Why Stuxnet Matters

Was it a random attack on physical infrastructure, or a shot in an international infowar?

Talk to infowar experts and it won't be long before you hear about the threat of worms, malware, hackers and botnets to the operational infrastructure of the U.S.The problem is, there has never been any clear, publicly identified attack on most of those things.

We're well beyond the point that hacks and malware are developed or deployed strictly as experiments by counterculture white-hats, punky script-kiddies acting out, or even proto-cryptologists showing off.

Despite accusations that a major hack of Google -- and a list of other attacks, mostly against U.S. Dept. of Defense systems -- were carried out by "hackers" using machines operated by the Chinese military, most of the publicly known attacks are carried out by criminal organizations against commercial targets -- for extortion or theft or other financial reasons.

Where Stuxnet crossed a line is by taking the kind of weapon that has been used to take down banks, ISPs, Web services and other commercial entities and pointing them at the Windows systems that control electrical plants, factory equipment, water, sewer and road-control networks.

It's still not a direct attack on the SCADA systems themselves, but close. It's the difference between attacking someone's Web site and breaking down their front door.

The worm's level of sophistication is such that the antivirus experts at Kaspersky and Symantec in charge of dissecting it said it may be the most sophisticated ever identified in a major attack and that the level of sophistication points to government involvement, not criminals or terrorists with fewer resources.

The target is interesting, too. Stuxnet became a cause célèbre when the Iranian government complained it had infected 30,000 PCs at the Bushehr nuclear plant it is building against the entreaties of the U.N. U.S. and -- among other regional players worried about Iran becoming a nuclear power -- Israel. Sixty percent of the infected PCs were in Iran.

"In the bad old days of the cold war, countries would build a weapon and test them, flash them to let you know they had it and prevent you from attacking them," Coviello says. "It's a lot harder to saber-rattle with digital weapons and say you have this capability, but would you be that surprised to discover that the U.S. had this kind of capability? Or Russia? Or Israel?"

Others security experts recommend we not jump to any conclusions.

It was identified in Belarus by a security vendor, but an earlier version was found in June 2009 that targeted Siemens SCADA systems to steal data, but lacked much of the later version's ability to avoid detection by antivirus software.

When you test an H-bomb, people pretty much take on faith that it can destroy something. With a digital weapon, you must work harder to prove it will work; maybe by getting it to break down the door of a nuclear power station, even if it doesn't accomplish anything else.

It may have been a coincidence that the first breakout malware attacking physical infrastructure hit a plant opposed by the most technologically advanced nation on earth and whose potential threatened a U.S. ally known for the number and quality of its electronic security products.

Or Stuxnet -- whoever actually wrote and directed it -- could be an alternative to the flight of Israeli jets many in the U.N. have publicly worried would come to knock out Iran's nuclear ambitions the way they did Saddam Hussein's.

Or it might not. The worm is still designed to steal data from SCADA machines, not take them over and use them to wage global war using a country's own sewage and manufacturing systems.

But it's something to think about if you have the time. Like if you're ever stuck in an unexplainable traffic jam with a dead cell phone in the midst of a blackout and a citywide backup of sewage.

Just be sure to keep up your antivirus shots.

ITWorld DealPost: The best in tech deals and discounts.
Shop Tech Products at Amazon