By James Blitz, Joseph Menn and Daniel Dombey
October 1 2010 20:28
Sitting in his office in Hamburg, Ralph Langner, a German information technology specialist, recalls the moment when he came across the Stuxnet computer worm. “I have to tell you, my jaw dropped,” he says. “I have been in the computer consultancy business for 20 years. I have always warned clients that something like this might appear. But I did not expect that I would end up seeing something so sophisticated, so aggressive, so dangerous.”
Stuxnet is a malicious software code that was first noticed around the world four months ago. Today, it is causing alarm not just to IT experts such as Mr Langner but also to security strategists and governments. Among them is the Iranian regime, whose nuclear programme – seen as one of the most serious threats to global security – may have been severely hit.
For years, governments have been aware of the threat from cybercrime and cyberwarfare. The Pentagon has gone public on how hackers regularly break into its systems and try to steal secrets. Governments have seen, too, how one actor – almost certainly Russia – carried out large-scale cyberattacks on Estonia and Georgia in 2007 and 2008 respectively, severely disabling their communication networks for brief periods.
But the emergence of Stuxnet (its name is derived from keywords buried in the code) takes worries about cyberwarfare to a different plane. For the first time, an as yet unknown group has developed and deployed software that can spread on its own and enter computer systems linked to a real world target – a factory, a refinery, a nuclear power plant. It is designed to take control of, then attack, the facility in question. “It is absolutely directed to destroy something or to blow something up. It is, in effect, a cybermissile,” says Mr Langner, one of the first people to reveal the worm’s full potential as a weapon.
Stuxnet was discovered by a security company in Belarus, since when experts have tracked it closely. In August, Microsoft stated that more than 45,000 computers worldwide had been affected. Analysts then established that it was targeted specifically on an obscure type of industrial control computer made by the German company Siemens, and used to manage oil pipelines, power grids and nuclear plants across the world.
During the past 10 days, however, the target and motive have become clearer. Symantec, a US technology company, has reported that 60 per cent of computers penetrated are in Iran. Last weekend, Tehran conceded that the worm has infected Siemens systems at its civilian light-water nuclear reactor at Bushehr, which it hopes will shortly be fully operational.
Iran’s admission intensifies speculation about who created Stuxnet and why. Its sophistication and detail – and the fact that it has been configured to attack very few types of industrial plant – leads experts to believe only a government could have deployed it. Some point the finger at Israel, which has poured huge resources into Unit 8200, its secret cyberwarfare operation. Israel believes Iran’s nuclear programme is aimed at building a bomb and is therefore an existential threat. The discovery deep inside the worm of the word “Myrtus” – a name used for Queen Esther, one of the leading figures of biblical Jewish history – is seen by some as a possible clue to its origins.
But two other nations – the US and Britain – have serious worries about Iran. They too have bodies – Washington’s Department of Defense and National Security Agency and Britain’s GCHQ – that have established elaborate cyberoffensive operations. Some wonder whether they could be the source too.
Intelligence experts have also been trying to fathom what the impact of the Stuxnet operation has been. Iran insisted this week that no “major systems” at Bushehr have been damaged, though there is no independent verification of this. Meanwhile, as Hamid Alipour of the Iranian government’s Information Technology Company said this week: “The attack is still ongoing and new versions ... are spreading.”
Others are trying to work out why Israel or any other state would target Bushehr. “Anyone attacking a nuclear reactor in this way is being irresponsible because you could cause immense environmental damage,” says Mark Fitzpatrick of the International Institute for Strategic studies. “Besides, Iran’s civil nuclear power plant at Bushehr is not the west’s concern.” The more interesting question, he says, is whether Stuxnet has penetrated Natanz, the uranium enrichment plant at the heart of fears that Tehran is moving closer to building a nuclear weapon. “If that were the case, it could be very significant.”
Stuxnet is prompting wider questions, however. The big concern is whether its emergence heralds a dangerous era of cyberwarfare, one in which states and even terrorists could deploy malicious codes with the aim of sowing mass destruction. “What we have here is no longer a movie-plot scenario but a real attempt to sabotage industrial control systems,” says Eric Chien, an expert on the worm at Symantec. “It may cause a lot of other people to realise they could potentially deploy it.” Rick Caccia of ArcSight, a cybersecurity consultancy, agrees: “We are going to see more attacks on infrastructure where major damage is done. It is an area to be very concerned about.”...
