Posted: Sat Oct 02, 2010 12:09 pm Post subject: Stuxnet - a new weapon
There's a new cyber-weapon on the block. And it's a doozy. Stuxnet, a malicious software, or malware, program was apparently first discovered in June.
Although it has appeared in India, Pakistan and Indonesia, Iran's industrial complexes - including its nuclear installations - are its main victims.
Stuxnet operates as a computer worm. It is inserted into a computer system through a USB port rather than over the Internet, and is therefore capable of infiltrating networks that are not connected to the Internet.
Hamid Alipour, deputy head of Iran's Information Technology Company, told reporters Monday that the malware operated undetected in the country's computer systems for about a year.
After it enters a network, this super-intelligent program figures out what it has penetrated and then decides whether or not to attack. The sorts of computer systems it enters are those that control critical infrastructures like power plants, refineries and other industrial targets.
Ralph Langner, a German computer security researcher who was among the first people to study Stuxnet, told various media outlets that after Stuxnet recognizes its specific target, it does something no other malware program has ever done. It takes control of the facility's SCADA (supervisory control and data acquisition system) and through it, is able to destroy the facility.
No other malware program has ever managed to move from cyberspace to the real world. And this is what makes Stuxnet so revolutionary. It is not a tool of industrial espionage. It is a weapon of war.
From what researchers have exposed so far, Stuxnet was designed to control computer systems produced by the German engineering giant Siemens. Over the past generation, Siemens engineering tools, including its industrial software, have been the backbone of Iran's industrial and military infrastructure. Siemens computer software products are widely used in Iranian electricity plants, communication systems and military bases, and in the country's Russian-built nuclear power plant at Bushehr.
The Iranian government has acknowledged a breach of the computer system at Bushehr. The plant was set to begin operating next month, but Iranian officials announced the opening would be pushed back several months due to the damage wrought by Stuxnet. On Monday, Channel 2 reported that Iran's Natanz uranium enrichment facility was also infected by Stuxnet...
...Iran has pointed an accusatory finger at the US, Israel and India. So far, most analysts are pointing their fingers at Israel. Israeli officials, like their US counterparts, are remaining silent on the subject.
While news of a debilitating attack on Iran's nuclear installations is a cause for celebration, at this point, we simply do not know enough about what has happened and what is continuing to happen at Iran's nuclear installations to make any reasoned evaluation about Stuxnet's success or failure. Indeed, The New York Times has argued that since Stuxnet worms were found in Siemens software in India, Pakistan and Indonesia as well as Iran, reporting, "The most striking aspect of the fast-spreading malicious computer program... may not have been how sophisticated it was, but rather how sloppy its creators were in letting a specifically aimed attack scatter randomly around the globe."...
ALL THAT we know for certain is that Stuxnet is a weapon and it is currently being used to wage a battle. We don't know if Israel is involved in the battle or not. And if Israel is a side in the battle, we don't know if we're winning or not.
Of course, it would have been better if it was able to hit specific targets and not spread.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You can attach files in this forum You can download files in this forum