data center, where he restores the servers using the Linux “astu” and “astsu” commands. These teams subsequently played a decisive role in the plot. And they looked so realistic that they caused a heated debate among programmers on what they mean. By the way, the software, methodology, other commands and calling Linux command line screens produced by Eliot look quite believable.
One opinion suggests that the commands “astu” and “astsu” are used as sudo (or ssh). Eliot’s company is called Allsafe Security and provides cyber security, possibly a derivative of astsu = Allsafe. But the theme of the Mr. Robot teams is a topic for a separate article.
Logical bomb in Siberia
A lot of controversy and indignation caused a scene in the cult action movie "Die Hard 4" where, using computer "shamanism", the bad guys burned the gas pipeline. The pomposity was certainly inflated to the limits, but nonetheless - this story is not so fantastic. This actually happened ... in 1982, six years before the "nuts" epic.
At the height of the 1982 Cold War, American satellites spotted a big explosion in Siberia. Its power reached 3 kilotons (approximately one fifth of the strength of the atomic bomb dropped on Hiroshima). The cause of the explosion was a failed computer control system that was stolen by Soviet spies. But the brave guys did not know that the CIA detected an information leak and slipped them a fake - defective gas pipeline adjustment software, which was programmed to fail at some point. The CIA launched the so-called “Trojan horse”. As Thomas Reed, former Secretary of Air Force Affairs at the National Security Council, recalls:
It was the most monumental non-nuclear explosion and fire that could have been seen even from space.
Fortunately, the incident cost no physical casualties, but it dealt a severe blow to the Soviet economy and disabled the gas pipeline system. The developers of the logic bomb created a switch that switched the program to another mode after it completed several million cycles. Not stupid people worked in the KGB and of course they checked their trophy. Well, well, the program was programmed to work perfectly until all the cycles were completed. Which she did for several months. But after counting the desired number of cycles, the logic bomb was automatically launched. The program unexpectedly peddled, changed the speed of the pumps, the pressure value of the turbines and valves. Thus, the allowable pressure for joints and welds of the pipeline increased many times. The result is a big bang, just like in a movie ...
The laptop, which put on its knees the Ministry of Defense
To the unfortunate "Nut" in general, a lot of complaints. There is another controversial scene where Bruce Willis finds out that some rascal using a laptop is able to close the US Department of Defense. Funny, but it really can be done.
In 2008, the US Department of Defense posted a cyber attack on the Internet. A worm crawled into the local networks of the military departments - a self-replicating malicious code, which was dubbed Agent.btz (a variant of the SillyFDC worm).
It all started with a regular flash drive, which was carefully left in the parking lot of the US Department of Defense complex at the military base (in the Middle East). This small drive contained malicious code and was inserted into the USB port of a laptop connected to the computer network of the Central Command of the US Department of Defense. Everything is ingenious and simple!
Of course, the story of a flipped flash drive could be fake. But the fact of third-party infection remains undeniable. Like the fact that Agent.btz was a worm, not a trojan. Another important point is the existence of dozens of its various options.
The malicious Agent.btz could scan the computer for data, bypassing various levels and protection options, and then send the information it found to the remote command server of its creators. At the same time, the worm left open loopholes for others. It’s like some intruder who got into the house, carried out the things he liked and left the back door open for other thieves. He also sent out messages about open doors to everyone.
In the infected system, the worm created a file called “thumb.dd” on all connected flash drives. And in the form of a CAB file, he saved the following files there: “winview.ocx”, “wmcache.nld” and “mswmpdat.tlb”. They contained information about the infected system and the logs of worm activity in it. If you look, then “thumb.dd” was a container with data that was saved on a USB flash drive in the absence of the possibility of direct transfer via the Internet to a C&C server.
