backtop


Print 65 comment(s) - last by wordsworm.. on Mar 13 at 3:44 PM

Source code could be adapted to break factories, power grids, the sewage system, and other critical utilities

For as much as the U.S. is maligned for being oft victimized by internet aggressors -- some of whom are mere high school age children -- the nation is believed to have conducted one very audacious and surprising effective (to an extent) cyber black ops in history.

I. StuxNet -- The U.S.'s Most Danger Cyber "Black Op"

In June 2010, security experts found a new type of worm -- the phrase commonly used to refer to a self-spreading malicious computer program.  They dubbed it "Stuxnet".

But unlike most worms, which try to accumulate a stockpile of infected machines for spamming, Bitcoin mining, or distributed denial of service purposes, Stuxnet was disinterested in doing anything malicious to most of the machines it was infecting.  Rather, it just wanted to spread, inching towards its true target -- Iran.

In fact, it was aimed at a very specific target in Iran -- the nation's secretive nuclear refining facilities.  And after infecting over 60,000 personal computers in Iran, it reached the facilities.

Iran nuclear facilities
The U.S. and Israeli reportedly used a computer virus to sabotage Iran's growing nuclear program -- a halfway successful effort that did wreak some havoc at Iran's processing facilities. [Image Source: CBS]

In the summer of 2010 it spun hundreds of centrifuges -- produced by German electronics giant Siemens -- to their breaking points.  It was a major setback for Iran's nuclear program.  Unsurprisingly Iran -- which insists that its nuclear program was intended for peaceful and not weapons-making purposes -- was quick to lash out at "Western spies" for the sabotage effort.

But details that have emerged since have proved that their is likely truth in those claims, as evidence points to the U.S. and Israeli jointly developing the malware, possibly with other allies.

II. Mission Success?  Or a Darker Reality?

Stuxnet seemed a very effective attack -- even if the eventual implication of U.S. and Israeli involvement was a public relation setback for the alleged authors.  But ultimately, it did not succeed in permanently destroying Iran's nuclear program.  Today the U.S. believes that Iran not only has nuclear power -- it is thought to be close to possessing one or more nuclear weapons.

Computer worm
The attack failed to stop Iran's nuclear efforts.  Worse yet, researchers fear the worm's source could be turned against its authors. [Image Source: TechTear]

And Iran -- the greatest tech power in the Middle East outside of Israel -- showed itself to be growing increasingly sophisticated in digital efforts, downing a U.S. unmanned drone in a recent high-profile embarrassment.  (President Obama requested the drone be returned, Iran mocked him by sending toy replicas.)

And aside from not truly achieving its intended long-term effect, the decision to release Stuxnet may have much more dire consequences.  The source code for the worm has recently been decompiled and is floating around on hacker sites, according to a new 60 Minutes report by CBS Corp. (CBS).

III. War 2.0: U.S. May See Its Own Source Code Turned Against it

In its primetime special, CBS reporters argue that releasing the worm may have been akin to Pandora of Greek mythology opening a box that let loose chaos and destruction into her world.  The report states that various groups ranging from independent malicious hackers to white hat security researchers to foreign intelligence agencies are all racing to adapt the highly virulent, highly successful worm for use in new attacks.

Such attacks could destroy machinery at sewage plants, electrical grid locations, traffic signals, or other applications.  Such critical infrastructure often is air-gapped, but is sensitive to connections during routine maintenance.  As the air-gapping (not having a physical internet connection to the outside world) gives a traditional sense of security, these types of devices may have less robust security mechanisms, and hence be more vulnerable to mechanical or electrical overdriving.




Only time will tell whether a Stuxnet variant will come back to bite the U.S.  But given the success of AnonymousLulzSec, and other hacker collectives in openly defying and attacking the U.S. government digitally, it's not infeasible to imagine such groups looking to cripple vital U.S. infrastructure in the near future.  Or alternatively, hostile nations like Iran or North Korea could return fire, using the U.S. and Israel's own code against them.

Sources: CBS [1], [2]



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

The logic in the article is flawed!
By ZorkZork on 3/5/2012 8:12:50 PM , Rating: 3
So let's say that the US in the 1939 had decided not to build a nuclear device. Would that have stopped anyone else from developing one? Same thing with Stuxnet. Even if “someone” had not built Stuxnet, we would still see attacks like that developing in the future. I would much rather see a Stuxnet/assassination war like today, than a “real” war against Iran that will not solve the problem.

Of course “someone” went to a lot of trouble discovering weaknesses in the Siemens PLC system and that must have been pretty expensive. By reverse engineering the stuxnet virus, others would gain some of that knowledge for free. By now though, the PC systems that run the Siemens SCADA software should have been patched (there has been more than a year to do so) and then that knowledge will lose value.

Also, “someone” went to a lot of trouble understanding the PLC programs that Iran uses in their centrifuge project. That must have been very very expensive both financially and in terms of human assets. That knowledge will be of little use now to anyone as Iran most likely will have changed their systems.

I guess the lessons learned from this is that if you have devices that runs software that in any way can be updated, then you should make sure that you system is up to date from a security standpoint.




RE: The logic in the article is flawed!
By name99 on 3/5/2012 10:36:32 PM , Rating: 3
"So let's say that the US in the 1939 had decided not to build a nuclear device. Would that have stopped anyone else from developing one?"

Quite possibly --- at least for many years.
Every physicist associated with the project said that the only real secret of the fission bomb was that it was possible. As soon as you knew it was possible, then it was worth pouring money into the project; but before that point few countries would have poured money (and a HUGE amount of money) into a project of uncertain outcome.

