When the Stuxnet worm hit the Iranian Nuclear Facility incapacitating it, little did everyone know that this marked the entry of a new kind of global security threat inside and outside the computer world.
The Stuxnet worm was created to derail Iran's nuclear program to devastating results. It was designed to damage centrifuges in the nuclear plants by affecting how fast the controllers instructed the centrifuges to spin. These controllers were manufactured by Siemens and was part of embargoed equipment procured secretly by Iran.
Stuxnet infected five Iranian organizations suspected to be uranium infrastructure facilities. It was noted that although the worm was not isolated to just in Iran, but only the computers in the Iran nuclear program was damaged by Stuxnet. This led to the belief that this attack was conducted with support from the United States and Israel.
Now, this kind of attack can be replicated by computer hackers everywhere targeting not only individuals but also companies, factories and even nations. Technological advances in both computer hardware and software has made hacking cheaper and more available to most anyone interested in it. Viruses, worms, and hacks are now more elaborate and destructive. What was once thought to be too costly and impossible to do is now feasible. From simple DDOS attacks and defacing websites, hackers now have the potential to actually control equipment and facilities at their behest.
Dillon Beresford, a computer security researcher, said that it only took him 2 months and US$20,000 in electronic and computer equipment to find more than a dozen security vulnerabilities in the same type of electronic controllers affected by Stuxnet in Iran. These vulnerabilities allowed him to take remote control of the devices and reprogram them.
Video: The Stuxnet Worm
"What all this is saying is you don't have to be a nation-state to do this stuff. That's very scary," industrial control system expert, Joe Weiss said. "There's a perception barrier, and I think Dillon crashed that barrier."
One main factor to the vulnerability is that controllers are not easily replaced. They last for decades and regular replacement is not just costly, it is not also easy.
The threat is not isolated to nuclear power plants. Experts have found vulnerabilities in jails, and prisons. They discovered vulnerabilities that allow them to control most of the facilities systems such as those that control doors, alarms, and video feeds. All it takes is inserting the virus code or worm code into the facilities network (which they have done in the experiment) and the major systems of the prison are in their control.
With situations such as these, companies should be aware of their own vulnerabilities and prioritize regular security checkups for viruses, worms, and possible security holes as well as investing in countermeasures both physical and technological. Computer security has to be on top all the time.
Ulf Lindqvist, an expert on industrial control systems of SRI International said, "The situation is not at all as bad as it was five to six years ago, but there's much that remains to be done... We need to be as innovative and organized on the good-guy side as the bad guys can be."
The Stuxnet worm was created to derail Iran's nuclear program to devastating results. It was designed to damage centrifuges in the nuclear plants by affecting how fast the controllers instructed the centrifuges to spin. These controllers were manufactured by Siemens and was part of embargoed equipment procured secretly by Iran.
Stuxnet infected five Iranian organizations suspected to be uranium infrastructure facilities. It was noted that although the worm was not isolated to just in Iran, but only the computers in the Iran nuclear program was damaged by Stuxnet. This led to the belief that this attack was conducted with support from the United States and Israel.
Now, this kind of attack can be replicated by computer hackers everywhere targeting not only individuals but also companies, factories and even nations. Technological advances in both computer hardware and software has made hacking cheaper and more available to most anyone interested in it. Viruses, worms, and hacks are now more elaborate and destructive. What was once thought to be too costly and impossible to do is now feasible. From simple DDOS attacks and defacing websites, hackers now have the potential to actually control equipment and facilities at their behest.
Dillon Beresford, a computer security researcher, said that it only took him 2 months and US$20,000 in electronic and computer equipment to find more than a dozen security vulnerabilities in the same type of electronic controllers affected by Stuxnet in Iran. These vulnerabilities allowed him to take remote control of the devices and reprogram them.
Video: The Stuxnet Worm
"What all this is saying is you don't have to be a nation-state to do this stuff. That's very scary," industrial control system expert, Joe Weiss said. "There's a perception barrier, and I think Dillon crashed that barrier."
One main factor to the vulnerability is that controllers are not easily replaced. They last for decades and regular replacement is not just costly, it is not also easy.
The threat is not isolated to nuclear power plants. Experts have found vulnerabilities in jails, and prisons. They discovered vulnerabilities that allow them to control most of the facilities systems such as those that control doors, alarms, and video feeds. All it takes is inserting the virus code or worm code into the facilities network (which they have done in the experiment) and the major systems of the prison are in their control.
With situations such as these, companies should be aware of their own vulnerabilities and prioritize regular security checkups for viruses, worms, and possible security holes as well as investing in countermeasures both physical and technological. Computer security has to be on top all the time.
Ulf Lindqvist, an expert on industrial control systems of SRI International said, "The situation is not at all as bad as it was five to six years ago, but there's much that remains to be done... We need to be as innovative and organized on the good-guy side as the bad guys can be."
For years, ill-intentioned hackers have dreamed of plaguing the world's infrastructure with a brand of sabotage reserved for Hollywood. They've mused about wreaking havoc in industrial settings by burning out power plants, bursting oil and gas pipelines, or stalling manufacturing plants.
But a key roadblock has prevented them from causing widespread destruction: they've lacked a way to take remote control of the electronic "controller" boxes that serve as the nerve centers for heavy machinery.
The attack on Iran changed all that. Now, security experts — and presumably, malicious hackers — are racing to find weaknesses. They've found a slew of vulnerabilities...
Source: ABCNews
Related Articles
Kung Fu Pandas Set to Attack World of Warcraft
Mysterious Coded Manuscript Cracked After 300 Years
Steve Jobs Next Big Thing?
Nightwork: The MIT Hacker
Project Sixtrack: The Large Hadron Collider and Your Computer
Quantum Computers: Tomorrows Technology
Digital Contact Lens for Heads Up Display and Augmented Reality
Danceroom Spectroscopy: Quantum Physics on the Dance Floor.
Multi-purpose Photonic Chip Developed for Quantum Computers