World's first 'cyber superweapon' attacks China

Sep 30, 2010
The Stuxnet computer worm has wreaked havoc in China, infecting millions of computers around the country, state media have reported.

A computer virus dubbed the world's "first cyber superweapon" by experts and which may have been designed to attack Iran's nuclear facilities has found a new target -- China.

The Stuxnet computer worm has wreaked havoc in China, infecting millions of computers around the country, state media reported this week.

Stuxnet is feared by experts around the globe as it can break into computers that control machinery at the heart of industry, allowing an attacker to assume control of critical systems like pumps, motors, alarms and valves.

It could, technically, make factory boilers explode, destroy gas pipelines or even cause a nuclear plant to malfunction.

The virus targets control systems made by German industrial giant Siemens commonly used to manage water supplies, oil rigs, and other industrial facilities.

"This malware is specially designed to sabotage plants and damage industrial systems, instead of stealing personal data," an engineer surnamed Wang at antivirus service provider Rising International Software told the Global Times.

"Once Stuxnet successfully penetrates factory computers in China, those industries may collapse, which would damage China's national security," he added.

Another unnamed expert at Rising International said the attacks had so far infected more than six million individual accounts and nearly 1,000 corporate accounts around the country, the official Xinhua news agency reported.

The Stuxnet computer worm -- a piece of malicious software (malware) which copies itself and sends itself on to other computers in a network -- was first publicly identified in June.

It was found lurking on Siemens systems in India, Indonesia, Pakistan and elsewhere, but the heaviest infiltration appears to be in Iran, according to software security researchers.

A Beijing-based spokesman for Siemens declined to comment when contacted by AFP on Thursday.

Yu Xiaoqiu, an analyst with the China Information Technology Security Evaluation Centre, downplayed the malware threat.

"So far we don't see any severe damage done by the virus," Yu was quoted by the Global Times as saying.

"New viruses are common nowadays. Both personal Internet surfers and Chinese pillar companies don't need to worry about it at all. They should be alert but not too afraid of it."

A top US cybersecurity official said last week that the country was analysing the computer worm but did not know who was behind it or its purpose.

"One of our hardest jobs is attribution and intent," Sean McGurk, director of the National Cybersecurity and Communications Integration Center (NCCIC), told reporters in Washington.

"It's very difficult to say 'This is what it was targeted to do,'" he said of Stuxnet, which some computer security experts have said may be intended to sabotage a nuclear facility in Iran.

A cyber superweapon is a term used by experts to describe a piece of malware designed specifically to hit computer networks that run industrial plants.

"The Stuxnet worm is a wake-up call to governments around the world," Derek Reveron, a cyber expert at the US Naval War School, was quoted as saying Thursday by the South China Morning Post.

"It is the first known worm to target industrial control systems."

Explore further: Digital dilemma: How will US respond to Sony hack?

add to favorites email to friend print save as pdf

Related Stories

Stuxnet worm rampaging through Iran: IT official

Sep 27, 2010

The Stuxnet worm is mutating and wreaking further havoc on computerised industrial equipment in Iran where about 30,000 IP addresses have already been infected, IRNA news agency reported on Monday. ...

Computer attacks linked to wealthy group or nation

Sep 26, 2010

(AP) -- A powerful computer code attacking industrial facilities around the world, but mainly in Iran, probably was created by experts working for a country or a well-funded private group, according to an analysis by a leading ...

Conficker Worm Prepares For A New Release On April 1

Mar 27, 2009

(PhysOrg.com) -- The conficker worm created havoc last year when it infected over 10 million computers on a global scale. The unique design of the conficker worm allowed for this large scale attack to over ...

Recommended for you

Britain's UKIP issues online rules after gaffes

2 hours ago

UK Independence Party (UKIP), the British anti-European Union party, has ordered a crackdown on the use of social media by supporters and members following a series of controversies.

Sony saga blends foreign intrigue, star wattage

2 hours ago

The hackers who hit Sony Pictures Entertainment days before Thanksgiving crippled the network, stole gigabytes of data and spilled into public view unreleased films and reams of private and sometimes embarrassing ...

Digital dilemma: How will US respond to Sony hack?

Dec 18, 2014

The detective work blaming North Korea for the Sony hacker break-in appears so far to be largely circumstantial, The Associated Press has learned. The dramatic conclusion of a Korean role is based on subtle ...

