Tuesday, October 25, 2011

Stuxnet Worm, A Cyber-Weapon Of Mass Destruction

Ralph Langer spoke at TED and gives a startling clarity into the true nature of this virus. His short presentations gives some startling insight into the Stuxnet worm, and how it achieves it’s goals in four steps.

* Infect as many computers possible, and spread.
* If lands on a target computer, drop the payload.
* The payload roots into a non windows based hardware PLC Hardware that controls valves and reports values like temp, speed etc. and reports “Good” values, while actually ignoring hi temps, and not closing valves like it should.
* After causing some slight problems, the 2nd bigger payload destroys the machine in the nuclear facility, violently and effectively.



For those who haven’t heard, Stuxnet is a Windows computer worm discovered in July 2010 that targets industrial software and equipment. It is the first known malware that sabotages very specific industrial systems, and the first to include a programmable logic controller ( PLC) rootkit. Like a fisherman throwing a net trying to catch a fish, the worm beings by spreading as far and wide as possible. Once it lands on a suitable target (like an engineer’s laptop), it drops a highly specialized malware payload (bomb) that is designed to target only Siemens Supervisory Control And Data Acquisition (SCADA) systems that are configured to control and monitor specific industrial processes.

Stuxnet infects PLCs by subverting the Step-7 software application that is used to reprogram these devices. Different versions of Stuxnet targeted five Iranian organisations, with the probable target suspected to be uranium enrichment infrastructure in Iran. Symantec noticed in August 2010 that 60% of the infected computers worldwide were in Iran.

Siemens stated on November 29 that the worm has not caused any damage to its customers, but the Iran nuclear program, which uses embargoed Siemens equipment procured clandestinely, has been damaged by Stuxnet. Kaspersky Labs concluded that the sophisticated attack could only have been conducted “with nation-state support” and it has been speculated that Israel may have been involved.

Source : http://green.cx

No comments:

Post a Comment