Morris enrichment center: Morris Memorial United Methodist Church

There aren’t many cyber attacks that books have been written about. Yes, what is there, they can generally be counted on the fingers, and the most famous of these books is Countdown to zero day by journalist Kim Zetter. This book – with Kim’s meticulousness and careful fact-checking – tells the story of the most notable cyberattack in their history: the Stuxnet malware, which in 2009in 2007 disabled Iran’s uranium enrichment centrifuges, setting Iran’s nuclear program back several years.

Countdown to day zero – Kim Zetter’s book about Stuxnet and the emergence of cyberweapons

We also wrote about Stuxnet at 3DNews: here’s a conspiracy article by Sergei Vilyanov, here’s just a few news. In the computer world, this event was absolutely unprecedented. In short, the situation is as follows: in a nuclear center in Iran, due to a computer failure, centrifuges for uranium enrichment went beyond the permitted operating modes and physically collapsed. They were forced to increase the rotation speed above safe values ​​by controllers controlled by special Siemens PLC industrial computers that are not connected to the Internet. And the computer worm Stuxnet was to blame.

How did the malware get on machines not connected to the network? How did it avoid detection, even though, as it turned out later, when the anti-virus companies took down signatures and wrote detections, the worm infected about 200,000 machines? Why did nothing happen on all these machines, while in Iran the worm suddenly began to act? How was it managed when the computer on which the worm modified settings was not connected to the Internet?

You can answer these questions for a long time – which, in fact, Kim Zetter does in his rather thick book. And at the same time, he tells how the small Belarusian company VirusBlokAda was the first to discover the malware, how two anti-virus giants, Symantec and Kaspersky Lab, joined the investigation, working 24/7. They studied the malware for a long time – and found out this.

Of course, everything is complicated with the attribution of the attack, but most experts agree that Stuxnet is a joint creation of the United States and Israel. And that it was created precisely in order to slow down the Iranian nuclear program. The worm used a whole bunch of zero-day vulnerabilities – that is, those that the developers of vulnerable software are not yet aware of – and carefully hid from any antiviruses. It spread by recording itself on removable media: apparently, it was on a flash drive that it was brought to machines that were not connected to the Network.

Stuxnet originally targeted five Iranian organizations, all involved in one way or another with the nuclear program. On ordinary computers, Stuxnet did nothing at all except multiply – and then to a limited extent. But if the worm understood that it was on a SCADA system that also had Siemens software installed, then it added its component to this software, intercepting communications between the computer and the systems it controlled. But again, the worm did not act in every such case, but only if motors with a speed of rotation from 807 to 1210 rpm were connected to the Siemens PLC controllers, and one of two specific manufacturers. Only in this case, Stuxnet began to do its dirty work – periodically increased the speed to 2000 rpm, which the motors could not withstand and broke. It was precisely such equipment with such characteristics that stood at the center of uranium enrichment in Iran.

Siemens Simatic S7-300 controllers – Stuxnet was interested in these controllers and the machines that controlled them. Image from the Siemens official website

At every step, the worm masked its actions and prevented detection and removal. It is also interesting that there was an additional infrastructure around Stuxnet: two command & control servers were raised to update the components – in Denmark and in Malaysia. Since the worm did not hit the right machines right away, it was improved and tuned up several times along the way. But in theory, Stuxnet could do without C&C servers: it was designed to operate autonomously.

Stuxnet turned out to be the most complex malware that many antivirus companies have ever encountered. In the world of cyber threats, it was a real work of art – very dangerous, but almost ingenious. Actually, after the advent of Stuxnet, people started talking seriously about such a phenomenon as cyber weapons. And although many information security companies try to use this term less often, usually talking about APT (advanced persistent threats) instead, it has become impossible to deny the existence of cyber weapons after Stuxnet.

⇡#

2. The most obvious attack: a hacked “Jeep”

Andy Greenberg was driving his Jeep Cherokee at a speed of about 110 km / h when something was wrong with the car. The air conditioning system suddenly began to blow cold air at full power, the radio switched itself and played hip-hop, the wipers began to crawl on the glass with all their might, and streams of washer poured from the nozzles on the hood. Well, then on the display of the multimedia system appeared the image of two hackers whom Andy knew well – Charlie Miller and Chris Valasek. The couple broke into Greenberg’s Jeep.

No, the hackers didn’t have a grudge against a Wired security journalist. It’s just that Miller and Valasek were able to hack the Cherokee so that it could be remotely controlled via the Internet – and, by joint agreement, demonstrated this to Greenberg as clearly as possible. Remote control means not only changing the music, but also disabling the brakes, turning the steering wheel and pressing the gas: Andy also managed to experience all this in his own skin, when his car suddenly turned the steering wheel on its own and slid into a ditch, however, after slowing down. If the hackers wished to kill the journalist, they could easily implement this, but they definitely did not have such an agreement with Greenberg.

The Jeep break-in in 2015 is the first attack on a car, showing how serious the consequences can be. It was after Greenberg published his paper, and Miller and Valasek gave talks about the hack at several conferences, that automakers finally began to think about car safety not only in the context of airbags, curtains, cockpit stiffness and the availability of emergency braking systems, but also and in terms of protection against cyberattacks. After this demonstration, many other hackers decided to try their hand at hacking cars – and found many more vulnerabilities. Particular attention, of course, was enjoyed by Tesla, which over the past three years has been repeatedly hacked by teams from different countries, forcing it to drive without a driver, open doors, brake hard, and so on.

⇡#

3. Biggest Cyber ​​Attack: Yahoo Hacked

If Stuxnet Infected 200,000 Computers, Miller and Valashek Hacked a Single Jeep ), then the next cyberattack in our collection was much larger. The then-popular Internet giant Yahoo was hacked and 3 billion accounts were stolen. THREE BILLION. It is as if almost every second inhabitant of the Earth had their account stolen.

In fact, it was not one hack, but two: in September 2016, Yahoo admitted that back in 2014, attackers gained access to 500 million accounts, and later, in December, said that in 2013 another billion. Well, a little later, in 2017, she admitted that it was not a billion, but a little more: all three in total.

Image from threatpost.com

Just then, the American giant Verizon was negotiating a purchase with Yahoo, and this helped bring down the price quite well: as a result, Yahoo cost Verizon $4.48 billion instead of $4.83.

Who broke Yahoo in 2013 has not been established. But for the 2014 hack, the US Department of Justice blamed two FSB officers and two hackers from Russia and Canada. Of the four, only a Canadian hacker, Karim Baratov, pleaded guilty and is currently serving a 5-year sentence for hacking. At the same time, the gigantic base of 2013 eventually surfaced on the darknet – either they got everything they needed from it and decided to sell it as unnecessary, or it was originally stolen for the purposes of resale.

Yahoo itself acted extremely clumsily in this situation – in 2013, it finally found a place for the position of director of security, which they took on Alex Stamos, but Stamos complained that sufficient funding was not allocated to the cybersecurity unit, and as a result in 2015- m went to Facebook*. Yahoo was also in no hurry to disclose data about the leak, just as it was in no hurry to forcibly reset user passwords, fearing a negative reaction. Well, silence is never good – and the example of Yahoo clearly shows this.

Those who used the same password for different services suffered the most from this attack – many of them were robbed of not only their mail, but also other accounts. If you needed an excuse not to do it, here it is.

⇡#

4. Most Blatant Attack: Kevin Poulsen and the Stolen Porsche

“The 102nd person who calls us at the radio station will be given an incredible prize – a sporty beauty Porsche 944 S2” – something like this announcement could be heard on LA radio station KIIS FM on June 1, 1990 years. At the time, KIIS was raffling off one Porsche every week for two whole months, and Los Angeles was literally completely plunged into radio fever. Tens of thousands of people stuck to their receivers and rushed to call at the right time, hoping to win a sports car. This time, a certain Michael Peters called KIIS FM and won a brand new 944 at the price of $50,000.

True, no Michael Peters actually existed: behind this name was Kevin Poulsen, considered the number one hacker in the United States and by that time had already managed to hack the Arpanet network, the military predecessor of the Internet, and rummage through top-secret files. It was not for nothing that he got through to KIIS one hundred and second – Poulsen simply gained control of all the telephone lines of the radio station. At the right moment, he blocked all incoming calls except his own, and became the proud owner of a Porsche.

