Saturday, December 25, 2010

An interesting article about the Stuxnet worm

Articles about computer stuff generally catch my eye.  Because today is a "slow" day, I decided to troll some of the news sites and look for something that was interesting.  I ended up reading this article on Fox New's website found here.  Before I lose anyone (either because I'm reading something from Fox News or because this might end up being technical), if you have any interest in the Iranian enrichment program, you've really got to take a few minutes and read that Fox News article.  It is very interesting.

So, what is the Stuxnet worm?  You'll need to read the Wikipedia link for technical analysis.  (The Wikipedia link can be a bit technical, so be warned.)  Essentially it is a worm that installs itself into programmable logic controllers (PLC) and causes certain industrial equipment (as in nuclear enrichment centrifuges) to malfunction.  It will cause the centrifuges to speed up and then slow down, but masks these variances to the computers controlling the centrifuges.  When diagnostics are run, nothing abnormal shows up.  An added benefit is that the uranium that is being enriched ends up being less than optimal, and so it delays Iran's nuclear program.

According to descriptions in the article the worm is one sophisticated piece of code.  According to the article, the code is also very targeted so that it only attacks certain types of PLC equipment.  The people who wrote this were smart.  Very smart.  They used four Windows zero day exploits (zero day exploits are security holes in the code that no one knows about except for the hackers) on the worm.  They understood how people work.  They got the code where they wanted it and it took off like crazy.  And they were able to clean up after themselves.  The people involved here knew what they were doing.  And they appear to have been highly successful in their attack.

So, what does this mean for the Iranians and their nuclear ambitions?  Stuxnet is a delay and a learning lesson.  It is a delay because they have to clean up the virus and they have to repair their damaged centrifuges.  They also have to re-enrich the uranium that ended up not being as enriched as they wanted it to be.  This is a learning lesson because I am sure they are hardening their networking defenses so they are not susceptible to this kind of attack ever again.  If it does happen again, it means that they still have security and policy issues to deal with.  But I suspect they will be better prepared than they were previously.

To the authors of Stuxnet, all I've got to say is dang, you're good.  Keep up the good work.

1 comment:

Tom said...

One of the guys that I work with talked about a potential Chinese connection to Stuxnet. Here is the article:

http://blogs.forbes.com/firewall/2010/12/14/stuxnets-finnish-chinese-connection/

Again, I find this all interesting and scary.