Stuxnet is World's First Cyber Super Weapon
Back in June a security firm in Belarus discovered the Stuxnet worm on the computers of some Iranian customers. Stuxnet is believed to have infected over 100,000 computers worldwide and some are speculating that the worm is aimed at disrupting Iran’s nuclear program as 60 percent of infected machines are there.
Wired reports that Stuxnet is designed to attack the Siemens Simatic WinCC SCADA system. These SCADA systems are installed in big facilities (like nuclear plants and utility companies) to manage operations. It's taken researchers three months to come to a conclusion as to what Stuxnet's creator had in mind when it was written. Experts now say that the worm is designed for sabotage and that the level of sophistication behind it suggests it may have had the support of a government or state-run organization.
Frank Rieger, chief technology officer at GSMK, told Bloomberg that the building of Stuxnet would have cost at least $3 million and taken a team of 10 programmers six months to complete.
"All the details so far to me scream that this was created by a nation-state," Rieger told Bloomberg in an interview.
Stuxnet works by infecting Windows machines and then spreads itself to additional machines via infected USB drives, searching for a way to reach the network's PLC (programmable logic controller). Stuxnet can then take control of the PLC and potentially alter the commands it sends through to machinery.
Over the weekend Iranian officials confirmed that 30,000 IP addresses in the country are infected with the malware. There has also been enormous amounts of speculation that computers at Iran's Bushehr power plant have been infected. Though the AFP cites Bushehr project manager Mahmoud Jafari as saying the virus has not caused any damage to the main systems of the plant, Jafari did say Stuxnet had been found on the personal computers of some of the staff. ComputerWorld also notes that yesterday the website of Iran's Atomic Energy Organization included a link to a story on Stuxnet that cited government officials who said "serious damage that caused damage and disablement" had been reported.
Siemens has released a detection and removal tool and advises against the use of third party USB sticks.
Version:1.0 StartHTML:0000000105 EndHTML:0000003314 StartFragment:0000002728 EndFragment:0000003278
Further Reading
I design and program industrial control systems, including a number of other SCADA systems, PLC's, and DCS's. Trust me, it's not hard to screw them up. You think software crashes are a hassle? Try working in my field were it's an accepted common occurrence (at least during development). Poorly written code, and network infrastructures open the door to any number of ways to attack a control system. For that reason they are usually completely disconnected from the internet, or other networks connected to the internet. Hence they needed a USB stick to get the virus in.
If Iran used Linux i'm sure that wouldn't have stopped the hackers. Nothing can stop them.
My thoughts exactly. Doesn't matter who threw this punch, the internet's about to explode.
LOL, that's government math for you. How much are they paying these 10 engineers such that it costs $3mil. Are they including $2.5mil overhead for all the worthless managers sitting on their thumbs all day while the programmers do the work?
Still, I don't doubt this is some sort of CIA-create worm. The U.S. is pretty blatant about their covert actions: framing the Wikilinks founder for sexual assault days after he decided to release all those pentagon papers, the Iran/Contra affair, etc.. etc...
I design and program industrial control systems, including a number of other SCADA systems, PLC's, and DCS's. Trust me, it's not hard to screw them up. You think software crashes are a hassle? Try working in my field were it's an accepted common occurrence (at least during development). Poorly written code, and network infrastructures open the door to any number of ways to attack a control system. For that reason they are usually completely disconnected from the internet, or other networks connected to the internet. Hence they needed a USB stick to get the virus in.
I thought Windows are harder to hack,
If Iran used Linux i'm sure that wouldn't have stopped the hackers. Nothing can stop them.
Although true, it's safe to say if you get a random IP, it's connected to windows in some way, so create a windows based virus. It would be logical for most computers to run windows and then the critical machines to run a random Linux Distro, if the windows machines got infect the critical machines wouldn't be infected.
The US Government needs to do a better job in hiding their secret Cyber Wormpon.
Their first target should be the security firm in Belarus.
Secondly, I always wondered why the US government does not do more cyber attacks. Terrorists use websites to boast of their conquests and communicate Jihad to others. Why can't we just disable those webservers in a targeted DoS attack?
Oh well - yet another intellgigence snafu - sad really.
I wonder how they arrived at that number? Other than paying 10 programmers 300K each for 6 months work, what significant costs could there be?
It's actually not uncommon for viruses to target specific infrastructure related PC's. However, they are normally only used for monitoring. Israel has succesfully done this a number of times, this would however, be the first attempt to disrupt operations. At least, that has been launched by a city-state/government.
As far as the whole Linux vs. Windows thing goes, nothing is perfect, and with the resources and programming power that developed Stuxnet, it would have happened to whatever OS was on the machine, so long as it was on a network with computers that could reach the internet.