Ralph Langner:

When first discovered in 2010, the Stuxnet computer worm posed a baffling puzzle. Beyond its unusually high level of sophistication loomed a more troubling mystery: its purpose. Ralph Langner and team helped crack the code that revealed this digital warhead’s final target — and its covert origins. In a fascinating look inside cyber-forensics, he explains how.


Comments

  1. #1 fancyflyer
    March 31, 2011

    That makes me shudder. Iran doesn’t need to be in the nuke business, but still…

  2. #2 kraut
    March 31, 2011

    Anyone remember the term “blow back”?

    Once that “generic” genie is out of the bottle – who is invulnerable?

  3. #3 ProfLarry
    April 1, 2011

    Stuxnet and nex-gen cyber-weapons are different in critical ways from conventional weaponry. First is ease of manufacture and second is ease of modification. I devised a Stuxnet-style attack on the U.S. energy infrastructure that was used in the Lior Samson techno-thriller, Web Games (Gesher Press, 2010), but I didn’t publish blueprints. The wide distribution of Stuxnet and its very public deconstruction put the template for an entire class of industrial control systems attacks in the public domain. The ease with which code can be revised, recycled, and repurposed means that it may only be a matter of time before we see pieces of reassembled Stuxnet flying our way. It’s warfare on the cheap, whether in the hands of terrorists or nation states. Israel, according to some sources in the intelligence community, may have hardened some of its crucial industrial infrastructure against a turn of the Stuxnet worm, but the U.S. is wide open.

  4. #4 mingr
    April 1, 2011

    All the stories on stuxnet raise more questions than answers. Infecting a Windows machine is easy. Infecting a PLC is not. Since the word was out long before stuxnet ‘struck’ is it reasonable that the Iranians don’t read the high press which was talking about stuxnet for months and didn’t decide to unplug their Windows machines from their PLCs? Does it make sense they were using Windows (a notoriuosly unstable platform at the best of times) for projects of national importance?

    Nobody offering any information about stuxnet – neither the security experts, the Iranians, the Americans, or the Israelis have an incentive to tell anything approximateing the truth about what happened.

  5. #5 anandine
    April 1, 2011

    If we and the Israelis can create a worm that causes certain brands of centrifuges to change speeds, couldn’t someone else disable a nuclear reactor’s cooling pumps?

  6. #6 Greg Laden
    April 1, 2011

    Shhhhhhhh

  7. #7 Mingr
    April 1, 2011

    If any nuclear reactors are linked into a Windows based network, we are all screwed regardless.

    How about a glowing blue screen of death …

  8. #8 rdp
    April 4, 2011

    A lot of the Stuxnet stories going around are misleading.

    It wasn’t as effective as it is be purported to be. There was a steady increase in low enriched uranium coming out of the Natanz plant at the time when the malware was active. If it was active in the plant, it didn’t do much damage.

    As a payload, it isn’t rocket science or beyond anything that has been seen before. There are many techniques used today that would have obfuscated the attack in a way that would have resisted the reverse engineering that Mr. Langner used.

    Lastly, Mr Langer’s talk is fear mongering by saying it is highly specialized and also generic. It is one or the other, not both.

    Cyber attacks are real and a threat. Take a Comodo hack and the systematic failure of SSL certificate revocation. Misleading presentations like this don’t help inform the public about their real exposure. It should be taken with a heap full of salt.

    References:
    http://mondoweiss.net/2011/02/how-the-nyt-swallowed-the-stuxnet-worm.html
    http://rdist.root.org/2011/01/17/stuxnet-is-embarrassing-not-amazing/
    http://www.freedom-to-tinker.com/blog/dwallach/building-better-ca-infrastructure

  9. #9 ProfLarry
    April 8, 2011

    Iran used Windows machines in a safety-critical application for the same reason that everyone else does: the development tools (in the Natanz case, Siemens STEP 7) run on Windows, and the PLC code they generate must be downloaded to the PLCs to run. The so-called air gap between corporate and engineering networks on the one side and plant-floor PLCs on the other is an illusion, because the PLCs cannot be programmed or updated without bridging that gap.

    As to rdp’s dismissive comments, that’s one perspective, but the truth, as insiders know, is that the techniques are indeed both specific and generic–they are models for the design and development of similar or related attacks through other delivery vectors (there are many) and directed toward other targets. All it takes is motivation and resources.

    It is not fear-mongering to sound a wake-up call–as some of us have been doing for years.

    –Larry Constantine (Lior Samson, author of Web Games)

  10. #10 Doug Alder
    April 8, 2011

    Some of the very vearliest viruses for DOS were designed to do much of what Stuxnet does – cause the drives to do seeks on the hard drive – go from the start of the drive to he end back and forth until the drive dies.