Cyber Warfare’s Pandora’s Box

Pages: 1 2

When the Stuxnet super-virus was first identified in June by a Belarus security firm, cyber-security experts across the globe worried that the infection could have a global effect. But, as software engineers continue to study lines of code in the sophisticated malware, it’s become clear to most that Stuxnet was designed as a precision weapon with a single target in mind: Iran’s nuclear program. Yet, while the virus seems to have been successful in disrupting Iran’s nuclear ambitions for the time being, Stuxnet also represents a new kind of computer virus, one that some experts fear will be used to attack power plants and industrial facilities throughout the world. If terrorists were to get their hands on Stuxnet-like technology before the West develops effective countermeasures, the results could be catastrophic.

Computer security expert Ralph Langner described Stuxnet as being akin to “the arrival of an F-35 into a World War I battlefield.” Unlike most viruses, Stuxnet was not designed to infiltrate a network solely through the internet. The computers used in Iran’s nuclear program are not connected to the internet, so that would have been a futile exercise. Instead, Stuxnet hopped from computer to computer by any means possible, always looking for its target. Experts suspect that an unsuspecting individual involved with Iran’s nuclear program eventually introduced the virus via an ordinary flash drive. Once Stuxnet found that it was where it was supposed to be, the virus went to work.

A typical virus targets a computer, almost always a PC. Stuxnet went after the Programmable Logic Controller (PLC) that controlled the thousands of centrifuges Iran installed to enrich uranium at its Natanz facility. The virus not only fooled the PLC into rapidly changing the speed of the centrifuges, it also prevented the PLC from reporting the change in speeds and it stopped the PLC from triggering any alarms. Operators were surely puzzled, for their control panels told them everything was running normally, but centrifuge after centrifuge was being wrecked by the severe changes in rotation speed. The result, many experts believe, is that thousands of the centrifuges were damaged over the course of the year that Stuxnet did its dirty work, undetected by anyone in Iran. These were high quality targets, for Iran needs centrifuges to refine the low grade uranium used for fuel into the high concentration, weapons-grade uranium.

Who did it? Most experts believe that something as sophisticated and complicated as Stuxnet could only be built using the resources of a rich nation-state. Israel and the United States are obvious candidates, but some believe that Russia and Germany may have participated in the project as well. Since the systems targeted were built by Siemens, a German firm, it seems likely that the company, the German government – or both – at least cooperated with the effort. If the reports of damage to Natanz are correct (Iran denies such reports of course) then the world owes whomever made the stealthy cyber-attack a debt of gratitude. Yet, there is another side to the coin. Now that the code is publicly available, it’s only a matter of time before a hacker with less noble ends in mind modifies Stuxnet for more nefarious purposes.

Pages: 1 2

  • scum

    But was the cyber attack legal? No mention of that…

    • ajnn

      A cyber attack includes no injury to human beings. No civilian deaths, no deaths of any kind.

      And this is about a war that Iran has declared against the US, Israel, and all of Westen Europe. This is absolutely a legal weapon for a war. How could it not be?

      Congratulations to the people who punched a big hole in Iran's nuclear program without any deaths or bombs. Human life is valuable.

  • Lady_Dr

    DUH! What has legal to do with anything – we are talking about international criminals here, rogue governments, etc.

    And just why do you call yourself Scum?

  • RiverFred

    Iran may be planning an EMP attack on the U.S. according to an article I read an EMP attack will cause planes to fall to the earth, render our military helpless, people will starve to death, etc.. Obama's wait, see and hope policy must end, its time for action to stop Iran's nuclear goals.

  • Piera Prister

    Stuxnet is doing what president Obama didn't but should . Stuxnet is a marvel, it represents the power of the XXI century intelligence over the Iranian regime's brutality. Last year, in summer Stuxnet disarmed hundreds of uranium enrichment centrifuges that were replaced. Last week Stuxnet did it again. The bottom of line is that Stuxnet has declared a cyberwar against Ahmadinejad. Right now we don't have a hero like Ilan Ramon who dared to bomb the Saddam Hussein's nuclear sites, and president Obama is turning a blind eye on it, but we have Stuxnet..

  • Bert

    It is easy to make statements such as this one by ajnn. However, there are persuasive arguments that warn an EMP attack is very possible. I say better to be prepared than sorry.

  • DagW

    I think we can all relax over any possible computer virus attack on the Modern world, that being so due to Obama hiring a large number of currently unemployed security guards to scan and grope all the secretaries entering places of business that rely in any meaningful way on computer use. I see this as a win-win situation. Unemployed guys will get paid to have fun, and the world will be saved at the same time. Further proof of Obama's genius is not required. He will certainly be re-elected for this move, as it were, alone.

  • LibertyLover

    You are definetly incorrect about the EMP technology. It is 1950's technology first noted by the US during atmospheric testing in the South Pacific. A nuclear detonation in the high atmosphere would result in what is known as the Compton Effect, the motive force behind an EMP attack.

  • groovimus

    The article says " Now that the code is publicly available, it’s only a matter of time before a hacker with less noble ends in mind modifies Stuxnet for more nefarious purposes."

    The author does not mention whether "code" in this context is source code, which would be a serious situation as implied here. But I very seriously doubt the source code is out there, it is likely top secret. So the bad dudes would have only the object code to deal with, and essentially impossible to reverse engineer for any small group or country, even Iran.