However, the happiness did not last very long – shortly after that, Poulsen was tracked down and imprisoned for five whole years. Well, then he decided to go on the bright side, first becoming the editor of SecurityFocus, and then moving to Wired, where he still works and is highly respected by the entire information security community.

⇡#

5. The most sudden attack: DDOS against Dyn

On the morning of October 21, 2016, the world got acquainted with what it means to “break the Internet”: a huge number of services, from Twitter and Netflix to Amazon and Reddit, turned out to be inaccessible. Half of the US has found out that the Internet is no more. For some, everything worked terribly slowly, for some it didn’t work at all, including in Europe and Russia. The Internet “lay” for several hours – and the reason for this was a series of DDOS attacks on the DYN DNS provider, one of the largest in history.

There are several interesting points here. First, what exactly attacked Dyn: one of the largest DNS providers in the world was attacked in unison by … CCTV cameras, routers and other smart things. They did this, of course, for a reason, but because they were infected with the Mirai malware and turned out to be part of a very, very large botnet. Mirai was created specifically with the Internet of Things and the construction of giant botnets in mind: each new infected device starts knocking on others, finding vulnerable ones and infecting them already.

As a result, tens and even hundreds of thousands of smart things are under the command of the person who controls the botnet. And then this person can instruct controlled devices to simultaneously send requests to an arbitrary server – the latter simply cannot cope with such volumes and stops responding. Actually, this is how any DDOS attack happens, but it turned out to be very easy and painless to build a botnet on smart things: their owners do not notice anything, since there are definitely no antiviruses on video cameras and multicookers. But hardwired passwords are common, so they are easy to break.

Mirai infection map based on data from Imperva

Secondly, the cause of the attack is interesting. Cloudflare employees, who analyzed this incident in great detail, along with colleagues from Google, Akamai and a couple of universities, agreed that the fall of the Internet was just an accidental victim of battles between gamers who did not get along. In their opinion, the servers of game projects, for which Dyn was also responsible, were the target of the attack. And indeed, along with half the Internet, the servers of The Elder Scrolls Online, Roblox, Xbox Live and PlayStation Network (the latter is no stranger, but more on that later) went down. But it seems like gamers were aiming at the Minecraft servers – and yes, they fell too. It turns out that in order to disable the Internet, a quarrel between several states and the development of powerful cyber weapons are not needed at all. A few quarrelsome gamblers and the source code for the IoT contagion released to the public a few weeks before the incident are enough to drop everything.

A total of three attacks were made on Dyn on October 21, each crashing the Internet for about two hours. To Dyn’s credit, it is worth noting that the company very quickly – within one day – learned to deal with such DDOS, and as a result, the attacks stopped. But Mirai hasn’t gone anywhere – there are still thousands and hundreds of thousands of vulnerable devices, and besides, the source code is being finalized, releasing new malware. Its creator seems to have been caught, but this is not certain: he admitted involvement in the attacks, but whether he alone developed Mirai is unknown.

⇡#

6. Attack that claimed lives: Hacking Ashley Madisson

In Russian (and not only in Russian) there is a slightly dubious saying “A good leftist strengthens a marriage.” Whether you share this opinion or not, but the saying exists, which means that there are many who agree with it. Dating sites are full of married men and married women who want… shall we say, new sensations. At one time, a special site was created for such people – Ashley Madison.

And of course, over time it was hacked. It happened in 2015, by that time about 40 million people were registered on the site. The figure is very modest by the standards of Yahoo or LinkedIn leaks, but the effect of the hack was monstrous. Apparently, at first the hackers who gained access to the database used it themselves for blackmail, and then, having played enough, they posted it in public access – with the ability to search by e-mail addresses.

That’s when things started going big. Many users received emails with content like “I know everything about who and where you cheat on your spouse, and I will publish everything if you do not pay me $1,000.” In the case of well-known high-ranking officials and businessmen – and there were also such people – the amount, of course, increased.

No one counted the number of marriages that broke up because of this leak, but there are clearly a lot of them. Definitely tens, maybe even hundreds, maybe even thousands. Perhaps these couples would have divorced anyway, but the leak clearly spurred people to take action. Worse, it also claimed several lives: there were those who could not cope with the shame and decided to take their own lives.

Ashley Madison continues to function to this day. That is, there is still demand, and the history of people does not seem to teach anything.

