Tag Archive: stuxnet

Stuxnet presentation

I have finally got around to uploading the PowerPoint presentation that I gave at the ISSA Ireland Conference in Dublin at the beginning of the month. Sorry it took so long!

You can get it here.


ITV “Cyber Wars” programme

There was a programme on ITV last night, entitled “Cyber Wars”, which is unfortunate, as it was primarily about people being scammed, wireless networks being compromised and identity theft.

STUXNET was mentioned and to the possibility of the Internet becoming a battlefield. It’s worth a watch, but it is a bit cringeworthy.


Information Warfare

One of the course books I had way back when I was doing my MSc in Information Security at Royal Holloway was entitled “Information Warfare and Security“, and written by Dorothy Denning. It was an interesting book and got me thinking about the use of the Internet for military purposes and how the pervasiveness of the Internet could impact society if it were to be attacked.

The book was written in 1998 and a lot has changed since then; I was still using a 28kbps dialup modem and the communications course on my Computer Science degree focused a lot on ATM packet transmission. But the fundamental issues were already there.

The film WarGames was the first that addressed the issue of the possibility of hacking military systems but the most vulnerable networks now are civilian, those run by organisations that provide utilities and services to the general population, power and water for example. Given that private companies generally don’t spend as much on information security as governments, there is a risk that they haven’t spent enough. And people are being targeted with sophisticated Trojans whose purpose is unclear.

So, as a country whose critical infrastructure is under attack, how do you:

  1. Determine where the attack is coming from
  2. Determine whether it is state-sponsored or the work of “hacktivists”
  3. Decide what to do in retaliation, if anything

At what point does a cyber-war escalate into a physical one?

I realise that there are plenty of studies around the globe looking at these issues. I am not sure that there has been any final agreement about the implications of declaring Internet war nor under what circumstances. I do know, however, that many countries are developing their cyber warfare capabilities.

STUXNET: Updated

Just a short post to report that Iran has admitted that some malicious software did, in fact, interfere with its uranium enrichment programme, which I would assume implies STUXNET. If it hadn’t spread so widely, it’s debatable whether it would have been noticed.

I have more about this in my previous post.

A news item that keeps bubbling up in the information security world is about STUXNET, a malicious piece of software that was originally said to target nuclear reactors in Iran. This might seem a bit odd, as most malicious software is pretty random, infecting anything it comes across. This malware seems to have had a very particular purpose.

It has been well known since its discovery that STUXNET targeted SCADA (Supervisor Control and Data Acquisition) systems, which are used in industrial process control environments, essentially providing electro-mechanical control over a logical network, be that the Internet or via a dial-up modem. SCADA systems are used all over the place, controlling sluice gates, traffic lights and in nuclear reactors. In general, these systems are kept as far away from public networks as possible, to prevent the infection of the networks they reside on, as the results can often be catastrophic.

However, an article in The Register, referencing a Symantec blog, detailed that this malware was even more specifically targeted. In summary, the article explains how STUXNET was aimed at frequency converter drives made by Fararo Paya of Iran and Vacon of Finland, both, presumably, used in the Iranian nuclear programme. Not only that, but only those drives that operate at very high speeds, between 807 Hz and 1210 Hz. It also had the capability to spread via USB sticks, thereby not being dependent on an accessible process control network.

The code reveals that the malware would change the output of the drives, intermittently, over a period of months, thereby disrupting whatever they were controlling, albeit subtly. Interestingly, this type of equipment has export restrictions placed on it by the US as they can be used in the centrifuges that enrich uranium.

One has to assume that the purpose of the malware was to sabotage the Iranian uranium enrichment programme in such a way as to not be discovered.

The reason it got discovered was that it was too successful. Tens of thousands of systems across the world have been infected by STUXNET, notably in Indonesia.

Given the level of targeting and pre-requisite knowledge of uranium enrichment, was this written by the regular clan of virus writers, whose main aim is quick profit? Unlikely.

%d bloggers like this: