Thursday, September 23, 2010

The Stuxnet Shock

Are we seeing the first real use of malware as a weapon in the physical world? And is it being used against Iran's Bushehr nuclear power plant?


From the Christian Science Monitor:

So far, Stuxnet has infected at least 45,000 industrial control systems around the world, without blowing them up – although some victims in North America have experienced some serious computer problems, Eric Byres, a Canadian expert, told the Monitor. Most of the victim computers, however, are in Iran, Pakistan, India, and Indonesia. Some systems have been hit in Germany, Canada, and the US, too. Once a system is infected, Stuxnet simply sits and waits – checking every five seconds to see if its exact parameters are met on the system. When they are, Stuxnet is programmed to activate a sequence that will cause the industrial process to self-destruct, Langner says.

Langner's analysis also shows, step by step, what happens after Stuxnet finds its target. Once Stuxnet identifies the critical function running on a programmable logic controller, or PLC, made by Siemens, the giant industrial controls company, the malware takes control. One of the last codes Stuxnet sends is an enigmatic “DEADF007.” Then the fireworks begin, although the precise function being overridden is not known, Langner says. It may be that the maximum safety setting for RPMs on a turbine is overridden, or that lubrication is shut off, or some other vital function shut down. Whatever it is, Stuxnet overrides it, Langner’s analysis shows.

"After the original code [on the PLC] is no longer executed, we can expect that something will blow up soon," Langner writes in his analysis. "Something big."

Hat-Tip: Andrew Sullivan

No comments:

Chris expresses his own views on this weblog.


I write this blog in a private capacity , but just in case I mention any elections here is a Legal Statement for the purposes of complying with electoral law: This website is published and promoted by Ron Oatham, 8 Brixham Close , Rayleigh Essex on behalf of Liberal Democrat Candidates all at 8 Brixham Close.