The Himalayan Times : Here's how the Stuxnet Virus could be used against the U.S. - Detail News : Nepal News Portal

Full News

Here's how the Stuxnet Virus could be used against the U.S.

  

AGENCIES

WASHINGTON: The cat is out of the bag: The United States is the first known country to carry out a sustained cyber attack with the intent of destroying another country's infrastructure. Earlier today, The New York Times' David Sanger confirmed America's role in developing Stuxnet, the computer worm deployed against Iran's nuclear facilities in coordination with the Israeli government. In interviews with curent and former American, European, and Israeli officials, Sanger outlined the Obama administration's decision to use the sophisticated virus, code-named Olympic Games, which was originally developed by the Bush administration. RELATED: Clearly, There's a Lot of 'Daylight' Between U.S. and Israel For cyber security experts, the coming-out party of Stuxnet in 2010, after it malfunctioned and spread across the world, was a worrying event. The code itself is 50 times bigger than your ordinary computer worm and, unlike most viruses, is capable of hijacking industrial facilities like nuclear reactors or chemical plants. With its release, anyone could download and manipulate the Stuxnet code for their own purposes. But now, with America's role confirmed, the fear is that a red target hangs on its back. What if Stuxnet was used against the U.S.? RELATED: The U.S. and Israel Are Lousy Exercise Partners The prospect has long worried Sean McGurk, former director of Homeland Security's national cybersecurity operations center. Not only has the Stuxnet technology been instantly democratized but it's also highly susceptible to being reverse engineered. In March, he aired his concerns with 60 Minutes' Steve Kroft, before America's role in creating Stuxnet was confirmed: Kroft: Sounds a little bit like Pandora's box. McGurk: Yes. Kroft: Whoever launched this attack-- McGurk: They opened up the box. They demonstrated the capability. They showed the ability and the desire to do so. And it's not something that can be put back. Kroft: If somebody in the government had come to you and said, "Look, we're thinking about doing this. What do you think?" What would you have told them? McGurk: I would have strongly cautioned them against it because of the unintended consequences of releasing such a code. What sort of unintended consequences? According to McGurk, it has given countries "like Russia and China, not to mention terrorist groups and gangs of cybercriminals for hire, a textbook on how to attack key U.S. installations." Those types of installations include U.S. nuclear power reactors, electric companies, and other industrial facilities controlling everything from chemicals to baby formula, according to McGurk. And he's not the only one worrying. In 2010, Dean Turner, director of the Global Intelligence Network at Symantec Corp., told a Senate hearing that the "real-world implications of Stuxnet are beyond any threat we have seen in the past." According to the Associated Press, he said the virus's risks go beyond industrial infrastructure and include the loss of sensitive intellectual property data, which can be silently stolen. So who would be able to carry out such an attack? Apparently, quite a few people. Ralph Langner, a German expert on industrial control systems, told Kroft in March that even non-state actors could use such technologies. Langner: You don't need many billions, you just need a couple of millions. And this would buy you a decent cyberattack, for example, against the U.S. power grid. Kroft: If you were a terrorist group or a failed nation state and you had a couple of million dollars, where would you go to find the people that knew how to do this? Langner: On the Internet. There were obviously powerful incentives to use the Stuxnet virus, which according to The Times succeeded in destroying 1,000 to 5,000 centrifuges. And of course, ever since the virus went public in 2010, the risk of a third-party using Stuxnet technology for ill has existed. However, with the confirmation that the U.S. broke the cyber threshold, the novelty of using cyberwarfare to attack another country's critical infrastructure is gone. Should we expect Iran to refrain from striking back? As PC World's David Jeffers writes, "We now have to deal with the Internet equivalent of a mustard gas or Agent Orange leak that has the potential to affect us all." It's undoubtedly a scary thought.

Comments2

“but midway across the river the scorpion does indeed sting the frog, dooming them both. When asked why, the scorpion points out that this is its nature. The fable is used to illustrate the position that the behaviour of some creatures is irrepressible, no matter how they are treated and no matter what the consequences.” “It is better we should both perish than that my enemy should live.” Sound familiar? hp, usa

The same New York Times article confirms that after wrecking the Siemens' controllers at Natanz, STUXNET "inadvertently" escaped into the wild. Now anyone who knows how computer malware operates understands full well that malware does not stay confined in any system for very long. It is impossible to keep malware confined in a single system if the operators do not know it is there and take steps to isolate it. In the case of Natanz, STUXNET was inserted into the computers by a bribed techni8cian via a memory stick, then immediately escaped back out on a scientist's laptop. had to know that, so clearly they simply did not care. No amount of collateral damage to other peoples' property was too great a price to pay for Israel's hatred of Iran. But escape STUXNET did and like Frankenstein's monster escaped from the laboratory, ran rampant across the countryside, wrecking every facility that used the ubiquitous Siemens controllers STUXNET was designed to sabotage. Which brings us to Fukushima Japan. 8 months before the great quake and tsunami, STUXNET was found infecting computers all across Japan, including near the Fukushima nuclear power station itself. While the radiation-damaged memories of those controllers prevents us from ever knowing for certain that STUXNET was actually inside the controllers at the Fukushima power station, it is known that the Siemens controllers used on the Fukushima emergency systems failed to work as planned. Reactor 1 went out of control even before the tsunami hit. Whatever was preventing the Siemens controllers used on the Fukushima emergency systems from working correctly made a bad situation worse. But again, if it was STUXNET, the damage done to Japan, the northern Pacific food supply, and the west coasts of Alaska, Canada and the Unites States, was not too great a price to pay for Israel's hatred of Iran. The US/Israeli attack on Iran may turn out to have been an attack on the whole world! Michael Rivero, Honolulu

Full Name

Email Address

Location

Leave Comments

Enter Character above

I accept terms of use.

Also Read