by Larry Magid
This article first appeared on CNET News.com
The Stuxnet computer worm that may have been designed to attack a nuclear facility in Iran could have been state sponsored, according to two security experts with whom I spoke.
“We can tell by the code that it’s very, very complex to the degree that this type of code had to be done, for example, by a state and not, for example, some hacker sitting in his parents basement,” said Symantec security researcher Eric Chien.
Chien added, however, that “there’s nothing in the code that points to the particular author” or “what their motivation is.” (Scroll down to listen to entire Chien interview.)
TrendMicro security researcher Paul Ferguson agrees that Stuxnet was likely state-sponsored. “The amount of technical expertise that went into this doesn’t appear to have been by some random lone individual person because they would have had to have access to these systems to develop this.”
Not necessarily aimed at Iran nuke
Ferguson could not confirm that the target was an Iranian nuclear plant. “That is purely speculation at this point, there have been lots of theories as to what the target was.” He said it could also have been aimed at oil and gas facilities or other installations that use Siemens control systems, which were specifically attacked, he said. (Scroll down to listen to entire Ferguson interview.)
Both Chien and Ferguson said this type of code is a major security concern. “For the broader population, this is definitely a new generation of attack. We’re not talking any more about someone stealing someone’s credit card numbers, what we’re talking about is someone being able to, for example, cause a pipeline to blow up or cause a nuclear centrifuge to go out of control or cause power stations to go down. So we’re not taking about virtual or ‘cyber’ sort of implications here, what we’re talking about are real life implications.”
Ferguson said “it is a big deal because the utility companies, and manufacturing communities and the power companies and gas and oil companies for years have been using closed propriety systems to manage their infrastructure and over the course of the past few years they’ve been making business decisions to use off-the-shelf software like Windows.” He added that now we’re seeing the same threat as with other networks as facilitates are connected to the Internet or allow access to thumb drives. This type of threat, according to Ferguson, is “absolutely new and that’s why a lot of people in the intelligence community, in the Department of Homeland Security and different governments around the world are really kind of spooked by this development. It shows the targeted nature and sophistication of the criminal/espionage aspect to this.”
Podcast interviews with Chien and Ferguson
Click links below to listen to separate podcast interviews with Symantec’s Eric Chien and TrendMicro’s Paul Ferguson.