Saturday, September 25, 2010
Cyber warfare now has its equivalent of the atomic bomb. It’s called Stuxnet.
“Let me tell you something that we Israelis have against Moses. He took us 40 years through the desert in order to bring us to the one spot in the Middle East that has no oil!”Golda Meir
"... Speculation is Stuxnet was developed in a certain Middle Eastern country that has no oil, but lots of nasty neighbors, and was developed with a certain centrifuge facility in Iran in mind."
See full article:
Cyber security experts say they have identified the world's first known cyber super weapon designed specifically to destroy a real-world target – a factory, a refinery, or just maybe a nuclear power plant.
The cyber worm, called Stuxnet, has been the object of intense study since its detection in June. As more has become known about it, alarm about its capabilities and purpose have grown. Some top cyber security experts now say Stuxnet's arrival heralds something blindingly new: a cyber weapon created to cross from the digital realm to the physical world – to destroy something.
The appearance of Stuxnet created a ripple of amazement among computer security experts. Too large, too encrypted, too complex to be immediately understood, it employed amazing new tricks, like taking control of a computer system without the user taking any action or clicking any button other than inserting an infected memory stick. Experts say it took a massive expenditure of time, money, and software engineering talent to identify and exploit such vulnerabilities in industrial control software systems.
Unlike most malware, Stuxnet is not intended to help someone make money or steal proprietary data. Industrial control systems\l "" experts now have concluded, after nearly four months spent reverse engineering Stuxnet, that the world faces a new breed of malware that could become a template for attackers wishing to launch digital strikes at physical targets worldwide. Internet link not required.
Speculation is Stuxnet was developed in a certain Middle Eastern country that has no oil, but lots of nasty neighbors, and was developed with a certain centrifuge facility in Iran in mind.
So for the short term, Stuxnet is good news. But as with nukes, the bad guys can develop malware too.
Michael Assante, former security chief for this country's grid-minding organization, the North American Electric Reliability Corp, sounded genuinely rattled in his remarks to The Christian Science Monitor.
"What we're seeing with Stuxnet is the first view of something new that doesn't need outside guidance by a human - but can still take control of your infrastructure. This is the first direct example of weaponized software, highly customized and designed to find a particular target," he said. "The implications of Stuxnet are very large, a lot larger than some thought at first... It's the type of threat we've been worried about for a long time."
Posted by Sam Sewell at 1:34 PM