Pages

Search This Blog

Friday, October 1, 2010

Stuxnet raises virus stakes By Martin J Young



HUA HIN, Thailand - The term "cyber-warfare" has until recently been reserved primarily for spy novels or the corridors of clandestine government security departments. That changed in recent weeks when a nuclear installation in Iran was attacked by a piece of malicious software (malware) called Stuxnet.

The viral code has been circulating since June, but the specific targeting of this particular attack sets a precedent as the first of its kind and a new era of cyber warfare.

The Bushehr nuclear power plant, on Iran's southwest coastline, was the target of the well-orchestrated digital assault. The method of infection would probably have been via a USB memory stick (or sticks), which may have been left in strategic locations to be

 

stumbled upon by employees who would subsequently pocket the device and later plug it into their laptop or workstation.

Iranian authorities estimated that at least 30,000 computers at the reactor and owned by employees were infected. Efforts to remove the viral code were fraught with problems. "The virus is not stable, and since we started the clean-up process three new versions of it have been spreading,” said Hamid Alipour, deputy head of Iran's state run Information Technology Co.

Industrial control systems made by German company Siemens, which are widely used in Iran, were the targets of the worm, indicating that its creators had advanced knowledge of these types of systems far beyond the scope of a most information technology experts. The code is so specialized that it targets only two models of Siemens programmable logic controllers, the S7 300 and S7 400, and will execute only if it finds very specific parameters within the machine. These controllers are usually associated with the management of oil pipeline systems, electrical power grids, and nuclear power plants.

Alipour went on to state that due to the code's complexity, reach, and huge investment behind its creation it was likely to have originated from a foreign country or organization.

Writers and purveyors of malware and viruses have usually been motivated by a desire for notoriety or financial gain. Stuxnet breaks that mould by being malicious code designed as a weapon. It attacks industrial control systems and alters the code in them, allowing hackers to gain control of the physical machinery and manipulate real-world equipment. This makes the threat far more dangerous than a regular virus, which is designed to wreak havoc in cyberspace.

According to online security company Symantec, Stuxnet is sophisticated, well funded and has been created by a highly skilled team over a six-month period. There are not many groups globally that could have pulled this threat off and fingers are already being pointed.

Over the past week, security companies have been dissecting the malware code in an effort to reveal clues about its creators. Feeding conjecture that is spreading across the Internet and media are obscure biblical references discovered hidden in the code.

The word "Myrtus" offers an ephemeral reference to an Old Testament tale in the Book of Esther, depicting a story about a pre-emptive move by the Jews against a Persian plot to destroy them. The Hebrew word for myrtle, "Hadassah", was the birth name of Esther, a Jewish queen of Persia.

Other cryptic messages include the date "05091979" which refers to May 9, 1979 - the day Jewish Iranian businessman and philanthropist Habib Elghanian, who played a significant role in bringing Western technology to Iran in the 1960s and 1970s, was executed in Tehran.

The digital calling cards in the code could be red herrings designed to flummox investigators or, as many suspect, they could be confirmation of an Israeli effort to thwart Iranian nuclear ambitions.

Israel has never hidden its intentions to undermine the computer systems that manage Iran's large uranium-enrichment plant at Natanz, but the malware has also appeared in other countries, including China, India and Indonesia.

It has been reported that Iranian engineers have been struggling to control the huge centrifuges at Natanz that are required for uranium enrichment. The emergence of Stuxnet at another plant only adds to their suspicions.

Israel's secret cyberwar division, Unit 8200, has received huge resources in recent times so it is entirely possible that the Stuxnet attack on Bushehr - which does not process uranium - was a warm-up for something bigger.

Cyber warfare stakes have now moved up a level, to one that leaves it highly unlikely Iran will be able to retaliate through USB sticks and computer code.

Martin J Younghttp://www.atimes.com/atimes/Global_Economy/LJ02Dj03.html

No comments: