Stuxnet

By Deane Barker on October 11, 2010

Stuxnet: This worm that hit Iran’s nuclear facilities is pretty remarkable.  In general, people are saying that it’s way too sophisticated for “normal” virus writers, and could only have come about from a state-sponsored effort.

Consider:

The complexity of the software is very unusual for malware. The attack requires knowledge of industrial processes and an interest in attacking industrial infrastructure. The number of used zero-day Windows exploits is also unusual, as zero-day Windows exploits are valued, and hackers do not normally waste the use of four different ones in the same worm.

Stuxnet is unusually large at half a megabyte in size, and written in different programming languages (including C and C++) which is also irregular for malware. It is digitally signed with two authentic certificates which were stolen from two certification authorities (JMicron and Realtek) which helped it remain undetected for a relatively long period of time. It also has the capability to upgrade via peer to peer, allowing it to be updated after the initial command and control server was disabled.

These capabilities would have required a team of people to program, as well as check that the malware would not crash the PLCs. Eric Byres, who has years of experience maintaining and troubleshooting Siemens systems, told Wired that writing the code would have taken many man-months, if not years.

If it’s true that this came from a government (directly or indirectly), this means that its likely either the United States or Israel intentionally crafted a virus to target a specific capability of their enemy, then infected their systems with it.  Could this be the first actual cyber-warfare action among nation states?

Gadgetopia
What Links Here

Comments

  1. “State sponsored” is a huge leap. I think that’s what we are all thinking but from the details it is just to big of a step. Yet, the article above goes further by placing possible blame. Going off a little half-cocked, given the details, but my gut says you’re probably right.

  2. On The Media on NPR had a piece about Stuxnet last week with some interesting insights:

    “There are worms all the time and they go into nuclear power plants all the time and other valuable facilities. This isn’t a targeted missile. It’s a worm that’s wandering around the planet infecting computers it can find. Among the many countries Stuxnet infected, one of them is Iran. And you can put it first on the list, but it’s like claiming, because your house got snowed on, that the snow is intended to find your house…

    “You mentioned that because of its complexity some people theorize that it can only be written by a government. I think the notion that complexity equals government is overstated. When you think about the most complex pieces of software out in the world, they’re not written by governments. They’re written by corporations…

    “The motivations behind worms are hard to discern. We know there’s a class of criminal worms that have a very obvious profit motive, and then there are these worms that are out there that don’t have obvious profit motives. And there are groups writing them and releasing them for some reason.”

Comments are closed. If you have something you really want to say, email editors@gadgetopia.com and we‘ll get it added for you.