Thursday, September 23, 2010

Dark Avenger Redux: Stuxnet and the next generation of virtual warfare

Have you ever heard of Stuxnet?  If not, you will soon.  It may be the most destructive piece of code to be released into the wild since the days of the Dark Avenger virus.

When I was running a FidoNet Bulletin Board System (BBS) in 1990, nothing struck dread in the heart of a BBS surfer more than seeing the following string of text, written randomly in sectors on his hard drive:

""Eddie lives... somewhere in time!"

Dark Avenger, nee Vesselin Bontchev (or, Todor Todorov?), is/was a computer programmer from Sofia, Bulgaria who authored the DOS program that bore his name.  The Dark Avenger virus was the seminal code that set off the whole war between virtual warhead and digital armor.  It’s infectiousness and its stealth mode of operation made it difficult to control, detect and destroy. During the debate surrounding researcher Sarah Gordon’s research on the Dark Avenger, there was considerable—and informed—speculation that the virus was developed by a team behind the Iron Curtain.

It’s 2010. Enter Stuxnet. 

Stuxnet is the world’s first virtual super weapon that was intentionally designed to take down a real-world target.  It could be a manufacturing facility, a chemical plant or… a nuclear power plant?


A gradual dawning of Stuxnet's purpose

Stuxnet surfaced in June and, by July, was identified as a hypersophisticated piece of malware probably created by a team working for a nation state, say cyber security experts. Its name is derived from some of the filenames in the malware. It is the first malware known to target and infiltrate industrial supervisory control and data acquisition (SCADA) software used to run chemical plants and factories as well as electric power plants and transmission systems worldwide. That much the experts discovered right away.

But what was the motive of the people who created it? Was Stuxnet intended to steal industrial secrets – pressure, temperature, valve, or other settings –and communicate that proprietary data over the Internet to cyber thieves?

By August, researchers had found something more disturbing: Stuxnet appeared to be able to take control of the automated factory control systems it had infected – and do whatever it was programmed to do with them. That was mischievous and dangerous.

But it gets worse. Since reverse engineering chunks of Stuxnet's massive code, senior US cyber security experts confirm what Mr. Langner, the German researcher, told the Monitor: Stuxnet is essentially a precision, military-grade cyber missile deployed early last year to seek out and destroy one real-world target of high importance – a target still unknown.

"Stuxnet is a 100-percent-directed cyber attack aimed at destroying an industrial process in the physical world," says Langner, who last week became the first to publicly detail Stuxnet's destructive purpose and its authors' malicious intent. "This is not about espionage, as some have said. This is a 100 percent sabotage attack."


SCADA systems automate the controls of everything from a neighborhood package water plant to a massive steel manufacturing facility; from a candy factory to some of the world’s most sophisticated energy facilities:  Nuclear reactors.

As mentioned above, there was a lot of speculation that Dark Avenger and the variants that followed it were coded by Iron Curtain development teams, with the intention of releasing them into the wild and eventually, getting them to find their way across the pond into the nascent virtual networks (like FidoNet) and government networks, like ARPANet (that would be the Internet that Al Gore invented).

So where did Stuxnet come from?  Good question.  The experts say that the elegance of the code, the depth of the encryption and the specific nature of the program’s intended target indicate that it is the product of a program that could only be funded at the state level. 

Just like the same experts were saying about the Dark Avenger.

The real $64 trillion question is: “What facility was Stuxnet designed to destroy?”

0 comments :