Mag-Securs No.29, 2011 - Validy: Learning from the Stuxnet Case
Everything has been said on the Stuxnet worm? Not quite. Someday a “James Bond” or “Mission impossible” film might be based on this case. Should we stop here? Clearly not, such an attack asks numerous questions and must challenge certitudes. We might have to rethink our security paradigms.
Validy - A Paradigm Switch to Ensure Code Integrity.
During the Forum International de la Cybercriminalité, late march 2010, Mag Securs met with Validy. We already knew this company and had looked at their technology in 2005. Our discussions in may and june have touched on the possibility of ensuring executable code integrity.
Mag-Securs No.29, 2011 - Validy: Learning from the Stuxnet Case
D OSSIER Article published in Mag-Securs No. 29 Learning from the Stuxnet case. Everything has been said on the Stuxnet worm? Not quite. Someday a “James Bond” or “Mission impossible” film might be based on this case. Should we stop here? Clearly not, such an attack asks numerous questions and must challenge certitudes. We might have to rethink our security paradigms. Report compiled by Dominique Ciupa.24 n°29
STUXNETT he Barings Bank bankruptcy, in 1995, countries, the United States and/or Israel, significant triggered by Nick Leeson with a £ 827 intellectual resources and also probably the work of millions loss was the theme of the 1999 traditional field agents. film “Rogue Trader” with Erwan McGregor. This kind of attack doesn’t however look like the At the beginning of 2008, we find that the worms we have experienced in the early 2000 that “Société Générale” (a French Bank) esca- were spreading on the internet. The equipmentsped narrowly bankruptcy with the “Jérome Kerviel” of a nuclear plant of enrichment plant are indeedcase: € 50 billions exposure and almost € 5 billions unreachable from the Internet. Specific network areloss[*]. The fall of 2008 financial turmoil gave us a designed and totally compartmentalized. It is even (*) :Read Mag-Securs n°19 (2e trimestrecompletely new pace: the American “subprime” crisis common to implement “diode-firewalls” allowing 2008) –involves $ 500 billions of fictitious assets! And scan- measurement equipment to send data to a control Affaire Société Générale : quelles leçons endals are not over: Madoff with $50 billions or even the room, without the possibility to send back commands tirer ?bailout of Ireland with € 85 Billions, etc… to this equipment and disturb it, or even change itsStuxnet could well be to the Information System Se- executable code.curity (ISS) what Nick Leeson has been to the finan- Those principles are widely distributed and are speci-cial system: the first episode in a long series whose fied in documents from the American Nuclear Energyeffects could ultimately be devastating. The risk for Institute, including document NEI0404. The attack isindustrial systems has been known for many years said to have been conducted with a USB key. The hu-and is regularly revealed in major conferences like man dimension has been employed… How exactly andBlack Hat, the RSA conference or FIC (Forum Interna- to what level? Things aren’t clear: a local agent actingtional sur la Cybercriminalité). But it was clear that deliberately? Upstream contamination of executablethis risk was considered as unconfirmed: the attack programs such that authorized technicians then un-had not yet occurred... Therefore, the temptation to knowingly compromise the equipments? Since seve-classify this risk as residual and acceptable without ral facilities have been compromised worldwide, thereally assessing its impact is strong... The media co- second scenario seems more plausible ...verage of the Stuxnet attack has at least the merit of According to the specialized Israeli military intelli-firing of an extensive awareness campaign on safety gence publication Debka, Iranian professor Majidof industrial systems. Shahriari, in charge of the fight against Stuxnet, was murdered last November. The procedure was to throw explosives from a motorcycle and then to shoot from> The attack factors a car. Iranian government immediately accused theWe must remain very cautious on what we know United States and Israel, confirming the murder of theabout the true aims of this worm. A general trend scientist …emerges, however, to assume that this malware was The analysis of the Stuxnet worm has been perfor-designed to destroy the centrifuges at the Natanz, med by many experts and we have seen very impor-Iran, uranium enrichment plant. Facts have indeed tant information sharing amongst experts and anti-been reported by the IAEA on delays of this program malware vendors. A comprehensive report has beenand the Iranian government has himself acknowle- produced by Symantec. Experts have identified thedged the existence of problems. Executable code to use of 4 « zero-day » exploits. The execution of ancommand centrifuges has been modified to change arbitrary payload, made possible by exploiting thetheir rotation speed and destroy them. It would thus unpatched LKN flaw, allowed to compromise the sys-be an attack on Siemens WinCC monitoring systems, tem by running malicious code from a USB key withwhich control, on a Windows computer, the SCADA the use of a .ink link. For the entire profession, the(Supervisory Control and Data Acquisition) systems. combination of 4 exploits represents an exceptionalThe goal of this case was therefore to stop or at least work, never seen up to now. Symantec explains thatto seriously slowdown the Iranian nuclear program. the motor frequency control system, between 807It would have also had the support of one or more Hz and 1210 Hz n°29 25