User comments : 20

Adjust slider to filter visible comments by rank

Display comments: newest first

gwrede
3 / 5 (6) Sep 30, 2010
In another article it was said that developing Stuxnet takes 6 to 10 programmers at least six months, plus access to a test facility actually running the Siemens control system. Which would indicate no less than some government organization.

There must be a party that wins no matter if Stuxnet is detected (as has now happened), or if it is undetected and is able to sabotage the Iranian nuclear facilities, since anything less is not enough to motivate such an enormous undertaking. Especially when the developing organization knows that there will be hell to pay if they get caught.

BTW, the next version will have to include code that makes the malware recognize where it is, in order to have its spread reduced to the target country or organization. This will radically diminish the risk of it getting discovered. It will also promptly remove and erase itself from any intermediate computer.
Skeptic_Heretic
3 / 5 (4) Sep 30, 2010
I'm very interested in finding out what the intent was for this worm. I'm not sure I buy into the nuclear facility sabotage methodology. Too easy to let the genie out of the bottle.
frajo
4 / 5 (9) Sep 30, 2010
I prefer to remain pragmatic, i.e. skeptical. What are the facts? The fact is that we have interesting rumors. Who is interested in spreading such rumors? And why?
Everything else is just speculation. Which may well be intended by the sources of the rumor.
jtdrexel
3.3 / 5 (3) Sep 30, 2010
Reminds me of the movie, Live Free or Die Hard. Sounds like some sort of "Fire Sale". Will be very interesting to find out the intend of this virus though...
Quantum_Conundrum
2.4 / 5 (8) Sep 30, 2010
What better way to screw up your enemies than to sell them a product with a worm built in?

The Germans are probably behind the worm. Probably built it into their own systems like Microsoft does.
GSwift7
3 / 5 (4) Sep 30, 2010
If I'm reading these stories correctly, then 'infection' by the worm isn't actually damaging. The actual attack would come after the attacker has access to the controls of a targeted facility. The worm just gives someone the ability to attack an infected system. The attacker would then still need to know how to identify specific targets, by IP address presumably, unless the purpose is to make completly random attacks. Any serious attacker would need some prety specific information about their intended victim. Most industrial control systems aren't named in such a way that they are easy to identify. The ones here where I work, for example, are given semi-random names which do not indicate our company name, location, or the machine's function. Without inside knowledge, you wouldn't know who your worm had infected, unless you could track down the IP address through our internet service provider, but even that gets tricky when you're behind corporate firewalls/switches/routers/proxies/etc.
Skeptic_Heretic
3.7 / 5 (3) Sep 30, 2010
What better way to screw up your enemies than to sell them a product with a worm built in?

The Germans are probably behind the worm. Probably built it into their own systems like Microsoft does.

If that was the case then the US would be drastically affected.
ArtflDgr
3 / 5 (5) Sep 30, 2010
Its not the first, the first was a CIA created piece of code in a piece of software that is used in factories to control valves and things.

sound familiar?

well, the software was illegal for export, and so russia wanted to spy and steal it. they got wind of this, and inserted the code and it was stolen.

when they put it to work, the code activated, and caused the largest gas explosion in history in the russian pipeline.

hows that for getting facts of firsts and other details straight?
Skeptic_Heretic
3.7 / 5 (3) Sep 30, 2010
Its not the first, the first was a CIA created piece of code in a piece of software that is used in factories to control valves and things.

sound familiar?

well, the software was illegal for export, and so russia wanted to spy and steal it. they got wind of this, and inserted the code and it was stolen.

when they put it to work, the code activated, and caused the largest gas explosion in history in the russian pipeline.

hows that for getting facts of firsts and other details straight?

Can we have a reference for this? The majority of Russian infrastructure systems were largely mechanical before the iron curtain fell.
GSwift7
3 / 5 (4) Sep 30, 2010
http://en.wikiped...sabotage

The Russian pipeline explosion in 1982 is said to be the largest non-nuclear man made explosion in history. Whether it was caused by software sabotage is not clear. Both US and Russian governments officially deny it.

Even if the story is true, it's not really the same thing as what we have here. I would hardly call faulty stolen technology a superweapon. This new worm, or another like it, is quite different than letting someone steal sabotaged stuff from you.
J_Goudy
5 / 5 (1) Sep 30, 2010
"destroy gas pipelines" did make me wonder if Siemens equipment and/or stuxnet was related to the san bruno pipeline explosion a few weeks back.
notrelevant
5 / 5 (2) Sep 30, 2010
Who is the author of "Stuxnet".
It seems to me that this is just the type of cyber-warfare weapon one would want to have embedded in an enemy's infrastructure prior to physical attack. The havoc that could be caused by actual widespread use of this would make any attack easier. Given that the apparent primary target was Iran, you have to wonder who has a problem with them. I suppose just about everyone in the region could be suspect but the obvious one is Israel.
It could involve Russian Jews or American Jews to allow for deniability by blaming America or Russia instead, and in fact I do suspect the involvement of the security forces of at least one or the other.
The next step probably includes bombing certain (nuclear) targets in Iran. Soon. While this worm may still be effective.
I hope I'm wrong, but I would not be surprised by it happening.
Osmosium
5 / 5 (1) Sep 30, 2010
I recall a hacker (he worked on Siemens systems) being convicted several years ago of writing & uploading code to root Siemens systems. The point is, hacks (and hackers) have been ongoing for quite some time. The knowledge to do this, obviously, has been out there for many years. ie This is probably one guy.
treed
3 / 5 (2) Oct 01, 2010
Who cares who did it? It doesn't matter. Secure your computer systems so they can't do it anymore. That should be the focus, not catching the people who do this. If we don't secure our systems it will just keep happening again and again. Who in their right minds uses the worlds most troublesome and insecure operating system to run a nuclear facility?!
SuicideSamurai
5 / 5 (3) Oct 02, 2010
Who cares who did it? It doesn't matter. Secure your computer systems so they can't do it anymore. That should be the focus, not catching the people who do this. If we don't secure our systems it will just keep happening again and again. Who in their right minds uses the worlds most troublesome and insecure operating system to run a nuclear facility?!


Troublesome and insecure operating system? Isn't this article talking about a Siemens proprietary OS?

"The virus targets control systems made by German industrial giant Siemens commonly used to manage water supplies, oil rigs, power plants and other industrial facilities."

Where is a mention of the "worlds most troublesome and insecure operating system..." in this article?
SuicideSamurai
4 / 5 (6) Oct 02, 2010

It could involve Russian Jews or American Jews to allow for deniability by blaming America or Russia instead, and in fact I do suspect the involvement of the security forces of at least one or the other.


This is singly one of the most stupid things I have read in a long while; thanks. I will show it to everyone I know as proof human intelligence is waning.
TJ_alberta
not rated yet Oct 03, 2010
The point I fail to understand is why a process control computer, especially in a "secure" facility, is connected to the internet. To download upgrades? Anyone?
GSwift7
1 / 5 (2) Oct 04, 2010
"The point I fail to understand is why a process control computer, especially in a "secure" facility, is connected to the internet. To download upgrades? Anyone?"

So that they can use the new "INuke" IPhone app for controling nuclear power plants with a smartphone, of course.

Seriously, at the plant where I work (bread factory, not a nuclear plant, but food plants are supposed to be 'secure' too), our factory control systems are not directly connected to the 'internet'. We have digital control panels on many of the machines. Operators use touch screens to run the machines. The machines save info about how they run in a database. That database also has stored parameters that tell the machines how to run. For product X, machine A needs to run at temperature Y and speed Z. Those parameters are set using a proprietary application from the machine's manufacturer. We run our software on Windows PC's. There are several PC's with that software installed around the plant.
GSwift7
1 / 5 (2) Oct 04, 2010
Why would you not want to use a common and cheap windows PC for that? The actual machines on the factory floor are run by PLC's (programmable logic circuits) with self-contained control panels and backup power suplies where appropriate. The PC interface is extremely convienient when you want to get data back from the systems, such as a count of how many times a particular valve opens and closes. That tells you roughly when the valve needs to be replaced, for example. There must be some kind of connection to a networked computer somewhere. Otherwise you can't get data out of the system. Some systems can email, page, or even make phone calls to maintenance when things look wrong.

I'm guessing that the 'inside info' used to hack the system is in the form of internal system database call information; system usernames and passwords, etc. If you know the database type they are using, and the system database call parameters then you have freedom to do lots of damage.
GSwift7
1 / 5 (2) Oct 04, 2010
You would still need to have LOTS of inside information. If you've ever seen a well-normalized Oracle or SAP database then you know how crazy and unreadable all the field names are. In order to change anything, you'd have to know the names of tables and fields and what they do, in addition to the usernames and passwords. Then you'd also have to know what the actual parameters of the system are supposed to be, so that you could change them to values outside of tollerance.

I think it's very unlikely that one person could do this alone. Maybe a group of engineering students working on a University system with the same software? That sounds more likely than the CIA or Israeli Security.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.