Stuxnet is a computer worm that targets industrial control systems that are used to monitor and control large scale industrial facilities like power plants, dams, waste processing systems and similar operations. It allows the attackers to take control of these systems without the operators knowing. This is the first attack we’ve seen that allows hackers to manipulate real-world equipment, which makes it very dangerous.
The worm is made up of complex computer code that requires lots of different skills to put it together. Symantec security experts estimate it took five to ten people to work on this project for six months. In addition, knowledge of industrial control systems was needed along with access to such systems to do quality assurance testing; again indicating that this was a highly organized and well-funded project.
A peep into its history-
Recognition of such threats exploded in June 2010 with the discovery of Stuxnet, a 500-kilobyte computer worm that infected the software of at least 14 industrial sites in Iran, including a uranium-enrichment plant. Although a computer virus relies on an unwitting victim to install it, a worm spreads on its own, often over a computer network.
This worm was an unprecedentedly masterful and malicious piece of code that attacked in three phases. First, it targeted Microsoft Windows machines and networks, repeatedly replicating itself. Then it sought out Siemens Step7 software, which is also Windows-based and used to program industrial control systems that operate equipment, such as centrifuges. Finally, it compromised the programmable logic controllers. The worm’s authors could thus spy on the industrial systems and even cause the fast-spinning centrifuges to tear themselves apart, unbeknownst to the human operators at the plant.
Widespread of the Virus-Working
Stuxnet could spread stealthily between computers running Windows—even those not connected to the Internet. If a worker stuck a USB thumb drive into an infected machine, Stuxnet could, well, worm its way onto it, then spread onto the next machine that read that USB drive. Because someone could unsuspectingly infect a machine this way, letting the worm proliferate over local area networks, experts feared that the malware had perhaps gone wild across the world. In October 2012, U.S. defence secretary Leon Panetta warned that the United States was vulnerable to a “cyber Pearl Harbour” that could derail trains, poison water supplies, and cripple power grids.
The next month, Chevron confirmed the speculation by becoming the first U.S. corporation to admit that Stuxnet had spread across its machines. Although the authors of Stuxnet haven’t been officially identified, the size and sophistication of the worm have led experts to believe that it could have been created only with the sponsorship of a nation-state, and although no one’s owned up to it, leaks to the press from officials in the United States and Israel strongly suggest that those two countries did the deed.
Discoverer of the virus-
Roel Schouwenberg, of Kaspersky Lab, helped unravel Stuxnet.
After discovering a computer virus on his own, the 14-year-old Schouwenberg contacted Kaspersky Lab, one of the leading antivirus companies. Such companies are judged in part on how many viruses they are first to detect, and Kaspersky was considered among the best. But with its success came controversy. Some accused Kaspersky of having ties with the Russian government—accusations the company has denied.
Flame and Stuxnet Interconnection–
At first, Flame and Stuxnet had been considered totally independent, but now the researchers realized that Flame was actually a precursor to Stuxnet that had somehow gone undetected.Flame was 20 megabytes in total, or some 40 times as big as Stuxnet.
While Stuxnet was meant to destroy things, Flame’s purpose was merely to spy on people. Spread over USB sticks, it could infect printers shared over the same network. Once Flame had compromised a machine, it could stealthily search for keywords on top-secret PDF files, then make and transmit a summary of the document—all without being detected. Flame could exchange data with any Bluetooth-enabled device. In fact, the attackers could steal information or install other malware not only within Bluetooth’s standard 30-meter range but also farther out. A “Bluetooth rifle”—a directional antenna linked to a Bluetooth-enabled computer, plans for which are readily available online could do the job from nearly 2 kilometres away.
A key to protecting your ICS from a potential “Son-of-Stuxnet” is to examine all possible infection pathways, not just a single pathway such as a USB key. Develop strategies for discovering, documenting and mitigating ALL transfer of electronic information, regardless of the technology or form of the transfer. It is likely that even with strong mitigation, infection will occur. Be ready by installing ICS-appropriate detection and security technologies. Look beyond traditional firewalls to firewalls that are capable of deep packet inspections of key SCADA and ICS protocols. And, focus on securing last-line-of-defence critical systems, particularly safety-integrated-systems (SIS).Stuxnet has changed the threat landscape by showing that control systems are now the target of sophisticated attacks.