Thursday, September 16, 2010

The Stuxnet Worm: Weaponized 'Net?


The Stuxnet worm is a "groundbreaking" piece of malware so devious in its use of unpatched vulnerabilities, so sophisticated in its multipronged approach, that the security researchers who tore it apart believe it may be the work of state-backed professionals.

"It's amazing, really, the resources that went into this worm," said Liam O Murchu, manager of operations with Symantec's security response team.

"I'd call it groundbreaking," said Roel Schouwenberg, a senior antivirus researcher at Kaspersky Lab. In comparison, other notable attacks, like the one dubbed Aurora that hacked Google's network and those of dozens of other major companies, were child's play.

Why a weapon? Simple.

Stuxnet, which was first reported in mid-June by VirusBlokAda, a little-known security firm based in Belarus, gained notoriety a month later when Microsoft confirmed that the worm was actively targeting Windows PCs that managed large-scale industrial-control systems in manufacturing and utility firms.

SCADA systems control petroleum and nat-gas pipelines, electrical grids....all you need to shut off the economy in one easy step. And SCADA systems are notoriously unsecure.

It is noteworthy that Iranian PCs were the first targets. But not the last ones.

Unbeknownst to Microsoft, it had plugged just one of four zero-day vulnerabilities that Stuxnet used to gain access to a company's network, then seek out and infect the specific machines that managed SCADA systems controlled by software from German electronics giant Siemens.

There's a helluvalotta Siemens equipment used all over the world.

...So scary, so thorough was the reconnaissance, so complex the job, so sneaky the attack, that both O Murchu or Schouwenberg believe it couldn't be the work of even an advanced cybercrime gang.

"I don't think it was a private group," said O Murchu. "They weren't just after information, so a competitor is out. They wanted to reprogram the PLCs and operate the machinery in a way unintended by the real operators. That points to something more than industrial espionage."

There are bad guys out there.

No comments: