Stuxnet is a phantom, lingering just on the periphery, and by the time you see him, it is already too late. It may sound dramatic to describe a computer worm in such a way, but when the worm has the ability to destroy international infrastructure, the drama becomes warranted. David Kushner writes a hefty article for IEEE Spectrum about the whole story behind the specter of Stuxnet.
The Phantom Unmasked
Due to the amount of manpower required, as well as a host of other factors, the evidence points to the United States and Israel being the progenitors of the worm. And their target was very likely Iranian industrial sites, including a uranium-enrichment plant. Kushner explains the process of Stuxnet’s infiltration like this:
First, it targeted Microsoft Windows machines and networks, repeatedly replicating itself. Then it sought out Siemens Step7 software, which is also Windows-based and used to program industrial control systems that operate equipment, such as centrifuges. Finally, it compromised the programmable logic controllers. The worm’s authors could thus spy on the industrial systems and even cause the fast-spinning centrifuges to tear themselves apart, unbeknownst to the human operators at the plant.
Stuxnet could spread through networks or even just through USB drives, using the Internet to download new versions of itself. It moved so efficiently that Chevron admitted to finding it in its machines back in 2012. But as it turns out, Stuxnet may only be the most recent episode in a longer-term conspiracy.
The Slow Burn
Before Stuxnet, there was Flame, roughly 40 times as large in size as Stuxnet, but only intended to spy rather than destroy. Flame could acquire information from top secret PDFs, and it could exchange data with any Bluetooth-enabled device. Most incredibly, it was acquired by computers via a bogus update to Windows 7.
If state-sponsored malware can steal data and destroy industrial systems now, imagine what it might be able to do in just a few more years. Businesses need now more than ever to protect their assets. The NSA could be the least of your problems! You can read Kushner’s original article here: http://spectrum.ieee.org/telecom/security/the-real-story-of-stuxnet