D OSSIER STUXNET however, shows that the greatest number of attacks In France, Daniel Ventre, engineer at CNRS and direc- were very clearly located in Iran, far ahea was targe- tor of the collection “Cyberconflits et Cybercrimina- ted. Experts note that the attack also take advantage lité” for the Hermès-Lavoisier publisher, is very cau- of the use of a default password. WinCC / PCS7 makes tious with respect to many findings that seem proved indeed use of a MS SQL database which requires an for many people. “The attack was not targeted, he internal communication password. The password says, it has affected India, Indonesia, Russia, U.S. and verification doesn’t concern the system user and China! It state origin is not proven: a 10 engineers Siemens recommends to its customers not to change workforce during 10 month is within the reach of an the password to prevent malfunctions… enterprise or of a group of students.” In its report on The worm study also shows that two certificates were Stuxnet, Symantec, d of other countries ... (*) :www.irsn.fr/FR/ Actualites_presse/ stolen from JMicron and Realtek. The system indeed Communiques_et_dos- checks executable code authenticity from a certifica- siers_de_presse/ tion authority: Verisign. But the modified executable > A risk for the French nuclear plants? Pages/20100930-Ver_ informatique_Stuxnet_ The risk on our nuclear plants has been taken se- code had original certificates and the certification peut_il_menacer_cen- riously by the French authorities. The IRSN (Institut trales_nucleaires_fran- authority recognized them as valid. How were the çaises.aspx de Radioprotection et de Sûreté Nucléaire) published certificates stolen? Infiltration, commandos, spies, on September 30 a research note on Stuxnet.[*] bribery, … The story doesn’t tell it yet, but many films It says that only the EPR nuclear reactor under show this… construction at Flamanville uses a Siemens control Experts believe that this worm required the work of a system. Its possible sensitivity to malware such as 6 to 10 persons team for 6 months to a year. The code analysis also shows a peculiar element. It contained Stuxnet must therefore be taken into account in the a file named “Myrthus”, which means “myrtle” in En- safety analysis. The propagation of the Stuxnet worm glish. However in the bible the Myrthus was a symbol requires supervisory computers under Windows Ope- of justice: “Instead of the thornbush will grow the ju- rating System and using the Siemens PCS 7/WinCC niper, and instead of briers the myrtle will grow. This line of products. will be for the LORD’s renown, for an everlasting sign, The IRSN goes on to explain the need for a compre- that will endure forever.” Other experts have seen an hensive safety review, with a systematic and detai- allusion to the Book of Esther, and therefore the To- led technical analysis of systems whose dysfunc- rah, «She was called Hadassah because the upright tions can affect the safety of nuclear facilities. For are called thus» Hadassah is one of the name of the the EPR, explains the IRSN, EDF chose the Siemens Esther Queen and means myrtle. The book of Esther «SPPA-T2000” product, based on the “S5” techno- explains how the Queen Hadassah foiled the Persian logy, older and radically different from the “WinCC / attacks aimed at destroying the Jewish people. S7” targeted by Stuxnet. Supervisory computers in Another detail from the code analysis, the worm will Flamanville EPR don’t use the Windows Operating stop working on June 23, 2012. Experts have noted System and don’t use the WinCC PCS software; the that it is exactly 100 years after the birth of Alan Tu- Stuxnet worm has thus no influence on them. And ring, famous for his work on computers but also for IRSN continues by saying that safety analysis of the leading a cryptanalysis team during World War II in Siemens SPPA-T2000 platform has verified that this Bletchley Park. He was able to decode German com- platform presents properties that guarantee among munications and played a considerable role in the others, its immunity to malware, and in particular Allied victory against the Nazi regime ... to the Stuxnet worm. The protection system of the Unanimity is nonetheless not reached amongst ISS EPR, the most important of the safety systems, is experts on the planet. In Israel there are specialists developed from another technology called Teleperm who criticize a communication campaign hostile to XS. This Areva technology doesn’t use the pieces of their country and minimize the stuxnet capabilities. software targeted by Stuxnet and its26 n°29
