Sep 23, 2010 6 Comments ›› Pat Dollard
A destructive cyber worm designed to bring down industrial complexes has Iran’s new nuclear power plant in its sights. And a nation such as Israel or China — or even the United States — could be behind it, experts say.
The “Stuxnet” worm sparked both awe and alarm among digital security experts when first identified in June. Far more advanced than the mainstream malware often used for identity theft, Stuxnet is reportedly able to take over a computing system via nothing more than a USB memory stick, without any user intervention.
“This is the first direct example of weaponized software, highly customized and designed to find a particular target,” said Michael Assante, former chief of industrial control systems cyber security research at the U.S. Department of Energy’s Idaho National Laboratory.
Stuxnet targets industrial control systems, such as those that power Iran’s Bushehr nuclear plant. And some experts speculate that it was written by a nation explicitly to take out Bushehr. But Sanjay Bavisi, president of the international cybersecurity research group EC-Council, thinks it’s too early to be certain.
“It’s too soon to rule out the power of the hacking underground” or terrorists, Bavisi told FoxNews.com. “Yes, the first impression is nation-states, organized states, and it points back to the U.S. and Israel,” two of the most cyber-savvy countries. “But organized criminals have the power, and hackers for hire are very common too,” he said.
Other experts disagree, noting that the worm has infected over 45,000 industrial networks throughout the world without causing major damage. Stuxnet is a “key for a very specific lock. In fact, there is only one lock in the world that it will open,” said Ralph Langner, a German cyber security researcher in an interview with The Christian Science Monitor.
“The whole attack is not at all about stealing data but about manipulation of a specific industrial process at a specific moment in time,” he explained. Once resident inside a system, Stuxnet simply waits, checking every five seconds to see if its target parameters are met. Once they are, it triggers a sequence — the code DEADF007 — that forces the network’s industrial process to self-destruct.
But if it was designed just to attack nuclear power plants, why has it hit so many other systems, Bavisi asked. When security firm Symantec first uncovered the worm, it found that only 60 percent of the systems compromised were in Iran, and the worm has already spread to India as well. “If you’re going to blow up a target, you blow up a target,” he said.
Bavisi nevertheless agrees with other experts that a country was probably behind the attack — and while scary, its the implications for the future that startle him more. Bavisi frets about a future where anyone with the funds will be able to buy an attack like this on the black market.
“That is now a valid concern,” Langer agreed.
“Anyone with the right amount of money and connections could buy ” such a cyber weapon, Bavisi said. His concern: Nation-states have a certain degree of responsibility only to use these weapons in times of war — with responsibility in other words. “If this kind of knowledge and sophistication were in in the hands of organized criminals â€¦.”
“We’re looking at a new era of weaponized cyberattacks. This is only the beginning of this thing,” Bavisi said.