The Stuxnet Worm, Windows & The Internet

A malware known as Stuxnet has attracted major media attention in recent days. This software inserts itself into computer systems using Microsoft Windows, Microsoft Explorer, and WinCC developed by the German electrical engineering giant Siemens AG. The latter piece of software is a Supervisory Control and Data Acquisition, or SCADA, application named Simatic S-7 that controls large scale industrial processes like power plants.

Stuxnet is a type of computer worm. That is, the program self-installs executable files that can be hidden on a USB flash memory stick or hard drive to the host computer. Subsequently, the executables are capable of transferring other files through the internet, if a connection is available. Stuxnet checks for narrowly specified system configurations and only acts if WinCC is running. Therefore, its mission consists of taking control of only a small number of exclusive targets.

An East European security firm was first to report Stuxnet last July. The worm is believed to have been active for about a year and has caused considerable disruptions in Asia, notably Iran. Potentially, the program may be capable of disrupting plant operations leading up to the destruction of the facilities. Its release is considered the first discovered cyber attack meant not only to disrupt information technology, but furthermore destroy capabilities.

The Chertoff Group's internet security expert David Falkenrath provides interesting insights on Stuxnet's impact and its ramifications in this interview by Bloomberg's Deidre Bolton entitled "Virus May Target Nuke Plant" aired Sep. 24, 2010.

Bushehr Nuclear Power Plant, Iran (Bloomberg, 2010)

Supposedly the vulnerabilities in Microsoft Explorer exploited by Stuxnet have been plugged. What may be of interest to the common user is that the worm used Microsoft approved security signatures from the network interface card chipset maker Realtek and the flash memory controller developer JMicron to install its files via the internet in the disguise of seemingly legitimate Microsoft-certified driver updates.

We should be safe as long as we keep our system and browser up to date with the latest security patches and avoid legacy hardware with obsolete drivers. That is, we should upgrade to the newest generation of internet adapter cards and regularly update the drivers, downloading directly from manufacturer sites.

Addenda

• In 2007, a large-scale bribery scandal broke in Germany, implicating Siemens AG's business in Southeast Asia. By 2008, a number of employees involved in this affair were let go. It only takes one disgruntled software engineer with intricate knowledge of the SCADA program running the targeted facility, maybe with the help of one or two other hackers knowledgeable in Microsoft Explorer and USB driver vulnerabilities, to accomplish Stuxnet in revenge. Perhaps, Iran is a clever diversion, Siemens already paid, and we never find out the actually intended target (10/04/10).
• According to William J. Broad and David E. Sanger's article with the title "Worm Was Perfect for Sabotaging Centrifuges" published online in the New York Times today, recent results from the ongoing examination of Stuxnet code suggest that the worm was meant to target the speed control of ultra-centrifuges as those used for uranium enrichment, revving up their speeds to destructive levels. Since the implicated controllers were identified as products manufactured by companies in Finland and Iran, uranium enrichment facilities in Iran may have been the target (11/18/10).
• According to William Broad, John Markoff and David Sanger's article with the title "Israel Tests on Worm Called Crucial in Iran Nuclear Delay" published online in The New York Times yesterday, more signs point to Israel and the U.S. as Stuxnet's originators with centrifuges in Iran's Natanz uranium enrichment plant as the target (01/16/11).
• John Markoff reports in his article with the title "Malware Aimed at Iran Hit Five Sites, Report Says" posted online Feb. 11, 2011, that according to a Symantec study Stuxnet may have infiltrated as many as five Iranian institutions in three, possibly four, waves (01/13/11).
• Listen to KCRW TO THE POINT's Warren Olney interview David Albright, President of the Institute for Science and International Security, on Stuxnet's effects in Iran 44 minutes into today's show with the title "A New Paradigm in the Middle East". According to Albright, Stuxnet disrupted the Iranian uranium enrichment program noticeably, but only in small ways. The greater threat may lie in the potential of adversaries using the worm, now public, as prototype for future attacks elsewhere (02/16/11).
  
