Stuxnet is World's First Cyber Super Weapon

Back in June a security firm in Belarus discovered the Stuxnet worm on the computers of some Iranian customers. Stuxnet is believed to have infected over 100,000 computers worldwide and some are speculating that the worm is aimed at disrupting Iran’s nuclear program as 60 percent of infected machines are there.

Wired reports that Stuxnet is designed to attack the Siemens Simatic WinCC SCADA system. These SCADA systems are installed in big facilities (like nuclear plants and utility companies) to manage operations. It's taken researchers three months to come to a conclusion as to what Stuxnet's creator had in mind when it was written. Experts now say that the worm is designed for sabotage and that the level of sophistication behind it suggests it may have had the support of a government or state-run organization.

Frank Rieger, chief technology officer at GSMK, told Bloomberg that the building of Stuxnet would have cost at least $3 million and taken a team of 10 programmers six months to complete.

"All the details so far to me scream that this was created by a nation-state," Rieger told Bloomberg in an interview.

Stuxnet works by infecting Windows machines and then spreads itself to additional machines via infected USB drives, searching for a way to reach the network's PLC (programmable logic controller). Stuxnet can then take control of the PLC and potentially alter the commands it sends through to machinery.

Over the weekend Iranian officials confirmed that 30,000 IP addresses in the country are infected with the malware. There has also been enormous amounts of speculation that computers at Iran's Bushehr power plant have been infected. Though the AFP cites Bushehr project manager Mahmoud Jafari as saying the virus has not caused any damage to the main systems of the plant, Jafari did say Stuxnet had been found on the personal computers of some of the staff. ComputerWorld also notes that yesterday the website of Iran's Atomic Energy Organization included a link to a story on Stuxnet that cited government officials who said "serious damage that caused damage and disablement" had been reported.

Siemens has released a detection and removal tool and advises against the use of third party USB sticks.

Version:1.0 StartHTML:0000000105 EndHTML:0000003314 StartFragment:0000002728 EndFragment:0000003278

Further Reading

Create a new thread in the Streaming Video & TVs forum about this subject
This thread is closed for comments
55 comments
    Your comment
    Top Comments
  • JasonAkkerman
    LOL @ $3 million dollars, 10 programmer, and six months...

    I design and program industrial control systems, including a number of other SCADA systems, PLC's, and DCS's. Trust me, it's not hard to screw them up. You think software crashes are a hassle? Try working in my field were it's an accepted common occurrence (at least during development). Poorly written code, and network infrastructures open the door to any number of ways to attack a control system. For that reason they are usually completely disconnected from the internet, or other networks connected to the internet. Hence they needed a USB stick to get the virus in.
    24
  • COLGeek
    This is only the beginning of where cyber-warfare will go. Easy to escalate. Hard (as in impossible) to completely stop. This will get weird and painful as a result of unintended consequences.
    23
  • Trueno07
    wymer100Another reason not to use Windows, especially for critical functions.


    If Iran used Linux i'm sure that wouldn't have stopped the hackers. Nothing can stop them.
    19
  • Other Comments
  • wymer100
    Another reason not to use Windows, especially for critical functions.
    -24
  • COLGeek
    This is only the beginning of where cyber-warfare will go. Easy to escalate. Hard (as in impossible) to completely stop. This will get weird and painful as a result of unintended consequences.
    23
  • Nightsilver
    COLGeekThis is only the beginning of where cyber-warfare will go. Easy to escalate. Hard (as in impossible) to completely stop. This will get weird and painful as a result of unintended consequences.


    My thoughts exactly. Doesn't matter who threw this punch, the internet's about to explode.
    12