Thursday, October 7, 2010

Stuxnet

whats this Stuxnet?
Its a sort of computer virus or worm which controls the physical devie, sounds of interesting but very dangerous.

Once within a network -- initially delivered via an infected USB device -- Stuxnet used the EoP vulnerabilities to gain administrative access to other PCs, sought out systems running the WinCC and PCS 7 SCADA management programs, hijacked them by exploiting either the print spooler or MS08-067 bugs, then tried the default Siemens passwords to commandeer the SCADA software.They could then reprogram the so-called PLC (programmable logic control) software to give machinery new instructions.Stuxnet could actually use four zero-day vulnerabilities to gain access to corporate networks. Once it had access to a network, it would seek out and infect the specific machines that managed SCADA systems controlled by software from German electronics giant Siemens.

Liam o'murchu of symantec on his papers explain like this:
Stuxnet is the first publicly known worm to target industrial control systems, often generically referred to as SCADA systems. Not only did Stuxnet include malicious STL (Statement List) code, an assembly-like programming language, which is used to control industrial control systems, it included the first ever PLC (programmable logic controller) rootkit hiding the STL code. It also included a zero-day vulnerability to spread via USB drives, a Windows rootkit to hide its Windows binary components, and it signed its files with certificates stolen from other unrelated third-party companies. All of these characteristics are noteworthy in their own right, however when they all converge within one threat it is clear that there is a special force at work.
Why it is dangerous?
Check out this video:


To prove the possibilities, O Murchu set up a basic air pump, controlled by a Siemens system, on the stage in front of him. The pump delivered a timed burst of air into a balloon, which inflated slowly. O'Murchu then infected the system with Stuxnet, pressed a button. The pump pumped, but did not stop. The balloon went on inflating till it burst.Now the problem is that if the Stuxnet affected computers are used in Nuclear Plant it will cause a huge problem and losses.

who are the targets?
 Probably nuclear plants, in this case as the statistics(nearly 60% of all infected PCs world wide were found in Iran) suggests that Stuxnet was found more in Iran than any other country.The possible aim of the creator of Stuxnet was to stop/destroy/control Iran's nuclear plant.India is also in top of the list of most affected countries along with Indonesia,China and Malaysia.

Conspiracy or just another game ?
The necessary resources, and the money to finance the attack, puts it out the realm of a private hacking team, O Murchu said.


When Stuxnet succeed, it leaves a number imprinted on its new host: 19790509. That number, Mr O Murchu says, seems to be a date – May 9, 1979.That day anything would have happened but search on Wikipedia reveals the following  "On May 9, 1979, Elghanian was executed by a firing squad in Tehran sending shock waves through the closely knit Iranian Jewish community. He was the first Jew and one of the first civilians to be executed by the new Islamic government". Who was the Elghanian?  he was the first Iranian Jew to be hanged for spying by the new Islamic Republic. is this the work of Isreal to undermine Iran's nuclear quest?
There are many reasons to suspect Israel’s involvement in Stuxnet. Intelligence is the single largest section of its military and the unit devoted to signal, electronic and computer network intelligence, known as Unit 8200, is the largest group within intelligence.


Computer security researchers  discovery of a trace of a keyword in Stuxnet's instructions: Myrtus. Myrtus, or Myrtle, in Hebrew becomes Hadassah, and Hadassah was the birth-name of Esther, the Jewish biblical heroine married to a king of Persia. Esther discovered that a courtier was plotting the murder of all of Persia's Jews, and persuaded her husband to allow them to rise up pre-emptively to slaughter their assailants.will it leads to the creator of  Stuxnet?

Cyberwar all around the world
Telegraph website which quoted Forbes blog mentioned that in July a glitch on a satellite used by most of India's satellite television stations blacked them out, forcing operators to turn to a Chinese competitor. The Indian space programme uses Siemens operating systems.During the same time Chinese hackers infiltrated computers of Tibetan government in exile.Russian cyber attack on Georgia and Slovenia etc.. Sooner or latter things will go even worse as the technology grows .Is there a way to control these things? 
Cyberwar and economy 

No comments: