Cracking Stuxnet - a beginner's guide
Cracking Stuxnet - a beginner's guide
Written by Andrew Johnson   
Thursday, 31 March 2011

Ralph Langner is the German control system security engineer who discovered what the Stuxnet virus was supposed to attack - i.e. the Iranian nuclear program. In a TED Talk he explains how he worked out what the virus was doing and, if you are not a control security specialist, it's quite an eye opener.

The Stuxnet Windows worm was discovered in July 2010 and at first it was a mystery. It was malware that didn't seem to attack the machine it infected i.e. a PC. The reason turned out to be that it was designed to attack control hardware - Siemens Supervisory Control And Data Acquisition (SCADA) systems to be precise. If specific Siemens software isn't found on the infected PC the virus becomes dormant.

 

stuxnethardwareSiemens PCL unit with three I/O modules

 

However if the targeted software is on the PC then it waits to attack the SCADA system when the technician connects the PC to do maintenance or control. It then only infects the SCADA system if there are variable-frequency drives installed - i.e the controls most often used to set the rotation rate of nuclear centrifuges. Once infected the payload works in a surprisingly sophisticated way - changing the speed of centrifuge rotation but not enough to be noticed until the centrifuge breaks from excess vibration. To make sure nothing is noticed the virus installs a rootkit that causes the software to report a normal rotation speed.

 

 

Such a sophisticated virus is probably something only a government agency could create. It also proves that such control system attacks are possible. It has long been stated that infrastructure such as power grids, water supply and factories could be vulnerable to virus attacks that either allow them to be taken over or simply damaged. Now we have an example of just his in action and the risk is highest in the nations with the most developed infrastructure.

 

Banner


GitHub's Latest State Of The Octoverse
12/10/2017

GitHub is a phenomenal success as its latest annual report, The State of the Octoverse 2017, reveals. In 2017 the GitHub community reached 24 million developers affiliated to 1.5 million organisations [ ... ]



PayPal Open Sources JavaScript Suite
17/10/2017

The strength of PayPal's cross-domain JavaScript suite is that as the code has to run on a wide variety of third-party websites and other domains without causing problems, it is designed to avoid pitf [ ... ]


More News

Last Updated ( Thursday, 31 March 2011 )
 
 

   
Banner
RSS feed of news items only
I Programmer News
Copyright © 2017 i-programmer.info. All Rights Reserved.
Joomla! is Free Software released under the GNU/GPL License.