⇡#

7. The darkest attack: Black Energy against electricity

At 15:30 on a cold winter day on December 23, 2015, the lights suddenly went out in the Ukrainian city of Ivano-Frankivsk. The Soviet people are used to this business, but everything was a little unusual here: 30 substations went out of order at the same time, leaving about 230,000 people without electricity at once.

At the same time, immediately before the shutdown, substation operators could observe absolutely mystical events: the mouse cursor suddenly crawled across the screen, crawled to the program that controls the relay, activated it and opened the circuit, turning off the substation. And then another. And when the operator in the Prykarpattyeoblenergo company, waking up, tried to stop it, he was simply thrown out of the system.

The same events, but on a smaller scale, took place in two other companies responsible for electricity supply – Kyivoblenergo and Chernivtsyoblenergo. In some parts of the Ivano-Frankivsk region, power supply was restored only after 6 hours.

An example of a phishing email used by the BlackEnergy group in attacks on Ukraine. Source: securelist.com

This was no accident. On the contrary, it was a carefully planned cyberattack that began with spear phishing, continued with hackers infiltrating the networks of energy companies, and ended with a massive power outage. Experts believe that the attack was carried out by a group of hackers known as Black Energy and Sandworm. But as to whether this grouping is a cyberarmy of some state or hired cybercriminals, many experts prefer not to speculate. Attribution of cyberattacks is a complicated and extremely thankless task. Some, however, are sure that this is the work of the notorious Russian hackers.

⇡#

8. Biggest Attack: The WannaCry Epidemic

It’s no secret that cyber weapons exist. This is also known thanks to the ShadowBrokers hacker group, which stole the tools of another group, Equation (there are fairly reasonable suspicions that Equation is related to American intelligence – the NSA). First, the hackers tried to sell what was stolen, and then, when no one bought anything, they simply posted all the exploits in the public domain. What, of course, attackers of various sorts took advantage of.

This is how WannaCry was born, a worm consisting of rather poor encryption code and a powerful EternalBlue exploit that used a zero-day vulnerability in various versions of Windows to spread. When they say “zero-day vulnerability”, they mean that no one was aware of this vulnerability before. Including the development company, which for this reason did not fix anything: in order to release a patch, you must at least know what to patch.

This is how the notification that all files were encrypted by WannaCry looked like. Image from website securelist.com

Many experts agree that the WannaCry worm escaped when its creator could not keep it in the test environment – and as a result, an unfinished ransomware worm broke into the Internet, knocking on remote computers indiscriminately, penetrating in them through a vulnerability in Windows and encrypting the entire contents of the drives. And then spread further and further, to the following computers. It looked like a domino effect – only not one domino at a time, but in all directions at once.

At the same time, ordinary cryptographers always offer an option: pay the attacker – and he will send you a decryption code so that you can return the data. WannaCry also offered this option … only it was impossible to decrypt the files. Either it was a bug in the code – another argument in favor of the theory of an escaped worm, or WannaCry was immediately planned as a destructive weapon for all civilizations connected to the Internet.

The epidemic was stopped in the most amazing way. Young researcher Marcus Hutchins, known as Malwaretechblog, like many other researchers around the world, rushed to analyze WannaCry to understand how to protect against it, how it spreads, whether files can be decrypted, and so on. And he discovered that, before encrypting the drive, the malware for some reason sends a call to some non-existent domain on the Internet. “What happens if I register this domain?” thought Hutchins. And registered. And I found out that after that, the malware no longer does anything: that is, it does not stop spreading, but it no longer encrypts disks.

So Hutchins stopped the epidemic and briefly became a world hero. And a little later, he was arrested by the FBI because at a very young age he managed to write the code for banking Trojans himself, and later switched to the bright side – but that’s another story.

Since then, however, WannaCry has been improved: the call to the domain has been removed, other bugs have been fixed – and the worm is still terrorizing the planet. But Microsoft released a patch pretty quickly, so most PCs are now immune to WannaCry.

⇡#

9. Most Expensive Attack: NotPetya/ExPetr Epidemic

The ShadowBrokers hackers did a great job of annoying the public by making the Equation gang’s expensive and complex tools available to the public. It was difficult to oppose these exploits at that time: anti-virus companies and software manufacturers frantically wrote at least some detects and patches, and users, in a typical user-friendly manner, were in no hurry to install all this. What kind of security is there, it still works. Until the thunder breaks out, the peasant will not cross himself.