Stuxnet is a malicious software code that was first noticed around the world four months ago. Today, it is causing alarm not just to IT experts such as Mr Langner but also to security strategists and governments. Among them is the Iranian regime, whose nuclear programme – seen as one of the most serious threats to global security – may have been severely hit.
For years, governments have been aware of the threat from cybercrime and cyberwarfare. The Pentagon has gone public on how hackers regularly break into its systems and try to steal secrets. Governments have seen, too, how one actor – almost certainly Russia – carried out large-scale cyberattacks on Estonia and Georgia in 2007 and 2008 respectively, severely disabling their communication networks for brief periods.
But the emergence of Stuxnet (its name is derived from keywords buried in the code) takes worries about cyberwarfare to a different plane. For the first time, an as yet unknown group has developed and deployed software that can spread on its own and enter computer systems linked to a real world target – a factory, a refinery, a nuclear power plant. It is designed to take control of, then attack, the facility in question. “It is absolutely directed to destroy something or to blow something up. It is, in effect, a cybermissile,” says Mr Langner, one of the first people to reveal the worm’s full potential as a weapon.
Stuxnet was discovered by a security company in Belarus, since when experts have tracked it closely. In August, Microsoft stated that more than 45,000 computers worldwide had been affected. Analysts then established that it was targeted specifically on an obscure type of industrial control computer made by the German company Siemens, and used to manage oil pipelines, power grids and nuclear plants across the world.
During the past 10 days, however, the target and motive have become clearer. Symantec, a US technology company, has reported that 60 per cent of computers penetrated are in Iran. Last weekend, Tehran conceded that the worm has infected Siemens systems at its civilian light-water nuclear reactor at Bushehr, which it hopes will shortly be fully operational.
Iran’s admission intensifies speculation about who created Stuxnet and why. Its sophistication and detail – and the fact that it has been configured to attack very few types of industrial plant – leads experts to believe only a government could have deployed it. Some point the finger at Israel, which has poured huge resources into Unit 8200, its secret cyberwarfare operation. Israel believes Iran’s nuclear programme is aimed at building a bomb and is therefore an existential threat. The discovery deep inside the worm of the word “Myrtus” – a name used for Queen Esther, one of the leading figures of biblical Jewish history – is seen by some as a possible clue to its origins.
But two other nations – the US and Britain – have serious worries about Iran. They too have bodies – Washington’s Department of Defense and National Security Agency and Britain’s GCHQ – that have established elaborate cyberoffensive operations. Some wonder whether they could be the source too.
Intelligence experts have also been trying to fathom what the impact of the Stuxnet operation has been. Iran insisted this week that no “major systems” at Bushehr have been damaged, though there is no independent verification of this. Meanwhile, as Hamid Alipour of the Iranian government’s Information Technology Company said this week: “The attack is still ongoing and new versions ... are spreading.”
Others are trying to work out why Israel or any other state would target Bushehr. “Anyone attacking a nuclear reactor in this way is being irresponsible because you could cause immense environmental damage,” says Mark Fitzpatrick of the International Institute for Strategic studies. “Besides, Iran’s civil nuclear power plant at Bushehr is not the west’s concern.” The more interesting question, he says, is whether Stuxnet has penetrated Natanz, the uranium enrichment plant at the heart of fears that Tehran is moving closer to building a nuclear weapon. “If that were the case, it could be very significant.”
Stuxnet is prompting wider questions, however. The big concern is whether its emergence heralds a dangerous era of cyberwarfare, one in which states and even terrorists could deploy malicious codes with the aim of sowing mass destruction. “What we have here is no longer a movie-plot scenario but a real attempt to sabotage industrial control systems,” says Eric Chien, an expert on the worm at Symantec. “It may cause a lot of other people to realise they could potentially deploy it.” Rick Caccia of ArcSight, a cybersecurity consultancy, agrees: “We are going to see more attacks on infrastructure where major damage is done. It is an area to be very concerned about.”...
No comments:
Post a Comment