Register for an account

X

Enter your name and email address below.

Your email address is used to log in and will not be shared or sold. Read our privacy policy.

X

Website access code

Enter your access code into the form field below.

If you are a Zinio, Nook, Kindle, Apple, or Google Play subscriber, you can enter your website access code to gain subscriber access. Your website access code is located in the upper right corner of the Table of Contents page of your digital edition.

Technology

How the Stuxnet Worm Formed Its Attacks—and Who Might Have It Now

80beatsBy Andrew MosemanFebruary 16, 2011 12:57 AM

Newsletter

Sign up for our email newsletter for the latest science news

computer-security220.jpg

Stuxnet seems to become scarier every time you hear about it. The sophisticated piece of malware came to the world's attention in September; shortly thereafter we heard that it was perfectly designed to attack nuclear centrifuges, and in fact had disrupted some nuclear research in Iran. Now comes more news about how it works, and who might be using it next. The security group Symantec has been trying to analyze and understand the waves of Stuxnet attacks against Iran, and now its researchers have found the base of the attacks, according to Symantec's Orla Cox.

The new research, which analysed 12,000 infections collected by various anti-virus firms, shows that the worm targeted five "industrial processing" organisations in Iran. "These were the seeds of all other infections," said Ms Cox. The firm was able to identify the targets because Stuxnet collected information about each computer it infected, including its name, location and a time stamp of when it was compromised. [BBC News]

Though Symantec isn't naming the five targets in Iran

, another security expert studying Stuxnet's code, Ralph Langner, told CNET the likely target of the whole attack was the Natanz nuclear enrichment plant.

"My bet is that one of the infected sites is Kalaye Electric," he wrote... "Again, we don't have evidence for this, but this is how we would launch the attack - infecting a handful of key contractors with access to Natanz." [CNET]

The news turning heads today, though, is that Anonymous, the "hacktivist" group in the news recently for coordinated attacks on behalf of WikiLeaks and Egyptian protesters

, claims to have a version of Stuxnet.

"It would be possible [for Anonymous to use Stuxnet in an attack]," Cox said. "But it would require a lot of work, it's certainly not trivial. "The impressive thing about Stuxnet is the knowledge its creators had about their target. So even if you have got access to it you need to understand the target – that requires a lot of research." [The Guardian]

In addition, The Guardian quotes other security experts as saying Anonymous doesn't have the key pieces of coding needed to launch an attack like last year's on Iran. But that doesn't mean the group couldn't cause some mayhem.

"There is the real potential that others will build on what is being released," Michael Gregg, chief operating officer of cybersecurity firm Superior Solutions, [said]. Gregg was quick to clarify that the group hasn't released the Stuxnet worm itself, but rather a decrypted version of it HBGary had been studying -- which could act almost like a building block for cybercrooks. [Fox News]

Related Content: 80beats: Iran’s Nuclear Program: Scientists Attacked, Documents Wiki-Leaked

80beats: Internet Intrigue: China Reroutes the Web, Stuxnet Is Even Scarier

80beats: Iran Close to Completing Its First Nuclear Reactor. Should We Worry?

80beats: Super-Sophisticated Computer Virus Apparently Targeted Iran’s Power Plants

Image: iStockphoto

3 Free Articles Left

Want it all? Get unlimited access when you subscribe.

Subscribe

Already a subscriber? Register or Log In

Want unlimited access?

Subscribe today and save 70%

Subscribe

Already a subscriber? Register or Log In