comment 0

Cyber Warfare Is for Real

The story behind the Stuxnet worm that infected computers in Iran is pretty fascinating. From the Wikipedia article:

The complexity of the software is very unusual for malware. The attack requires knowledge of industrial processes and an interest in attacking industrial infrastructure.[1][3]  The number of used zero-day Windows exploits is also unusual, as zero-day Windows exploits are valued, and crackers do not normally waste the use of four different ones in the same worm.[6] Stuxnet is unusually large at half a megabyte in size,[20] and written in different programming languages (including C and C++) which is also irregular for malware.[1][3] It is digitally signed with two authentic certificates which were stolen[20] from two certification authorities (JMicron and Realtek) which helped it remain undetected for a relatively long period of time.[21] It also has the capability to upgrade via peer to peer, allowing it to be updated after the initial command and control server was disabled.[20][22]  These capabilities would have required a team of people to program, as well as check that the malware would not crash the PLCs. Eric Byres, who has years of experience maintaining and troubleshooting Siemens systems, told Wired that writing the code would have taken many man-months, if not years.

And some conspiracy theory as to its origin:

Israel, perhaps through Unit 8200,[27] has been speculated to be the country behind Stuxnet in many of the media reports[25][28][29] and by experts such as Richard Falkenrath, former Senior Director for Policy and Plans within the Office of Homeland Security.[30] This is also due to several clues in the code such as a directory called guava that probably refers to queen Esther (whose original name Hadassah means myrtle in Hebrew, and guavas are plants in the myrtus family) that saved the Jews in Persia (now Iran) by telling the king of a plot to massacre them,[31] and the number 19790509 that appears once in the code and might refer to 1979, May 9th, the day Habib Elghanian, a Persian Jew, was executed in Tehran.[32]

Sounds more like the stuff of a Dan Brown novel than real life, but who knows.

And as to the purpose of the worm:

Since the whole Stuxnet code has not yet been decrypted, its intent remains unknown. Among its peculiar capabilities is a fingerprinting technology which allows it to precisely identify the systems it infects. It appears to be looking for a particular system to destroy at a specific time and place. Once it has infected a system it performs a check every 5 seconds to determine if its parameters for launching an attack are met. The exact way through which Stuxnet destroys its target is still a mystery but it is thought[by whom?]  that it may be programmed to cause a catastrophic physical failure by, for example, overriding turbine RPM limits, shutting down lubrication or cooling systems, or sabotaging the high-speed spinning process of centrifuge arrays at Iran’s Natanz nuclear facility.[35][42]  Since the complex code of Stuxnet looks for a very particular type of system and controller, it has been theorized that the target is of a high importance for the attacker.[43]

Leave a Reply

Your email address will not be published. Required fields are marked *