If you can read this, either the style sheet didn't load or you have an older browser that doesn't support style sheets. Try clearing your browser cache and refreshing the page.

(International Business Times)   Godel Owns Decryption Experts, Laughs   (ibtimes.co.uk) divider line 52
    More: Interesting, Mindy Godell, Kaspersky Labs, Natanz, nuclear powers, encryption, George W. Bush  
•       •       •

7814 clicks; posted to Main » on 14 Aug 2012 at 4:12 PM (1 year ago)   |  Favorite    |   share:  Share on Twitter share via Email Share on Facebook   more»



52 Comments   (+0 »)
   
View Voting Results: Smartest and Funniest

Archived thread

First | « | 1 | 2 | » | Last | Show all
 
2012-08-14 04:14:03 PM
its a real shame that Linux is immune to that crap. ((:
 
2012-08-14 04:16:41 PM
I deciphered what you did there, subby.
 
2012-08-14 04:17:11 PM
Escher, Bach respond with "No Comment"

/How many people only know of that name because of that book? Or have I gone to obscure?
 
2012-08-14 04:18:50 PM
d.r.i.n.k. .m.o.r.e. o.v.a.l.t.i.n.e
 
2012-08-14 04:19:16 PM
FU Submitter, there are multiple videos on that page that auto-start (thank god for flash block). You're an a$$hole dickmitter
 
2012-08-14 04:19:28 PM

Linux_Yes: its a real shame that Linux is immune to that crap. ((:


I'm pretty sure the guys behind this can just as easily do this on a Linux system. It's just that their target isn't running Linux.
 
2012-08-14 04:19:56 PM
I wonder which gov made this one. Israel, Russia, China, or the US?
 
2012-08-14 04:19:57 PM

ReverendLoki: Escher, Bach respond with "No Comment"

/How many people only know of that name because of that book? Or have I gone to obscure?


You haven't gone to obscure until you start quoting the Godel-from-a-parallel-universe from Neal Stephenson's Anathem.
 
2012-08-14 04:20:46 PM
So, setting it up such that the key to your encryption is a piece of information inherit to the specific machines you are targeting is farking brilliant.

It's likely going to fail, however. If it's getting enough publicity that us plebes are hearing about it, than you'd better believe that whatever Iranian Revolutionary Guard or Mossad IT people have heard about it and are preparing a list of candidate file names from likely target machines to try against the encryption. That would be for curiosity purposes to get it cracked and find out what it does; if they just want to disable the thing all they need do is rename all their files.
 
2012-08-14 04:24:29 PM
This comment cannot be posted on Fark thread 7267797.
 
2012-08-14 04:26:36 PM
Has there been any concrete proof to show that any of these things (stuxnet, flame, etc) have come from the usa or some us sponsored agency/group? Kinda ignorant to publish an article pretty much blaming the west for these things based on assumptions, but i'd expect no less from a Russian based "security" company. Given that country's history of hacking, piracy, spamming, and botnets, they should be "experts" in the field of computer security.
 
2012-08-14 04:28:25 PM

ReverendLoki: Escher, Bach respond with "No Comment"

/How many people only know of that name because of that book? Or have I gone to obscure?


It's an eternal golden braid, man.

Also, poor Godel was a nutter who starved to death.
 
2012-08-14 04:29:50 PM
How about taking machines like this off the farking internet? Or is this all so that India can eventually take over operations of things like our power system?
 
2012-08-14 04:32:37 PM
upload.wikimedia.org
/obliggie
/though, I think this is what subby means...
 
2012-08-14 04:33:27 PM

semiotix: This comment cannot be posted on Fark thread 7267797.


Stop that!

/ you're gonna break something
 
2012-08-14 04:33:38 PM

Do the needful: How about taking machines like this off the farking internet? Or is this all so that India can eventually take over operations of things like our power system?


There's that.

Nothing like a permanent airgap to enhance security. But you also have to practically frisk people to prevent them from bringing memory sticks from home.

/there are USAF bases where they hot-melt-glue-gunned all the USB ports when numbskulls couldn't be trusted to follow the rules.
 
