3 Comments

Summary:

The Stuxnet worm, the first worm that was able to exploit a Microsoft Windows vulnerability to break into power grid control systems, is one sophisticated beast. It looks like it had over 30 people build it, according to a Symantec talk via The Atlantic’s Alexis Madrigal.

hacker

The Stuxnet worm, the first worm that was able to exploit a Microsoft Windows vulnerability to break into power grid control systems, is one sophisticated beast. It looks like it had over 30 people build it, according to a talk given by a Symantec executive at a cybersecurity conference, which The Atlantic’s Alexis Madrigal attended and wrote this piece about.

Symantec says there were traces of over 30 programmers in the Stuxnet source code (I’m not going to pretend to know how that works) and Madrigal also reports that the worm’s peer-to-peer network was encrypted to something called FIPS 140-2 standard, which I guess is quite fancy indeed.

This new information is particularly disturbing given that the frequency and sophistication of cyber attacks on the power grid are just beginning. As this was the first time the Microsoft vulnerability was exposed and used to attack SCADA systems, you can guess there will be many copycats that will follow suit.

Stuxnet was active for several days, targeted Siemens’ Windows-based SCADA systems, attacked the U.S. Iran the hardest, and was able to penetrate the systems via infected USB devices. Researchers think the motive behind the attacks was corporate espionage, and the infected systems exposed their databases, revealing potentially sensitive and usable information.

While Microsoft and Siemens (along with the various computer security vendors) released the necessary tools for energy companies to deal with the vulnerability, the fixes will likely take a while to get deployed for the power grid (if at all on a wide scale), as SCADA managers don’t generally update network software constantly like their IT counterparts are.

As the security researchers at McAfee pointed out, the worm was able to target Siemens because it had hardcoded passwords (put the passwords in the source code of the software) to connect the SCADA system to the corresponding database. Siemens said that made the system more reliable, but that’s a big no-no in the Internet security world.

The worm also shows just how un-smart power SCADA systems can be. Jonathan Pollet, founder of Red Tiger Security, told an audience at the Black Hat convention earlier this year that some energy customers had downloaded the Windows patch and the patch actually broke the SCADA systems, CNET reported. (For just how dumb the power grid is, see The Power Grid Is So Dumb That … ). Pollet also said during his talk titled “Electricity for Free? The Dirty Underbelly of SCADA and Smart Meters,” that SCADA systems are, in general, a lot less secure than IT systems, and SCADA systems are “a ticking time bomb,” in terms of security breaches.

For more research on the smart grid check out GigaOM Pro (sub req’d):

Image courtesy of Davide Restivo Flickr Creative Commons.

  1. “Stuxnet was active for several days, targeted Siemens’ Windows-based SCADA systems, attacked the U.S. the hardest…”

    Not quite.

    In fact, according to Symantec (http://en.wikipedia.org/wiki/Stuxnet#Affected_countries) the most affected countries were China, Iran, Indonesia, India and then the US.

    The Worm originally showed up in Iran where it targetted a particular nuclear facility prompting many to believe it was generated by a nation state in order to try to sabotage Iran’s nuclear program.

    Share
    1. Thanks for catching that, Tom. We’ve made the correction.

      Share
  2. There are a host of people speculating that software this sophisticated really needed the resources only a state could offer. The state mentioned most often? Israel.

    Here’s a typical piece about it.
    http://www.technewsworld.com/story/Stuxnet-Suspicions-Rise-Has-a-Cyberwar-Started-70892.html?wlc=1289069409

    Share

Comments have been disabled for this post