In addition, Agent.btz constantly mutated, downloading new and new code. Thus, he changed the "signature", avoiding detection. And while old versions were deleted, new, more complex Agent.btz appeared on the network. No matter how the great and mighty Pentagon tried to identify and destroy the malicious worm, the last year and a half has worked successfully, damaging confidential information and documents. This continued until hundreds of machines were reformatted and thousands of infected flash drives were confiscated.
The operation to protect against cyber attacks was called Operation Buckshot Yankee. Actually, it then became the starting point for the creation of the United States Cyber Command.
Redemption for "release" of medical results
It is hard to imagine that hackers outside the films compose notes-applications from magazine clippings for the ransom ... of medical results. “If you want to see your tests, pay $ 50,000,” something like that. Nevertheless, this happened in one Illinois clinic.
The more medical institutions convert records to digital, the brighter the hacker attacks. As in July 2012, a group of hackers entered the computer networks of the surgery department of Lake County Hospital, located in a rich part of Illinois (a suburb of Libertyville). Hackers climbed onto the clinic’s server and gained access to the patient database, including email addresses and medical records.
The attackers did not even think of hiding, proudly declaring their hacking and that from now on all the useful medical data was encrypted by them. They posted a digital note made up of magazine clippings, where they demanded a ransom for providing a password-access to vital information. But the hospital staff decided to turn off the server, notifying the authorities and patients about what happened and that the hospital would not pay the ransom.
Lake County surgeons were not the first victims of this kind of hacker attack. In the same 2008, an unpleasant incident occurred with the pharmacy chain Express Scripts. They also demanded a ransom for the personal information of customers. For the sake of solidity and persuasiveness, the attackers sent the company data to 75 customers, which contained the numbers of social security cards and the history of the issued recipes. In exchange for safety and avoiding scandal, computer fraudsters demanded a ransom. Although the company put the interests of its customers above all else, she refused to pay the amount. And she notified nearly 700,000 of her clients that their information could have become the property of cybercriminals.
Spy virus, cooler agent 007
Imagine a piece of code that could surpass James Bond (Agent 007) along with Ethan Hunt (Mission Impossible).
This spyware virus is called Flame. It spread like wildfire all over the world, walking with its malicious 20 megabytes of spyware across several countries of the Near and Middle East. The first was Iran. While James Bond was having fun at some restaurant with another beauty, Flame was doing a real spy job. Namely, he was collecting information. This computer virus is able to copy data files, capturing sensitive screenshots and downloading instant message decryption, remotely turn on the computer’s microphone and cameras to record conversations taking place next to it.
In short, Flame is a computer virus that can infect personal programs running Microsoft Windows 7, Vista and XP with a full set of patches installed. It infiltrates a car using almost unknown vulnerabilities. And getting to a new place, he is able to use various tricks, spreading through USB-flash drives and a local network.
Flame receives commands and data via Bluetooth, but it also has the inherent ability to fake accounts to avoid being exposed. The virus is divided into library modules, uses its own database, actively uses cryptography, compression and script programming, and also connects elements of free software.
As a rule, in films, exposed spies bite a capsule with cyanide (or any other deadly poison) hidden under a seal in a denture or somewhere else. Man eliminates himself. Flame also comes in, launching a suicide command that automatically removes the virus and all traces from the infected computer. The caught virus does not just die, but at the same time burns its birth certificate.
Flame has been working underground for five years. Under the guise of Microsoft software updates, and as a real agent, he got a lot of classified information.
There was a person online and no
In 1995, Sandra Bullock in the film "Network" tried to convey to the audience the danger of storing personal information on the Internet. Using a computer hack, hackers were able to crash the plane and poison Dennis Miller. Actually, the famous heroine of the film adaptation (“The Girl with the Dragon Tattoo”) Lisbeth Salander deftly made human destinies using a laptop and a couple of hacking friends.