2012-08-14 04:34:36 PM

zulius: [upload.wikimedia.org image 300x270]
/obliggie
/though, I think this is what subby means...


Also, subby not only acronymed, but recursively acronymed: Godel Owns Decryption Experts, Laughs
 
2012-08-14 04:35:33 PM
This claim is either incomplete or inconsistent. It is impossible to prove one way or the other.
 
2012-08-14 04:36:41 PM
Larofeticus: "It's likely going to fail, however."

If it's anything like its brethren Stuxnet and Flame, it's already *done* whatever it was designed to do. Long before anyone noticed.
Odds actually are that it's already succeeded and the Iranians are already scanning/quarantining everything they have to find further infections.
And the only reason the thing was "discovered" was that the Iranians passed a sample to the Russians, who passed it to Kaspersky for crowd-sourced analysis and propaganda purposes.

i.e. No-one would have believed Iran if *they* said that Stuxnet was US/Israeli. But having Kapersky say it and make the source available for analysis put the claim beyond any reasonable doubt. Similarly with Flame. Similarly again with Gauss.
 
2012-08-14 04:44:24 PM
ringersol:

Yeah that's a good point I hadn't considered. My assumption was someone just found it in the wild, instead of finding it in the hen house.

But if that is the case we'll probably never find out what it does, as the Iranians finding it would already have access to all the possible encryption keys and should have tried them already.

Either that, or they already have the key and know what it does, but are pretending otherwise so that after a couple weeks "crowd-sourced tips" can reveal the module encrypts a picture of an eagle holding an American flag and when executed it makes neonatal incubators explode.
 
2012-08-14 04:49:28 PM

Larofeticus: So, setting it up such that the key to your encryption is a piece of information inherit to the specific machines you are targeting is farking brilliant.

It's likely going to fail, however. If it's getting enough publicity that us plebes are hearing about it, than you'd better believe that whatever Iranian Revolutionary Guard or Mossad IT people have heard about it and are preparing a list of candidate file names from likely target machines to try against the encryption. That would be for curiosity purposes to get it cracked and find out what it does; if they just want to disable the thing all they need do is rename all their files.


I'd think it depends. It will take time to find out what program in %PROGRAMFILES% is the key, so until you know what one it is you'd have to change the names of all the programs in which case I don't think they will run right. (Im fairly sure you cant just blindly rename folders). It might be on boxes that are very tightly locked down or it might be an embedded computer somewhere that they don't even know is running windows.

/could be and likely that I am wrong
 
2012-08-14 04:49:43 PM
Any web page that has to run two, not just one, autostart video/audio feeds is years ahead in design, way ahead of Huff Post.

The gauss must need Adobe to complete it's evil task.
 
2012-08-14 04:52:16 PM
The password is '3.'


/ no, you don't put in the quotes or the period, just 3.
// no, you don't type "just 3." only 3.
 
2012-08-14 04:55:10 PM

maxx2112: The password is '3.'


/ no, you don't put in the quotes or the period, just 3.
// no, you don't type "just 3." only 3.


only 3

/Didn't work.
 
2012-08-14 04:55:29 PM
With all this hacking going on, it is about time to get a group of guru programmers together and come up with a universal solution.
 
2012-08-14 04:56:52 PM
Cool article. But then, I dig math, encryption, and international espionage.

Larofeticus: Iranian Revolutionary Guard or Mossad IT people have heard about it and are preparing a list of candidate file names from likely target machines to try against the encryption


That seems...naive. Filenames are too obvious. <csb>There's some way that Microsoft uses to obtain the "signature" of a machine for licensing purposes. I don't know what it is, but I know my legal-and-valid copy of Windows XP stopped working once upon a time when I upgraded my sound card and video card at the same time, and had to call them to get it working again.</csb> I'm thinking it's something more obscure like that - a "machine signature" of some sort, if you will.
 
