In July of 2010, a new virus was discovered in Iran unlike any other the security world had ever seen. This virus, know as Stuxnet, was found on computers located within the Iranian nuclear power infrastructure. What amazed computer security experts was the sophistication and purpose of the virus. It was the first virus known to target and interfere with industrial infrastructure, specifically the nuclear plants in Iran. Symantec released a dossier detailing the methods used by the Stuxnet virus after reverse engineering the virus over a period of six months.
The initial infection of the networks inside the plant most likely was caused by an infected thumb drive as the internal network is isolated from the internet to maintain compartmentalization and prevent remote hacking attempts. From there, using a set of different vulnerabilities found on the computers in the network, it would spread searching for very specific computers, computers that had a program called Step 7. This software is used in the programming of programmable logic controllers, or PLCs, which interface between a computer and machinery. Stuxnet would remain hidden on the computer until it was connected through Step 7 to a variable-frequency drive, a machine that controls the oscillations of the centrifuges that enriched uranium. These drives need to oscillate at very specific frequencies, Stuxnet would slow and speed up these oscillations to damage or destroy the centrifuge and prevent the uranium from being enriched.
The Stuxnet virus is relatively harmless for normal computers, only seeking to infect new computers if the computer holds no relevance for its main purpose. The real threat is if Stuxnet becomes a blueprint for new generations of malware. Only time will tell if this is an anomaly in the security world or the beginning of a new era of cyber security.
Wow, this is kind of scary! Being involved in the nuclear field, it really hits close to home. In this case, the virus did not have the potential to be dangerous, but to think that computers also control the operation of the reactor with the input and removal of control rods, it is scary to think how such a virus could impact the safety of a reactor. Very interesting, and quite disturbing.
ReplyDeleteI have to agree with Aaron, thats some pretty scary stuff.
ReplyDeleteYeah, Stuxnet is a very large leap ahead of its time when it comes to malware. One security expert compared it to bringing a contemporary fighter jet to a World War I battlefield. It was certainly a wake up call to security firms in the United States to improve infrastructure security and prevent such attacks against us.
ReplyDeleteI've heard some theories stating that this was the doing of the US government. It makes sense considering how opposed the US has become to Iran sustaining nuclear energy but its just a theory and no weight to it. Although, it's scary to think that our government just made the blueprint for millions of hackers worldwide.
ReplyDeleteNate,
ReplyDeleteNobody is really sure where the attack came from. Some people also speculate that it originally came from Israel to slow down or prevent the nuclear program of Iran. The most surmised by security experts is that Stuxnet was created by a team of 5-10 people over the course of half a year, giving credence to the idea that it was state sponsored.
This is a great case and a great post (see how controversy and current events get those comments going...). I had also heard some convincing theories that Israel was the culprit, but who knows with these things?
ReplyDeleteIt worries me, of course, because it suggests that certain infrastructures (if not in the US, then in countries like Iran, or even India) are vulnerable. And in nuclear, that can be particularly troubling. Thanks for a great post.