Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

9/27/2010
12:53 PM
George V. Hulme
George V. Hulme
Commentary
50%
50%

Stuxnet Pwned Iran. Are We Next?

For the past few weeks rumors had run rampant about the purported targets of the Stuxnet worm. One of those rumors was that the worm was targeting Iran's controversial nuclear sites. Now, according to news reports that hit yesterday, those rumors may very well be right. There's a warning in all of this for the United States.

For the past few weeks rumors had run rampant about the purported targets of the Stuxnet worm. One of those rumors was that the worm was targeting Iran's controversial nuclear sites. Now, according to news reports that hit yesterday, those rumors may very well be right. There's a warning in all of this for the United States.For example, this story Computer Worm Hits Iran Power Plant, which ran in the Wall Street Journal, makes the case that Stuxnet hit Iran hard:

"Studies conducted show some personal computers of the Bushehr nuclear-power plant workers are infected with the virus," the facility's project manager, Mahmoud Jafari, told Iran's official Islamic Republic News Agency. He said the virus hasn't caused major damage and won't affect the scheduled completion of the plant next month.

And on the scope of the attack, from the same story:

The acknowledgment of the infiltration at Bushehr followed another revelation over the weekend that an Iranian investigation found that Stuxnet had infected 30,000 machines involved in running industrial control systems, the director of Iran's Information Technology Council of the Industries and Mines Ministry told another Iranian news agency on Saturday. "An electronic war has been launched against Iran," the director, Mahmoud Liaii, said.

Specialists from Iranian's nuclear agency met last week to discuss how to battle the Stuxnet virus, according to Iranian reports. A cyber attack on Bushehr is dangerous because the worm is capable of reprogramming the systems controlling the plant, but the facility at Bushehr isn't considered to be a significant proliferation risk because it is under U.N. controls.

However, Iran denies that the worm struck its first nuclear plant at Bushehr. From the AFP yesterday:

The malicious Stuxnet computer worm has hit 30,000 industrial computers in Iran, officials said on Sunday, but denied the Islamic republic's first nuclear plant at Bushehr was among those infected.

So far, Stuxnet has infected about 30,000 IP addresses in Iran, Mahmoud Liayi, head of the information technology council at the ministry of industries, was quoted as saying by the government-run newspaper Iran Daily.

While Stuxnet has struck industrial systems around the globe, with confirmations of successful infections of that magnitude in one country, it's certainly lending credibility that Iran's nuclear program was the target of the attack.

We will probably never know exactly where Stuxnet originated, but no doubt suspicions will remain on the U.S. and Israel.

Today, while most attention is on Stuxnet, we are reminded just how vulnerable (as one of the most dependent nations on technology) the United States is to being the victim of such attacks on its own power grid and critical infrastructure. Or, perhaps we've already been hacked and widespread compromises already exist.

From the Wall Street Journal's story Electricity Grid in U.S. Penetrated By Spies:

WASHINGTON -- Cyberspies have penetrated the U.S. electrical grid and left behind software programs that could be used to disrupt the system, according to current and former national-security officials.

The spies came from China, Russia and other countries, these officials said, and were believed to be on a mission to navigate the U.S. electrical system and its controls. The intruders haven't sought to damage the power grid or other key infrastructure, but officials warned they could try during a crisis or war.

And, yet, we are still grappling with how we are going to protect our critical infrastructure from such attacks. In InformationWeek's J. Nicholas Hoover's story Cyber Command Director: U.S. Needs To Secure Critical Infrastructure it is clear that this country is still not sure how to go about protecting the electronic infrastructure we so heavily depend:

General Keith Alexander, director of the new U.S. Cyber Command and the National Security Agency, is advocating the creation of a "secure, protected zone" in which critical infrastructure like the financial industry, the power grid and the defense industrial base would operate on the Internet, he said in an interview with select group of reporters Wednesday afternoon ahead of his testimony to the House Armed Services Committee on Thursday morning.

Though Gen. Alexander noted that such a solution was just one that is on the table, he stressed that the federal government, including U.S. Cyber Command, will likely be part of a team approach to helping protect the nation's critical infrastructure from devastating cyber attacks.

The White House, he said, is leading a group to look at cybersecurity policy and at the authorities currently in place to protect the nation's networks, including critical infrastructure networks.

"The question is, how do we do it," Alexander said. "Doing it, technically, is fairly straightforward. Getting everybody satisfied is the harder thing." Any such plan, he said, would leave the commercial Internet, "where our kids might communicate," untouched.

What a troubling state. It's been more than eight years since the first National Strategy To Secure Cyberspace was published, and much attention in those years paid to the security of the nation's critical infrastructure, and still we don't have a functional defense plan in place.

For my security and technology observations throughout the day, consider following me on Twitter.

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/10/2020
Researcher Finds New Office Macro Attacks for MacOS
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/7/2020
Healthcare Industry Sees Respite From Attacks in First Half of 2020
Robert Lemos, Contributing Writer,  8/13/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: It's a technique known as breaking out of the sandbox kids.
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-20383
PUBLISHED: 2020-08-13
ABBYY network license server in ABBYY FineReader 15 before Release 4 (aka 15.0.112.2130) allows escalation of privileges by local users via manipulations involving files and using symbolic links.
CVE-2020-24348
PUBLISHED: 2020-08-13
njs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_json_stringify_iterator in njs_json.c.
CVE-2020-24349
PUBLISHED: 2020-08-13
njs through 0.4.3, used in NGINX, allows control-flow hijack in njs_value_property in njs_value.c. NOTE: the vendor considers the issue to be "fluff" in the NGINX use case because there is no remote attack surface.
CVE-2020-7360
PUBLISHED: 2020-08-13
An Uncontrolled Search Path Element (CWE-427) vulnerability in SmartControl version 4.3.15 and versions released before April 15, 2020 may allow an authenticated user to escalate privileges by placing a specially crafted DLL file in the search path. This issue was fixed in version 1.0.7, which was r...
CVE-2020-24342
PUBLISHED: 2020-08-13
Lua through 5.4.0 allows a stack redzone cross in luaO_pushvfstring because a protection mechanism wrongly calls luaD_callnoyield twice in a row.