The Stuxnet worm is the first known malicious software designed to destroy or sabotage factories, power plants, refineries or other industrial installations.
We are used to Trojans and viruses roaming the internet harming computers and causing financial damage, but Stuxnet really is in a league of its own.
The worm targets closed and highly secure industrial networks and after being introduced with a USB key, Stuxnet slips past four previously unknown vulnerabilities in the Windows operating system, so-called “zero day” vulnerabilities.
It is rare for malicious software to exploit even two of them. Each one can take months for hackers to identify and more time to write software to exploit. The worm then hunts for specific types of computers made by German company Siemens.
Having found its host, it lies dormant, waiting for a certain moment to override the computer’s control of industrial machinery, with potentially disastrous consequences. This new breed of malware could wreak the kind of damage only previously seen in Hollywood disaster films. Imagine a nuclear power station’s cooling system being overridden, for example.
Experts estimate developing the Stuxnet worm would have taken a highly specialised team between six months and a year.
Israeli cybersecurity strategist Gadi Evron says the worm is so advanced it is almost certainly state-sponsored. “This would require a lot of resources on the level of a nation state. “Taking into account the intelligence required to attack a specific target, it would be virtually impossible that this is a lone attacker sitting at home.”
Less impressive, though, is the spread of the worm’s infection. “The attack managed to infect, over several months, something like 30,000 to 50,000 PCs in many facilities and corporations worldwide,” said Uri Rivner from internet security company RSA. Such a wide dissemination has helped expose the worm’s existence and helped efforts to neutralise it.
It also raises questions about the likely target for the worm. Iran says computers at its nuclear plant in Bushehr have been compromised by the worm but will not reveal the extent of the damage. Some figures suggest 60% of the Stuxnet infections are in Iran. That has led to a highly speculative finger of blame being pointed at Israel. Is the Jewish state trying to disrupt Iran’s alleged nuclear weapons programme? We will probably never know. Other unknowns also remain. Has the worm already achieved its goal, or is it lying in wait to carry out its sabotage? Is Iran the intended victim, are other countries at risk?
And, more worryingly, the worm is a trailblazer. Other hackers can learn from its pioneering methods to produce more sophisticated malware threatening other networks in the future.