- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
Network World - Was Stuxnet, a sophisticated piece of malware designed to attack industrial control systems (ICS), secretly invented by Israel to attack Iran's industrial controls systems?
Though the idea is pure conjecture at this point, some odd technical design in Stuxnet and how it works, as discovered by Symantec researchers, suggests it might be possible for someone to think that Jewish enemies of Iran, and Israel would be the obvious country to speculate about in this regard, as being behind Stuxnet.
Stuxnet clearly appears to be a cyberwar-grade piece of malware designed to sabotage an enemy's energy-distribution resources — but the Symantec report is careful not to name names, but just cite some peculiar clues that may be buried in Stuxnet code.
The Symantec report "W.32 Stuxnet Dossier" is about the malware known about since about mid-June that has made many working in the energy-distribution business very nervous. Because it's been clear it's out to get ICS by exploiting vulnerabilities in Windows-based computers, among other means.
In Symantec's extensive analysis of the Stuxnet code, which is being published tomorrow, Symantec says "Stuxnet is a threat targeting a specific industrial control system in Iran, such as a gas pipeline or power plant. The ultimate goal of Stuxnet is to sabotage that facility by reprogramming programmable logic controllers to operate as attackers intend them to, most likely out of their specified boundaries."
Stuxnet, a topic of fascination for weeks since it is so sophisticated and apparently not intended to perform the usual malware stunts, is increasingly regarded as cyberwar-caliber malware that one state might use against another to disable energy-distribution systems. Iran this week acknowledged it has been hit by Stuxnet.
The Symantec report is careful not to name Israel as Stuxnet's creator in any way. But the report does point to a specific malware loading function that Stuxnet uses as part of its larger command-and-control structure that looks for an infection marker and "checks that the configuration data is valid, after that it checks the value 'NTVDM TRACE' in the following registry key," says the Symantec report. "If this value is equal to 19790509, the threat will exit. This is thought to be an infection marker or a 'don’t infect' marker. If this is set correctly, infection will not occur. The value appears to be the date May, 9, 1979."
In its search for some meaning to attach to this, Symantec says it has found a Wikipedia reference to Habib Elghanian, "who was executed by a firing squad in Tehran, sending shock waves through the closely knit Iranian-Jewish community. He was the first Jew and one of the first civilians to be executed by the new Islamic government. This prompted the mass exodus of the once 100,000-member strong Jewish community of Iran which continues to this day."
In citing this reference to Elghanian, however, Symantec immediately "cautions readers on drawing any attribution conclusions. Attackers would have the natural desire to implicate any party." That means the creators of Stuxnet might be leaving a few false clues to make the world think Israel created it while the truth might lie elsewhere. Nothing's known for sure.