Wednesday, December 22, 2010

Is Stuxnet the new weapon for cyber insurgents?

Weaker combatants have always used unconventional or inexpensive means to defy stronger foes, including guerrilla warfare and suicide attacks that depend on a greater willingness to sacrifice life.

This approach can be decisive. Of all “asymmetric” wars since 1800 in which one side had far more armed power than the other, the weaker side won in 28 percent of cases, according to a 2001 study by US political scientist Ivan Arreguin-Toft.

The ratio may now be set to shift further in favour of the underdog.

The revelation this year of a novel way to use computers to sabotage an enemy’s lifeline infrastructure suggests a powerful new kind of weapon is moving within reach of weak states, militant groups and criminals, some analysts say.

That weapon is likely to be a variant of Stuxnet, a highly destructive Internet worm discovered by a Belarus company in June and described by European security company Kaspersky Labs as “a fearsome prototype of a cyber-weapon”, analysts say.

A GREAT DANGER”

“Stuxnet is like the arrival of an F-35 fighter jet on a World War I battlefield,” blogged German industrial control systems expert Ralph Langner.

Whoever created the bug, believed by many to have targeted an Iranian uranium enrichment facility, the job likely required many man-hours of work and millions of dollars in investment.

But now that its code has been publicly analysed, hackers will need only a few months to develop a version of the customised malware for black market sale, some experts say.

Ali Jahangiri, an information security expert who tracks Trojan codes, harmful pieces of software that look legitimate, describes that prospect as “a great danger.”

“The professional Trojan codemakers have got the idea from Stuxnet that they could make something similar which can be used by governments, criminals or terrorists,” he told Reuters.

Stuxnet’s menace is that it reprogrammes a control system used in many industrial facilities to inflict physical damage.
At risk is automation equipment common to the networks on which modern societies depend – power plants, refineries, chemical plants, pipelines and transport control systems.

beast image

Analysts say they suspect hackers are rushing to build a version of the worm and sell it to the highest bidder before experts can install counter-measures plants across the globe.

“My greatest fear is that we are running out of time to learn our lessons,” US information security expert Michael Assante told a Congressional hearing on Stuxnet this month.

Stuxnet … may very well serve as a blueprint for similar but new attacks on control system technology,” said Assante, President of the US National Board of Information Security Examiners, which sets standards for security professionals.

Langner says multinational efforts against malware inspired by Stuxnet won’t work since “treaties won’t be countersigned by rogue nation states, terrorists, organised crime, and hackers.”

“All of these will be able to possess and use such weapons soon,” he said. If the next Stuxnet cost less than $1 million on the black market, then “some not-so-well equipped nation states and well-funded terrorists will grab their checkbooks.”

As well as favouring small states, cyber appears to be a tool of special value for Russia and China, since it allows them to become equals to the United States in a sphere where US conventional military dominance counts for nothing.

Stuxnet is a powerful example of the fastest-growing sort of computer bug – customised malware written specifically to attack a precise target. What is new is its power, and the publicity it has attracted through a presumed link to Iran.

beast image

That publicity will have drawn attention in small nations such as North Korea, which can be expected to take an interest in acquiring a Stuxnet-like capability to balance an inferiority in conventional arms with its US-backed southern foe.

Like some impoverished countries in Africa, North Korea has a cyber advantage – it has so few systems dependent on digital networks that a big cyber attack on it would cause almost no damage, writes former US National Security Coordinator Richard Clarke in his book Cyber War.

Tuesday, December 7, 2010

Mac vs PC, desktops vs laptops

The humble desktop or laptop computer hasn't yet sunk to the status of commodity product, but it's getting close. On one hand, processing power, memory and storage keep getting cheaper and more plentiful; on the other, competing manufacturers have been settling on the same set of features.

They do, however, remain resolutely divided on one issue: Mac or PC? So are many of you.

