Hackers Unleash Worm That Damages Real World

CR4 Home | Software & Programming | Software & Programming

7 comments

Anonymous Poster	Hackers Unleash Worm That Damages Real World 10/07/2010 1:01 AM
	The Stuxnet worm is the first known malicious software designed to destroy or sabotage factories, power plants, refineries or other industrial installations. We are used to Trojans and viruses roaming the internet harming computers and causing financial damage, but Stuxnet is in a league of its own. The worm targets closed and highly secure industrial networks. After being introduced with a USB key, Stuxnet slips past four previously unknown vulnerabilities in the Windows operating system, so-called "zero day" vulnerabilities. It is rare for malicious software to exploit even two of them. Each one can take months for hackers to identify and more time to write software to exploit. The worm then hunts for specific types of computers made by German company Siemens. Having found its host, it lies dormant, waiting for a certain moment to override the computer's control of industrial machinery, with potentially disastrous consequences. This new breed of malware could wreak the kind of damage only previously seen in Hollywood disaster films. Imagine a nuclear power station's cooling system being overridden, for example. Or a railway's signals system thrown into chaos. Experts estimate developing the Stuxnet worm would have taken a highly specialised team between six months to a year. Israeli cybersecurity strategist Gadi Evron says the worm is so advanced it is almost certainly state-sponsored. "This would require a lot of resources on the level of a nation state. "Taking into account the intelligence required to attack a specific target, it would be virtually impossible that this is a lone attacker sitting at home." Less impressive, though, is the spread of the worm's infection. "The attack managed to infect, over several months, something like 30,000 to 50,000 PCs in many facilities and corporations worldwide," Uri Rivner from internet security company RSA told Sky News. Such a wide dissemination has helped expose the worm's existence and helped efforts to neutralise it. It also raises questions about the likely target for the worm. Iran says computers at its nuclear plant in Bushehr have been compromised by the worm but will not reveal the extent of the damage. Some figures suggest 60% of the Stuxnet infections are in Iran. That has led to a highly speculative finger of blame being pointed at Israel. Is the Jewish state trying to disrupt Iran's alleged nuclear weapons programme? We will probably never know. Other unknowns also remain. Has the worm already achieved its goal, or is it lying in wait to carry out its sabotage? Is Iran the intended victim, are other countries at risk? And, more worryingly, the worm is a trailblazer. Other hackers can learn from its pioneering methods to produce more sophisticated malware threatening other networks in the future.
	Reply

Interested in this topic? By joining CR4 you can "subscribe" to
this discussion and receive notification when new comments are added.

Join CR4, The Engineer's Place for News and Discussion!

Good Answers:

These comments received enough positive votes to make them "good answers".

#2 "Re: Hackers Unleash Worm That Damages Real World" by jack of all trades on 10/07/2010 3:12 PM (score 5)

kramarat Guru Join Date: Jun 2008 Location: Raleigh, NC USA Posts: 13529 Good Answers: 468	#1 Re: Hackers Unleash Worm That Damages Real World 10/07/2010 8:24 AM
	I seriously doubt that Israel would act so irresponsibly as to unleash a worm that would go planet wide. If it were only able to affect Iran, it could be a possibility. If it is state sponsored, the likely suspect would be North Korea. They are the only ones with little to lose by unleashing something like this. Another plausible explanation, is that Iran created the worm, and while testing its capabilities, inadvertently released it into their own systems. That certainly would explain why they were the first hit......Um, it seems to be working. Does anyone know how to turn it off? But, since it's doubtful that whoever created this left their finger prints on it, all we can do is speculate and try to stop it. PS The more I think about it, the more I'm leaning toward my Iran theory. Israel would make a very convenient scapegoat for such a blunder. __________________ Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. Ben Franklin
	Reply Score 1 for Off Topic

