Saturday, September 25, 2010

The first cyberwarfare attack?

An exceptionally sophisticated piece of malware designed to attack programs used in critical infrastructure and other facilities garnered extensive attention among computer security experts this week as new details about its design and capabilities emerge, along with speculation it was aimed at disrupting Iran’s nuclear program. ...

The Stuxnet worm, which was discovered in June and has infected more than 100,000 computer systems worldwide, is designed to attack the Siemens Simatic WinCC SCADA system. SCADA systems, short for “supervisory control and data acquisition,” are programs installed in pipelines, nuclear plants, utility companies and manufacturing facilities to manage operations.

But even more intriguingly, researchers say the worm is designed to attack a very particular configuration of the Simatic SCADA software, indicating the malware writers had a specific facility or facilities in mind for their attack and had extensive knowledge of the system they were targeting. Although it’s not known what system was targeted, once on the targeted system, the worm was designed to install additional malware, possibly with the purpose of destroying the system and creating real-world explosions in the facility where it ran. ...

Frank Rieger, chief technology officer at Berlin security firm GSMK, thinks it more likely the target in Iran was a nuclear facility in Natanz. The Bushehr reactor is designed to develop non–weapons-grade atomic energy, while the Natanz facility, a centrifuge plant, is designed to enrich uranium and presents a greater risk for producing nuclear weapons. Rieger backs this claim with a number of seeming coincidences.

The Stuxnet malware appears to have begun infecting systems in January 2009. In July of that year, the secret-spilling site WikiLeaks posted an announcement saying that an anonymous source had disclosed that a “serious” nuclear incident had recently occurred at Natanz. ...

Statistics from 2009 show that the number of enriched centrifuges operational in Iran mysteriously declined from about 4,700 to about 3,900 beginning around the time the nuclear incident WikiLeaks mentioned would have occurred. ...

If Iran was the target, the United States or Israel are suspected as the likely perpetrators — both have the skill and resources to produce complicated malware such as Stuxnet. ...

Last year, an article published by Ynetnews.com, a web site connected to the Israeli newspaper Yediot Ahronot, quoted a former Israeli cabinet member saying the Israeli government determined long ago that a cyber attack involving the insertion of targeted computer malware was the only viable way to halt Iran’s nuclear program.
--Kim Zetter, Wired, on the future of warfare arriving

No comments: