Stuxnet Worm
September 22nd, 2010Update: Worm Hits Computers of Staff at Iran Nuclear Plant
Via: AP:
A complex computer worm capable of seizing control of industrial plants has affected the personal computers of staff working at Iran’s first nuclear power station weeks before the facility is to go online, the official news agency reported Sunday.
The project manager at the Bushehr nuclear plant, Mahmoud Jafari, said a team is trying to remove the malware from several affected computers, though it “has not caused any damage to major systems of the plant,” the IRNA news agency reported.
It was the first sign that the malicious computer code, dubbed Stuxnet, which has spread to many industries in Iran, has also affected equipment linked to the country’s nuclear program, which is at the core of the dispute between Tehran and Western powers like the United States.
Experts in Germany discovered the worm in July, and it has since shown up in a number of attacks — primarily in Iran, Indonesia, India and the U.S.
The malware is capable of taking over systems that control the inner workings of industrial plants.
—End Update—
Via: Christian Science Monitor:
The Stuxnet malware has infiltrated industrial computer systems worldwide. Now, cyber security sleuths say it’s a search-and-destroy weapon meant to hit a single target. One expert suggests it may be after Iran’s Bushehr nuclear power plant.
Cyber security experts say they have identified the world’s first known cyber super weapon designed specifically to destroy a real-world target – a factory, a refinery, or just maybe a nuclear power plant.
The cyber worm, called Stuxnet, has been the object of intense study since its detection in June. As more has become known about it, alarm about its capabilities and purpose have grown. Some top cyber security experts now say Stuxnet’s arrival heralds something blindingly new: a cyber weapon created to cross from the digital realm to the physical world – to destroy something.
At least one expert who has extensively studied the malicious software, or malware, suggests Stuxnet may have already attacked its target – and that it may have been Iran’s Bushehr nuclear power plant, which much of the world condemns as a nuclear weapons threat.
…
Stuxnet surfaced in June and, by July, was identified as a hypersophisticated piece of malware probably created by a team working for a nation state, say cyber security experts. Its name is derived from some of the filenames in the malware. It is the first malware known to target and infiltrate industrial supervisory control and data acquisition (SCADA) software used to run chemical plants and factories as well as electric power plants and transmission systems worldwide. That much the experts discovered right away.
But what was the motive of the people who created it? Was Stuxnet intended to steal industrial secrets – pressure, temperature, valve, or other settings –and communicate that proprietary data over the Internet to cyber thieves?
By August, researchers had found something more disturbing: Stuxnet appeared to be able to take control of the automated factory control systems it had infected – and do whatever it was programmed to do with them. That was mischievous and dangerous.
But it gets worse. Since reverse engineering chunks of Stuxnet’s massive code, senior US cyber security experts confirm what Mr. Langner, the German researcher, told the Monitor: Stuxnet is essentially a precision, military-grade cyber missile deployed early last year to seek out and destroy one real-world target of high importance – a target still unknown.
Kevin,
I think this posting put a shiver into me unlike any other post I’ve ever read on your website. “To seek out and destroy one real-world target of high importance.” What is it? Just thinking about “what the target is” makes me want to curl up in a fetal position. Or barf into the porcilan Buddha. Or spend money before its not worth anything anymore, or build a nuclear bomb shelter, or accept there are things I am meant to live through in this incarnation and just let it be. How could a person like me fight this? I can’t. Wow.
What do I know? Nuthing. But cash in the bank and stocks owned on Wall Street are all zeroes and ones. A big digital universe just ripe for a picking. That’s just me thinking. And that’s just me.
It infects the Microsoft front end via USB devices. A fix is been developed. It sounded more like a tool for the theft of data on “automated factory control systems” side then anything more.
US cyber security experts always like more funding and Microsoft products seem to be very pleasing for that.
Could be a way of making Bushehr slow, clean out some unique device and replace it with something thats really infected and waiting for its install 🙂
We will see. MS makes all this stuff too easy 🙂
I have been expecting an attack like this for a long time. An attack that was written and orchestrated by professionals rather than the bozo’s that usually write virus and other typical malware.
I suppose it shows my prejudice but I always assumed the opening blow would be by North Korea or China against the US infrastructure. I never thought the US or Israel would strike the first major blow.
Doing a Stuxnet search on google yields a number of very good reports on this, and to a lesser extent the ramifications of this attack.
What I wonder is if there aren’t other clever teams out there who are silently probing the global infrastructure. A booby trap is only of value if the booby doesn’t know of the existence of the trap, someday I expect we are all going to wake up to an unpleasant surprise. Hard to say what though, will it be the lights don’t work or will it be the atm doesn’t work? Or, maybe both.
I’m more inclined to think this is spooky propaganda to up the cyber warfare budget. Richard Clarke has been making the media rounds lately drumming the cyber warfare machine in an effort to up the Pentagon budget, could this be a nice follow-up to his cheer leading? If Pentagon brass hadn’t thought about developing some malware as a weapon of warfare, against say Iran, then they’re certainly thinking about it now.
Maybe this story is really an advertisement to industrial tycoons in need of the Pentagon, State Department, or outsourced security company’s industrial espionage skills.
FFS this kind of thing really pisses me off. Two words: AIR GAP. ie: Don’t network your controllers unnecessarily. Not to the Internet. Not to the secretary’s desktop. Physically secure the machine so muppets don’t plug in infected USB drives. Nothing it more stupid than infrastructure control connected to the internet.