Risk
9/27/2010
12:53 PM
George V. Hulme
George V. Hulme
Commentary
Connect Directly
RSS
E-Mail
50%
50%

Stuxnet Pwned Iran. Are We Next?

For the past few weeks rumors had run rampant about the purported targets of the Stuxnet worm. One of those rumors was that the worm was targeting Iran's controversial nuclear sites. Now, according to news reports that hit yesterday, those rumors may very well be right. There's a warning in all of this for the United States.

For the past few weeks rumors had run rampant about the purported targets of the Stuxnet worm. One of those rumors was that the worm was targeting Iran's controversial nuclear sites. Now, according to news reports that hit yesterday, those rumors may very well be right. There's a warning in all of this for the United States.For example, this story Computer Worm Hits Iran Power Plant, which ran in the Wall Street Journal, makes the case that Stuxnet hit Iran hard:

"Studies conducted show some personal computers of the Bushehr nuclear-power plant workers are infected with the virus," the facility's project manager, Mahmoud Jafari, told Iran's official Islamic Republic News Agency. He said the virus hasn't caused major damage and won't affect the scheduled completion of the plant next month.

And on the scope of the attack, from the same story:

The acknowledgment of the infiltration at Bushehr followed another revelation over the weekend that an Iranian investigation found that Stuxnet had infected 30,000 machines involved in running industrial control systems, the director of Iran's Information Technology Council of the Industries and Mines Ministry told another Iranian news agency on Saturday. "An electronic war has been launched against Iran," the director, Mahmoud Liaii, said.

Specialists from Iranian's nuclear agency met last week to discuss how to battle the Stuxnet virus, according to Iranian reports. A cyber attack on Bushehr is dangerous because the worm is capable of reprogramming the systems controlling the plant, but the facility at Bushehr isn't considered to be a significant proliferation risk because it is under U.N. controls.

However, Iran denies that the worm struck its first nuclear plant at Bushehr. From the AFP yesterday:

The malicious Stuxnet computer worm has hit 30,000 industrial computers in Iran, officials said on Sunday, but denied the Islamic republic's first nuclear plant at Bushehr was among those infected.

So far, Stuxnet has infected about 30,000 IP addresses in Iran, Mahmoud Liayi, head of the information technology council at the ministry of industries, was quoted as saying by the government-run newspaper Iran Daily.

While Stuxnet has struck industrial systems around the globe, with confirmations of successful infections of that magnitude in one country, it's certainly lending credibility that Iran's nuclear program was the target of the attack.

We will probably never know exactly where Stuxnet originated, but no doubt suspicions will remain on the U.S. and Israel.

Today, while most attention is on Stuxnet, we are reminded just how vulnerable (as one of the most dependent nations on technology) the United States is to being the victim of such attacks on its own power grid and critical infrastructure. Or, perhaps we've already been hacked and widespread compromises already exist.

From the Wall Street Journal's story Electricity Grid in U.S. Penetrated By Spies:

WASHINGTON -- Cyberspies have penetrated the U.S. electrical grid and left behind software programs that could be used to disrupt the system, according to current and former national-security officials.

The spies came from China, Russia and other countries, these officials said, and were believed to be on a mission to navigate the U.S. electrical system and its controls. The intruders haven't sought to damage the power grid or other key infrastructure, but officials warned they could try during a crisis or war.

And, yet, we are still grappling with how we are going to protect our critical infrastructure from such attacks. In InformationWeek's J. Nicholas Hoover's story Cyber Command Director: U.S. Needs To Secure Critical Infrastructure it is clear that this country is still not sure how to go about protecting the electronic infrastructure we so heavily depend:

General Keith Alexander, director of the new U.S. Cyber Command and the National Security Agency, is advocating the creation of a "secure, protected zone" in which critical infrastructure like the financial industry, the power grid and the defense industrial base would operate on the Internet, he said in an interview with select group of reporters Wednesday afternoon ahead of his testimony to the House Armed Services Committee on Thursday morning.

Though Gen. Alexander noted that such a solution was just one that is on the table, he stressed that the federal government, including U.S. Cyber Command, will likely be part of a team approach to helping protect the nation's critical infrastructure from devastating cyber attacks.

The White House, he said, is leading a group to look at cybersecurity policy and at the authorities currently in place to protect the nation's networks, including critical infrastructure networks.

"The question is, how do we do it," Alexander said. "Doing it, technically, is fairly straightforward. Getting everybody satisfied is the harder thing." Any such plan, he said, would leave the commercial Internet, "where our kids might communicate," untouched.

What a troubling state. It's been more than eight years since the first National Strategy To Secure Cyberspace was published, and much attention in those years paid to the security of the nation's critical infrastructure, and still we don't have a functional defense plan in place.

For my security and technology observations throughout the day, consider following me on Twitter.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-4725
Published: 2014-07-27
The MailPoet Newsletters (wysija-newsletters) plugin before 2.6.7 for WordPress allows remote attackers to bypass authentication and execute arbitrary PHP code by uploading a crafted theme using wp-admin/admin-post.php and accessing the theme in wp-content/uploads/wysija/themes/mailp/.

CVE-2014-4726
Published: 2014-07-27
Unspecified vulnerability in the MailPoet Newsletters (wysija-newsletters) plugin before 2.6.8 for WordPress has unspecified impact and attack vectors.

CVE-2014-2363
Published: 2014-07-26
Morpho Itemiser 3 8.17 has hardcoded administrative credentials, which makes it easier for remote attackers to obtain access via a login request.

CVE-2014-2625
Published: 2014-07-26
Directory traversal vulnerability in the storedNtxFile function in HP Network Virtualization 8.6 (aka Shunra Network Virtualization) allows remote attackers to read arbitrary files via crafted input, aka ZDI-CAN-2023.

CVE-2014-2626
Published: 2014-07-26
Directory traversal vulnerability in the toServerObject function in HP Network Virtualization 8.6 (aka Shunra Network Virtualization) allows remote attackers to create files, and consequently execute arbitrary code, via crafted input, aka ZDI-CAN-2024.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Sara Peters hosts a conversation on Botnets and those who fight them.