Soccer Dad

Stuxnet and iran

Writing in Forbes, Bruce Scheier writes about what is known (and unknown) about the Stuxnet virus:

Stuxnet doesn't act like a criminal worm. It doesn't spread indiscriminately. It doesn't steal credit card information or account login credentials. It doesn't herd infected computers into a botnet. It uses multiple zero-day vulnerabilities. A criminal group would be smarter to create different worm variants and use one in each. Stuxnet performs sabotage. It doesn't threaten sabotage, like a criminal organization intent on extortion might.

Stuxnet was expensive to create. Estimates are that it took 8 to 10 people six months to write. There's also the lab setup--surely any organization that goes to all this trouble would test the thing before releasing it--and the intelligence gathering to know exactly how to target it. Additionally, zero-day exploits are valuable. They're hard to find, and they can only be used once. Whoever wrote Stuxnet was willing to spend a lot of money to ensure that whatever job it was intended to do would be done.

None of this points to the Bushehr nuclear power plant in Iran, though. Best I can tell, this rumor was started by Ralph Lagner, a security researcher from Germany. He labeled his theory "highly speculative," and based it primarily on the facts that Iran had an usually high number of infections (the rumor that it had the most infections of any country seems not to be true), that the Bushehr nuclear plant is a juicy target, and that some of the other countries with high infection rates--India, Indonesia, and Pakistan--are countries where the same Russian contractor involved in Bushehr is also involved. This rumor moved into the computer press and then into the mainstream press, where it became the accepted story, without any of the original caveats.

As far as the hints that Stuxnet comes from Israel, Schneier is skeptical. There are precious few hints as to the identity of the authors of the virus. Schneier doubts taht they put in accurate references to their own identities.

Regardless of who the actual target of the virus was, Iran is getting ready for a cyberwar. (via Daily Alert blog)

After a number of government Web sites were hacked during the disputed 2009 presidential election--presumably by supporters of the opposition--Tehran started to fight back by forming the Iranian Cyber Army, a group linked to the Revolutionary Guards. Last year, these pro-government hackers briefly took down Twitter, and they intend to expand their targets: a Guard spokesman has said that the goal of the Cyber Army is to "conquer virtual space." As part of that effort, 120 members of the Basij, a youth militia, were recently sent to Mashad for training in "writing weblogs, social networking, psychological operations, protection from Internet spying, mobile phones and their capabilities, Basij cybercenters and videogames that would allow penetration into virtual space." Regardless of who created Stuxnet, it's clear that Iran intends to fire its own shots in the cyberwar.