The thunder in the form of WannaCry died down, someone even installed patches, but another epidemic soon followed: an unknown ransomware spread using EternalBlue and EternalRomance exploits, again encrypting everything in its path and spreading across the planet at breakneck speed. At first, the researchers decided that this was a modification of the already well-known – and rather unpleasant – Petya ransomware. But then they came to the conclusion that it was not him after all – so this malware was named NotPetya.

The latest from @kaspersky researchers on #Petya: it’s actually #NotPetya pic.twitter.com/uTVBUul8Yt

— Kaspersky (@kaspersky) June 27, 2017

The problem with NotPetya was that patches from EternalBlue did not save in this case. That is, they would save if they were installed on every single machine in the local network. And if not, then NotPetya, using the Mimikatz utility, climbed into the memory of an unpatched computer, extracted passwords for other machines from there, and infected them already.

In fact, the story of WannaCry repeated itself, but still, researchers consider this attack very different from the first. If WannaCry is considered to be more of a natural disaster, then NotPetya is a targeted attack. There is an opinion that it was originally aimed at Ukraine – someone infected an update package for the M.E.Doc program, which a significant part of Ukrainian companies use for document management and tax reporting. The program in many Ukrainian organizations automatically downloaded the update – and there it encrypted all Windows computers.

But the matter did not end there – and the NotPetya epidemic spread to Russia, Europe and beyond, spreading all over the world as a result. Many large companies suffered from NotPetya, including a very serious blow, for example, to one of the largest sea carriers, Maersk. Maersk IT people could literally watch a black wave rolling through the office – one after another, computer monitors turned black, and they displayed a typical message demanding: “pay $ 300 in bitcoin equivalent, and we will decrypt your data.”

This is what the NotPetya malware displayed on the screens. Image from securelist.com

But it was useless to pay, as in the case of WannaCry: NotPetya encrypted the data irrevocably, that is, in the classification of antivirus experts, it was no longer a ransomware, but a viper. The main difference is that ransomware is a weapon used by small criminals for profit, while wipers are usually weapons of larger fish, governments or corporations, whose task is to cause more damage.

And NotPetya caused a lot of damage. Maersk estimates its losses at $370 million, FedEx at $400 million, pharmaceutical giant Merck & Co at $600 million, for a total of more than $10 billion.

⇡#

10. Attack that dragged on: Sony PlayStation Network hack

On April 20, 2011, gamers who wanted to play something online on their Sony PlayStation 3 and PSP consoles were unable to do so. I didn’t manage to play both on the 21st and 22nd – and so on until mid-May, and not somewhere in a separate region, but all over the world. PlayStation Network – the service responsible for all the online functions of PlayStation consoles – lay down tightly and was not going to get up.

At the same time, Sony, of course, was not silent. On the 20th, she simply announced that she was shutting down the PlayStation Network for a day or two. A day or two dragged on until April 26, when a company representative said that it was not so easy to deal with the problem and that yes, the PlayStation Network was hacked: the attack lasted from April 17 to April 19. The company publicly disclosed the hack only when an outside investigation revealed that more than 77 million user data had been leaked as a result of the hack.

To Sony’s credit, it’s worth saying that the company tried to smooth over the incident as best they could. She regularly informed users how things were going with the restoration of services (and along with PSN, the entertainment service Qriocity also lay down, and Hulu and Netflix did not work on the PlayStation), and after completing all the work to patch holes, restore services and put things in order gave all PSN subscribers 30 days of free use and a couple of free games.

True, the spoons, as they say, were returned, but the sediment remained: during the investigation and restoration, Sony shares fell by 20%, and then continued to fall for almost a whole year, by January 2012, having fallen in price almost twice. At one time, Sony called its estimate of losses: according to the company, the hack and three weeks of downtime of the PlayStation Network cost it $ 171 million. In fact, it seems that the losses were much greater, because this statement was made on May 23, 2011, and some class-action lawsuits from users or even states hit the company later, and it took quite a long time to restore trust.

