The Stuxnet malware story
I came across an excellent story by Ars Technica on the Stuxnet malware. It’s well worth the read as it goes into detail on how the virus originated, how it was analyzed and how security researchers got to the bottom of what it had been designed to do.
Stuxnet is a piece of malware allegedly designed to infect Iran’s nuclear facilities’ systems and damage the centrifuges where uranium enrichment was taking place.
It’s an intriguing story on what people can achieve when they launch targeted cyber attacks on their victims. The Stuxnet malware was quite sophisticated; using obfuscation techniques to avoid detection and reverse engineering, multiple zero-day exploits to help it spread and infect new machines, as well as having a malicious payload targeting specific hardware (the centrifuges). The Stuxnet malware also used stolen digital certificates from two companies, Realtek and JMicron Technologies, to trick the system into accepting it as a genuine piece of software.
The Stuxnet malware was designed to use programmable logic controllers that altered the way the centrifuges worked, allegedly induce stress and, finally leading to a breakdown in the system. By altering the frequency of the centrifuges, the virus forced the centrifuges to rotate at maximum speed for brief periods of time, then at normal speed, and then at the slowest possible speed before rotating against at normal speed again. This occurred only when the hardware met particular specifications.
This story shows how malware can be designed to cause serious damage to a targeted system or organization. Stuxnet hijacked the application controlling the programmable logic controls in such a way that the physical changes to the hardware were made but they would not be noticed by staff checking the system’s operational parameters.
It is unlikely that such complex malware would be engineered to attack non-high profile targets but it’s a great insight into the brains behind malware designers and how their work evolves and hits targets with surgical precision.
Very scary stuff when you start realizing that malware can be cleverly exploited to create physical property damage. Really escalates the need for proper security not just in your home but in your country’s government facilities. Think about all the high profile defense contractors and labs that have been hit recently, and it makes you wonder if they were merely after just data or trying to set these kinds of programs in place to do more direct damage.
Its impossible to say what the motivation of an attacker might be. However it is safe to say no matter what they intend to achieve it’s in the business’s best interest to prevent the attacker from succeeding.
Search and destroy – this has been the unofficial slogan of Stuxnet malwares. Some IT security experts even even coined the term “cyber super weapon” to mean the purpose of Stuxnet. And they were right. I remembered last year when this malware made headlines because of the Bushehr nuclear plant incident. Even the US’ Department of National Defense and Department of State were involved just to sort things out.
Stuxnet is also one of the most powerful malwares (if not the most). It has the capability to infiltrate and attack physical targets such buildings and nuclear power plants. It’s the only malware most effective against cyber warfare.
This is a very sophisticated piece of virus because it goes through all levels till it reaches the hardware itself. There are some other viruses like this targeted at PCs but right now I can’t remember their names. It’s really scary what happens when such a virus gets inside a nuclear power plant, a hospital or any other place where it can literally kill people.
Stuxnet malware is just an evolution of a simple computer virus back in the early 1990s. Technically speaking, it’s like all types of malware in that it infiltrates, attacks, and harms computers. Stuxnet just became famous because it was used to attack one of US’ most hated enemies – Iran.
At that time, this country was branded by former President Bush as forming the “Axis of Evil”. And when Stuxnet became involved in the Bushehr nuclear plant incident, many IT security experts begun to notice and elevated it from the rest of the malwares. And then it was labelled as “cyber super weapon”.
Today, Stuxnet is constantly evolving. More powerful and destructive that its predecessors.