Stuxnet - Malware that threatens last line of Defense
If you are interested in the extreme warfare or weapons of the future type of shows on Discovery, then this article is sure to shiver your nerves. In a ski-fi movie style attack on Iranian nuclear plants, a virus/malware called Stuxnet has threatened to thwart the largest industrial establishments in the world by reducing them to mere shreds. To explain you better, Stuxnet is an incredibly advanced, undetectable computer worm that might have taken years to construct and was designed to jump from computer to computer until it found the specific, protected control system that it aimed to destroy. While news agencies are reporting new cases affected by Stuxnet every day, most prominently it has all but crippled Iran's nuclear ambitions.
#-Link-Snipped-#Stuxnet was first discovered by a Belarusian security firm VirusBlokAda working at the Iranian Nuclear Plant, Natanz facility. It is the first discovered worm that spies on and reprograms industrial systems, the first to include a programmable logic controller (PLC) rootkit, and the first to target critical industrial infrastructure. It was specifically written to attack Supervisory Control And Data
Acquisition (SCADA) systems used to control and monitor industrial processes. Stuxnet includes the capability to reprogram the PLCs and hide its changes. If that is not scary enough, what else is?
Intelligence and security agencies have been trying to analyse it since it was discovered in June this year. Stuxnet's attack on Iran's nuclear facilities at Natanz and Bushehr was as incredible as it may sound in a James Bond/Jason Bourne movies.
First, the facilities lay several stories under ground and were completely aloof from the world wide web. Second, they were protected through the most advanced and extreme security measures ever. This meant Stuxnet had to work as a human bomber who had to go through various levels of security without getting caught. What is more interesting is that Stuxnet's aim was not to destroy the plants. It only meant to damage the centrifuge by altering the speeds and derail the program.
Stuxnet generally attacks the windows based systems using zeroday attacks. Besides, as Wiki quotes, the complexity of the software is very unusual for malware. The attack requires knowledge of industrial processes and an interest in attacking industrial infrastructure. The number of used zero-day Windows exploits is also unusual, as zero-day. Windows exploits are valued, and hackers do not normally waste the use of four different ones in the same worm. Stuxnet is unusually large at half a megabyte in size, and written in different programming languages (including C and C++) which is also irregular for malware. It is digitally signed with two authentic certificates which were stolen from two certification authorities (JMicron and Realtek) which helped it remain undetected for a relatively long period of time. It also has the capability to upgrade via peer to peer, allowing it to be updated after the initial command and control server was disabled.
These capabilities would have required a team of people to program, as well as check that the malware would not crash the PLCs. No one knows where it originated and was the purpose only to destroy Iran's nuclear power ambitions or was it used as a dummy. Although Iran has denied being affected by a bug, it still shows that 30,000 of its computers are affected and that includes some of the computers of the scientists working at Natanz. This only proves a thing that Stuxnet was specifically developed to target the Natanz and Bushehr facilities. This is also evident from the fact that although the virus was found on a hundred thousand systems.The damage was only done at Natanz. This alone is convenient fact to classify it as a military weapon.
Finger pointing has already begun. No one knows who built it. But only a fool will believe that it will not be sold in the black market. It is enough to put thousands of SCADA controlled industrial set ups in jeopardy. Cyber warfare has largely and truly begun!
#-Link-Snipped-#Stuxnet was first discovered by a Belarusian security firm VirusBlokAda working at the Iranian Nuclear Plant, Natanz facility. It is the first discovered worm that spies on and reprograms industrial systems, the first to include a programmable logic controller (PLC) rootkit, and the first to target critical industrial infrastructure. It was specifically written to attack Supervisory Control And Data
Acquisition (SCADA) systems used to control and monitor industrial processes. Stuxnet includes the capability to reprogram the PLCs and hide its changes. If that is not scary enough, what else is?
Intelligence and security agencies have been trying to analyse it since it was discovered in June this year. Stuxnet's attack on Iran's nuclear facilities at Natanz and Bushehr was as incredible as it may sound in a James Bond/Jason Bourne movies.
First, the facilities lay several stories under ground and were completely aloof from the world wide web. Second, they were protected through the most advanced and extreme security measures ever. This meant Stuxnet had to work as a human bomber who had to go through various levels of security without getting caught. What is more interesting is that Stuxnet's aim was not to destroy the plants. It only meant to damage the centrifuge by altering the speeds and derail the program.
Stuxnet generally attacks the windows based systems using zeroday attacks. Besides, as Wiki quotes, the complexity of the software is very unusual for malware. The attack requires knowledge of industrial processes and an interest in attacking industrial infrastructure. The number of used zero-day Windows exploits is also unusual, as zero-day. Windows exploits are valued, and hackers do not normally waste the use of four different ones in the same worm. Stuxnet is unusually large at half a megabyte in size, and written in different programming languages (including C and C++) which is also irregular for malware. It is digitally signed with two authentic certificates which were stolen from two certification authorities (JMicron and Realtek) which helped it remain undetected for a relatively long period of time. It also has the capability to upgrade via peer to peer, allowing it to be updated after the initial command and control server was disabled.
These capabilities would have required a team of people to program, as well as check that the malware would not crash the PLCs. No one knows where it originated and was the purpose only to destroy Iran's nuclear power ambitions or was it used as a dummy. Although Iran has denied being affected by a bug, it still shows that 30,000 of its computers are affected and that includes some of the computers of the scientists working at Natanz. This only proves a thing that Stuxnet was specifically developed to target the Natanz and Bushehr facilities. This is also evident from the fact that although the virus was found on a hundred thousand systems.The damage was only done at Natanz. This alone is convenient fact to classify it as a military weapon.
Finger pointing has already begun. No one knows who built it. But only a fool will believe that it will not be sold in the black market. It is enough to put thousands of SCADA controlled industrial set ups in jeopardy. Cyber warfare has largely and truly begun!
Replies
You are reading an archived discussion.
Related Posts
Rio de Janeiro, Brazil,Nov.17-20, 2010—Authorized distributor of GstarCAD, one of the world leading providers of 2D/3D design software, Cadalist Tecnologia Ltda in Brazil, successfully displayed GstarCAD in the International Building...
Nokia is really finding tough in the Indian market because of the low-price-high-value phones we see today. So, it is coming out with a few innovations of its own. Bringing...
Once a program was written for sending internetwork e-mails. That program changed the way how events get logged today. The program is still better known as Sendmail program. Sendmail is...
If you take up engineering project what would be your main goal? Before all the answers like quality, deliverance, cost, etc., I’m sure the project managers out there will give...
CrazyEngineers has already become a part of every life of thousands of engineers across the world. Many CEans spend most of their time daily on CE, reading various discussions, contributing...