By SCOTT DEWING
Published: November 2010

THE RECENT STUXNET VIRUS would have been just another computer virus released “into the wild” this year, except for one very important detail: it specifically targets industrial control systems (ICS) that are used to control gas pipelines and power plants. According to Symantec, an anti-virus software and research company, the final goal of Stuxnet is “to reprogram industrial control systems (ICS) by modifying code on programmable logic controllers (PLCs) to make them work in a manner the attacker intended and to hide those changes from the operator of the equipment.”

Once an attacker has control of the ICS for a pipeline or power plant, they could carry out diabolical actions such as increasing the pressure in a natural gas pipeline to the point of explosion or speeding up a power plant turbine beyond capacity to the point of failure and or explosion. Either scenario would result in facility destruction and likely death.

Who would want to do such a thing? Terrorists for certain. Carrying out a cyber-attack from thousands of miles away against critical infrastructure such as pipelines or power plants would, I imagine, be preferable to trying to coordinate and pull off a conventional attack on the ground. But in the case of Stuxnet, it is highly unlikely that Osama bin Laden and a team of crack software programmers and hackers engineered such a sophisticated piece of malware in whatever cave they are currently hiding in. Nor is it likely that Al-Qaeda outsourced the project to India without anyone finding out about it.

Who else? Well the mafia comes to mind, especially the Russians who have a reputation of being behind some of the most sophisticated malware created to date. The mafia, however, is interested in profiting quickly from large-scale petty theft of credit card data and usernames/passwords to banking accounts. They dabble in corporate espionage, but most of their bread and butter comes from stealing from people like you and me. It’s unlikely then that the mafia (Russian or otherwise) is behind Stuxnet either.

This leaves us with governments (both foreign and domestic) as the likely culprit though no country has raised its hand and said, “Yeah, that was us.” And I don’t suspect that is likely to ever happen though there has been and will likely continue to be a lot of finger pointing–most recently at the Israelis due to the fact hat the largest outbreak of Stuxnet has been in Iran. According to Symantec, there are currently 100,000 infected “hosts” (computer systems) worldwide. More than 60,000 of those infected hosts are in Iran. Translation: Iran’s industrial control systems were the primary target of Stuxnet.

Iran’s anti-Zionist rhetoric combined with its pursuit of a nuclear program and funding of terrorist organizations such as Hamas and Hezbollah have, to say the least, strained relations between Iran and Israel. According to a September report in the The Atlantic, Israel stands ready to carry out military strikes against Iran’s uranium-enrichment facilities in Natanz and Qom as well as the nuclear research facility in Esfahan and the nuclear power plant located in the coastal city of Bushehr (which just happens to be the location where Stuxnet was first discovered to have infected Iran’s industrial control systems). In June, The Times reported that Saudi Arabia conducted tests to stand down its air defences in order to allow the Israeli Air Force to go bomb Iran’s nuclear facilities.

The U.S. administration has been, at best, lukewarm to any Israeli plans to bomb nuclear facilities in Iran with President George W. Bush only giving “amber light” support to such a plan back in the final months of his presidency. Since then, the Obama administration has pressured the Israelis to seek a diplomatic solution to the “Iran problem”, which is interesting given the fact that, to date, U.S. diplomacy has done little, if anything, to improve relations and persuade the Iranians to forgo their nuclear ambitions.

It should come as no surprise then that the Israelis may have exercised a third option: cyber warfare. According to Richard Clarke in his new book Cyber War: The Next Threat to National Security and What to Do About It, “cyber war is the unauthorized penetration by, on behalf of, or in support of, a government into another nation’s computer or network, or any other activity affecting a computer system, in which the purpose is to add, alter, or falsify data, or cause disruption of or damage to a computer, or network device, or the objects a computer system controls.”

Stuxnet was designed exactly for this purpose. I say “designed” because Stuxnet is a very sophisticated collection of malware code that simultaneously exploited several known security holes in the Microsoft operating system as well as a “zero-day” (that is, previously unknown) vulnerability in order to infect a host system. According to a recent Symantec whitepaper, the creators of Stuxnet “amassed a vast array of components to increase their chances of success [including] the first ever PLC rootkit, antivirus evasion techniques, complex process injection and hooking code, network infection routines, peer-to-peer updates, and a command and control interface.

In other words, Stuxnet was not the work of some pimply faced hacker living in his parent’s basement. It was created by a team of very sophisticated and well-funded programmers with very clear objectives in mind. Whether this team turns out to be the Israeli Defence Forces elite Unit 8200 “cyber warriors” or any of the number of cyber units now embedded within the U.S. military and the intelligence community is less important than the implications of such a sophisticated cyber weapon as Stuxnet being created and used: we’re now stuck with Stuxnet and the increased probability that it or some re-engineered variant could be used against our very own critical infrastructure.