It also turned out later that the attack on PSN had additional complications: on May 2 of the same year, attackers stole a database containing information about the data of 24.6 million users of the Sony Entertainment Network multimedia service, including 12.7 thousand numbers bank cards. The cards, however, for the most part were already outdated – at the time of the theft, only 900 were in operation, according to Sony. known as geohot, a man who has repeatedly written jailbreaks for PlayStation consoles.

⇡#

Conclusion

Evaluating cyberattacks is difficult: it is almost never possible to accurately attribute them, the whole picture of a disaster is often not clear – especially in the case of something global like WannaCry. So this is my personal top 10, and yours may be completely different. Someone will remember the ILOVEYOU malware, someone will remember the epidemic of the Morris worm. Someone else will mention the Carbanak group that stole a billion dollars, or, well, the attack on Google in China that forced the company to leave the country. And everyone will be right in their own way.

I compiled this top 10 based on the interestingness and unusualness of the attacks – or their importance. As they say, that’s how I see it. And if you want to add something – welcome to the comments. Only phishing links and malware, please do not post.

* Included in the list of public associations and religious organizations in respect of which a court has made a final decision to liquidate or ban their activities on the grounds provided for by Federal Law No. 114-FZ of July 25, 2002 “On counteracting extremist activity.”

“Paradise” by William Morris has become more like itself

Restoration

Kelmscott Manor.

Photo: Society of Antiquaries of London/Kelmscott Manor

№100

Newspaper material

Surrounded by the Cotswold Hills, the famous designer’s Kelmscott Manor is reopened to the public after two years of restoration

Maeve Kennedy

04/01/2022

English designer, artist, poet and politician William Morris (1834-1896) called Kelmscott Manor, a silver-stone country house in Oxfordshire, “heaven on earth.” Until recently, visitors to the house saw his wife Jane’s room exactly as it appears to most. According to curator Cathy Haslem, it was “a whirlwind of willows.” The room was covered with wallpaper in the willow branch pattern, popular to this day, inspired by trees growing nearby on the banks of the Thames. On one of the walls hung a portrait of Jane framed by willow branches, painted by Edward Fairfax Murray after a painting by Dante Gabriel Rossetti. However, new research from the £4. 3 million Kelmscott Restoration Project has found that the decoration, while plausible, bears little resemblance to the original.

Dante Gabriel Rossetti. “Blue Silk Dress” Portrait of Jane Morris. 1868.

Photo: Society of Antiquaries of London/Kelmscott Manor

Built in the 17th century, the Morris family manor and a group of adjoining outbuildings with heritage status have been reopened to the public since April after the completion of a major restoration and conservation project. Thanks to him, in particular, new infrastructure facilities appeared on the estate, including an educational center in a building with a thatched roof. The Cultural Heritage Lottery Foundation allocated a grant for the implementation of this project in October 2018. The contents of all the rooms in the house were dismantled, studied and the exposition was reassembled. The lost elements were restored using traditional materials popularized by Morris, who founded the Society for the Protection of Ancient Buildings in 1877.

Paintings, photographs, diaries and letters have helped researchers identify items that have been in the vault since the 1960s, when Kelmscott was taken over by the Royal Society of Antiquities. Initially, in 1939, the building and its contents were inherited from May Morris, the daughter of a famous artist, Oxford University, but after 20 years of unsuccessful attempts to find tenants who would be content with a house without electricity and modern amenities, the university announced that it was no longer in able to contain it.

Manor interiors.

Photo: Society of Antiquaries of London/Kelmscott Manor

Finds on display in the refurbished display include a backgammon board disguised as a leather-bound book and candlesticks, identified by their descriptions of shedding soft light evening candles on Sheffield silver. As it turned out, the apparent simplicity of some tasks was deceptive, and modern restorers now fully understood the workers who, in 19In the 1960s, an attempt was made to replace only one step of the spiral staircase, as a result of which the entire structure collapsed.

Jane’s “green room” is much greener today, after flakes of paint from a Philip Webb-designed wood frame were traced back to its original dark green hue. However, in order to return the frame to its place, it was necessary to redo the ceiling, which had sagged so much over the past years that it no longer fit.

Bedroom.

Photo: Society of Antiquaries of London/Kelmscott Manor

It was around Jane’s bedroom that the sad story of this house unfolded – her affair with Rossetti, who rented the Kelmscott estate together with the spouses in 1871. Morris wanted to keep the growing feeling between two of his most beloved people a secret. Rossetti stayed and created sensual graphic and pictorial portraits of Jane, while Morris set out to explore the wild landscapes of Iceland, collecting sagas and learning traditional crafts along the way. It became more and more difficult to communicate with Rossetti, and as a result, both the romance and friendship came to naught; the marriage did not break up.

After the renovation, the bedroom has nothing to do with the “willow tent” anymore. Morris’ remarkable photographs commissioned by Frederick Evans a few months before Morris’s death show the canopy bed (on which the future artist was born) was draped in playful printed chintz, now recreated with heavy fringe around the edge. The walls are indeed covered with Morris wallpaper, but this is a brighter “Blue Fruit” custom-printed from original woodblocks. Now the interior is much closer to Victorian notions of comfort.

Kelmscott Manor. View from above.

Photo: Society of Antiquaries of London/Kelmscott Manor

Kelmscott is surprisingly remote, with a pub but no school or public transport. The money from the lottery – and with it the prospect of increasing the opening hours of the estate, and the expected increase in attendance – caused concern among some locals and even fear that their village would be turned into Disneyland. On one of the gates, there are as many as three signs with the requirement not to park on the exit. Manor manager Gavin Williams hopes that over time, electric shuttles will connect the estate to the nearby town of Faringdon, which is at least accessible by bus. He assures that visitors will be required to park at the entrance to the village and that all local residents are in fact fully supportive of the project.

Wife and muse of the founder of Arts and Crafts

Jane Morris.

Photo: John Robert Parsons/National Portrait Gallery, London

Jane Morris (1839–1914), nee Burden, came from a poor family in Oxford. Her father served as a groom, and her mother at one time was employed in wealthy houses as a servant. Their daughters Jane and Elizabeth received only the bare minimum of childhood education. However, both, especially Jane, were distinguished by a rare, peculiar beauty, which was noticed by two artists from the Pre-Raphaelite Brotherhood – Dante Gabriel Rossetti and Edward Burne-Jones. Jane Burden served as a model for a number of their paintings. Her portrait was also painted by William Morris, a friend and colleague of the Pre-Raphaelites. He proposed to her and they got married in 1859.year. Memoirists noted that Jane Morris was prone to self-education and self-education: she read a lot, learned languages, music, good manners. Although the affair with Rossetti almost destroyed her family life, in the end she lived with her husband until the end of his days.

Subscribe to newsletter

William Morris

How Queen Elizabeth II Managed the World’s Greatest Art Collection

During her reign, Elizabeth II opened the Royal Collection to the public. One of the last great European royal assemblies to remain intact is a retrospective of over 500 years of tastes

09/09/2022

Scientists examine new details on Vermeer’s Milkmaid

Analysis of Jan Vermeer’s Milkmaid before his big Rijksmuseum exhibition shows that the artist worked much faster than previously thought and sacrificed details in favor of brevity

09. 09.2022

The Tretyakov Gallery will show projects dedicated to Diaghilev, Roerich and Grabar

Director of the Tretyakov Gallery Zelfira Tregulova, together with her colleagues, spoke about new acquisitions and revealed details of future exhibitions

09/21/2022

An ancient city was discovered in the vicinity of Baghdad

Historically, almost all Iraqi archeology is concentrated on objects in the interfluve of the Tigris and Euphrates. But the new find refers to the history of the Parthian kingdom – and this trend looks no less promising

09/29/2022

The material base of Russian film dreams: costumes for heroes

A story about the costumes she created for classic
of Soviet films, artist Olga Kruchinina opens a series of books dedicated to representatives of this glorious but not appreciated profession

09/16/2022

“The Worst Exhibition in the World” opened. The authors of the project, Avdey Ter-Oganyan and the Red Circle Art Association, explore the nature of bad art — and a bad viewer

09/16/2022

Stuxnet: isolation of industrial systems no longer protects

The story of the Stuxnet worm stirred up the networking community four years ago. Who created it and for what purpose is not known for certain – there are suggestions that in this way the American and Israeli intelligence services wanted to slow down the Iranian nuclear program. The version is quite plausible: the malware really disabled centrifuges for uranium enrichment, throwing the Iranian nuclear program back several years.

