Stuxnet gives hackers a blueprint for sophisticated new malware
Posted 02.04.2011 at 10:56 am
3 Comments
Epic Fail
Malicious programs could blow up factories and sabotage power grids
Jamie Sneddon
Computers already do so much of our work that it seems natural to let them take care of our sabotage, too. This might have been the line of thinking that led to Stuxnet, the first known malware worm designed to disrupt industrial processes.
Stuxnet began spreading in early 2009. It’s unclear who wrote the worm, or why, but a consensus is gathering that a government (probably Israel’s) created the worm to sabotage the Iranian nuclear program. Stuxnet seeks out and silently hijacks factory control software written by Siemens. Once it infects the computers running that software, it can command uranium-enriching centrifuges to spin out of control, thereby destroying them.
Computers such as these are kept disconnected from the Internet, so getting Stuxnet to its target probably required someone to load the worm onto a USB stick used by a plant employee or contractor. Once that person plugged his USB stick in at work, Stuxnet probably began crawling through the plant’s local-area network, searching for the right computer to hijack. Exactly how much damage it did, we don’t know, but the Iranian nuclear program did appear to slow, and last November Iranian president Mahmoud Ahmadinejad confirmed that a malicious computer program caused “problems” with centrifuges.
But somehow Stuxnet also made it to the Internet, and by last fall, the worm had infected hundreds of thousands of computers in at least 155 countries. Siemens says that to date, only 15 industrial facilities worldwide have been infected. So far, nothing has happened that we know of, but the potential for mischief is still high.
The operating system that Stuxnet is designed to hijack controls pipelines, conveyor belts, boilers, alarm systems and access controls, among other things, and experts warn that it and similar worms could, in theory, blow up factory boilers, destroy gas pipelines, sabotage power plants, and disrupt power grids. Now that Stuxnet has given hackers a sophisticated blueprint for creating such worms, many cybersecurity wonks are thoroughly freaked out.
How We Can Do Better
Cybersecurity consultant Stephen Spoonamore says that we should immediately redesign all critical infrastructure to “fail open,” meaning that in the event of a cyber attack, the system will default to a basic operating mode and keep running.
Also, What Could Possibly Go Wrong with
3 Comments
To comment, please Login.
Popular Tags
Science
|
|
|
|
|
|
June 2013: American Energy Independence
Five amazing, clean technologies that will set us free, in this month's energy-focused issue. Also: how to build a better bomb detector, the robotic toys that are raising your children, a human catapult, the world's smallest arcade, and much more.
Popular on Popsci
Most Commented
Science
- Scientists Create First Cloned Human Embryo
- State Drops Charges Against High School Student Arrested For Science Experiment
- Dear Schools: Stop Treating Science-Curious Kids Like Criminals
- Mexican Cartels Control Pot Farms As Far North As Washington State
- Buzz Aldrin Wants To Send People On A One-Way Trip To Mars
- Giving White People The Illusion Of Darker Skin Makes Them Less Racist
- Space Tourism's Black Carbon Problem
- What Modern Humans Can Learn From The Neanderthals' Extinction
- Untouched For The Last Billion Years, Water In Canadian Mine Holds Ingredients For Life
- How Do You Make A Painkiller Addiction-Proof?
Most Emailed
Science
- The Week In Numbers: Fire In Space, The First Cloned Human Embryo, And More
- 8 Of The Year's Most Oddly Gorgeous Science Images
- 8 Of The Year's Most Oddly Gorgeous Science Images
- A Zombie Worm And Other Amazing Images From This Week
- A Zombie Worm And Other Amazing Images From This Week
- Cambrian Fossil With Scissor-Like Claws Is Named For Johnny Depp
- First American Mission To Sample An Asteroid Gets Green Light
- High School Students Devise More Accurate Climate Modeling Method
- Wanna Know How You're Going To Survive The Apocalypse?
- This Bacterium Can Do Division, Compute Logarithms And Take Square Roots
Most Viewed
Science
- The Week In Numbers: Fire In Space, The First Cloned Human Embryo, And More
- 8 Of The Year's Most Oddly Gorgeous Science Images
- 8 Of The Year's Most Oddly Gorgeous Science Images
- A Zombie Worm And Other Amazing Images From This Week
- A Zombie Worm And Other Amazing Images From This Week
- Cambrian Fossil With Scissor-Like Claws Is Named For Johnny Depp
- First American Mission To Sample An Asteroid Gets Green Light
- High School Students Devise More Accurate Climate Modeling Method
- Wanna Know How You're Going To Survive The Apocalypse?
- This Bacterium Can Do Division, Compute Logarithms And Take Square Roots
Online Content Director: Suzanne LaBarre | Email
Senior Editor: Paul Adams | Email
Associate Editor: Dan Nosowitz | Email
Assistant Editor: Colin Lecher | Email
Assistant Editor: Rose Pastore | Email
Contributing Writers:
Rebecca Boyle | Email
Kelsey D. Atherton | Email
Francie Diep | Email
Shaunacy Ferro | Email
Today on PopSci.com
Copyright © 2012 Popular Science
A Bonnier Corporation Company. All rights reserved. Reproduction in whole or in part without permission is prohibited.
The end of all that cyber warfare is of course skynet and bye bye us!
I think googlenet is going to self relize in 2023
why werent these things designed fail oppen in the first place? and how does someone know if the virus is taking over? and if they figure it out do they have to push a botton or something or what? I know this is old news but these are my questions take them as they are.
I'm sure that the companies supplying process control software are working feverishly on this issue. Physical security in various plants (e.g. restricting USB access ) has probably neen increased as well.
Will it be enough? Only time will tell, but the internet has so far survived some periods of mass attack fairly well -- and it's by nature a lot less secure.
I've seen this Israeli reference before. Does anyone actually have even a shred of evidence? If not, it's an awfully vicious statement to make. ( I have NO connection to Israel).
As for Mr. Spoonamore, nice generic thought.