Politics and the Stuxnet Worm: A Declaration of Cyber-War

April 5, 2011


Just read over a pretty eyebrow-raising article about the Stuxnet worm. Entitled A Declaration of Cyber-War, Michael Joseph Gross lays out what researchers have found about this virus in the past year… and speculates on the hand(s) that may have coded it.

In computer security parlance, a vulnerability in a computer application that has not been detected before is considered a Zero Day exploit.

In the world of computer security, a Windows zero-day vulnerability signals that the author is a pro, and discovering one is a big event. Such flaws can be exploited for a variety of nefarious purposes, and they can sell on the black market for as much as $100,000.

Here’s the kicker though: in digging further, it was revealed that Stuxnet contained not just one but four Zero Day exploits – something no one else had ever seen before.

Furthering the mystery, Stuxnet seems to have been built with a very specific task in mind – it looks for programmable-logic controllers (PLCs). These PLCs are critical components that perform basic functions within factories and power plants… from mundane tasks like regulating the timing of traffic lights, all the way to the spinning of uranium centrifuges.

Centrifuges like the ones used in Iran’s nuclear program.

Further research of Stuxnet revealed that it seemed incredibly specific in its target and intent:

Specifically, when Stuxnet finds a particular configuration of frequency-converter drives made by the Iranian company Fararo Paya and the Finnish company Vacon, the worm runs rogue code to alter the drives’ speed. If the drives were connected to centrifuges, this could damage or destroy the machines. The warhead also runs another set of code, concealing the change that it has made.

Gross does a very good job of explaining an incredibly complex topic, and summarizes the results of the past year really well. In addition to the technology implications of Stuxnet… Gross also goes into questions about the worm’s origins. Who created Stuxnet? Who deployed it into the wild? Given the complexity of the code… this didn’t seem like the work of a lone individual.

Another interesting and mysterious fact: Stuxnet is set to self-destruct on June 24, 2012. At that point, it will simply erase itself and disappear as though it was never there. Combined with the fact that it limits its infection rate to 3 computers suggests that the author(s) wanted to limit the overall damage.

Gross talked with Richard Clarke, former chief of counter-terrorism under Clinton and Bush, who suggests that these sorts of fail-safes point to a Western government:

“If a government were going to do something like this, a responsible government, then it would have to go through a bureaucracy, a clearance process,” he says. “Somewhere along the line, lawyers would say, ‘We have to prevent collateral damage,’ and the programmers would go back and add features that normally you don’t see in the hacks. And there are several of them in Stuxnet. It just says lawyers all over it.”

The article is a fun read for conspiracy theorists and geeks… but the thing that’s striking is that Stuxnet doesn’t seem to be that far out of the question. Given what we know about the Conflicker worm, imagining a virus that is designed to target a specific facility is frighteningly easy. Given what we know about Stuxnet… imagining a virus designed by a government is just plain frightening.

[CC Photo via .hj barraza]

Related:
The Enemy Within: Fascinating Article About The Conficker Computer Worm

This Post Has 0 Comments

Leave A Reply