Its creators managed to successfully attack computers not connected to the Global Network and carry out a large-scale sabotage. Then the worm (as many experts suggest) got out of control and began to actively spread, although it did not cause much harm to home and office machines – its target was industrial systems of certain types.

The first victims or “victims zero”

On November 11, the book “Countdown to Zero Day” by journalist Kim Zetter was published. Taking this opportunity, we also decided to publish some facts about the Stuxnet attack unknown to the general public. We will not focus on the earliest version of the worm – instead, we will focus on those of its variants that started the epidemic in 2009-2010.

The events of that time were restored thanks to an interesting feature of the malware: it stores in its body information about the name, domain, and IP address of the affected machine. Since the data is constantly replenished, this gives us the opportunity to restore the entire chain.

Symantec, which published “W32.Stuxnet Dossier” in February 2011, was able to establish that the spread of the worm began with five organizations (some of which were attacked twice – in 2009 and 2010), which were not named at that time. It took us about two years and over 2,000 infected files to install them.

“Domain A”

The first version of Stuxnet 2009 of interest to us (let’s call it Stuxnet.a) was created on June 22, 2009, and a few hours after compilation it infected a computer from the “ISIE” domain. It is unlikely that the attackers used removable media – in such a short time it is difficult to deliver it to the organization under attack.

It is impossible to unequivocally identify the affected organization from such scarce data. But with a high degree of certainty, it was possible to establish that it was Foolad Technic Engineering Co. (FIECO) is an Iranian company engaged in the creation of automated systems for heavy industries.

How did the #Stuxnet epidemic start? The first victims of the worm and how it reached the Iranian nuclear program: https://t.co/pJuItKjKt0

— Eugene Kaspersky (@e_kaspersky_ru) November 11, 2014

In addition to being able to affect centrifuge motors, Stuxnet was also endowed with a spy module, so FIECO is a very good target for its creators. They probably considered the company the shortest route to the final target, as well as an interesting target for collecting spy data on the Iranian industry – in 2010 the same computer was again attacked by the third version of Stuxnet.

“Domain B”

The next “patient” was attacked three times – in June 2009, and also in March and May 2010. It was from the second attack that the global epidemic of Stuxnet 2010 (aka Stuxnet.b) began. The “behpajooh” domain immediately identifies the affected Behpajooh Co. Elec & Comp. engineering. She is also involved in the development of industrial automation systems and is associated with a large number of different enterprises.

In 2006, Dubai’s Khaleej Times reported that a local firm was smuggling components to build bombs into Iran, citing Isfahan-based Bejpajooh INC as the consignee.

On April 24, 2010, Stuxnet moved from Behpajooh to the MSCCO domain name. The most likely candidate for compliance is Iran’s largest steel complex, Mobarakeh Steel Company (MSC), which has a huge number of machines in its fleet and is associated with various companies around the world. Thanks to these connections, a global epidemic began – for example, by the summer of 2010, the worm had already reached enterprises in Russia and Belarus.

“Domains C, D and E”

On July 7, 2009, Stuxnet infected the computer “applserver” in the NEDA domain. There were no problems with identification – we are talking about the Neda Industrial Group. Since 2008, the company has been on the list of the US Department of Justice and is accused of illegally exporting banned substances to Iran.

Simultaneously with Neda, another organization with the “CGJ” domain was also infected. After spending some time on the analysis, we found that, most likely, it was another Iranian company involved in industrial automation – Control-Gostar Jahed Company. The infection practically did not go beyond its borders, despite the impressive portfolio and extensive connections of the company.

The last zero “patient” is distinguished by the number of infected machines – on May 11, 2010, Stuxnet hit three computers at once in the “KALA” domain. Most likely it was Kala Electric (also known as Kalaye Electric Co.). The company is considered the main developer of the IR-1 centrifuges for uranium enrichment and one of the key structures in the Iranian nuclear program. It is very strange that it has not been attacked before.

Conclusion

With the incredible complexity of the striking part (it is not easy to disable uranium enrichment centrifuges) of Stuxnet, its propagation mechanisms were rather primitive. Moreover, apparently, at some point, control over the spread of the worm was lost – otherwise it is difficult to explain a large-scale epidemic, during which the virus was brought very far from the original targets of the attack.

Nevertheless, for all its shortcomings, the malware turned out to be quite effective – its creators managed to carry out the largest cybersabotage in history.