The Stuxnet Cyber Worm or malware has infiltrated industrial computer systems worldwide. Now, cyber security sleuths say it’s a search-and-destroy weapon meant to hit a single target. One expert suggests it may be after Iran’s Bushehr nuclear power plant.
Far more advanced than mainstream malware often used for identity theft, Stuxnet is reportedly able to take over a computing system via nothing more than a rogue memory stick. Potential targets include Iran’s Bushehr nuclear plant, as well as other installations in countries where the worm was found. Bushehr, whose August start-up was delayed for unknown reasons, is viewed by much of the West as a nuclear threat, a claim Tehran consistently denies.
German security researcher Ralph Langner, CEO of Langner Communications, uses the high number of infections in Iran, and the delayed opening of the Bushehr plant to support his theory. He said – “With the forensics we now have, it is evident and provable that Stuxnet is a directed sabotage attack involving heavy insider knowledge,” he wrote. “The attack combines an awful lot of skills–just think about the multiple zero-day vulnerabilities, the stolen certificates, etc. This was assembled by a highly qualified team of experts, involving some with specific control system expertise. This is not some hacker sitting in the basement of his parents’ house. To me, it seems that the resources needed to stage this attack point to a nation state.”
The appearance of Stuxnet created a ripple of amazement among computer security experts. Too large, too encrypted, too complex to be immediately understood, it employed amazing new tricks, like taking control of a computer system without the user taking any action or clicking any button other than inserting an infected memory stick. Experts say it took a massive expenditure of time, money, and software engineering talent to identify and exploit such vulnerabilities in industrial control software systems.
US security experts agreed the wealth of resources needed to develop the malware make a nation-state the most likely culprit. “This is the first direct example of weaponised software, highly customised and designed to find a particular target,” said Michael Assante, former chief of industrial control systems cyber security research at the US Department of Energy’s Idaho National Laboratory. The worm, which so far infected over 45,000 industrial networks throughout the world without causing major damage, is a “key for a very specific lock”, Mr Langner said.
Analysis produced by Microsoft in July pinpointed Iran as the epicenter of the global infection map, leading many security experts to suspect that one of its enemies could be involved. “This will all eventually come out, and Stuxnet’s target will be known,” Mr Langner said.
“The implications of Stuxnet are very large, a lot larger than some thought at first,” Michael Assante, former security chief for the North American Electric Reliability Corp., told The Christian Science Monitor. (IDG News Service also covered the news.) “Stuxnet is a directed attack. It’s the type of threat we’ve been worried about for a long time. It means we have to move more quickly with our defenses–much more quickly.”