Cyberwar!

Maybe Israel doesn’t need to bomb anything:

Computerworld – Officials in Iran have confirmed that the Stuxnet worm infected at least 30,000 Windows PCs in the country, multiple Iranian news services reported on Saturday.

Experts from Iran’s Atomic Energy Organization also reportedly met this week to discuss how to remove the malware.

Stuxnet, considered by many security researchers to be the most sophisticated malware ever, was first spotted in mid-June by VirusBlokAda, a little-known security firm based in Belarus. A month later Microsoft acknowledged that the worm targeted Windows PCs that managed large-scale industrial-control systems in manufacturing and utility companies.

Those control systems, called SCADA, for “supervisory control and data acquisition,” operate everything from power plants and factory machinery to oil pipelines and military installations.

According to researchers with U.S.-based antivirus vendor Symantec, Iran was hardest hit by Stuxnet. Nearly 60% of all infected PCs in the earliest-known infection were located in that country.

Since then, experts have amassed evidence that Stuxnet has been attacking SCADA systems since at least January 2010. Meanwhile, others have speculated that Stuxnet was created by a state-sponsored team of programmers, and designed to cripple Iran’s Bushehr nuclear reactor.

No need to stop with nuclear installations. It might be an exaggeration to say that a cyber-attack could  propel a country back into the stone age, but it could give it a good start. Almost all modern industrial systems use programmable logic controllers (PLCs), minicomputers which collect input from data collection devices and operate the relays, solenoids, valves, etc. which control the system.

These PLCs are often connected to PCs running common operating systems like Windows and forms of Unix, which provide the user-interface and programming capability.  The Stuxnet worm not only compromises the PC, but inserts its own code into the PLC itself. Then it renders this added code undetectable by normal procedures.

Can you imagine turbines spinning out of control and flying apart? Pipelines exploding from excess pressure? Nationwide electrical blackouts? Dams overflowing? Satellites commanded to change their orbits? Even military missiles launching themselves or self-destructing in their silos? All this and more is possible.

In fact, it has already happened:

It was a Trojan program inserted into SCADA system software that caused a massive natural gas explosion along the Trans-Siberian pipeline in 1982. A newspaper reported the resulting fireball yielded “the most monumental non-nuclear explosion and fire ever seen from space.” …

The 3-kiloton Trans-Siberian natural gas pipeline explosion … occurred during the Reagan administration. The event was initially acknowledged by a Russian general, and then subsequently denied by the Russian press, and kept secret within the CIA until 2004, when details were released upon publication of the Cold War memoirs of a retired insider. The events and methodology were explained and later presented in security testimony before the U.S. House of Representatives. — Pipeline and Gas Journal

The difference is that today almost every PC is connected to the Internet, and the delivery of the weaponized code is easier and does not require physical access to the target computer.

Cyber-weapons could be a ‘disruptive technology’ in warfare — a game-changer like the English longbow, the machine gun or the military aircraft. Nations that succeed in developing such weapons and the concomitant defensive technologies first will have a huge advantage in almost any conflict.

Importantly, the relative size of the combatants is irrelevant to their capabilities or vulnerabilities in this area. A small country could deter a much larger one with a credible threat of a cyber-attack.

Do I need to tell you what small country is a superpower in software and computer technology? I didn’t think so.

Technorati Tags: , ,

Share:
  • Print
  • email
  • Twitter
  • Facebook
  • Digg
  • del.icio.us
  • Reddit
  • Google Bookmarks
  • StumbleUpon
  • Technorati
  • Tumblr
  • NewsVine

5 Responses to “Cyberwar!”

  1. levari says:

    ha ha! yeah, sucka. how you like us now? just so long as none of the wayward missiles manage to hit israel.

  2. Robman says:

    What is really fascinating about this is that there is speculation that the Israelis inserted this via the Russians, who were the ones with access to the relevant computers (they installed most of them).

    A joint Russian/Israeli operation? Maybe the Israelis are buying Russians even BIGGER dachas on the Black Sea than the Iranians have? Two can play that game!

  3. Shalom Freedman says:

    So far as I can tell all the efforts so far at sabotaging the Iranian nuclear program have delayed it for short periods of time, but not stalled its fundamental momentum. The centrifuges are spinning and much else is going on which is not being spoken about and perhaps is not even known about.
    Apparently the program can be stopped only by a massive military strike one which seems less likely now than before.

  4. Robman says:

    I think a strike is practically inevitable. We’ll see. If it doesn’t happen within the next year, it won’t happen.

  5. Vic Rosenthal says:

    I’ve worked with PCs connected to PLCs. They are everywhere. The amount of damage that is possible is remarkable. There’s no reason to think that the trigger has been pulled yet, or even that there aren’t multiple worms, or multiple targets. A full-scale cyber-attack on Iran could wreck the country.