Analyst's note: If you operate a personal computer with a Microsoft operating system or operate supervisory control and data acquisition (SCADA) software used to run chemical plants and factories as well as electric power plants and transmission systems worldwide. or use anything resulting from or impacted by these systems just described, then this article is for you.
'The reality is that these SCADA systems were never designed for cybersecurity in mind and today they are being openly connected to the outside world even though many vendors are advising against this level of connectivity,'
This story is about a "military-grade, cyber missile" known to be aimed at destroying an industrial process. This malware first surfaced in June 2010, reported in July 2010 and has been investigated ever since. It goes by the name of Stuxnet and has infected at least 45,000 industrial control systems around the world. Although it includes computers in the United States, Germany and Canada, most computers are said to be in Iran, Pakistan, India, and Indonesia.
It is tough trying to describe something that was once thought to be impossible -- something that has at least 5,000 functions (only one is presently understood) and multiple investigating organizations have no idea what it is after. The ultimate suspected target is Iran's Bushehr nuclear power plant.
Yeeee Haaaaaa!!! This malware needs no human intervention other than to insert an infected USB drive. It apparently uses "fingerprinting" as a part of the assured targeting process which is intended to destroy rather than to manipulate data or steal it. If your system doesn't fit the fingerprint it is looking for, then Stuxnet leaves you alone. Otherwise some vital system is overridden or shut down and something physically really bad happens within the industrial process -- say a nuclear power plant -- to physically destroy it.
Once infected, it polls every five seconds and destroys only if specific parameters or "fingerprints" are met. Investigators have reason to believe that Stuxnet (with at least one known variant) was likely spread by a thumb drive used by a Russian contractor while building the Bushehr nuclear plant.
I especially liked the premise of a recent Washington Post article, On Red Alert and Perilously Uniformed by David Ignatius. This stunning new situation we are addressing here regarding Stuxnet should cause the U.S. to step up efforts to define cyberwarfare and its impact on the laws of war as well as to protect the supply chains of our critical industries. We might even find the nerve to face the hideous enemy that is the jihadist. They will eventually learn to use such a weapon as Stuxnet and we'd best be prepared sooner than later.
I also recommend an internal search on this site (CSIA Report) on the term "SCADA" Here is but an summary of the article. Please click on the title and carefully read the full item.
Related articles:Cyber security experts say they have identified the world's first known cyber super weapon designed specifically to destroy a real-world target – a factory, a refinery, or just maybe a nuclear power plant.
The cyber worm, called Stuxnet, has been the object of intense study since its detection in June.
[....] The appearance of Stuxnet created a ripple of amazement among computer security experts. Too large, too encrypted, too complex to be immediately understood, it employed amazing new tricks, like taking control of a computer system without the user taking any action or clicking any button other than inserting an infected memory stick. Experts say it took a massive expenditure of time, money, and software engineering talent to identify and exploit such vulnerabilities in industrial control software systems.[....] "Until a few days ago, people did not believe a directed attack like this was possible," Ralph Langner, a German cyber-security researcher, told the Monitor in an interview. He was slated to present his findings at a conference of industrial control system security experts Tuesday in Rockville, Md. "What Stuxnet represents is a future in which people with the funds will be able to buy an attack like this on the black market. This is now a valid concern."
[....] "Stuxnet is a 100-percent-directed cyber attack aimed at destroying an industrial process in the physical world," says Langner, who last week became the first to publicly detail Stuxnet's destructive purpose and its authors' malicious intent. "This is not about espionage, as some have said. This is a 100 percent sabotage attack."
[....] "If Bushehr wasn't the target and it starts up in a few months, well, I was wrong. But somewhere out there, Stuxnet has found its target. We can be fairly certain of that."