2012-08-14 05:01:26 PM

CthulhuCalling: Linux_Yes: its a real shame that Linux is immune to that crap. ((:

I'm pretty sure the guys behind this can just as easily do this on a Linux system. It's just that their target isn't running Linux.



that statement shows how little you understand how Linux is designed.
 
2012-08-14 05:02:37 PM

CthulhuCalling: Linux_Yes: its a real shame that Linux is immune to that crap. ((:

I'm pretty sure the guys behind this can just as easily do this on a Linux system. It's just that their target isn't running Linux.


you've been reading too much Monopoly$oft FUD and it works.
 
2012-08-14 05:10:44 PM

FrancoFile: Do the needful: How about taking machines like this off the farking internet? Or is this all so that India can eventually take over operations of things like our power system?

There's that.

Nothing like a permanent airgap to enhance security. But you also have to practically frisk people to prevent them from bringing memory sticks from home.

/there are USAF bases where they hot-melt-glue-gunned all the USB ports when numbskulls couldn't be trusted to follow the rules.


Very true. I am dealing with restrictions like that with my job, and I work from home. No outside USB anything.

/Is that a usb stick or are you just happy to see me?
 
2012-08-14 05:17:30 PM

Dick Gozinya: Has there been any concrete proof to show that any of these things (stuxnet, flame, etc) have come from the usa or some us sponsored agency/group? Kinda ignorant to publish an article pretty much blaming the west for these things based on assumptions, but i'd expect no less from a Russian based "security" company.


Those damn reds at The New York Times are always blaming the west for computer viruses. Damn ruskies.
 
2012-08-14 05:19:37 PM

Linux_Yes: CthulhuCalling: Linux_Yes: its a real shame that Linux is immune to that crap. ((:

I'm pretty sure the guys behind this can just as easily do this on a Linux system. It's just that their target isn't running Linux.


that statement shows how little you understand how Linux is designed.


Go troll somewhere else, farktard. Leave the serious business to the grownups.
 
2012-08-14 05:21:26 PM

Fuggin Bizzy: Cool article. But then, I dig math, encryption, and international espionage.

Larofeticus: Iranian Revolutionary Guard or Mossad IT people have heard about it and are preparing a list of candidate file names from likely target machines to try against the encryption

That seems...naive. Filenames are too obvious. <csb>There's some way that Microsoft uses to obtain the "signature" of a machine for licensing purposes. I don't know what it is, but I know my legal-and-valid copy of Windows XP stopped working once upon a time when I upgraded my sound card and video card at the same time, and had to call them to get it working again.</csb> I'm thinking it's something more obscure like that - a "machine signature" of some sort, if you will.


It's a combination of all the hardware UUIDs on the system. Change enough hardware and your license resets and you need to reactivate.
 
2012-08-14 05:23:10 PM
The company is seeking help from those interested in mathematics and cryptography to join them in solving the mystery.

Sure, hang on. Let me fire up my 123 TFlops Cray XT5.
www.navo.hpc.mil
/no, really
//if you can wait a couple of weeks we'll have three IBM iDataPlexes online, total of 777 TFlops
 
2012-08-14 05:25:48 PM
imgs.xkcd.com
 
2012-08-14 05:37:50 PM
You mean the same New York Times that printed articles from a reporter that was just making shiat up from his apartment in Brooklyn? That New York Times?
 
2012-08-14 05:41:31 PM

downstairs: maxx2112: The password is '3.'


/ no, you don't put in the quotes or the period, just 3.
// no, you don't type "just 3." only 3.

only 3

/Didn't work.


farm3.staticflickr.com
 
2012-08-14 06:07:07 PM
Well if it is looking for a program name with an extended ascii code alphabet, just sandbox it and throw in programs till it twiches. There cannot be that many programs to go through. The encryption would be harder to bust than going through a list of programs.That being said, why not just make a module and boinc it? should be able to crack any encryption with enough participation in a reasonable amount of time. Meh most of these guys look at problems wrong and try to solve them backwards.
 
2012-08-14 06:47:27 PM

Fuggin Bizzy: That seems...


