Risk
9/27/2010
12:53 PM
George V. Hulme
George V. Hulme
Commentary
50%
50%

Stuxnet Pwned Iran. Are We Next?

For the past few weeks rumors had run rampant about the purported targets of the Stuxnet worm. One of those rumors was that the worm was targeting Iran's controversial nuclear sites. Now, according to news reports that hit yesterday, those rumors may very well be right. There's a warning in all of this for the United States.

For the past few weeks rumors had run rampant about the purported targets of the Stuxnet worm. One of those rumors was that the worm was targeting Iran's controversial nuclear sites. Now, according to news reports that hit yesterday, those rumors may very well be right. There's a warning in all of this for the United States.For example, this story Computer Worm Hits Iran Power Plant, which ran in the Wall Street Journal, makes the case that Stuxnet hit Iran hard:

"Studies conducted show some personal computers of the Bushehr nuclear-power plant workers are infected with the virus," the facility's project manager, Mahmoud Jafari, told Iran's official Islamic Republic News Agency. He said the virus hasn't caused major damage and won't affect the scheduled completion of the plant next month.

And on the scope of the attack, from the same story:

The acknowledgment of the infiltration at Bushehr followed another revelation over the weekend that an Iranian investigation found that Stuxnet had infected 30,000 machines involved in running industrial control systems, the director of Iran's Information Technology Council of the Industries and Mines Ministry told another Iranian news agency on Saturday. "An electronic war has been launched against Iran," the director, Mahmoud Liaii, said.

Specialists from Iranian's nuclear agency met last week to discuss how to battle the Stuxnet virus, according to Iranian reports. A cyber attack on Bushehr is dangerous because the worm is capable of reprogramming the systems controlling the plant, but the facility at Bushehr isn't considered to be a significant proliferation risk because it is under U.N. controls.

However, Iran denies that the worm struck its first nuclear plant at Bushehr. From the AFP yesterday:

The malicious Stuxnet computer worm has hit 30,000 industrial computers in Iran, officials said on Sunday, but denied the Islamic republic's first nuclear plant at Bushehr was among those infected.

So far, Stuxnet has infected about 30,000 IP addresses in Iran, Mahmoud Liayi, head of the information technology council at the ministry of industries, was quoted as saying by the government-run newspaper Iran Daily.

While Stuxnet has struck industrial systems around the globe, with confirmations of successful infections of that magnitude in one country, it's certainly lending credibility that Iran's nuclear program was the target of the attack.

We will probably never know exactly where Stuxnet originated, but no doubt suspicions will remain on the U.S. and Israel.

Today, while most attention is on Stuxnet, we are reminded just how vulnerable (as one of the most dependent nations on technology) the United States is to being the victim of such attacks on its own power grid and critical infrastructure. Or, perhaps we've already been hacked and widespread compromises already exist.

From the Wall Street Journal's story Electricity Grid in U.S. Penetrated By Spies:

WASHINGTON -- Cyberspies have penetrated the U.S. electrical grid and left behind software programs that could be used to disrupt the system, according to current and former national-security officials.

The spies came from China, Russia and other countries, these officials said, and were believed to be on a mission to navigate the U.S. electrical system and its controls. The intruders haven't sought to damage the power grid or other key infrastructure, but officials warned they could try during a crisis or war.

And, yet, we are still grappling with how we are going to protect our critical infrastructure from such attacks. In InformationWeek's J. Nicholas Hoover's story Cyber Command Director: U.S. Needs To Secure Critical Infrastructure it is clear that this country is still not sure how to go about protecting the electronic infrastructure we so heavily depend:

General Keith Alexander, director of the new U.S. Cyber Command and the National Security Agency, is advocating the creation of a "secure, protected zone" in which critical infrastructure like the financial industry, the power grid and the defense industrial base would operate on the Internet, he said in an interview with select group of reporters Wednesday afternoon ahead of his testimony to the House Armed Services Committee on Thursday morning.

Though Gen. Alexander noted that such a solution was just one that is on the table, he stressed that the federal government, including U.S. Cyber Command, will likely be part of a team approach to helping protect the nation's critical infrastructure from devastating cyber attacks.

The White House, he said, is leading a group to look at cybersecurity policy and at the authorities currently in place to protect the nation's networks, including critical infrastructure networks.

"The question is, how do we do it," Alexander said. "Doing it, technically, is fairly straightforward. Getting everybody satisfied is the harder thing." Any such plan, he said, would leave the commercial Internet, "where our kids might communicate," untouched.

What a troubling state. It's been more than eight years since the first National Strategy To Secure Cyberspace was published, and much attention in those years paid to the security of the nation's critical infrastructure, and still we don't have a functional defense plan in place.

For my security and technology observations throughout the day, consider following me on Twitter.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-1750
Published: 2015-07-01
Open redirect vulnerability in nokia-mapsplaces.php in the Nokia Maps & Places plugin 1.6.6 for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the href parameter to page/place.html. NOTE: this was originally reported as cross-sit...

CVE-2014-1836
Published: 2015-07-01
Absolute path traversal vulnerability in htdocs/libraries/image-editor/image-edit.php in ImpressCMS before 1.3.6 allows remote attackers to delete arbitrary files via a full pathname in the image_path parameter in a cancel action.

CVE-2015-0848
Published: 2015-07-01
Heap-based buffer overflow in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image.

CVE-2015-1330
Published: 2015-07-01
unattended-upgrades before 0.86.1 does not properly authenticate packages when the (1) force-confold or (2) force-confnew dpkg options are enabled in the DPkg::Options::* apt configuration, which allows remote man-in-the-middle attackers to upload and execute arbitrary packages via unspecified vecto...

CVE-2015-1950
Published: 2015-07-01
IBM PowerVC Standard Edition 1.2.2.1 through 1.2.2.2 does not require authentication for access to the Python interpreter with nova credentials, which allows KVM guest OS users to discover certain PowerVC credentials and bypass intended access restrictions via unspecified Python code.

Dark Reading Radio
Archived Dark Reading Radio
Marc Spitler, co-author of the Verizon DBIR will share some of the lesser-known but most intriguing tidbits from the massive report