336 Part Two  Information Technology Infrastructure



            INTERACTIVE SESSION: ORGANIZATIONS

        STUXNET AND THE CHANGING FACE OF CYBERWARFARE

        In July 2010, reports surfaced about a Stuxnet worm   tems that follow industry best practices. Companies’
        that had been targeting Iran’s nuclear facilities. In   need for interonnectivity between control systems
        November of that year, Iran’s President Mahmoud      make it nearly impossible to defend against a well-
        Ahmadinejad publicly acknowledged that malicious     constructed, multi-pronged attack such as Stuxnet.
        software had infected the Iranian nuclear facilities   And Stuxnet is not the only cyberweapon cur-
        and disrupted the nuclear program by disabling the   rently at work. The Flame virus, released about
        facilities' centrifuges. Stuxnet had earned its place   five years ago, has been infecting computers in
        in history as the first visible example of industrial   Iran, Lebanon, Sudan, Saudi Arabia, Egypt, Syria,
        cyberwarfare.                                        and Israel. While researchers are still analyzing the
           To date, Stuxnet is the most sophisticated        program, the attack's main goal is stealing informa-
          cyberweapon ever deployed. Stuxnet’s mission was   tion and espionage. Flame is able to grab images of
        to activate only computers that ran Supervisory      users’ computer screens, record their instant messag-
        Control and Data Acquisition (SCADA) software        ing chats, collect passwords, remotely turn on their
        used in Siemens centrifuges to enrich uranium. The   microphones to record audio conversations, scan
        Windows-based worm had a “dual warhead.” One         disks for specific files, and monitor their keystrokes
        part was designed to lay dormant for long periods,   and network traffic. The software also records Skype
        then speed up Iran’s nuclear centrifuges so that they   conversations and can turn infected computers
        spun wildly out of control. Another secretly recorded   into Bluetooth beacons which attempt to down-
        what normal operations at the nuclear plant looked   load contact information from nearby Bluetooth-
        like and then played those recordings back to plant   enabled devices These data, along with locally stored
        operators so it would appear that the centrifuges      documents, can be sent to one of several command
        were operating normally when they were actually      and control servers that are scattered around the
        tearing themselves apart.                            world. The program then awaits further instructions
           The worm’s sophistication indicated the work      from these servers.
        of highly skilled professionals. Michael Assante,      The Duqu worm, discovered in September 2011,
          president and CEO at the National Board of         also aims to steal information by scanning systems.
        Information Security Examiners, views Stuxnet as a   Duqu infects a very small number of very specific
        weapons delivery system like the B-2 Bomber. The     systems around the world, but may use completely
        software program code was highly modular, so that it   different modules for infiltrating those separate
        could be easily changed to attack different systems.     systems. One of Duqu's actions is to steal digital
        Stuxnet only became active when it encountered a     certificates used for authentication from attacked
        specific configuration of controllers, running a set of   computers to help future viruses appear as secure
        processes limited to centrifuge plants.              software. It is going largely undetected. Security
           Over 60 percent of Stuxet-infected computers are   researchers believe Duqu was created by the same
        in Iran, and digital security company Kaspersky Labs   group of programmers behind Stuxnet.
        speculates that the worm was launched with nation-     The real worry for security experts and govern-
        state support (probably from Israel and the United   ment officials is an act of cyberwarfare against a
        States) with the intention of disabling some or all of   critical resource, such as the electric grid, financial
        Iran’s uranium enrichment program. Stuxnet wiped     systems, or communications systems. (In April
        out about one-fifth of Iran’s nuclear centrifuges.   2009, cyberspies infiltrated the U.S. electrical grid,
        The damage was irreparable and is believed to have   using weak points where computers on the grid are
        delayed Iran’s ability to make nuclear arms by as      connected to the Internet, and left behind  software
        much as five years. And no one is certain that the   programs whose purpose is unclear, but which
        Stuxnet attacks are over. Some experts who exam-       presumably could be used to disrupt the system.)
        ined the Stuxnet software code believe it contains the   The U.S. has no clear strategy about how the coun-
        seeds for more versions and attacks.                 try would respond to that level of cyberattack, and the
           According to a Tofino Security report, Stuxnet is   effects of such an attack would likely be devastating.
        capable of infecting even well-secured computer sys-  Mike McConnell, the former director of national intel-








   MIS_13_Ch_08 Global.indd   336                                                                             1/17/2013   3:10:20 PM