The article mentioned they were looking for something that either began with a tilde or was in hebrew/arabic character space. This leads me to the assumption that they can decipher the the mechanism which scans the filesystem for potential keys, and the actual encryption/decryption process. It's only the encrypted payload data itself they can't get to because they don't know the filesystem that the thing is targeting.
 
2012-08-14 07:01:38 PM

CthulhuCalling: Linux_Yes: its a real shame that Linux is immune to that crap. ((:

I'm pretty sure the guys behind this can just as easily do this on a Linux system. It's just that their target isn't running Linux.


Probably not. Linux is run with security in mind. By nerds for nerds. It CAN be done, but not as easily as windows or AppleOS, which is just linux derped down for grandmas.

Linux is a slightly hardened target by default and a fortress if you know how to lock it down.
 
2012-08-14 07:45:44 PM
As a cryptonerd, well, I've got better things to do, intriguing though this may be.
 
2012-08-14 08:19:19 PM

doglover: CthulhuCalling: Linux_Yes: its a real shame that Linux is immune to that crap. ((:

I'm pretty sure the guys behind this can just as easily do this on a Linux system. It's just that their target isn't running Linux.

Probably not. Linux is run with security in mind. By nerds for nerds. It CAN be done, but not as easily as windows or AppleOS, which is just linux derped down for grandmas.

Linux is a slightly hardened target by default and a fortress if you know how to lock it down.


OSX is based off of BSD, which is a true Unix, just with a pretty front end.
 
2012-08-14 08:26:53 PM

paleryder69: There cannot be that many programs to go through.


I'd assume if there's some particular target then one of the necessary programs is probably something unique to that company/facility. Think of the stuff that keeps The Daily WTF supplied with material - Visual Basic atrocities that have evolved to be mission-critical, etc.

There's probably a countably infinite number of those.

paleryder69: should be able to crack any encryption with enough participation in a reasonable amount of time.


For most modern stuff that still works out to enough computers to fill the volume of the Earth, working for as long as the Earth has existed. (Give or take a few orders of magnitude).
 
2012-08-14 08:35:45 PM

Linux_Yes: CthulhuCalling: Linux_Yes: its a real shame that Linux is immune to that crap. ((:

I'm pretty sure the guys behind this can just as easily do this on a Linux system. It's just that their target isn't running Linux.


that statement shows how little you understand how Linux is designed.


Not the OP, but I do understand how Unices are designed (I even understand the code commented "you are not expected to understand this", that makes fork() return 0 in the child process and the child PID in the parent process).

Of course a Linux system can be hacked with tools like this. The attack surface is usually much smaller, but not zero. There's a reason rootkits are called "rootkits" and not "Administratorkits" or "ntfskits".

The conventional wisdom when considering Advanced Persistent Threats is that you can only slow them down, you can't be entirely immune. Like safes - they're rated as to how long it would take a hardcore safecracker to get in, and that time is always finite. (Usually a small number of hours IIRC).
 
2012-08-14 09:25:15 PM
It has to decrypt itself to run. Are these guys n00bs?
 
2012-08-14 09:32:05 PM
vodka
It has to decrypt itself a certain part of itself, the purpose of which is as of yet unknown, in the presence of a specific program installed on a target computer, using a simple but practically irreversible validation process to run. Are these guys n00bs? awesome?

Fixed that for you.
 
2012-08-14 09:36:34 PM

NarrMaster: Fixed that for you.


I know that's what they did but it's an idiotic design if it's turned on externally. If they wanted to they could upload any payload they want any time they want. There is no point in including it in the installed binary unless it is decrypted locally. it's probably just a red herring.
 
2012-08-14 09:52:33 PM

vodka: NarrMaster: Fixed that for you.

I know that's what they did but it's an idiotic design if it's turned on externally. If they wanted to they could upload any payload they want any time they want. There is no point in including it in the installed binary unless it is decrypted locally. it's probably just a red herring.


RTFA. It basically creates the decryption key from the list of installed programs on the target machine. There's no "turning on externally." The code runs. If it's on any machine that's not a match, it's dormant. If it's on a machine which has the right mix of programs installed, that machine itself is the decryption key, the payload executes.

