Why Stuxnet Is a really bad weapon

By Mark Gibbs, Network World |  Security, Stuxnet

Whether this was all that was intended is unknown, and a report by the Institute for Science and International Security says: "If Stuxnet's goal was the destruction of all the centrifuges in the [Fuel Enrichment Plant (FEP) at Natanz], Stuxnet failed.  But if its goal was to destroy a more limited number of centrifuges and set back Iran's progress in operating FEP while making detection of the malware difficult, it may have succeeded, at least for a while."

Interestingly, a worm considered a descendent of Stuxnet, Duqu, now appears to be currently designed to steal information, but its modular architecture suggests that it could be tasked with other goals in future versions.

Even more intriguingly, Duqu appears to have been coded in an odd programming language which researchers have called "the Duqu Framework". This framework has since been identified by Kaspersky Labs as a custom version of C called Object Oriented C complied with the Microsoft Visual Studio compiler.

I'd suggest that Stuxnet and Duqu as military cyber espionage weapons were actually failures, not because they probably only caused limited damage, but because we launched a weapon that can, and will, be turned against us.

Why? Because code is code. It's a set of ideas frozen into binary and when you execute that code -- when you make the ideas actually do something --  the bits don't vanish and the ideas don't get mangled. They're still there. No matter how much you encrypt, hide, and obfuscate your code and your ideas, there's always someone, somewhere who can decrypt, find, and unobfuscate all of it.

Even when the malware is military grade, it would be foolish to assume that the enemy can't profit from our research and development, because when we attack they get a clean copy of the weapon we attack them with. And there are lots of really clever people out there, clever people who don't live in the U.S. and who don't have our best interests at heart. They have access to powerful computers and software just like we do and they are more than capable of decoding what we've sent out and turning our ideas against us.


Originally published on Network World |  Click here to read the original story.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question
randomness