[Itpolicy-np] Stuxnet malware is 'weapon' out to destroy ... Iran's Bushehr nuclear plant?

Wed Sep 22 18:46:19 GMT 2010

(Source: http://www.csmonitor.com/USA/2010/0921/Stuxnet-malware-is-weapon-out-to-destroy-Iran-s-Bushehr-nuclear-plant)

Cyber security experts say they have identified the world's first
known cyber super weapon designed specifically to destroy a real-world
target – a factory, a refinery, or just maybe a nuclear power plant.

The cyber worm, called Stuxnet, has been the object of intense study
since its detection in June. As more has become known about it, alarm
about its capabilities and purpose have grown. Some top cyber security
experts now say Stuxnet's arrival heralds something blindingly new: a
cyber weapon created to cross from the digital realm to the physical
world – to destroy something.

At least one expert who has extensively studied the malicious
software, or malware, suggests Stuxnet may have already attacked its
target – and that it may have been Iran's Bushehr nuclear power plant,
which much of the world condemns as a nuclear weapons threat.

The appearance of Stuxnet created a ripple of amazement among computer
security experts. Too large, too encrypted, too complex to be
immediately understood, it employed amazing new tricks, like taking
control of a computer system without the user taking any action or
clicking any button other than inserting an infected memory stick.
Experts say it took a massive expenditure of time, money, and software
engineering talent to identify and exploit such vulnerabilities in
industrial control software systems.

Unlike most malware, Stuxnet is not intended to help someone make
money or steal proprietary data. Industrial control systems experts
now have concluded, after nearly four months spent reverse engineering
Stuxnet, that the world faces a new breed of malware that could become
a template for attackers wishing to launch digital strikes at physical
targets worldwide. Internet link not required.
...

The Stuxnet malware has infiltrated industrial computer systems
worldwide. Now, cyber security sleuths say it's a search-and-destroy
weapon meant to hit a single target. One expert suggests it may be
after Iran's Bushehr nuclear power plant.
...

"Stuxnet is a 100-percent-directed cyber attack aimed at destroying an
industrial process in the physical world," says Langner, who last week
became the first to publicly detail Stuxnet's destructive purpose and
its authors' malicious intent. "This is not about espionage, as some
have said. This is a 100 percent sabotage attack."
...
So far, Stuxnet has infected at least 45,000 industrial control
systems around the world, without blowing them up – although some
victims in North America have experienced some serious computer
problems, Eric Byres, a Canadian expert, told the Monitor. Most of the
victim computers, however, are in Iran, Pakistan, India, and
Indonesia. Some systems have been hit in Germany, Canada, and the US,
too. Once a system is infected, Stuxnet simply sits and waits –
checking every five seconds to see if its exact parameters are met on
the system. When they are, Stuxnet is programmed to activate a
sequence that will cause the industrial process to self-destruct,
Langner says.
...
Langner's analysis also shows, step by step, what happens after
Stuxnet finds its target. Once Stuxnet identifies the critical
function running on a programmable logic controller, or PLC, made by
Siemens, the giant industrial controls company, the malware takes
control. One of the last codes Stuxnet sends is an enigmatic
“DEADF007.” Then the fireworks begin, although the precise function
being overridden is not known, Langner says. It may be that the
maximum safety setting for RPMs on a turbine is overridden, or that
lubrication is shut off, or some other vital function shut down.
Whatever it is, Stuxnet overrides it, Langner’s analysis shows.
...