15 Quotes by Kim Zetter

The nations, of course, that are most at risk of a destructive digital attack are the ones with the greatest connectivity. Marcus Ranum, one of the early innovators of the computer firewall, called Stuxnet 'a stone thrown by people who live in a glass house'.

Attribution is an enduring problem when it comes to forensic investigations. Computer attacks can be launched from anywhere in the world and routed through multiple hijacked machines or proxy servers to hide evidence of their source. Unless a hacker is sloppy about hiding his tracks, it's often not possible to unmask the perpetrator through digital evidence alone.

One such middleman is a South African security researcher based in Thailand who is known in the security community by his hacker handle “The Grugq.” The Grugq brokers exploit sales between his hacker friends and government contacts, pocketing a 15 percent commission per transaction. He only launched his business in 2011, but by 2012 sales were so good, he told a reporter he expected to make $1 million in commissions.

In amassing zero-day exploits for the government to use in attacks, instead of passing the information about holes to vendors to be fixed, the government has put critical-infrastructure owners and computer users in the United States at risk of attack from criminal hackers, corporate spies, and foreign intelligence agencies who no doubt will discover and use the same vulnerabilities for their own operations.

Attribution is an enduring problem when it comes to forensic investigations. Computer attacks can be launched from anywhere in the world and routed through multiple hijacked machines or proxy servers to hide evidence of their source. Unless a hacker is sloppy about hiding his tracks, it’s often not possible to unmask the perpetrator through digital evidence alone.

Like conventional weapons, most digital weapons have two parts – the missile, or delivery system, responsible for spreading the malicious payload and installing it onto machines, and the payload itself, which performs the actual attack, such as stealing data or doing other things to infected machines. In this case, the payload was the malicious code that targeted the Siemens software and PLCs.

There was nothing like staring down the barrel of a suspected cyberweapon to clear the fog in your mind.

The nations, of course, that are most at risk of a destructive digital attack are the ones with the greatest connectivity. Marcus Ranum, one of the early innovators of the computer firewall, called Stuxnet ‘a stone thrown by people who live in a glass house’.

The horrors and costs of war encourage countries to choose diplomacy over battle, but when cyberattacks eliminate many of these costs and consequences, and the perpetrators can remain anonymous, it becomes much more tempting to launch a digital attack than engage in rounds of diplomacy that might never procedure results.