The Stuxnet virus hit the world pretty hard recently with its Windows 0 day USB shortcut exploit which took advantage of a security hole in how every version of Windows displays items found on a USB flash drive.  The attack left Microsoft scrambling to patch it as the virus ran rampant.

Most security experts have delved into the Stuxnet code and come up empty for why it was created.  The virus itself contains very specific code that has left many scratching their heads and wondering what said code really does. 

Last week we started seeing the first reports that Stuxnet contained Siemans Programmable Logic Controller (PLC) device code and was manipulating the data of a very specific 100-millisecond timer used for system health checks.  Ralph Langer, a well-respected expert on industrial systems security, published an analysis of the viral code last week and stated that it appears to have been designed to target very specific Siemans software systems owned by Iran and mostly likely targeting their nuclear program.  The code contains some rather unique fingerprinting and when it found the specific systems it was written for, it injected its own viral code for the sole purpose of interfering with the system health check.  The results have the potential to be catastrophic in nature, especially if the system we’re talking about is Iran’s nuclear reactors. 

The parts that particularly peaked my interest in his analysis were:

1)      The attack is sabotage. It targeted a single control process.

2)      The attack involved a lot of insider knowledge.

3)      The attack combines several very specific skill sets.

4)      The target must be of extremely high-value to the attacker.

Around the same time of the Stuxnet virus, Chester Wisniewski of Sophos tracked the progress of the recent 4chan targeted attack and noted the “Operation Payback” distributed denial of service (DDoS) attack was essentially a brute force effort conducted by several thousand volunteers over the internet targeting RIAA, MPAA, and Aiplex servers with the intent to completely overwhelm them.

Both of these cyber crimes are directed attacks against a known entity – the difference is in the execution.  Stuxnet required tedious intel gathering and preparation to pull off, while 4chan launched the attack in less than 48 hours by word of mouth and internet postings.  Stuxnet required a lot of specific expertise to not trip off any alarms, versus 4chan wanting their attack to be both brutal and public - they wanted their target to know who was attacking them.

One of the points that Chet brings up in his blog is the fact that 4chan cyber criminals were very successful in attacking numerous, selected targets despite a lack of manpower and resources.  It is rather scary to ponder what large sections of the internet population could accomplish if they collectively decided to go on the warpath in a united, strategically-planned attack. 

Stuxnet was intentionally written to be a subtle and destructive covert operative, I can only wonder what the next evolution of large scale cyber warfare is going to look like.  How public will governments go to fight full-scale cyber warfare and what assets will they bring online when going on the offensive?  Will cyber criminals unite and pool intel and manpower to target life-threatening networks like nuclear reactors?

One thing I do know… it’s a brave new world.

Was this article helpful?

About Leigh
If RJS employed “The Most Interesting Man in the World,” one could argue our very own Network Security Engineer, Leigh Reimers, just might fit the bill. Leigh is a black-belt karate master and former United States Army tough guy. At RJS, Leigh is a “jack-of-all-trades,” assisting with network administration and support on the off-chance he isn’t solving difficult security conundrums as a certified Sophos Advanced Sales and Technology Engineer.