Wednesday, 13 October 2010

Global Stuxnet Apocalyspe

More on the Stuxnet worm, which was apparently designed to steal industrial secrets and disrupt operations  at industrial plants, using Siemens equipment has infected systems in the UK, North America and Korea, however the largest number of infections, by far, have been in Iran.

The Stuxnet worm was programmed to take advantage of a zero-day vulnerability in Microsoft Windows operating system, allowing it to spread through USB devices. Once installed on a PC, Stuxnet uses Siemens' default passwords to seek out and try to gain access to systems that run the WinCC and PCS 7 programs — so-called PLC (programmable logic controller) programs...
that are used to manage large-scale industrial systems on factory floors and in military installations and chemical and power plants.' Stuxnet has a rootkit and the capability  to stop or, in theory, re-program PLC's.

If the worm were to be used to disrupt systems at any of those locations, the results could be devastating.

Stuxnet was the first attack using Microsoft Windows  'LNK/PIF' Files Automatic File Execution Vulnerability, where the worm exploits the LNK vulnerability to load the malware automatically onto infected systems. 

Stuxnet also uses 3 other zero-day vulnerabilities to spread under various circumstances. And to make the programs look legitimate, at least two compromised code signing certificates of legitimate companies were used to sign the malicious code, getting it through other defenses.

More and more critical systems are moving from proprietary closed technologies to using more open and standardized third-party software.

Who's Behind Stuxnet? 

The Americans? The Israelis? The Chinese?

Conspiracy theorists have gone wild over this, despite the fact that Stuxnet has been lurking around since February. Many believe this latest round of attacks are a government-sponsored attack against Iran's nuclear facilities. The sophistication of the attack in its layered approach suggests a well staffed and well-funded hack-shop, more the preserve of government intelligence agencies than organised crime or terrorist groups.

In terms of hacking this ups the ante to a whole new level. The potential for targeted industrial and economic sabotage has just gone global. And reckless. Shut down or burn out a turbine or two, kill a generator or refridgeration plant, jam the conveyor belts. Yes, you could mess up your national rival's steel industry, chemical industries, car plants, just by breaking their production runs and ruining expensive raw materials, plant and equipment.

However, mess up a chemical plant you could get another Bhopal disaster; mess up a nuclear reactor - Chernobyl two. Just messing with a national power grid could kill thousands in planes, trains, cars and hospitals. Software just got seriously scary.

All the major government of the world have Cyber-warfare departments. No wonder that President Obama proposed an internet kill switch.  RC

No comments:

Post a Comment

At least try to be nice, it won't kill you...