The relevance to stuxnet is left to the reader.


By Ringold on 3/6/2012 12:36:55 AM , Rating: 2
For quite a little while, we were the only ones with it, but we know now after the fact that Germans and Russians were simultaneously pursuing it. A little naive in my view to think our slowing down would've slowed them down significantly as well. Everyone pursuing it knew it was the instant 'win' button. It was very well suspected it'd work in the scientific community long before it was actually done in the real world.


By Strunf on 3/6/2012 7:48:06 AM , Rating: 2
I don't think so... the nuclear bomb is just one practical application of nuclear physics, the potential of nuclear fission/fusion was seen years before the US even started its nuclear program, chances are it wouldn't take that many years for the Russians to make their first nuclear bomb.


RE: The logic in the article is flawed!
By TSS on 3/6/2012 9:35:01 AM , Rating: 3
...yeah the atom bomb was a little bit different, specially since you have a crazy guy who would've dropped it very first chance he got, without a world full of missiles to stop him.

Here's a better movie about stuxnet, that's been around longer.

http://www.youtube.com/watch?v=7g0pi4J8auQ

Yknow the problem of stuxnet isn't as much that it wouldn't have been created eventually. It is because it was made, and used, with internet and digital thinking still in it's infancy.

By the time we got the atom bomb, we've already had thousands of years of war, and it still nearly destroyed us. Now we've got something that can shut down the entire infrastructure of an entire country. Drop a fusion bomb on new york, and new york dissapears. Drop a stuxnet on new york that takes out powerplants, and the entire USA dissapears. While most people can't even resist clicking on a flashing cat that tells them they've won. This INCLUDES people who decide the fate of entire nations.

Just as an example, a better analogy would be like the US used an atom bomb, along with the plans and materials so the enemy can build their own, while their own defence consists of slingshots. Only this atom bomb can be dropped by anybody, anywhere, at any time. Even an individual.

While of course there are defences now against stuxnet specifically, that doesn't mean the defence against that paticular technology has gotten any better.

What has gotten much worse though are the cyber wars. Since stuxnet was released the cyber wars in the background have escalated. "Anonymous" taking down government websites? Really? The highschool i had an internship with back in 2005 ran entirely on windows, and even they had both spam and ddos protection. You *couldn't* take down anything. The server would simply refuse to patch you through.

We're fast approaching a war we've never seen before. One where people are going to die and not a single shot will be fired. Let's just hope nobody decides to actually pick up a gun or it'll only get much, much worse.


RE: The logic in the article is flawed!
By bh192012 on 3/6/2012 12:56:52 PM , Rating: 2
I think people give too much credit to the dangers of hackers. Mainly things like
quote:
Drop a stuxnet on new york that takes out powerplants, and the entire USA dissapears.
Hacking is a very specific endeavour. Like real viruses, they will hit specific systems. Hackers can jack up specific users, specific systems etc. It would be incredibly difficult to somehow hit ALL elcectrical grids in the US. They're not all based on the same software etc. At best they could take out sections at a time.


By Rukkian on 3/6/2012 1:27:42 PM , Rating: 2
Until skynet comes online and takes over all systems!


By TSS on 3/7/2012 6:02:25 PM , Rating: 3
Do you even know what a PLC is? I do, i worked with the damn things on my IT education. I never could understand why.

Because they are mainly used in traffic lights. Our end assignment was programming traffic lights for a 4 way intersection.

So i already know stuxnet could theoretically disable just about every traffic light everywhere. As long as it's hooked up to a central monitoring system or something.

But, as the real use of stuxnet showed, those things are used everywhere. Even all the way to nuclear centrifuges.

Unlike a atom bomb though, once it's built it doesn't require more materials or knowledge to build another. When you fire it, it doesn't blow up - it can be used again and again. Your enemy can pick it apart much more easily then it took you to build it.

I'm giving hackers exactly the right amount of credit. Stuxnet wasn't made by hackers. It was made by a professional contractor. Hackers *can't* make something as sophisticated as that.

It's not dangerous because it'll take alot of effort to program in a new target. It's dangerous because somebody just pulled the trigger on a really, really big gun. And now others will take up arms.....


By ZorkZork on 3/6/2012 4:29:26 PM , Rating: 2
The video you link to is too superficial and doesn’t touch the real difficulties. So how do you think they were able to hit those specific centrifuges? Guesswork? There must have been an intelligence operation to understand the exact setup of the Iranian hardware and copies of the software. This involves people on the ground or additional viruses. How you do you find 20 zero day vulnerabilities? This is not something you just find on the internet. You must search the specific systems for these vulnerabilities. This must have been a very expensive operation and writing the software was just a small part of it. There has been a massive intelligence operation before the first line of code was thought of.

Unless all powerplants use the same hardware and same software, a total attack would be very difficult. And if they use the same hardware and software, then defending them properly is a lot cheaper (economy of scale).

Unless you have loads of money and sufficient intelligence resources, then your best chance for a large scale attack is denial of service. On the other hand, the Chinese, Russian, North Korean, Iranian, Pakistani, Indian, Brazilian, French, Canadian (fill in your own nemesis) governments have vast resources available. For them a small scale attack (like Stuxnet) would be feasible. A larger scale attack would be very difficult, as you most likely would need people on the ground trying to understand the setup of each power plant. And then such an attack becomes much easier to discover and stop.


"This week I got an iPhone. This weekend I got four chargers so I can keep it charged everywhere I go and a land line so I can actually make phone calls." -- Facebook CEO Mark Zuckerberg














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki