Skip Links

Why Stuxnet Is a really bad weapon

Backspin By , Network World
June 22, 2012 04:18 PM ET
Gibbs

Network World - The world of malware has, over the last couple of decades, morphed to become not just a mechanism with which to subvert people's computers and steal money, but also a way for corporations and sovereign states to conduct cyber espionage.

An example of malware being used for industrial cyber espionage emerged two months ago with a worm, which had previously been quite rare, breaking out suddenly in Peru and neighboring countries.

This worm, specific to the electronic drafting software AutoCAD, is called ACAD/Medre.A and is written in AutoLISP, the language that is used to script operations in AutoCAD.  ACAD/Medre.A has a very devious agenda: It emails copies of the drawings the user opens to over 40 mail boxes hosted at two different Chinese ISPs.

The antivirus firm ESET in San Diego was the first to detect the outbreak in Peru and noted that they could "see detections at specific URLs, which made it clear that a specific website supplied [an infected] AutoCAD template that appears to be the basis for this localized spike ... If it is assumed that companies which want to do business with [the company at the URL] have to use this template, it seems logical that the malware mainly shows up in Peru and neighboring countries. The same is true for larger companies with affiliated offices outside this area that have been asked to assist or to verify the – by then – infected project and then [infect] their own environment."

In other words, someone or some organization -- not necessarily in China -- planted the infected template. As a result they were able to swipe the drawings of all of the companies competing for some project, presumably to gain an edge in securing business.

ESET estimates that something like 100,000 drawings were stolen before ESET, with the help of Autodesk, the Chinese National Computer Virus Emergency Response Center, and the Chinese ISPs involved, were able to contain the problem. For a detailed look at the technology behind the attack, see the posting "ACAD/Medre.A Technical Analysis" in the ESET Threat Blog.

ESET now offers a free, stand-alone cleaner which will search for and remove ACAD/Medre.A infections.

So industrial cyber espionage is a big deal, but even more impressive and much more worrying is military cyber espionage because the stakes and consequences are much higher.

And there's a serious problem with military cyber espionage: In the real world if someone attacks you with something like a cruise missile, once it's landed you won't be able to put the missile back together and lob it back at whoever sent it. That's the nature of real-world armaments. You can build really smart and deadly devices and, even if they malfunction, the enemy will very, very rarely be able to turn your technology against you.

Not so with software armaments. Consider the much discussed Stuxnet, the computer worm that first appeared about two years ago. Stuxnet targets Siemens industrial control systems and is said to be responsible for damaging equipment used by the Iranian nuclear program.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News