D OSSIER safety PLCs have no interfaces that would allow mali- Linux this usage is still infrequent! Defense in depth cious software to infect them. is sometimes taken into account, with an anti-ma- This is reassuring… or very worrisome since nothing lware software on the workstation and a second on guaranties that another malware couldn’t be targe- the enterprise gateway, or even a third on the mail ted to attack French sites. Very strict safety studies server if it is hosted. It is also often customary, to must continue to be performed. ban access to some equipments by blocking ports, for instance by removing USB ports. > Deepen the principles of risk analy- Then there are several code signature solutions: RSA, elliptic curves, etc… Those solutions require the sis and security paradigms establishment of a Public Key management Infras- Above all, Stuxnet teaches us that it is necessary to tructure PKI. Unfortunately we still sometimes find deepen our principles of risk analysis. integrity checks based on a simple hash code. The Indeed, we are accustomed to question ourselves code is send along with its MD5 or SHA1 digest: upon about the origin of the threats we face and to dis- reception the system verifies that the code and the card several of them to keep systems simple. Now, digest are consistent. Nothing precludes a potential if we favor the scenario where Stuxnet is targeting Iranian centrifuges, we must also recognize that to attacker to modify the code and send a new digest… achieve its contamination goal, it has spread eve- Let’s be serious! rywhere and can still cause damages to equipment The Stuxnet case reveals a different scenario: cer- in other industries. The code used by Siemens is pro- tificate theft. The certification authority becomes bably also found in numerous other equipments, as useless and the PKI is destroyed. According to the it is often practiced. Therefore, the fact that no direct Symantec report, the first evidence of a Stuxnet like enemy has been identified doesn’t mean that there attack date back late 2008. A vulnerability allowing is no exposure to highly sophisticated attacks ... The remote code execution in a shared printer spooler concepts of collateral loss or damage are well known was exploited in April 2009. A preliminary version of in military operations and may also exist in business Stuxnet was discovered in June 2009. On January or industries. 25, 2010, the Stuxnet driver is signed with an appa- We must also accept the fact that country driven rently valid certificate own by Realtek Semiconductor attacks, even if not fully proven yet, must now be Corp. On July 17, 2010, ESET identifies Stuxnet again regarded as plausible. signed with a certificate from JMicron Technology Many risk assessments focus on system availability. Inc… Verisign will wait until July 22 to revoque this A company must produce, sell and then be paid. Subs- certificate. Briefly the PKI provided by Verisign has tantial resources are applied to backups, fire-fighting remained permeable for many months… and disaster recovery plans. In many large SME, risk But are these scenarios integrated today in our risk analysis is often limited to this point. Information analysis? Should we not change paradigms? Find confidentiality is often taken into account because of another way to ensure executable code integrity? The trade issues or regulatory constraints, such as health ban of any connection on a machine doesn’t always data confidentiality or issues of national sovereignty. address the operational requirements. We’ve seen Again, important resources are often used: encryp- systems with USB ports blocked with resin, but there tion, tracking logs, keys management infrastructure, is always a time when we must update software, and etc… then... The integrity checking of the programs and exe- Claiming that a certificate will never be stolen is not cutable code doesn’t give rise to a lot of concerns. very serious. Should we not go further with other se- Unquestionably, all companies recognize the need curity measures and greater defense in depth? for anti-virus… although on the Macintosh and Unix /28 n°29
STUXNETLe bilan Stuxnet pourles éditeurs d’antivirusEntretien avec Pierre-Marc Bureau, chercheur-analyste chez ESET,MichelLanaspèze, expert chez Sophos, et David Grout, expert chez McAfee.For our three experts, the media did not publicize the Stuxnet story very early. Thismay be partially explained by the complexity of this threat and its history. Details on itsmechanisms and its targets have trickled in publications.S tuxnet has become newsworthy because controls, it targets SCADA infrastructures, explains • the use of a large number of unknown or unpu- Michel Lanaspèze. Most research labs blished vulnerabilities, deal with more than 60000 new malware • an expert level knowledge of Siemens’ PLC environ- sample each day, which leaves them little ment, time to analyze the likely intent of mali- • the need for physical access to a system to initiatecious code: their foremost mission is to detect and the attack.block threats, before analyzing and explaining thepotential consequences of an attack. This worm is very interesting because of its complexi-David Grout adds that the strongest new elements ty, he adds:of this attack are especially related to the fact it was • the use of 4 zero-day exploits (e.g. ms10-046 lnk/carefully targeted. It belongs to a specific type of at- shortcut vulnerability, ms10-061 - print spoolertack known as APT (Advanced Persistant Threat) that vulnerability)have a unique goal and are dedicated to this goal. The • digitally signed and valid drivers (e.g. mrxcls.sys)worm, says David Grout, used a combination of fac- • the first PLC (Programmable Logic Controller)tors that leads to think that its authors had access to rootkit,large resources: • a Windows rootkit,• digital signatures that let them bypass applicative n°29 29
