A Quiet Cyber War
Is there a quiet cyberwar going on and we are just starting to notice it?
There are science fiction stories about it: a genetically-engineered pathogen specifically tailored to attack a single individual. We may have encountered its real life equivalent and its name may be “Stuxnet”.
Earlier this year a very unusual and sophisticated piece of malware was discovered and given the name “Stuxnet”. Stuxnet attacks industrial control systems and has the ability to infect and reprogram programmable logic controllers. To date most of the instances of Stuxnet that have been discovered have been in Iran, Pakistan, India, and Germany.
There’s a fascinating article in the Christian Science Monitor about some informed speculation about Stuxnet:
One researcher’s findings, outlined on his website Monday, reveals a key step in the Stuxnet attack that other researchers agree illustrates its destructive purpose. That step, which Langner calls “fingerprinting,” qualifies Stuxnet as a targeted weapon, he says.
Langner zeroes in on Stuxnet’s ability to “fingerprint” the computer system it infiltrates to determine whether it is the precise machine the attack-ware is looking to destroy. If not, it leaves the industrial computer alone. It is this digital fingerprinting of the control systems that shows Stuxnet to be not spyware, but rather attackware meant to destroy, Langner says.
Stuxnet’s ability to autonomously and without human assistance discriminate among industrial computer systems is telling. It means, says Langner, that it is looking for one specific place and time to attack one specific factory or power plant in the entire world.
“Stuxnet is the key for a very specific lock – in fact, there is only one lock in the world that it will open,” Langner says in an interview. “The whole attack is not at all about stealing data but about manipulation of a specific industrial process at a specific moment in time. This is not generic. It is about destroying that process.”
So far, Stuxnet has infected at least 45,000 industrial control systems around the world, without blowing them up – although some victims in North America have experienced some serious computer problems, Eric Byres, a Canadian expert, told the Monitor. Most of the victim computers, however, are in Iran, Pakistan, India, and Indonesia. Some systems have been hit in Germany, Canada, and the US, too. Once a system is infected, Stuxnet simply sits and waits – checking every five seconds to see if its exact parameters are met on the system. When they are, Stuxnet is programmed to activate a sequence that will cause the industrial process to self-destruct, Langner says.
There are plenty of fascinating contingencies discussed in the article. Stuxnet may have been created by a government. Stuxnet may already have discovered and destroyed its target. The target may have been Iran’s Bushehr nuclear plant. That could be a potential explanation for the problems that have been reported there.
Or Stuxnet may still be looking for its target.