US Chose Not To Use Cyberwarfare Against Libya?

Earlier this week, The New York Times released an article titled “U.S. Debated Cyberwarfare in Attack Plan on Libya“. Apparently, when the US led the air campaign against Libya in March (Operation Odyssey Dawn), we had a choice – to take out Libyan air defenses with conventional kinetic weapons or use a cyber attack.

The cyber route sounded exciting:

“While the exact techniques under consideration remain classified, the goal would have been to break through the firewalls of the Libyan government’s computer networks to sever military communications links and prevent the early-warning radars from gathering information and relaying it to missile batteries aiming at NATO warplanes.”

But not everyone was on board with this, “fearing that it might set a precedent for other nations, in particular Russia or China, to carry out such offensives of their own” and “These cybercapabilities are still like the Ferrari that you keep in the garage and only take out for the big race and not just for a run around town, unless nothing else can get you there”.

So, conventional weapons including airplanes, drones and cruise missiles were used instead. But the article just left me scratching my head. Haven’t air defense systems been taken out before through electronic means?

Sure they have, two instances come to mind immediately. One is the Israeli raid on the Syrian Nuclear facility and the other is during our military operations in Iraq. A system called “Suter” could have been used in both.

Simply put, Suter is a system that attacks and confuses the computer controls of air defense systems. I remember a history channel interview with an EC-130 pilot that was talking about his experiences in Iraq. “We owned their radar and telecommunication systems,” he said. “We were able to place fake targets into their systems and hide real ones.”

So if we have been able to manipulate foreign air defense computer systems using electronic technology and programming in the past, why would cyber attacks be any different? Granted you would be coming in through a firewall to attack a computer, but is it really any different than attacking it through radar waves? Especially if the results would be the same, or very similar?

If this is true, then is cyber warfare really any different from Electronic Warfare that has been used for ages, or is it just be a new form of it?

Cybersecurity Conference & Exposition – Washington, DC

The Cybersecurity Conference & Expo is coming up December 8-9 in Washington, DC – delivering in-depth training for government practitioners and essential networking opportunities with government and industry leaders at the forefront of cybersecurity initiatives.

The conference offers 2 days of in-depth sessions on cyber defense, policy and planning. The FREE one-day expo includes education sessions, a CISSP Exam Prep Clinic and a keynote presentation from Shawn Henry, Executive Assistant Director at the FBI.

Conference Topics include:

  • Defensive and offensive tactics to protect your assets
  • The Advanced Persistent Threat
  • Influx of malware breaches
  • The latest cyber attack vectors
  • Social media threats and solutions
  • Insider threats and solutions
  • The mind of the hacker
  • Calculating ROI on your cyber investment
  • Preparing the cyber offensive and defensive leaders of tomorrow
  • Improving current offensive and defensive assets
  • The current state and future of cybersecurity policy

The Expo is free for the government, and Early Bird rates are in effect until November 11th on the Conference – saving you $200!

Find out more and register today at

Stuxnet II – Dubbed “Duqu” found in the Wild

On October 14th, Symantec was sent a sample of a Stuxnet variant from an organization in Europe.

The malware was very similar to Stuxnet, but the payload and purpose makes this a totally new creation.

Parts of the malware is basically stuxnet, it is so close that a report from f-secure says that their backend systems even thought that it was Stuxnet.

But as researchers dug into it, they found an interesting twist. This version was not created to destroy PLC equipment. This one is an electronic spy.

According to a 42 page analysis of Duqu released today, Symantec claims that the code was written by the same authors who wrote stuxnet, or at least a group that had access to the source code. But the twist is, this one isn’t made to take out nuclear power plants, this version collects information, possibly for a follow up attack at a later time:

“Duqu’s purpose is to gather intelligence data and assets from entities such as industrial control system manufacturers in order to more easily conduct a future attack against another third party. The attackers are looking for information such as design documents that could help them mount a future attack on an industrial control facility.

Duqu does not contain any code related to industrial control systems and is primarily a remote access Trojan (RAT). The threat does not self-replicate. Our telemetry shows the threat has been highly targeted toward a limited number of organizations for their specific assets. However, it’s possible that other attacks are being conducted against other organizations in a similar manner with currently undetected variants.”

The design also makes it difficult to ascertain the malware’s source nation. It uses a valid digital certificate from a company in Taipai, Taiwan (which has since been revoked). Communicates via HTTP and HTTPS communications to a Command and Control server in India. Encrypts data before transmission, communicates to the C&C server via dummy .jpg picture files and automatically removes itself in 36 days.

As this version seems to be an espionage tool, one has to wonder what is next. The author apparently wants to gather information on a target for what would seem to be future attacks. What could the future attack be?

Well, we may not need to wait long to find out, as of today Symantec received additional variants of Stuxnet from another European organization. These samples have a compilation date of October 17th. Symantec has not had time to analyze these new samples yet, but this is very interesting indeed.

For more information, check out Symantec’s detailed report.

How to Turn an MP3 Player into a Linux Bootable Drive

I have a couple old MP3 players kicking around and have always wanted to try this. A lot of MP3 players are just USB flash drives with the brains to play music from the files stored on them.

You can open the MP3 player up in Windows Explorer and music files are usually stored in the root of the device or in a folder called “Music”. Simply adding songs or removing them manually is usually easier than trying to do it in Media Player or iTunes.

So, what I did is take one of these:

Copied all the information that was on the MP3 player to a backup folder on my PC (in case things went bad). Downloaded Ubuntu 11, and it’s USB installer and loaded Ubuntu onto it:

I then rebooted my PC, selected “boot from USB drive” from the Boot menu and got this:

Finally I copied the music files back to the MP3 player, ejected it from the PC, plugged my headphones in and it played music like a champ. Now, I have an MP3 player and a bootable USB drive.

I was thinking of installing Backtrack 5 on it and making it into a inconspicuous looking penetration testing platform, but the MP3 player just did not have enough free space.

Pretty cool, just a note of caution though, this may not work on every mp3 player. Only try it on one that you can risk ruining.