CBS: U.S., Israel Opened up Cyberwarfare "Pandora's Box" with Stuxnet
March 5, 2012 5:37 PM
comment(s) - last by
Source code could be adapted to break factories, power grids, the sewage system, and other critical utilities
For as much as the U.S. is maligned for being
oft victimized by internet aggressors
-- some of whom are
mere high school age children
-- the nation is believed to have conducted one very audacious and surprising effective (to an extent) cyber black ops in history.
I. StuxNet -- The U.S.'s Most Danger Cyber "Black Op"
In June 2010, security experts found
a new type of worm
-- the phrase commonly used to refer to a self-spreading malicious computer program. They
dubbed it "Stuxnet"
But unlike most worms, which try to
accumulate a stockpile of infected machines
, or distributed denial of service purposes, Stuxnet was disinterested in doing anything malicious to most of the machines it was infecting. Rather, it just wanted to spread, inching
towards its true target
In fact, it was aimed at a very specific target in Iran -- the nation's secretive nuclear refining facilities. And after infecting over 60,000 personal computers in Iran, it reached the facilities.
The U.S. and Israeli reportedly used a computer virus to sabotage Iran's growing nuclear program -- a halfway successful effort that did wreak some havoc at Iran's processing facilities. [Image Source: CBS]
In the summer of 2010 it spun hundreds of centrifuges -- produced by German electronics giant Siemens -- to their breaking points. It was a major setback for Iran's nuclear program. Unsurprisingly Iran -- which insists that its nuclear program was intended for peaceful and not weapons-making purposes -- was
quick to lash out at "Western spies"
for the sabotage effort.
But details that have emerged since have proved that their is likely truth in those claims, as evidence points to the U.S. and Israeli jointly developing the malware, possibly with other allies.
II. Mission Success? Or a Darker Reality?
Stuxnet seemed a very effective attack -- even if the eventual implication of U.S. and Israeli involvement was a public relation setback for the alleged authors. But ultimately, it did not succeed in permanently destroying Iran's nuclear program. Today the U.S. believes that Iran not only has nuclear power -- it is thought to be
close to possessing one or more nuclear weapons
The attack failed to stop Iran's nuclear efforts. Worse yet, researchers fear the worm's source could be turned against its authors. [Image Source: TechTear]
And Iran -- the greatest tech power in the Middle East outside of Israel -- showed itself to be growing increasingly sophisticated in digital efforts,
downing a U.S. unmanned drone
in a recent high-profile embarrassment. (President Obama
requested the drone be returned
by sending toy replicas.)
And aside from not truly achieving its intended long-term effect, the decision to release Stuxnet may have much more dire consequences. The source code for the worm has recently been decompiled and is floating around on hacker sites, according to a new
report by CBS Corp. (
III. War 2.0: U.S. May See Its Own Source Code Turned Against it
In its primetime special, CBS reporters argue that releasing the worm may have been akin to Pandora of Greek mythology opening a box that let loose chaos and destruction into her world. The report states that various groups ranging from independent malicious hackers to white hat security researchers to foreign intelligence agencies are all racing to adapt the highly virulent, highly successful worm for use in new attacks.
Such attacks could destroy machinery at sewage plants, electrical grid locations, traffic signals, or other applications. Such critical infrastructure often is air-gapped, but is sensitive to connections during routine maintenance. As the air-gapping (not having a physical internet connection to the outside world) gives a traditional sense of security, these types of devices may have less robust security mechanisms, and hence be more vulnerable to mechanical or electrical overdriving.
Only time will tell whether a Stuxnet variant will come back to bite the U.S. But given
the success of
, and other hacker collectives in openly defying and attacking the U.S. government digitally, it's not infeasible to imagine such groups looking to cripple vital U.S. infrastructure in the near future. Or alternatively, hostile nations like Iran or North Korea
could return fire
, using the U.S. and Israel's own code against them.
This article is over a month old, voting and posting comments is disabled
RE: The logic in the article is flawed!
