Politics and the Stuxnet Worm: A Declaration of Cyber-War
Just read over a pretty eyebrow-raising article about the Stuxnet worm. Entitled A Declaration of Cyber-War, Michael Joseph Gross lays out what researchers have found about this virus in the past year… and speculates on the hand(s) that may have coded it.
In computer security parlance, a vulnerability in a computer application that has not been detected before is considered a Zero Day exploit.
Here’s the kicker though: in digging further, it was revealed that Stuxnet contained not just one but four Zero Day exploits – something no one else had ever seen before.
Furthering the mystery, Stuxnet seems to have been built with a very specific task in mind – it looks for programmable-logic controllers (PLCs). These PLCs are critical components that perform basic functions within factories and power plants… from mundane tasks like regulating the timing of traffic lights, all the way to the spinning of uranium centrifuges.
Centrifuges like the ones used in Iran’s nuclear program.
Further research of Stuxnet revealed that it seemed incredibly specific in its target and intent:
Gross does a very good job of explaining an incredibly complex topic, and summarizes the results of the past year really well. In addition to the technology implications of Stuxnet… Gross also goes into questions about the worm’s origins. Who created Stuxnet? Who deployed it into the wild? Given the complexity of the code… this didn’t seem like the work of a lone individual.
Another interesting and mysterious fact: Stuxnet is set to self-destruct on June 24, 2012. At that point, it will simply erase itself and disappear as though it was never there. Combined with the fact that it limits its infection rate to 3 computers suggests that the author(s) wanted to limit the overall damage.
Gross talked with Richard Clarke, former chief of counter-terrorism under Clinton and Bush, who suggests that these sorts of fail-safes point to a Western government:
The article is a fun read for conspiracy theorists and geeks… but the thing that’s striking is that Stuxnet doesn’t seem to be that far out of the question. Given what we know about the Conflicker worm, imagining a virus that is designed to target a specific facility is frighteningly easy. Given what we know about Stuxnet… imagining a virus designed by a government is just plain frightening.