jack of all trades Guru Join Date: Sep 2006 Location: Auckland, New Zealand Posts: 8777 Good Answers: 376	#2 Re: Hackers Unleash Worm That Damages Real World 10/07/2010 3:12 PM
	And, more worryingly, the worm is a trailblazer. Other hackers can learn from its pioneering methods to produce more sophisticated malware threatening other networks in the future. Actually it isn't, it is just getting more media attention because it makes a better sensationalist story. Specific targeted software (be it hacker, criminal, military, etc) has been around and in use for many years. As this is an open forum I will not go in to further detail but remember, don't believe everything the media say (most know jack sht about anything technical and many will and do just make stuff up for a better story). Jack - Not the ghost that hides in the shadow of your partition, your drive just needs a defrag.* __________________ jack of all trades
	Reply Good Answer (Score 5)

No more Good Answers.

Andy Germany Guru Join Date: Sep 2006 Location: Near Frankfurt am Main, Germany. 50.390866N, 8.884827E Posts: 17996 Good Answers: 200	#3 Re: Hackers Unleash Worm That Damages Real World 10/08/2010 5:01 AM
	What an interesting Blog!!! Makes a refreshing change.... If the Stuxnet worm is truly an Iranian invention, they Iranians are almost in a "Win Win" situation, they can blame the Israelis!!! ....and maybe it was the Israelis....!! But it could have been any other nation worried about the proliferation of nuclear material that could be used in either a clean or dirty bomb.....Osama and his gang are still around!!! So I personally find that the originator could have been in any one of more than just several nations......and do not forget such nations as China, Russia, India and Pakistan....they all have their own reasons.....their own programs....and the knowledge!! __________________ "What others say about you reveals more about them, than it does you." Anon.
	Reply

Yuval Guru Join Date: Feb 2007 Location: Israel Posts: 2968 Good Answers: 24	#5 In reply to #3 Re: Hackers Unleash Worm That Damages Real World 10/09/2010 3:55 PM
	As we were all informed by the media, this particular malware had to be loaded via a physical drive (USB) by an authorised personnel member, and positively (authorised) executed from within the Iranian system... As should be obvious, such sites are hardwired to be isolated from the web, to avoid hacking and espionage in the first place. This means that one of the local technicians or pro-staff on-site, had to be physically present (in-person), to act as the "button-pusher", and this person (or persons) could be any one of a large number of individuals, part of an international army of hired professionals, active on the Iranian site. To my personal opinion, this is more an Iranian 'security-breach' than an international software-conspiracy. The technical means to 'cook' such malware, is far less complicated, than the ability to infiltrate Iranian highly-secured site such as the one effected.
	Reply

ky Guru Join Date: Jun 2006 Location: Magnetic Island, Queensland, Australia Posts: 3721 Good Answers: 74	#4 Re: Hackers Unleash Worm That Damages Real World 10/08/2010 5:24 AM
	Politicians Receive Overrated Plans Advising Generals Achieve Nuclear Demolition Anonymously __________________ The Twain Has Met
	Reply

