TechMan: A dangerous new level in malware

Written by Ced Kurtz on .

Malicious software turned a dangerous corner recently with Stuxnet, a computer worm that attacks the control systems for things like nuclear power plants and electrical grids.

Stuxnet makes spam networks and credit card schemes seem like child's play. Experts say it can do things like make motors fly to pieces.

"Stuxnet has highlighted that direct attacks to control critical infrastructure are possible and not necessarily spy-novel fictions. The real-world implications of Stuxnet are beyond any threat we have seen in the past," Dean Turner of the Symantec security firm told the U.S. Senate Committee on Homeland Security and Governmental Affairs.

The first target seems to have been Iran, which has admitted to malware in its nuclear facilities, but said it was confined to employee laptops.

The New York Times reported last week that forensic experts dissecting the worm found that it was calibrated in a way that could send nuclear centrifuges "wildly out of control." Iran is spinning thousands of centrifuges to try to produce enriched uranium, which can be used for either nuclear fuel or a bomb. The forensics work found that Stuxnet takes over the power supply that controls the speed of a motor.

International inspectors have said Iran has had problems keeping its centrifuges running, with hundreds removed from active service.

Stuxnet at work?

No one has been willing to say so for certain, but experts say the scenario is possible given what they know about the worm.

Another thing no one can say for sure is where Stuxnet came from. But all the experts agree that the program is so sophisticated that it would require the backing of a government to produce it.

A number of questions remain about the worm. Here are some answers (credit to Blake Hounshell posting on the Foreign Policy website):

What was its target? Most experts agree it was Iran, either the Natanz nuclear enrichment site or the Bushehr nuclear power plant.

Was it effective? Iran says it caused no damage. Others have pointed to the failings of centrifuges, unconfirmed reports of nuclear accidents and the resignation of the head of the Iranian nuclear programs.

Why and how did it spread? Stuxnet attacks a Windows-based program called WinCC, a supervisory control and data acquisition program made by Siemens, a German company. If the worm cannot find a copy of WinnCC, it looks for other USB devices and copies itself onto them. Or it spreads across local networks. Stuxnet has been found on Siemens software at more than a dozen industrial facilities outside Iran. Since these types of control systems are not normally connected to the Internet, speculation is that the worm was either introduced with a USB drive or that it came from one of the laptops of Russian consultants at the nuclear plant.

Who did it? Most speculation centers around Israel. The United States is also cited as a candidate. No nation is admitting anything.

Despite these unanswered questions, one thing is clear: Stuxnet is a worrying escalation in cyber attacks. Now that a software assault on industrial sites has been demonstrated, others may follow.

"Proliferation is a real problem, and no country is prepared to deal with it," Melissa Hathaway, a former U.S. national cybersecurity coordinator, told The New York Times.

The worm has set off alarms among industrial control specialists, she said: "All of these guys are scared to death. We have about 90 days to fix this before some hacker begins using it."

Security tip: Malware often must run a program to infect your computer. If you see an e-mail attachment ending in .exe that you are not expecting, it could be a rogue program. Do not click on it. Delete it.

Read more:

Join the conversation:

To report inappropriate comments, abuse and/or repeat offenders, please send an email to and include a link to the article and a copy of the comment. Your report will be reviewed in a timely manner. Thank you.