How the world’s first cyber ‘super weapon’ attacked Iran – and now threatens the world | Mail Online.
By Rob Waugh
7th December 2011
The CIA could have been behind a computer virus dubbed the world’s first cyber ‘super weapon’ that attacked an Iranian nuclear plant, experts claim.
The launch of Stuxnet in 2010 marked the transformation of viruses into weapons of war.
Experts believe it was so sophisticated that it could have only been invented by designers with the backing of a nation state, with the spy arm of the U.S government being the main suspects.
It was purpose-built to attack Iran’s Busehr nuclear plant, overriding and controlling circuits inside the plant to cause physical damage.
It was the first malware that could truly be described as a ‘cyber-weapon’.
‘With Stuxnet we have opened a new chapter in human history,’ says Ralph Langner, the security expert who unravelled the attack. ‘There is now no way we can stop or control the proliferation of cyber-weapons.’
Iranian President Mahmoud Ahmadinejad, center, visits the Natanz Uranium Enrichment Facility some 200 miles (322 kilometers) south of the capital, Tehran, Iran
To begin with, the sheer sophistication of the attack was what dazzled experts – it exploited four separate vulnerabilities in Windows to penetrate and override industrial control systems designed by Siemens.
It would have taken experts months to design.
But in the wake of Stuxnet, it’s become clear that the weapon was almost over-designed for the job.
The Stuxnet attack on Iran’s Bushehr nuclear plant – a computer ‘worm’ specifically written to attack industrial control systems – was proof that the software in many industrial plants was vulnerable to attack.
Since then, there has been increased interest in the idea – both from researchers, and from potential attackers. Since then, other software has ‘copied’ Stuxnet – raising the alarming possibility of attackers simply downloading such weapons and unleashing them at will.
Nations across the world have long warned that future wars will include cyber assaults on the industries and economies of adversaries, and the potential targets include power plants, pipelines and air traffic control systems.
More and more industrial equipment is connected to the internet – rendering it vulnerable to attacks by hackers
Relatively unsophisticated ‘computers’ used to control industrial devices are ‘open’ to the internet – leaving plants such as Busehr vulnerable to attack.
In theory, many plants – including utilities such as water and gas – are open to such attacks.
Earlier this month, suspicions were raised about a remote attack on a water plant in America – but it proved to be an engineer accessing his work remotely.
But governments, including Britain’s, are trying desperately to shield vulnerable utilities before someone deploys the next cyber weapon.
The British government recently bought a ‘cyber range’ – designed to allow ‘testing’ of networks to harden them against hostile intrusions.
A senior engineer checks a rack in the main cyber range at Northrop Grumman near Southampton – a ‘test-firing’ range made to design, improve and modify electronic security arrangements
In America, government agencies are also taking action.
Acting DHS Deputy Undersecretary Greg Schaffer said that industries are increasingly vulnerable to hackers and foreign agents due to ‘connected’ equipment – and ‘there have been intrusions.’
‘We are connecting equipment that has never been connected before to global networks,’ Schaffer said. Hackers and perhaps foreign governments ‘are knocking on the doors of these systems – there have been intrusions.‘
‘Everybody is going crazy about the offensive capabilities and opportunities it gives you,’ Langner adds. ‘What people don’t realise is how easy such attacks are, and that you don’t need the resources of a nation state to pull them off.
‘We can predict that rogue states, terrorists, criminals and hackers will soon be able to use them.’
‘Some time ago at a conference where I had expressed my belief that Langley and the Department of Energy were the leading forces behind Stuxnet , I was later approached in private by an official of the US military who said: ‘You’re right, we are simply not smart enough to do something like this.’ If the Pentagon had developed Stuxnet, it might have been much more crude and brute-force.’
The ‘Stuxnet’ worm – a sophisticated cyber attack on the Bushehr nuclear plant in Iran opened a new era of cyber-warfare. Duqu, detected in Europe, may well be from the ‘same authors’ says security firm Symantec
Many observers thought that the sophistication of Stuxnet would have required the resources of a nation to design. Others suspected it was produced by the U.S. or Israel.
The copycat, Duqu, required much less skill, though: it simply copied
Duqu is designed to penetrate industrial systems and send information to its creators. It’s designed to run for 36 days, sending innocent ‘dummy’ images to its creators, then hiding stolen information such as design documents amongst them as it operates.
Unlike Stuxnet, it doesn’t self-replicate inside computer systems – and is seen as a ‘precursor’ to an attack designed to cause physical or financial damage.
Symantec says that the detection of Duqu does not mean that the danger is over.
‘The threat was highly targeted toward a limited number of organizations for their specific assets,’ said the security firm in a statement. ‘However, it’s possible that other attacks are being conducted against other organizations in a similar manner with currently undetected variants.’
The nuclear power plant in Bushehr, southern Iran, which was the target of the Stuxnet worm. The Duqu worm is similar but is designed to steal information rather than cause physical damage
The U.S. Department of Homeland Security said it was aware of the reports and was taking action.
‘DHS’ Industrial Control Systems Cyber Emergency Response Team has issued a public alert and will continue working with the cybersecurity research community to gather and analyze data and disseminate further information to our critical infrastructure partners as it becomes available,’ a DHS official said.
‘Parts of Duqu are nearly identical to Stuxnet, but with a completely different purpose,’ Symantec said. ‘Duqu is essentially the precursor to a future Stuxnet-like attack.’
Duqu is designed to gather data from industrial control system manufacturers to make it easier to launch an attack in the future by capturing information including keystrokes.
“The attackers are looking for information such as design documents that could help them mount a future attack on an industrial control facility,’ Symantec said.
In a 2007 test at the Idaho National Laboratory, government hackers were able to break into the control system running a large diesel generator, causing it to self-destruct.
Before the test, he said, the notion of cyber warfare ‘was mainly smoke and mirrors. But the Aurora tests showed that, you know what? We have a new kind of weapon.’