"Uploading" anything to it would be idiotic because it would give anyone analyzing it a way to trace it back to the maintainers. There's no "turning on externally." It's more like scattering a huge number of landmines that only detonate if stepped on by a 186.3 lb red-haired man named Fred.
 
2012-08-14 10:07:35 PM
ProfessorOhki: RTFA. It basically creates the decryption key from the list of installed programs on the target machine. There's no "turning on externally." The code runs. If it's on any machine that's not a match, it's dormant. If it's on a machine which has the right mix of programs installed, that machine itself is the decryption key, the payload executes.

Which goes back to my original assertion. If it runs then it has to decrypt itself. Everything necessary to decrypt it is already there.
 
2012-08-14 10:18:53 PM

vodka: ProfessorOhki: RTFA. It basically creates the decryption key from the list of installed programs on the target machine. There's no "turning on externally." The code runs. If it's on any machine that's not a match, it's dormant. If it's on a machine which has the right mix of programs installed, that machine itself is the decryption key, the payload executes.

Which goes back to my original assertion. If it runs then it has to decrypt itself. Everything necessary to decrypt it is already there.


You're missing the part where hashing is destructive. It takes an input from the host computer, hashes it 10k times, and, if that's correct... uses the original input + additional magic to decrypt the payload. You can't decrypt the payload without the key. You can't generate the key from the hash check. The key is not include in the binary; it's generated based on the contents of the machine it's running on. If you are on a machine where the payload has gone off, then yes, everything needed to decrypt it is there. The trick is they'd like to find out the target BEFORE it runs on a targeted machine.

I see where you might be getting hung up though. There's two parts to this thing; there's the part that spreads it around and checks to see where it lands, then there's a chunk in that blob that's encrypted. The part that actually does the (assumed) damage hasn't run anywhere yet. Well, that anyone knows of.
 
2012-08-15 01:49:19 AM

Gaseous Anomaly: Linux_Yes: CthulhuCalling: Linux_Yes: its a real shame that Linux is immune to that crap. ((:

I'm pretty sure the guys behind this can just as easily do this on a Linux system. It's just that their target isn't running Linux.


that statement shows how little you understand how Linux is designed.

Not the OP, but I do understand how Unices are designed (I even understand the code commented "you are not expected to understand this", that makes fork() return 0 in the child process and the child PID in the parent process).

Of course a Linux system can be hacked with tools like this. The attack surface is usually much smaller, but not zero. There's a reason rootkits are called "rootkits" and not "Administratorkits" or "ntfskits".

The conventional wisdom when considering Advanced Persistent Threats is that you can only slow them down, you can't be entirely immune. Like safes - they're rated as to how long it would take a hardcore safecracker to get in, and that time is always finite. (Usually a small number of hours IIRC).


Exactly. While Linux is nice and all, it's far from a perfect operating system, but nothing is. There are the fans, the zealots, and then there are the ones who truly understand the threat continuum. I mean, I could have gone and collected 2 or 3 years of CVE entries just for the kernel alone but I didn't want to be a dick. I've sysadminned thousands of *nix systems in high-security government environments for years, and spent the last couple of years as a pentester. I've popped Unixes, Linuxes of all kinds, OSX, and of course Windows. I've done incident response and forensics on compromised servers, I've seen what happens to "unbreakable" systems. If you're a high-value target, all you can really hope for is being able to detect the compromise before they run off with all your panties.

The guys who are creating these packages are some *very* bright people who obviously have their own secret sauce and 0 days. They're attacking the Windows platform because that's what their targets are running (ie, the Siemens PLC controllers interface with a Windows workstation) and they're able to precisely attack who they are targeting. I would put real money that if one of their targets were running a Unix or Linux variant, they have 0-days for that as well.
 
Displayed 50 of 52 comments

First | « | 1 | 2 | » | Last | Show all

View Voting Results: Smartest and Funniest


This thread is archived, and closed to new comments.

Continue Farking
Submit a Link »






Report