A.J. Jenkinson - Stuxnet to Sunburst: 20 Years of Digital Exploitation and Cyber Warfare

Andrew Jenkinson

First edition published 2022

by CRC Press

6000 Broken Sound Parkway NW, Suite 300, Boca Raton, FL 33487-2742

and by CRC Press

2 Park Square, Milton Park, Abingdon, Oxon, OX14 4RN

2022 Taylor & Francis Group, LLC

CRC Press is an imprint of Taylor & Francis Group, LLC

The right of Andrew Jenkinson to be identified as author of this work has been asserted by him in accordance with sections 77 and 78 of the Copyright, Designs and Patents Act 1988.

Reasonable efforts have been made to publish reliable data and information, but the author and publisher cannot assume responsibility for the validity of all materials or the consequences of their use. The authors and publishers have attempted to trace the copyright holders of all material reproduced in this publication and apologize to copyright holders if permission to publish in this form has not been obtained. If any copyright material has not been acknowledged please write and let us know so we may rectify in any future reprint.

Except as permitted under U.S. Copyright Law, no part of this book may be reprinted, reproduced, transmitted, or utilized in any form by any electronic, mechanical, or other means, now known or hereafter invented, including photocopying, microfilming, and recording, or in any information storage or retrieval system, without written permission from the publishers.

For permission to photocopy or use material electronically from this work, access

Trademark notice: Product or corporate names may be trademarks or registered trademarks and are used only for identification and explanation without intent to infringe.

ISBN: 978-1-032-06849-7 (hbk)

ISBN: 978-1-032-06850-3 (pbk)

ISBN: 978-1-003-20414-5 (ebk)

DOI: 10.1201/9781003204145

Typeset in Caslon

by SPi Technologies India Pvt Ltd (Straive)

The year 2021 the age of the interconnected, digital planet, in which for two decades has empowered commercial organisations, governments, institutions, and academia to leverage, what is almost unfettered interconnectivity to the benefit of transacting and delivering commodities and services over the always available World Wide Web (WWW). These embraced technologies have proven to be cost-effective and practical and have enabled both large and small companies alike to reach far and wide, crossing physical boarders by leveraging digital tentacles to reach afar into markets, which up to that juncture were out of reach. We may understand this digital evolution more by looking back to the path technologies have trodden with commercials and governments moving away from those cumbersome, expensive IBM, Tandem Mainframes, to mix in and exploit the advances of Commercial Off the Shelf (COTS) products, such as Windows NT 3.5 and 4.0, becoming coexistent with the new world of easily routed communications across the internet. In those formative years, the conclusion was, with such new, low-cost business and transactional opportunities what was not to like? However, what may now be considered as short-sighted in the clamber to evolve the opportunities presented by such infant systems, applications, and infrastructures of the digital revelation was, where there is good, lurking in the background, it was overlooked that there would be futuristic opportunities for criminals to exploit to their own financial end and government agencies to weaponise technology to their own end purpose!

Going back 20 years, can you imagine telling your grandparents that the TV in the corner of the room may be listening to their conversations, or to consider the kitchen appliances they purchased may have a Zero-Day exploit hidden within the on-board Chinese circuitry! Of course, at that time such an opinion would have been considered as a wild Orwellian thought of someone who didnt have a firm grip on reality yet in the year 2021, such a conversation would be accepted as the norm in an age suffering from a Cyber Threat Pandemic. To appreciate how we have arrived at such an insecure digital world, it is necessary to look back in techno time to understand the roots of digital adversity, and the formative days out of which logical current dangers were born. In January 1986, the world encountered the first computer virus attacking Windows-based PCs under the tag of Brain. Brain was a boot sector virus which had been developed by brothers, Basit and Amjad Farooq Alvi, aged 17 and 24 years, respectively, who lived in Chah Miran, near Lahore Railway Station, in Pakistan. At that time, the prevalence of, what we now refer to as malware became a popular pass-time for activists of all types, resulting in the world of computing seeing its first big security challenge. It is however interesting to acknowledge that in those early days of viruses being seen in the wild, it was CESGs (GCHQ) opinion that such technical dangers were just a passing nuisance. However, what was to follow would be, or should have been a wake up and smell the coffee call of the dangers posed by the new destructive computer virus. It was on 2 November 1988 when the world encountered the release and impact of the Morris Worm, the first computer virus (worm) to be distributed via the internet. The Morris Worm was also the worlds first intelligent piece of malware targeting vulnerabilities in Unix systems, such as a point of exploitation associated with sendmail, a system buffer overflow, and a remote execution taking advantage of a shell condition. Back in 1988 the damage caused by this code amounted to a staggering $100,000$10,000,000 financial impact. The Morris Worm was what would now be probably tagged as Zero-Day exploit, but Andrew will come back to Zero Days and cover them in depth later in Stuxnet to Sunburst.

As time progressed, unlike the forefathers of the early viral strains, those with darker intent saw the potential to leverage an adverse logical condition to their own financial gain, and so the criminal cultures of society started to invest their digital creativity developing code for criminal purpose. Such early days of dark coding included Trojan Horse and Spyware programs with the intent of scraping valuable data from the target victims computer, or by dropping a Distributed Denial of Service (DDoS) attack with a view to blackmailing the targeted client to pay up so that the attack would be ceased very much in the guise of DDoS attacks on the online gaming community, who were happy to pay up to get their operations back online. And of course, on the criminal front, not overlooking the multiples of successful Ransomware attacks in 2021 on organisations ranging from Serco through to the Colonial Pipeline compromise, which saw millions of US dollars handed over to the attackers what can be considered, funding the longer-term operational aspirations of criminal gangs (the attackers will be back).

When we arrive at the dangers posed by State-Sponsored Actors, it is not just the obvious culprits such as North Korea and China who have set their teams to work evolving the next Advanced Persistent Threat (APT). They are joined by the more developed intelligence players who are (or were) well ahead of the game to weaponise digital assets. Here I call out the USA with their developed CIA and NSA activities, the UK in the guise of GCHQ, and of course the everactive Russian contingent, under the banner of the GRU, and their little helpers such as Cozy Bear (APT29). In this space there is one very notable mission which was the code that really did set the digital wrecker ball in motion Stuxnet. As we are now aware, Stuxnet was weaponised by malicious code that had been signed off by the Obama Administration circa 2005 and was the key component of project Olympic Games. The objective of Stuxnet was to disrupt the mission of Iran in its nuclear aspirations, and to secretly attack their SCADA Industrial Control Systems with the intent of degrading and destroying their centrifuges. A digitally discreet mission which was so successful it corrupted more than 200,000 computers and damaged over 1,000 machines Stuxnet will be covered in more depth in later chapters. However, one fact can be taken as certain, this was the weaponised code that changed the shape of what is now the futuristic of a Digital Theatre of Conflict.