Just over this past year, a computer in Iran began repeatedly rebooting itself, without reason seemingly. Suspecting some type of malicious software (malware), analysts at VirusBlokAda, an antivirus-software company in Minsk, examined the misbehaving machine over the Internet and soon found that these were right. Disturbingly so: the code they extracted from the Iranian machine became a previously unknown computer virus of unprecedented size and complexity. Liam O Murchu, chief of security response for the world’s largest computer-security firm, Symantec in Mountain View, California. Stuxnet provided chilling proof that groupings or nations could release a cyberattack against a society’s essential infrastructures for water and energy.
Mikko Hypponen, chief research official for F-Secure, an antivirus company located in Helsinki. Even worse, the Stuxnet show has highlighted precisely how insufficient are society’s current defenses – and exactly how glaring is the difference in cybersecurity research. Computer-security firms are competitive in the marketplace, but they generally respond to a danger such as Stuxnet with close collaboration behind the scenes. Soon after VirusBlokAdas alert, for example, Kaspersky Lab in Moscow was dealing with Microsoft in Redmond, Washington, to look for the vulnerabilities that the computer virus was exploiting in the Windows operating system.
It was Microsoft that coined the name Stuxnet, after one of the files hidden in its code. Technically, Stuxnet was a ‘worm’, a kind of malware that can be powered by its without requiring another scheduled program to infect. Perhaps one of the most ambitious and comprehensive responses was led by Symantec, which kept O Murchu and his worldwide team of experts working on Stuxnet night and day for three months. One major center of operations was Symantec’s malware lab in Culver City, California, which works like the digital equivalent of a top-level biological containment facility.
A sign on the entranceway warns people to leave computers, USB adobe flash drives and smart phones outside: any digital camera that passes during that door, even by mistake, will stay there. In the laboratory, the team began by falling Stuxnet into a simulated networking environment so that they could safely monitor what it does.
The sheer size of the Trojan was staggering: some 15,000 lines of code, representing an estimated 10,000 person hours in software development. Weighed against every other virus seen ever, says O Murchu, “it’s a huge amount of code”. Equally striking was the style of that code. Stuxnet took advantage of two digital certificates of authenticity stolen from respected companies and exploited four different ‘zero-day vulnerabilities’ – previously unidentified security holes in Windows that were wide open for hackers to use. Then there is the virus’s behavior.
O Murchu. Especially, Stuxnet was wanting to speak to the programmable logic controllers (PLCs) that are used to direct industrial machinery. Many industrial control systems are never connected to the Internet, exactly to protect them from malware and hostile takeover. That led to another aspect of Stuxnet’s sophistication. Like the majority of other malware, it could spread more than a network.
But it might also covertly install itself on the USB drive. So all it would take was one operator plugging a contaminated memory space stick into a control-system computer unknowingly, and the disease could explode into actions (see ‘How a Trojan can cripple a nation’). It still wasn’t clear what Stuxnet was supposed to do to the Siemens software. The apparent inference was that the virus had deliberately been directed against Iran, for reasons up to now unknown. However the Symantec investigators couldn’t go much further by themselves. They were proficient in computer systems, and networking extremely, but like most malware-protection teams, that they had little if any experience in PLCs or SCADA systems. Ralph Langner, a control-system security consultant in Hamburg, Germany.
- Come up with a naming strategy
- 10 Things (OK, 9) To Love About Telecommuting
- Now Enjoy CPAGreen Dashboard
- Shares on Twitter
Langner independently required it upon himself to fill up that difference. Over the summer, he and his team began working Stuxnet in a laboratory environment equipped with Siemens software and commercial control systems, and viewing how the disease interacted with PLCs. Those PLC results allowed Langner to infer that Stuxnet was a directed strike, searching for specific hardware and software. In mid-September 2010, he announced on his blog that the suspicion was supported by the data that Stuxnet have been intentionally aimed against Iran. The probably target, he believed then, was the Bushehr nuclear power plant. Speculative though Langner’s statements were, the mass news media quickly found with them and spread the expressed phrase of a targeted cyberweapon.
True, the evidence is circumstantial at best. Ivanka Barszashka, a Bulgarian physicist who examined Iranian centrifuge performance while she was dealing with the Federation of American Scientists in Washington DC. Moreover, the Iranian government has rejected that Stuxnet demolished many centrifuges at Natanz officially, though it will acknowledge that the infection is popular in the nationwide country.
And IAEA inspection reviews from past due 2010 inform you that any damage was at most a temporary setback: Iran’s enrichment capacity is greater than ever. However, if Natanz was the prospective, that will suggest an answer to the secret of who created Stuxnet and why. Given the data required including expertise in malware, industrial security, and the specific types and configurations of the commercial equipment being targeted – most Stuxnet investigators concluded early on that the perpetrators were supported by the authorities.