The powerful computer virus called the Stuxnet worm has captured the world’s attention, in part because of its sophistication, and because of speculation about what the malicious software might have targeted. “Stuxnet is really a computer worm on steroids,” says Robert McMillan, a computer security specialist and senior writer for the IDG News Service. “We think people started working on it back in June or July of 2009.”
McMillan says that Stuxnet is a complicated worm that was designed to target industrial control and data acquistion systems designed by the German company Siemens. It has infected computers from Asia to Europe and the United States, but experts say it seems to have had one target in particular: Iran.
First developed at least six months ago, the worm can find its way into a plant’s system, probably via a thumb drive, stealing data or wreaking havoc in systems such as critical cooling pumps. “We’ve never seen anything like that before,” says Robert McMillan. “We know that whoever wrote this worm had great resources at their disposal. When it was initially discovered, about 60 percent of all infections were in Iran. And we know that Iran uses this Siemens software in their nuclear program. Beyond that, nobody really knows what the target was. People that have analyzed the worm tell me that if you were the company targeted by this worm, and you took a good look at your system … you would know if it was targeting you.”
Given the sophistication of the Stuxnet worm, some experts believe that only a nation-state could be behind the malware. The United States and Israel have been named as two countries that have such capability and political motive for carrying out such an attack.
With its discoverey, the malware’s threat has probably passed, though it represents a significant developement in cyber-security. “I believe that it’s not a threat right now,” says Robert McMillan. “Whoever it was designed to hit, has been hit. The thing that’s important about Stuxnet is that … this is the first piece of malware that was designed to go after critical infrastructure.”
It won’t be the last. ENISA, the European Union’s cyber-security agency, warns Stuxnet was just the “first strike” of what may be highly organized cyber-attack.
“Now, that Stuxnet and its implemented principles have become public, we may see more of these kinds of attacks. All security actors will thus have to be working more closely together and develop better and more coordinated strategies,” the report’s authors conclude.