I think Apple's Mac OS X is safer and simpler than Microsoft's Windows 7. It requires less setup work and ongoing maintenance, and most PCs lack the smart, stylish design of Macs. Apple's stores can be horribly crowded, but their Genius Bars (with an appointment) offer first-person tech support that's unparalleled among most PC vendors.

But I also know that PCs cost a lot less than Macs. And while Windows 7 retains such traditional annoyances as prolonged program installations, upgrades and uninstallations, its Home Premium edition represents a significant advance over the widely loathed Windows Vista and especially Vista's cut-rate Home Basic release.

You'd think that in a down economy, customers would opt for the cheaper option, but Apple's market share keeps going up.

Whatever operating system you pick, you'll have to choose between a laptop and a desktop. Most people get laptops and with good reason: The traditional cost gap between portable and stationary machines has largely vanished, leaving a desktop's bigger screen and more comfortable keyboard as its major real-world advantages.

beast image


If you plan on taking a laptop places, however, don't buy one that weighs more than five pounds or has a battery that isn't at least advertised as running three hours. (Those qualifications rule out many budget-priced Windows laptops.)

If you're buying a laptop as a second or third machine, a Windows or Linux netbook that would otherwise offer insufficient storage could make sense. But watch out for awkward keyboard layouts, as evidenced by a too-small right-hand Shift key. And - just this one time - pay attention to processor speeds, as the Intel Atom chips in most netbooks run on the slow side.

What about an option that didn't exist last year, tablet computers like Apple's iPad?

To me, they only make sense as a secondary device. The iPad requires a separate Mac or PC for setup and software updates and, without the webcam that's become standard on home laptops, it can't do video calling. A newer, Android-based tablet, Samsung's Galaxy Tab, suffers from high pricing compared to the iPad and even many netbooks, as well as some awkward moments in its software. (Look for a full review of that next week.)

Will this piece ever get to the traditional questions of computer shopping - what specifications to look for? Yes.

Ignore the processor entirely (outside of notebooks, as outlined above) unless you'll be editing video often and intensively. Three or four gigabytes of memory should suffice; two GB, seen on some entry-level Macs and cheaper PCs, can get cramped if you keep multiple applications open at once. (A year ago, buying a PC with less than 4 GB of RAM would have allowed you to get the 32-bit edition of Windows 7, but that more compatible option has essentially been banished from retail by 64-bit versions that don't offer a meaningful benefit to most home users.)

As for storage, 250 gigabytes of hard disk space should also be plenty unless you have an enormous video collection. You can get away with less on a second computer or if you don't have a large digital-media archive. Anything but a netbook (or Apple's high-priced answer to that category, the MacBook Air) will have a CD-burner drive that can probably burn DVDs, too. But you're unlikely to use an optical drive's write capability to do more than burn a backup CD or DVD. Spending extra for a Blu-ray drive makes no sense to me.

Expansion is yet another issue where you no longer have much to choose from. All you need are a few USB ports to plug in a mouse, a printer or other peripheral devices and an SD Card slot for your camera or phone's memory card. Apple's cheapest models fall short on those requirements but just about every other computer meets them. The FireWire ports on most Macs and the eSATA ports on some PCs can accommodate external hard drives but don't do much else; I can't call either essential.

beast image

Every machine has WiFi wireless these days as well, leaving only Bluetooth as an option to consider if you have a wireless mouse or your phone can transfer files with this under-used wireless technology.

With all the above criteria in mind, picking a Mac should be a relatively straightforward process (the basic iMac or the 13-in. MacBook should each do fine as a general-purpose home machine). But how to pick one PC out of so many similar competitors? I'd like to say you should choose the one with the cleanest software bundle, but vendors seem to have sunk to a common level of mediocrity.

Unless you custom-order a stripped-down bundle online, you're likely to get the same set of third-party software: Microsoft's Windows Live bundle of Internet and multimedia software, an expiring trial copy of Internet-security software, a trial copy of Microsoft Office, and DVD software that duplicates what comes built into Windows 7.

Maybe one PC vendor will try to set themselves apart in this department in time for next year's computer-shopping column. We can only hope.