D OSSIER • advanced techniques to avoid detection by antivi- security vendors and user communities would cer- rus tainly allow a potentially malicious file to be submit- • propagation techniques, ted for analysis to anti malware vendors as soon as it • updates and mutations (for example through is identified. This collaboration would favor the identi- connections to www.todaysfutbol.com or peer to fication of threats that would thus be detected faster. peer). Furthermore, several solutions can be considered to secure operating systems; lets not forget that wit- It is extremely rare, adds Pierre-Marc Bruneau, to hout the unknown vulnerabilities it exploited, Stuxnet see a software worm exploit a previously unknown would not have escaped detection for so long. vulnerability. It is the first malware to target critical But Pierre-Marc Bruneau also sets limits to what an infrastructures. A malicious software usually tries to antivirus can do: «Our antivirus must not be in charge spread to the largest number of systems possible. of verifying digital signatures.» This task should be Stuxnet for its part aimed at penetrating one or seve- left to the operating system. In the case of Stuxnet, ral highly secured networks. Using several stolen di- the largest breach was that code signing certificates gital certificates to spread without raising suspicion were stolen from JMicron and Realtek and these com- is also new. This worm was completely unknown and panies did not signal the theft. This omission was propagating using new infection vectors, it was put thousands of users that trust their certificates thus very difficult to detect. in danger. For David Grout, preventing such attacks After the file was submitted to antivirus software depends on the combination of whitelist application vendors, says Pierre-Marc Bruneau, a trigger has filtering, antivirus, and antirootkit but also physical been added and instances of Stuxnet are now detec- access control. ted like any other piece of malware. When it installs «Today, there are two main kinds of attacks: worms on a system, Stuxnet uses the same vector as other and viruses for ... and a new generation of malware malwares, namely a set of Portable Executable (PE) targetting particular assets to which Stuxnet, Zeus, files. and Aurora belong, explains David Grout. Michel Lanaspèze agrees with this analysis. «Anti- Many companies view antivirus software as com- malware are very efficient to detect and block known modity tools, I believe they are wrong; The data of an malware.They are also efficient, but less so, to block enterprise have more than ever a high value: compe- unknown malware.» As soon as Stuxnet was iden- tition for patents, tecnological advantage, profit...» tified, most anti malware software vendors have «To conclude, says David Grout, it is necessary to promptly updated their solutions to block this new properly assess the criticality of the target to be pro- threat and prevent the infection from spreading. tected to provide the right levels and means of pro- «Practically all anti malware solutions use technique tection. Even an operating system that is relatively that go well beyond the classical signature to pre- unknown or an application that is less vent infection by unknown malware.» says Michel under attack might attract a well versed public.» Lanaspèze. For example, techniques of behavioral «Finally, this affair shows that questioning the secu- protection, HIPS, etc. These techniques are always rity of certificates is justified, says Michel Lanaspèze, being developed and their improvement will allow since Stuxnet seems to have been digitally signed to minimize the impact of «zero day» attacks. We with certificates it was not authorized to used.» must however keep in mind that a 100% effective «It seems clear that in the future, validating the inte- protection will probably remain an inaccessible Graal grity of a system will rely in part on a hardware com- and that the response to such attacks must thus ponent, says Pierre-Marc Bruneau. However, I am not be seeked in complementary protection techniques qualified to envision how these mechanisms might (network access control, intrusion detection, vulne- be deployed. Defense in depth, privilege separation, rability management, etc.) and the ability to react critical system isolation, access control are well quickly and efficiently to new kinds of attack. For known solutions that provide an effective protection Pierre-Marc Bruneau, better collaboration between to IT systems.»30 n°29
STUXNETValidy: a Paradigm Switch to EnsureCode IntegrityDuring the Forum International de la Cyber-criminalité, late march 2010, Mag Securs metwith Validy. We already knew this companyand had looked at their technology in 2005. Our discussions in may and june have tou-ched on the possibility of ensuring execu-table code integrity.V alidy Net Inc. was founded in 1998 by a French team in the state of Oregon, USA. The founders had met at X Pôle, Ecole Polytechnique’s startup incubator in Pa- ning executable code in a system. A Java bytecode laiseau where they were working for Hy- recompiler has been developed by Christophe Vedel perparallel Technologies, a predecessor to split an executable in two parts: one for the mainof the HPC Project and of present-day super compu- CPU and the other for the security coprocessor. Exe-ters. Gilles Sgro comes from the world of IT Systems cutable code signature techniques are being usedmanagement. Jean-Christophe Cuenod is a graduate today to reduce the risk of a system being compro-from Ecole Normale Supérieure (1981), majoring in mised to an aceptable