Stuxnet virus could target many industries

November 17, 2010 By LOLITA C. BALDOR , Associated Press

(AP) -- A malicious computer attack that appears to target Iran's nuclear plants can be modified to wreak havoc on industrial control systems around the world, and represents the most dire cyberthreat known to industry, government officials and experts said Wednesday.

They warned that industries are becoming increasingly vulnerable to the so-called Stuxnet worm as they merge networks and computer systems to increase efficiency. The growing danger, said lawmakers, makes it imperative that Congress move on legislation that would expand government controls and set requirements to make systems safer.

The complex code is not only able to infiltrate and take over systems that control manufacturing and other critical operations, but it has even more sophisticated abilities to silently steal sensitive intellectual property data, experts said.

Dean Turner, director of the Global Intelligence Network at Symantec Corp., told the Senate Homeland Security and Governmental Affairs Committee that the "real-world implications of Stuxnet are beyond any threat we have seen in the past."

Analysts and government officials told the senators they remain unable to determine who launched the attack. But the design and performance of the code, and that the bulk of the attacks were in Iran, have fueled speculation that it targeted Iranian nuclear facilities.

Turner said there were 44,000 unique Stuxnet computer infections worldwide through last week, and 1,600 in the United States. Sixty percent of the infections were in Iran, including several employees' laptops at the Bushehr nuclear plant.

Iran has said it believes Stuxnet is part of a Western plot to sabotage its nuclear program, but experts see few signs of major damage at Iranian facilities.

A senior government official warned Wednesday that attackers can use information made public about the Stuxnet worm to develop variations targeting other industries, affecting the production of everything from chemicals to baby formula.

"This code can automatically enter a system, steal the formula for the product you are manufacturing, alter the ingredients being mixed in your product and indicate to the operator and your antivirus software that everything is functioning as expected," said Sean McGurk, acting director of Homeland Security's national cybersecurity operations center.

Stuxnet specifically targets businesses that use Windows operating software and a control system designed by Siemens AG. That combination, said McGurk, is used in many critical sectors, from automobile assembly to mixing products such as chemicals.

Turner added that the code's highly sophisticated structure and techniques also could mean that it is a one-in-a-decade occurrence. The virus is so complex and costly to develop "that a select few attackers would be capable of producing a similar threat," he said.

Experts said governments and industries can do much more to protect critical systems.

Michael Assante, who heads the newly created, not-for-profit National Board of Information Security Examiners, told lawmakers that control systems need to be walled off from other networks to make it harder for hackers to access them. And he encouraged senators to beef up government authorities and consider placing performance requirements and other standards on the industry to curtail unsafe practices and make systems more secure.

"We can no longer ignore known system weaknesses and simply accept current system limitations," he said. "We must admit that our current security strategies are too disjointed and are often, in unintended ways, working against our efforts to address" cybersecurity challenges.

The panel chairman, Sen. Joe Lieberman, I-Conn., said legislation on the matter will be a top priority after lawmakers return in January.

Explore further: US does not know source, purpose of Stuxnet worm: official

More information: Senate Homeland Security and Governmental Affairs Committee:


Related Stories

Iran claims computer worm is Western plot

October 5, 2010

(AP) -- Iran claimed Tuesday that a computer worm found on the laptops of several employees at the country's nuclear power plant is part of a covert Western plot to derail its nuclear program.

World's first 'cyber superweapon' attacks China

September 30, 2010

A computer virus dubbed the world's "first cyber superweapon" by experts and which may have been designed to attack Iran's nuclear facilities has found a new target -- China.

Computer attacks linked to wealthy group or nation

September 26, 2010

(AP) -- A powerful computer code attacking industrial facilities around the world, but mainly in Iran, probably was created by experts working for a country or a well-funded private group, according to an analysis by a leading ...

Stuxnet worm rampaging through Iran: IT official

September 27, 2010

The Stuxnet worm is mutating and wreaking further havoc on computerised industrial equipment in Iran where about 30,000 IP addresses have already been infected, IRNA news agency reported on Monday.

Recommended for you

Team breaks world record for fast, accurate AI training

November 7, 2018

Researchers at Hong Kong Baptist University (HKBU) have partnered with a team from Tencent Machine Learning to create a new technique for training artificial intelligence (AI) machines faster than ever before while maintaining ...


Adjust slider to filter visible comments by rank

Display comments: newest first

3 / 5 (4) Nov 17, 2010
I think he means that these systems should be switched over to a more secure operating system like Linux..
2.2 / 5 (6) Nov 17, 2010
Linux is not secure. Far from it. Where do people get that idea? Not from having ever actually used it.
not rated yet Nov 17, 2010
Or until the source for Stuxnet is released on the web, then everyone will be able to tailor it to suit objectives...

3.7 / 5 (3) Nov 17, 2010
nada - you fail to see the point. Any system is 'securable' . Just disconnect the little ethernet cable from the back. Even that doesn't protect against hardware attacks, and attacks by people with physical access to the machine

The reason Linux (and MacOS) are rarely attacked is because there are far fewer of them than WindowOS in public use. There are not only HUGE vulnerabilities of the internet itself that no OS can overcome, but no system is 100% secure as long as you allow people to access it.

10 years is not a lot in terms of real experience btw.
not rated yet Nov 18, 2010
It wouldn't hurt to set some realistic examples of people who write destructive code. Slaps on the wrist with a wet noodle or a few years free room and board on the taxpayers tab don't cut it. People who threaten the safely of many millions of innocent people on a vast scale and in ways most criminals and tirants can only envy should be publicly drawn and quartered, a fittingly medieval punishment for a modern crime.
2 / 5 (6) Nov 18, 2010
Linux is not secure. Far from it. Where do people get that idea? Not from having ever actually used it.

I've worked in IT security for 10 years. Your statement shows the depth of your ignorance. Its not a question of security, its a question of "securable". On that note: Windows is not securable, Linux can be made 100% securable.

With 5 times as much IT experience under my belt, I can tell you, without fear of being in error, that there is no such thing as being both 100% secure and usable.

Usability requires accessibility; which, in turn, allows of unauthorized access.

BTW, Unix-like OSes are actually more easily controlled, for good or for bad, than is Windows, owing to their granularity; it is for that reason that they are vulnerable to root kits. Windows, on the other hand, has no true root, thus requiring a multi-vector attack in order to effect the equivalent level of control afforded by a true root kit.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.