Rainblog

Back in July, I wrote about a piece of malware that used a Windows vulnerability to attack SCADA systems. Back then, it was believed that the purpose of the malware was to steal industrial secrets, a concept straight out of science-fiction.

Now the worm, which has been christened Stuxnet, looks like it’s even less benign. An article in Wired suggests that it was actually designed to cause SCADA controllers to malfunction, and not in a trivial way: there’s some reason to believe that it was intended to disrupt the parts of the controllers that, well, prevent stuff from blowing up. The fact that the first major infestation seems to have been detected in Iran has led to speculation that it was designed to target Iranian nuclear facilities, perhaps with the goal of triggering a major accident.

Any speculation needs to be taken with a helping of salt. Nevertheless, it does seem that the worm represented a substantial development effort and would have required detailed knowledge of a number of very different types of system. That makes it unlikely to have been the work of what John Brunner called a ‘hobby saboteur’. While the worm seems to have had some features, such as a resilient command-and-control system, commonly seen in botnet software created by so-called cybercriminals, there’s no evidence yet of any profit motive. That would seem to rule out cybercriminals as the authors.

So if the worm really was a weapon, then it was probably developed by a government. This raises two questions. The obvious one is ‘Which government?’; the less obvious one is how the authors intended to prevent the worm spreading to ‘friendly’ systems and causing damage there. As in biological warfare, the big worry is that the infection will run out of control and start hurting your own side. To avoid this, you either have to immunize your own population, or you have to have some expectation that the infection will be confined to a limited area (or duration). The worm seems to have been intended to propagate over local area networks; it’s unclear whether it could also have spread via the Internet. Still, it seems to have spread widely enough for the infestations to be detectable, something that the authors must have anticipated. I’d be curious to know whether any kind of ‘immunization’ program took place anywhere around the time that the worm was launched, designed to protect critical systems against precisely the kind of threat posed by this worm.

As for the question of ‘who?’, if the target was really Iran then the list of likely authors comes down to just two nations: Israel, and the United States. I think it’s quite possible that someone in Fort Meade or Tel Aviv has some ‘splainin’ to do.

We live in the future. More specifically, we live in William Gibson’s cyberpunk future.

Microsoft has acknowledged the existence of a bug affecting ‘all versions of Windows’, that allows attackers to trigger execution of malicious software via a shortcut link. It’s a serious bug, and one that’s apparently ripe for exploitation.

The flaw is already being exploited, and experts predict more attacks will follow. What’s interesting, however, is that the first observed attacks using the exploit have an unusual goal. Instead of trying to turn the hijacked home or office PCs into spam relays, pestering their unlucky owners with ads, or trying to steal passwords and credit card numbers - the standard repertoire - the attack targeted systems used as controllers for industrial machinery. Moreover, according to information put out by Siemens, the goal of the malware wasn’t to disrupt the connected systems (a recurrent nightmare scenario in a world where heavy machinery and essential utilities are increasingly controlled by computers running mass-market OS’s), but to “steal secrets from manufacturing plants and other industrial facilities”.

Computer hackers using sophisticated malware to conduct corporate espionage? This is the stuff of cyberpunk fiction. The future’s so bright, we gotta wear mirrorshades.

Unspecified Potential Security Flaw

One of the delights of using Windows is the way that it keeps you guessing.