How Stuxnet is Scaring the Tech World Half to Death

The Weekly Standard ^ | 9/30/2010 | Jonathan V. Last

[GVnana]

The computer worm Stuxnet broke out of the tech underworld and into the mass media this week. It’s an amazing story: Stuxnet has infected roughly 45,000 computers. Sixty percent of these machines happen to be in Iran. Which is odd. What is odder still is that Stuxnet is designed specifically to attack a computer system using software from Siemens which controls industrial facilities such as factories, oil refineries, and oh, by the way, nuclear power plants. As you might imagine, Stuxnet raises big, interesting geo-strategic questions. Did a state design it as an attack on the Iranian nuclear program? Was it a private group of vigilantes? Some combination of the two? Or something else altogether?

But it’s worth pausing to contemplate Stuxnet on its own terms, and understand why the tech nerds were so doomsday-ish about it in the first place. We should start at the beginning.

A computer worm is distinct from a virus. A virus is a piece of code which attaches itself to other programs. A worm is a program by itself, which exists on its own within a computer. A good (meaning really bad) worm must do several things quite subtly: It must find its way onto the first machine by stealth. While a resident, it must remain concealed. Then it must have another stealthy method of propagating to other computers. And finally, it must have a purpose. Stuxnet achieved all of these goals with astounding elegance.

[GVnana]

So...what's your theory?

[yesca]

It was that Lee harvey Oswald, he’s one smart bastard.

[BigFinn]

Oh come on... it’s pretty obvious and I might say rather ingenious.

[Gaffer]

Betcha it propagated via a ghosted update link for Siemens PLC equipment. IOW, hacked their update site (redirected update inquiries) and downloaded the worm along with legitimate updates taken from the real update URL. Would take a while to happen, but would get many many places if fake update emails were sent to Siemens PLC users.....check the prior emails.....

[Vermont Lt]

I agree. I sit around and listen and read people asking, “What is Isreal waiting for?”

They are not waiting.

And they got under all that rock above the labs.

This is both amusing and extremely interesting.

[Glenn]

It was just a matter of time before industrial wars were fought on the grid. My experience in the industry gives me a gut feeling that Israeli agents are the genesis of this worm. Their engineers would be considered savants in any other society.

All hail to them (unless they point it at us!).

[Gadsden1st]

Does its discovery and the resulting patches mean it is no longer a threat?

Was it discovered before it could do any harm other than the cost to remove it or install the patches to make it inactive?

[ScottinSacto]

To date, no one knows exactly what Stuxnet was doing in the Siemens PLC. “It’s looking for specific things in specific places in these PLC devices,” Digital Bond CEO Dale Peterson told PC World.

That Dale Peterson guy is everywhere now.

[668 - Neighbor of the Beast]

Stuxnet achieved all of these goals with astounding elegance.

Well, that pretty much rules out all governments as creator of Stuxnet. Start looking at gauche, bespectacled misfits in parental basements.

[ScreamingFist]

So...what's your theory?

It was written and executed by a nation. No other virus has ever had 4 zero day exploits and a rootkit of this sophistication. No other virus I have seen has a kill date built in either......2012 IIRC...

[tlb]

>>> This is both amusing and extremely interesting

Interesting definitely, amusing no.

First, consider a parallel with AIDS. It didn’t stay in Africa. Natural or digital, virus’ spread, and this is already spreading beyond Iran.

Secondly, there are countries with proficient hackers who can use this as a model and send new variants to our own systems. Iran can easily pay for this to be done, and it would cost a fraction of their nuke program.

The US is the world’s most computerized economy. We have the most to lose. This will get nasty.

[Gadsden1st]

If you wanted to destroy a system such as Iran’s nuke facility, wouldn’t it be designed to spread and activate quickly before it could be discovered and countered? Any information when it was supposed to activate? Was it based on just finding the “right” system or was a date also required?

[668 - Neighbor of the Beast]

And they got under all that rock above the labs. This is both amusing and extremely interesting.

It's sweet to believe they used their marvelous minds. As old Solly from the deli next door would have said, "Bunker busters? Watch, we'll get in there with a noodle!"

[muawiyah]

Years and years ago our office got regular visits by FBI agents interested in the comings and goings of one of our employees due to his advanced use of modems and such.

This was way back in the mid-1970s.

Seems he could call up modems at CIA's Langley headquarters and make them deliver the goods (so to speak).

I can only imagine that 35 years of R&D has improved everyone's skill levels!

[Lonesome in Massachussets]

My company made using USB thumb drives a firing offense months ago. I wonder how much security discipline the Iranians have? Middle eastern (and other IIIrd World) countries are not famous for their discipline. Remember CIA director John Deutch mishandling classified information. That’s SOP in the third world. The bosses don’t believe the rules apply to them.

[Deagle]

Wish I could say that we had a hand in it...but actually, I would expect that Israel was the culprit...thank goodness.

I just hope that this prevents the all out war that seems to be brewing between Israel and several of the other states surrounding it.

Of course, this only delays the inevitable so Israel still may have to kick their butts again...

[Gadsden1st]

The Cuckoo’s Egg by Clifford Stoll was an excellent account of early hacking.

[668 - Neighbor of the Beast]

“After the original code is no longer executed, we can expect that something will blow up soon,” Langner says somewhat dramatically. “Something big.”

That would be hilarious, if suddenly a crater were to appear in some Iranian desert and an Israeli pilot just happened to have video of it, sort of like the flotilla flick. One more Jewish media coup for Rick Sanchez to lament, LOL.

[muawiyah]

If you wanted to get control over Iran's nuclear program you'd insert a "sub system" into the OS insofar as it was resident in a computer that did very little ~ just flip a switch here or there more or less at random.

Simply changing "timing" on minor programs ought to be enough to corrupt everything.

They'd have a doggone difficult time finding such a thing. Best of all ~ if you already had your virus sub system on their backups they'd never get rid of it.

A thimble full of powdered molybdenum would be sufficient for a recurring disruption of everything. It would work by impacting ordinary electrical connections in devices, or even wall outlets. Totally undetectable.

You could import it into a facility on the bottoms of your shoes ~ a little bit every day and next thing you know the whole place is messed up.

[ElkGroveDan]

How did Stuxnet spread as far as it did?

Assuming that conventional wisdom is correct, the wide spread of Stuxnet probably also reveals which bastards are assisting or interacting with the the Iranians. I would expected that those traces have already been cached in detail and it's all been echoed back to a recoverable data drop location.

With today's electronic listening capabilities I wouldn't be surprised also if some of this mysterious code isn't set to create a unique noise pattern or other identifiable signal using the internal components of the mainframes and work stations. I've read that it's even possible to cause a monitor "sing" at a specific frequency.

I wouldn't want to be a night janitor at one of these nefarious facilities.