• According to Noah Shachtman's WIRED report with the title "Computer virus hits U.S. drone fleet" published online on CNN today, U.S. drones have been infected with a tracking virus, possibly through USB flash memory devices. This is not quite stuxnet yet, but a first step seems taken (10/10/11).
• According to David Sanger's article with the title "Obama Order Sped Up Wave of Cyberattacks Against Iran" published online in The New York Times today, U.S. officials unofficially admitted that U.S. intelligence agencies created Stuxnet in collaboration with Israeli cyber warfare specialists to destroy ultra-centrifuges at the Natanz uranium enrichment facility in Iran. The article is scant on detail and Sanger's book "Confront and Conceal: Obama's Secret Wars and Surprising Use of American Power" to be published next week may be more illuminating (06/01/2012).

Related Posts

• Windows 7, Qemu & the Internet

Sources

• ako (07/28/08) Siemens-Prozess: Erstes Urteil im Schmiergeld-Skandal. Deutsche Welle.
• Gjelten T (09/27/2010) Who's Behind Cyber-Worm Targeting Iran? National Public Radio's All Things Considered.
• Gorman S (/09/27/10) Computer Worm Hits Iran Power Plant. The Wall Street Journal.
• Gorman S, Fidler S (09/25/10) Cyber Attacks Test Pentagon, Allies and Foes. The Wall Street Journal.
• Li P (08/22/07) Siemens China Linked to Bribery Scandal. China.org.cn.
• Maclean W (09/24/10) Cyber attack appears to target Iran: tech firms. Reuters.
• Richmond R (09/24/10) Malware Hits Computerized Industrial Equipment. The New York Times.
• Sanger, DE (09/25/10) Iran Fights Malware Attacking Computers. The New York Times.
• S.T. (09/24/10) A cyber-missile aimed at Iran? The Economist.

Solar Power: Way to Go!

We own a 12.0-inch diameter, 9.0-inch high urn-shaped fountain carved from limestone by the Tennessee artist Scott Wise. The fountain features a round shallow indentation on top into which water needs to be pumped slowly through a 0.5-inch center bore to feed a gentle, steady glistening pour over the ledge and down the sides of the rugged surface of the stone.

I set the fountain on two weathered brownstones in a 14.5-inch diameter, 4.0-inch deep pan sold for changing automotive oil, threaded a plastic hose through the center bore, sealed it with Macco Adhesives LN903 Liquid Nails Heavy-Duty Construction and Remodeling Adhesive, and connected it to a small pump nestled between the stones. I balanced the fountain stone with small flat river stones to allow the water flow down evenly on all sides. The pan holds more than enough water for the fountain to perform properly. However, owing to evaporation we need to top the water in the pan at least once a week to protect the pump from overheating. If we live in a dry climate, we need to check more regularly. At our first home, I used a pump fed by a power line laid underground in 0.75-inch diameter PVC tubing. I had to dig a foot-deep trench from our home across the entire yard. The job meant considerable work for a small flow of water.

To minimize the effort at the fountain's new location, I opted for a solar-powered pump which I purchased from Shore Power Inc. / BatteryJunction.com.

Power is generated with a 5.875-inch by 9.625-inch solar panel that can be installed at a distance from the fountain. The pump is equipped with a 14-foot long power cable. Where we live in the Southeastern U.S., the setup works great. However, the panel's effective angle is narrow; it must face the sun directly to produce the greatest power. We had to place it in the sunniest spot of our yard. Perhaps, mounting the panel on top of a wind-up clockwork that turns it along the sun's course is worth a consideration. Regardless, the smallest cloud blocking the sun will shut the fountain down. Despite, I got used to the intermissions, enjoying the sight of the bubbling little flow glistening in the sunlight as an affirmation that solar power does work indeed. However, if we wish to power our home with solar panels, it must be located in a particularly sunny spot, we probably need plenty panel surface, and the panels must be oriented such that a sufficient number face the sun at any time of the day. My small experiment is supposed to constitute an affordable test, informing us on the costs we may have to anticipate, if we aspire to convert our home.

Addenda

• Solar power windows sound like a great idea. Watch this Reuters report (08/11/2011):

• Listen to this broadcast by Laura Krantz and Nicole Beemsterboer with the title "Colorado Voters get Revved Up Over Energy Policy" aired on National Public Radio's Morning Edition today. The New Belgium Brewing Co. in Fort Collins, CO, known for Fat Tire Beer, has got ideas on energy conservation worth pondering (10/3/2012).
  

-->