3/6/2012 4:29:26 PM
The video you link to is too superficial and doesn’t touch the real difficulties. So how do you think they were able to hit those specific centrifuges? Guesswork? There must have been an intelligence operation to understand the exact setup of the Iranian hardware and copies of the software. This involves people on the ground or additional viruses. How you do you find 20 zero day vulnerabilities? This is not something you just find on the internet. You must search the specific systems for these vulnerabilities. This must have been a very expensive operation and writing the software was just a small part of it. There has been a massive intelligence operation before the first line of code was thought of.
Unless all powerplants use the same hardware and same software, a total attack would be very difficult. And if they use the same hardware and software, then defending them properly is a lot cheaper (economy of scale).
Unless you have loads of money and sufficient intelligence resources, then your best chance for a large scale attack is denial of service. On the other hand, the Chinese, Russian, North Korean, Iranian, Pakistani, Indian, Brazilian, French, Canadian (fill in your own nemesis) governments have vast resources available. For them a small scale attack (like Stuxnet) would be feasible. A larger scale attack would be very difficult, as you most likely would need people on the ground trying to understand the setup of each power plant. And then such an attack becomes much easier to discover and stop.
"Nowadays, security guys break the Mac every single day. Every single day, they come out with a total exploit, your machine can be taken over totally. I dare anybody to do that once a month on the Windows machine." -- Bill Gates
China Continues to Gleefully Hack U.S. as Gov't Efforts Sunk by Partisanship
March 2, 2012, 1:47 PM
Iran: Yes, We Hacked the U.S.'s Drone, and Here's How We Did It
December 15, 2011, 7:00 PM
U.S. to Iran: Give Us Back Our Drone
December 13, 2011, 8:26 AM
Microsoft Airs Temporary Fix to Defeat Duqu Worm
November 4, 2011, 4:00 PM
"Devil Robber" Trojan Infects Macs, Leeches Their GPUs for Bitcoin Profit
November 1, 2011, 10:59 AM
Microsoft Co-founder Paul Allen Donates $100M to Fight Raging Ebola Epidemic
October 23, 2014, 6:05 PM
Cool Science Video of the Day: Carnivorous Leech Eats Giant Jungle Worm
October 16, 2014, 6:44 PM
Facebook CEO and Founder, Mark Zuckerberg, Donates $25M to Fight Ebola
October 14, 2014, 5:06 PM
Chagrined Over Leaks, CDC Confirms First U.S. Ebola Diagnosis in Dallas, Texas
September 30, 2014, 5:55 PM
Nail Polish May Soon be Able to Detect Date Rape Drugs
August 26, 2014, 7:57 AM
SpaceX Falcon 9-R Rocket Suffers Malfunction, Self-Destructs During Test Flight
August 23, 2014, 9:36 AM
Most Popular Articles
1 Million Credit Card Activated on Apple Pay Within 72 Hours, Walmart CEO Hopes Visa "Suffers"
October 28, 2014, 8:17 AM
Amid Theater Boycott Netflix Defiantly Plans New Movies, Plus 3 TV Shows for 2015
October 24, 2014, 7:30 PM
CVS, Rite Aid Kill Unofficial Apple Pay Support, Burn Google Wallet Users in the Process
October 25, 2014, 5:26 PM
Microsoft's Figures Show Desktop Users Flocking to Windows 10 Preview
October 27, 2014, 11:04 AM
Fitbit's $249 Surge Fitness Watch Packs 7-Day Battery Life, Two Other Models Also Air
October 27, 2014, 4:20 PM
Latest Blog Posts
Costco Gives Employees Thanksgiving Off; Wal-Mart Leads "Black Thursday" Charge
Oct 29, 2014, 9:57 PM
"Bear Selfies" Fad Could Turn Deadly, Warn Nevada Wildlife Officials
Oct 28, 2014, 12:00 PM
The Surface Mini That Was Never Released Gets "Hands On" Treatment
Sep 26, 2014, 8:22 AM
ISIS Imposes Ban on Teaching Evolution in Iraq
Sep 17, 2014, 5:22 PM
Space Terrorism is a Looming Threat For the United States
Apr 23, 2014, 7:47 PM
More Blog Posts
Copyright 2014 DailyTech LLC. -
Terms, Conditions & Privacy Information