US tried and failed to attack North Korea with Stuxnet worm
Couldn't deploy cyber weapons against Pyongyang
NSA surveillance reportedly hits offline PCs
The US tried to launch a cyber-attack against North Korea's nuclear weapons program but in the end failed, according to online reports.
An anonymous source told Reuters that the US tried to deploy the malware in a bid to stifle the country's nuclear ambitions but the attack, allegedly led by the NSA was prevented by the hermit nation's secrecy and isolation.
“Just owning a computer requires police permission, and the open Internet is unknown except to a tiny elite. The country has one main conduit for Internet connections to the outside world, through China,” Reuters reported.
The Stuxnet attack was conducted in tandem with a similar campaign against Iran's nuclear program back in 2009. The latter ultimately succeeded with thousands of uranium centrifuges destroyed in the attack. The virus was designed to infect industrial control software from Siemens. The joint US/Israeli mission was dubbed 'Operation Olympic Games'.
US intelligence sources said that developers created a related virus that would activate with it encountered Korean language settings on an infected machine.
But this malware could not access core machines that ran Pyongyang's nuclear program. In North Korea, owning a computer requires police permission and the internet is open only to the elite of the country, making infection a very difficult task. The only connection to the internet is through China.
Iran, however, has a broad internet penetration and many connections with companies around the world.
North Korea's sole internet connection makes a precision cyber-attack extremely difficult to carry out, however it is also a weakness as the country is more vulnerable to DDoS attacks.
IT is claimed that US spies tried to get malware onto core systems via equipment imported into the country from Iran, Pakistan and China.
Gavin Reid, vice president of threat intelligence at Lancope told SCMagazineUK.com that the virus “infected a Siemens Step 7 dll spreading through USB drives using windows auto run and over the network using a print spooler 0-day.”
Chris Boyd, malware intelligence analyst at Malwarebytes told SC that it is “no surprise that governments would want to attempt additional attacks on critical networks and infrastructure, but with no conclusive proof of this ‘alternate' Stuxnet we can only really speculate.”
"Nation-state attacks are, by their very nature, difficult to protect against. Layered defence will help, and if any part of the attack relies on social engineering then training can deny attackers unauthorised access, as this is often the primary point of assault,” he said.
"High profile nation-state attacks can inspire those in the underground to try and build similar threats aimed at enterprises, as they are often intricate and advanced. While it's unlikely the copycats will have the funding or technical resources available to a government, they'll almost certainly be able to leech some of the more accessible ideas and turn them into something new to worry about."
Raid said that it would be “very hard for private companies to protect against advanced nation state attacks”.
“However in this case there were some preventions and clues that could have helped. Either not allowing remote media on the IT infrastructure or intense logging and scrutiny of every remote media instance. Host based IDS that would alert on process crashes or buffer overflows (with appropriate monitoring) - Both could have prevented and given early warning signals that something was up,” he added.
Adrian Crawley, Radware's UK regional director, told SC that if true, the attack “demonstrates that the US cyber-war battlefield capability isn't as technically superior as their kinetic options”.
"As with all warfare, laws on preparations still hold true as those who learn lessons and apply deep and profound defences can seemingly benefit,” he added.