Norton internet security explains “Stuxnet” as a computer virus which attacks industrial control systems used to power large-scale facilities like power plants. I was very interested in this week’s reading about how digital detectives deciphered Stuxnet by Kim Zetter, but as I’m not greatly familiar with a lot of the jargon used in the article I found myself lost in places. I decided to try and simplify the story in my own terms and try and come to grips with the major events in the virus’ discovery and dismantlement.

Stuxnet was first discovered in June 2010 by the anti-virus company VirusBlockAda, who found a rare “zero-day” virus (one which exploits obscure and largely unknown weaknesses on a machine to infect it) on an Iranian computer which spread via infected USBs. They reported it to other anti-virus companies who started to dismantle it, and they found that it stole the “digital certificates” (proof of a digital program’s identity and trustworthiness, which has to be formally applied for) from trusted programs to trick computers into allowing the virus to infect them.

Most anti-virus companies blocked the false certificates and moved on, but Liam O’Murch from Symantec decided to keep pursuing the virus. He found that Stuxnet was affecting mostly computers in Iran, which usually doesn’t rank highly in computer virus infections by country. They also found that the virus didn’t actually do anything to most of the computers it affected and only targeted “Seimens” brand machines, so O’Murch figured it was out for a very specific target in Iran.

Later, Ralph Lagner and his team who were experts in “Seimens” machines got involved. He proposed that the virus had links to Iran’s nuclear program. It was later discovered that the virus had in fact been targeting Iran’s Natanz nuclear plant, as the machines that Stuxnet was programmed to attack fit Natanz’s set up exactly. The virus was discovered before doing major damage, and some believe it was incomplete at its release, but it did slow down the Natanz plant’s progress somewhat. As to who was behind the virus, many people believe it was a joint creation between the United States and Israel.

Norton states that Stuxnet was both the first computer virus to be able to affect physical, real-world systems and the first to target industrial control systems – painting a bit of a terrifying picture as to what viruses might be able to achieve in the future. But as viruses become more sophisticated, as the Stuxnet case shows, so do the anti-virus detectives who stop them.

Brace Yourself

(Made on http://imgur.com/)

Full article reference:

Zetter, K 2011, ‘How Digital Detectives Deciphered Stuxnet, the Most Menacing Malware in History’, Wired, June 11, accessed 15/10/2015, http://www.wired.com/2011/07/how-digital-detectives-deciphered-stuxnet/

Advertisements