kwcharlie Power-User Join Date: Jan 2010 Location: Houston off/on-shore @ Oil Patch Posts: 223 Good Answers: 2	#6 Re: Hackers Unleash Worm That Damages Real World 10/11/2010 3:47 PM
	From Langner (http://www.langner.com/en/index.htm) today in response to the Stuxnet dossier from Siemens: Clear and present danger: Open letter to Symantec Dear Liam O'Murchu, I have now managed to read your Stuxnet dossier. It's a solid piece of good technical analysis -- except for the summary where you draw dangerously misleading conclusions. 1. You fail to understand that contemporary S7 installations are network connected. The picture of your improvised test equipment tells me that a salesperson was smart enough to sell you an old-style USB-to-MPI adapter, thereby blinding you on the wire. One reason why we were so much quicker in our analysis than you was the simple fact that we could relate debugger breakpoints to decoded wire traffic. Every hacker can -- and will -- do just that if he wants to figure out how Stuxnet injects code. 2. You fail to understand that the protocol manipulations required for code injection are technically not difficult and cannot be 'patched', since they are protocol-conformant. You also seem not to be aware of the fact that anybody who intends to duplicate this part of Stuxnet will find handy tools for free on the Internet. 3. You fail to understand that with the tools mentioned, it is possible to create an attack tool that completely bypasses the vendor's software and directly attacks PLCs on the network. You fail to understand that in modern installations in the private sector, up to several thousand PLCs per installation are connected to flat networks. 4. You fail to understand that with the basic attack technology copied from Stuxnet, it is even possible to write malicious code that uses PLCs as a launch pad for carried-forward attacks against peer PLCs. You fail to understand that attempts to recover from such attacks require all process network stations to be shut down simultaneously. 5. You fail to understand that potential usage of the attack technology contained in Stuxnet is not limited to APT-style directed attacks with insider knowledge, but can also be used for non-directed attacks in hit-and-run scenarios where the emphasis is on brute-force process disruption, requiring zero insider knowledge. 6. You fail to understand that the hacker underground has been studying control systems for years without any success. You fail to understand that this community will eagerly dismantle Stuxnet as a blueprint for how to cyber-attack installations from the cookie plant next door to power plants. 7. You fail to understand that in typical installations, computer systems with access to above mentioned process networks, either fixed or temporary, cannot be equipped with antivirus software large-scale in short term. 8. You fail to understand that the threat posed by post-Stuxnet malware affects not only power plants, but also other critical infrastructure sectors, military installations, and the private sector across different industries. You fail to understand that with your outlook, you promote the dangerously misleading expectation of complacent asset owners that something like Stuxnet can't happen to them if they are not high-value military targets. Regards Ralph Langner Langner Communications GmbH Fossredder 12, D-22359 Hamburg, Germany http://www.langner.com/en ~~~ 1988-2008: 20 Years Langner Communications ~~~ __________________ Why do they make manhole covers round? so they won't fall in [before asking "Who is John Galt?"]
	Reply

Anonymous Poster	#7 Re: Hackers Unleash Worm That Damages Real World 10/12/2010 11:27 AM
	I'm not sure why most of us who use computers have not endeavored to all become experts to the point of being proficient hackers. It would be like the laws in states where you can carry weapons. Then we could each decide who had committed the latest cybercrime. And just like the Clint Eastwood characters (the man with no name) we could exact revenge!! No?
	Reply

Good Answers:

These comments received enough positive votes to make them "good answers".

#2 "Re: Hackers Unleash Worm That Damages Real World" by jack of all trades on 10/07/2010 3:12 PM (score 5)

Copy to Clipboard

Users who posted comments:

Andy Germany (1); Anonymous Poster (1); jack of all trades (1); kramarat (1); kwcharlie (1); ky (1); Yuval (1)

You might be interested in: Nuclear Services, Worms and Worm Gears, Metric Gears

	Got Something to Say?
	Ask a Question Start a Discussion

	Search this Forum
	Software & Programming: Go

CR4 Sections

	Aerospace
	BioMech & BioMed
	Chemical & Material Science
	Civil Engineering
	Communications & Electronics
	Education and Engineering Careers
	Electrical Engineering
	General Discussion
	Instrumentation
	Manufacturing
	Mechanical Engineering
	New Technologies & Research
	Software & Programming
	Sustainable Engineering
	Transportation

	Site Directories
	Forum Directory Blog Directory User Group Directory RSS Feeds CR4 Rules of Conduct CR4 FAQ Site Glossary Who's Online (77 right now) Show Members

Comments Format:

Subscribe to Discussion:

Rating Vote:

Hackers Unleash Worm That Damages Real World

Good Answers:

Re: Hackers Unleash Worm That Damages Real World

Re: Hackers Unleash Worm That Damages Real World

Re: Hackers Unleash Worm That Damages Real World

Re: Hackers Unleash Worm That Damages Real World

Re: Hackers Unleash Worm That Damages Real World

Re: Hackers Unleash Worm That Damages Real World

Re: Hackers Unleash Worm That Damages Real World

Good Answers:

Users who posted comments:

Got Something to Say?

Search this Forum

CR4 Sections

Site Directories