Monday, 27 September 2010

Cyberwar just happened...

... And as with all fantasy media panics, when it becomes a reality, they missed it and covered other things.

The Stuxnet worm is the first example of a weaponised piece of malware. It's apparent design is intended to damage a piece of physical infrastructure. No one knows quite what yet, although speculation centres on the Iranian nuclear infrastructure, since thats where it seems to be occuring most frequently.

Interestingly Iran came out today and said that although its nuclear facility computers were infected, nothing is actually exploding. Although I imagine thats what I would say if some of my nuclear reactor had just developed a terminal case of boom due to a weapon which was supposed to be nearly impossible.

The physical equivalent of this weapon would be taking an minigun, getting a crowd of a few thousand, and firing wildly into it, and killing only the person you wanted dead. The implications are staggering.

Right now most of the people who know what they're talking about think this is the work of a major organisation, for which the majority are filling in the blanks with the word "USA" or "Israel".

The problem is, what is done once is easily done again. This code is now out in the world. People who would think that causing a meltdown in a nuclear power plant is a really fun idea will try and replicate this tool. They have time, they have skill, and there is a huge networked community of people who will see this as a challenge.

The best article I've found on the topic is this one on Ars Technica, which has this to say:

Security researchers have uncovered some unexpected behaviors in a piece of malware called Stuxnet. The worm exploits a number of zero-day vulnerabilities in order to propagate itself over Windows networks, but it also targets embedded software developed by Siemens that runs in industrial equipment. The worm could be used to disrupt factories and other industrial environments.

Researchers have found that the highest concentration of Stuxnet infections is located in Iran. That discovery, coupled with the very high level of sophistication exhibited by the malware, has led some researchers to speculate that it was crafted by a major government body with the aim of disabling Iran's nuclear power plant.

Reports indicate that the worm can exploit four separate zero-day vulnerabilities in Windows, giving it substantial spreading power compared to average malware. According to Symantec researcher Liam O. Murchu, who has been analyzing the worm, it relied on command and control severs located in Malaysia and Denmark. Those servers have been disabled, but the worm has a peer-to-peer update mechanism that allows the attacker to propagate changes and new control server addresses. The update feature will make it more difficult to centrally disable the malware.

We just entered a whole new reality, and no one wants to talk about it.


No comments:

Post a Comment