How the Stuxnet Worm Formed Its Attacks—And Who Might Have It Now
Stuxnet seems to become scarier every time you hear about it. The sophisticated piece of malware came to the world’s attention in September; shortly thereafter we heard that it was perfectly designed to attack nuclear centrifuges, and in fact had disrupted some nuclear research in Iran. Now comes more news about how it works, and who might be using it next.
The security group Symantec has been trying to analyze and understand the waves of Stuxnet attacks against Iran, and now its researchers have found the base of the attacks, according to Symantec’s Orla Cox.
The new research, which analysed 12,000 infections collected by various anti-virus firms, shows that the worm targeted five “industrial processing” organisations in Iran. “These were the seeds of all other infections,” said Ms Cox. The firm was able to identify the targets because Stuxnet collected information about each computer it infected, including its name, location and a time stamp of when it was compromised. [BBC News]
Though Symantec isn’t naming the five targets in Iran, another security expert studying Stuxnet’s code, Ralph Langner, told CNET the likely target of the whole attack was the Natanz nuclear enrichment plant.
“My bet is that one of the infected sites is Kalaye Electric,” he wrote… “Again, we don’t have evidence for this, but this is how we would launch the attack – infecting a handful of key contractors with access to Natanz.” [CNET]
The news turning heads today, though, is that Anonymous, the “hacktivist” group in the news recently for coordinated attacks on behalf of WikiLeaks and Egyptian protesters, claims to have a version of Stuxnet.
“It would be possible [for Anonymous to use Stuxnet in an attack],” Cox said. “But it would require a lot of work, it’s certainly not trivial. “The impressive thing about Stuxnet is the knowledge its creators had about their target. So even if you have got access to it you need to understand the target â€“ that requires a lot of research.” [The Guardian]
In addition, The Guardian quotes other security experts as saying Anonymous doesn’t have the key pieces of coding needed to launch an attack like last year’s on Iran. But that doesn’t mean the group couldn’t cause some mayhem.
“There is the real potential that others will build on what is being released,” Michael Gregg, chief operating officer of cybersecurity firm Superior Solutions, [said]. Gregg was quick to clarify that the group hasn’t released the Stuxnet worm itself, but rather a decrypted version of it HBGary had been studying — which could act almost like a building block for cybercrooks. [Fox News]