Yes, for some it may seem funny. But just not the American Matt Honan (senior writer on wired.com), he certainly is not laughing. The poor man felt on himself what it means in one day he will lose all possible access to accounts (Amazon, GMail, Apple and Twitter). In addition, all the information from his iPad, iPhone and MacBook also flew into the pipe. They did this using the writer’s phone number and information that was available on the network. Matt Honan disappeared from the Internet in less than an hour.
It all started with the fact that hackers deleted their Honan Google account (including all his correspondence in eight years, priceless photos of his 18-month-old daughter), and then use his Twitter to write racist and homophobic statements there. Next, the attackers used the Apple ID to turn on their iPhone, iPad and MacBook and turn them into shiny metal "bricks". For a person earning on the Internet, all this had serious consequences. In fact, hackers deftly blocked Matt's entire virtual life.
It is curious that one of the hackers subsequently contacted Honan and shared the details of the hack. He told the writer exactly how he had turned everything (and at that time Honan was probably mocking his voodoo doll). It was enough for the hacker to get the home address and credit card number. But this is the information that everyone provides when buying something on the Internet (food or things).
Hackers found Matt's address, which was easily discovered by the WhoIs service in information about his personal site. Next, they used his gmail to get an account that allowed him to see his partially closed alternate email address, which was Apple's identifier. Then one of the attackers called Amazon tech support on behalf of Matt to add a new credit card. Address, name and email provided. After that, the impostor called Amazon again, saying that access to Amazon account was lost. Amazon asked for a name, address, and credit card number. After providing this information, which was added before, the credit card number came up and the deceiving Mat was able to add a new email address to the account to which he restored the password. Amazon has the ability to view a list of saved credit cards, where only the last four digits of the number are displayed. After that, the hacker called AppleCare, where he called the name, address and last four digits of the credit card. And voila - they gave him a temporary password for a .me account! There, the impostor retrieved the GMail password, and the GMail password on Twitter. And already with the help of AppleId, he boldly deleted all information from the iPhone, iPad and MacBook using Find My Phone and Find My Mac services.
The saddest and most absurd thing in this story is that Honan suffered without any reason. Hackers had nothing against the writer, they just liked his Twitter posts and wanted to use it for trolling. They went through this whole complex process purely for fun.
Stuxnet destroys Iran’s nuclear plant plans
As stated earlier, hackers can create computer viruses that lead to explosions. The same American virus that turned the Siberian gas pipeline into a huge crater. What about paralyzing the country's nuclear potential?
One of the most scandalous stories is connected with the Stuxnet worm, which began to be used by US intelligence agencies around 2007. But it was in 2010 that this insidious worm disabled the engines of hundreds of uranium centrifuges at the Bushehr nuclear power plant, pushing back the development of Iran’s nuclear program.
In June 2010, the Stuxnet virus was found in networks of enterprises, power plants and traffic control systems around the world. This worm infects computers running the Microsoft Windows operating system. He could shut off large energy networks (for example, turn off the oil pipeline or stop the operation of a nuclear reactor) without warning operators.
Typically, viruses are less choosy. They, like robbers, burst in the door and begin to destroy things. Stuxnet was different, it pursued a specific goal - a centrifuge in the main facility for enriching Iran with uranium. After activating its program, the Stuxnet virus gained full control over the system and disabled hundreds of uranium centrifuge engines at the Bushehr nuclear power plant.
The astu team and the astsu team of Mr. Robot
Another interesting point was shown in the new series about the genius IT specialist ("Mr. Robot"). In the first series, the protagonist named Eliot goes to the data center, where he restores the servers using the Linux “astu” and “astsu” commands. These teams subsequently played a decisive role in the plot. And they looked so realistic that they caused a heated debate among programmers on what they mean. By the way, the software, methodology, other commands and calling Linux command line screens produced by Eliot look quite believable.
One opinion suggests that the commands “astu” and “astsu” are used as sudo (or ssh). Eliot’s company is called Allsafe Security and provides cyber security, possibly a derivative of astsu = Allsafe. But the theme of the Mr. Robot teams is a topic for a separate article.