level.However, Jean-Chris-physics. Christophe Vedel holds a PhD in Computer tophe Cuenod told us last may (before the outbreakScience and graduated from Ecole Polytechnique in of Stuxnet in the media and just after our meeting at1989. FIC 2010) that ne should not consider this residualValidy Net Inc has invested a total of 9 millions dol- risk as only potential: it has already happened! Forlars, 2 millions going to the protection of their intel- embedded systems, under the potential of their userlectual property. Its French subsidiary, Validy SA, has (or of an attacker, unbeknownst to the user), signa-applied for a dozen patents which represent inclu- ture systems have loong been subverted by diverseding worldwide applications a portfolio of a hundred methods.patents and patent applications. In 2010, Validy Net The Xbox uses signatures to make sure that onlyInc. was a finalist of the American Security Challenge. games authorized by Microsoft can be loaded and this protection has been cracked! More recently, > Combining Hardware and Software Apple’s iPhone is designed to accept only signed ap- plications from the Appstore.ProtectionValidy took an interest in the problem of protectingsoftware code. To this end, they use a secure hard-ware component that executes a subset of an appli-cation’s operations in place of the host main CPU. Thehost CPU can not work without obtaining the result ofthe operations performed by the secure component.This technology thus tackles the inherent risk of run- n°29 31
D OSSIER STUXNET It is however possible to jailbreak one’s iPhone to let some hackers but will not stop a determined attac- it execute any application. In both cases, software ker. and/or hardware improvement have allowed the manufacturer to temporarily retake the advantage These attacks have already been used with success for new versions of their product but not to regain to disable antivirus programs and will no doubt be control of subverted machines. used with the same success to disable signature verification sys > Trust can not rely on an external tems. Take as an example a VPN implemented using dedicated appliances. The appliances esta- unverified element blish a secure perimeter (walled garden), but do not Furthermore, says Jean-Christophe Cuenod, when consider the problem of authenticating code. If wit- protection is centralized (editor’s note this is the hin the secure perimeter, a single party becomes an case for the certification authority of a PKI), cracking attacker, intentionally or not, the appliances become it opens up the whole system «Our solution applies useless. to each system individually, which will deter attac- To take an actual example, if an employee inside the kers». The major remaining problem, according to secure perimeter wants to watch a match from the Jean-Christophe Cuenod is that of trusting the verifi- soccer world cup and plugs a 3G key into his ma- cation process and ultimately the certification autho- chine, the breach in the enclosure can lead to mas- rity. Two attacks can be devised: sive compromission. • bypass the verification altogether by corrupting the To summarize, trust can not be transfered. If you verification program or its public key database, need to trust a program, you can not rely on a mecha- • change the code between the time it is verified and nism outside this program to guarantee its integrity. the time it is executed. Many classical attack methods can be applied to > Verification is part of the system: a these tasks. Depending on the situation, one could: self signature without a certification • verification program V is used to verify program P. authority A security vulnerability is discovered in program P Validy Technology is different from all the systems which must be replaced by a fixed version, signed I know: verification is part of the program itself. The and transmitted over the network. The attack is the robustness of the solution relies only on: following: before P is replaced by the fixed version, • the quality of the hardware implementation the attacker uses the vulnerability in P to write an • the quality of the software implementation (num- exploit and take control of the machine long enough ber of hidden variables, entropy, coverage, quality to change V into Vbad by substituting its public key. of the transform performed by the recompiler), From this point, any code signed by the attacker is • the availability to the attacker of a system from considered legitimate. which to learn. • The attacker has physical access to the machine. With this access, he can boot another operating The unique value of our solution is that its robus- system that gives him direct access to the file- tness does not depend on hypotheses made about system. Through this access, he can change V into external programs or mechanisms. It is very simple Vbad or change P directly. The difficulty of this kind yet extremely important concludes Jean-Christophe of attack depends on the nature of the hardware. On Cuenod. a PC the operation is trivial and performed routinely using a «live CD» to change a forgotten password. The effects of the Stuxnet worm started to appear in On a game console, a «modchip» worth a few dol- the media in july then exploded in september after lars allows the same result. On machine such as our conversations in may and june with Jean-Chris- smartphones, miniaturization can be a hurdle for tophe Cuenod, Gilles Sgro, and Christophe Vedel.32 n°29