Why Stuxnet Is a really bad weapon

By Mark Gibbs, Network World |  Security, Stuxnet

And there's a serious problem with military cyber espionage: In the real world if someone attacks you with something like a cruise missile, once it's landed you won't be able to put the missile back together and lob it back at whoever sent it. That's the nature of real-world armaments. You can build really smart and deadly devices and, even if they malfunction, the enemy will very, very rarely be able to turn your technology against you.

Not so with software armaments. Consider the much discussed Stuxnet, the computer worm that first appeared about two years ago. Stuxnet targets Siemens industrial control systems and is said to be responsible for damaging equipment used by the Iranian nuclear program.

The Stuxnet worm is an impressive example of sophisticated software engineering relying, as it did, on four new zero-day attacks along with several known vulnerability exploits used by other malware.

On top of that, Stuxnet it is very complex. According to an article in Vanity Fair,  "In terms of functionality, this was the largest piece of malicious software that most researchers had ever seen, and orders of magnitude more complex in structure. (Malware's previous heavyweight champion, the Conficker worm, was only one-twentieth the size of this new threat.)"

When the worm was discovered and publicized in June 2010, there was an immediate denial-of-service attack on two mail lists that concern industrial systems security which, it could be assumed, was intended to slow down dissemination of the news to the worm's targets. You can see that contingent damage was involved in supporting the original attack -- a consequence that will become more commonplace in future where military cyber espionage is involved.

Since the first discovery of Stuxnet there have been at least two more variants identified, each incorporating "improvements" that were designed to do things such as increase the infection rate of the malware.

So, who was responsible for this stupendous feat of coding? The Russian mafia? Chinese hackers? Nope, just a few weeks ago it was revealed that Stuxnet was created by a joint U.S. and Israeli intelligence operation called "Operation Olympic Games" which was started under the Bush administration and expanded under the Obama administration!

Apparently Stuxnet did its job because, it is estimated, some 1,000 centrifuges used by the Iranians to purify nuclear material that are controlled by Siemens systems, were damaged during the period Stuxnet was active.


Originally published on Network World |  Click here to read the original story.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question
randomness