Sunday, March 15, 2015

Stuxnet: Not a Virus, Not a Worm, a Bacterium

Wired recently described the computer nightmare:
Like most disasters this started with good intentions, to cripple Iranian enrichment for nuclear weapons. To do this they, whoever they are, used professionals in a project.  Instead of a small clever piece of code making use of social engineering, they wrote a system that exploited network distribution vulnerabilities.  Just like malaria crossing from one species to another, their programs crossed operating systems.  They sent instructions to Siemens controllers from Windows.  They also spoofed site authentication.
We have spent tremendous time and effort getting systems and hardware to communicate, now each portal is a hazard.
It is the use of professionals that is the most terrifying.  We professionals have gazed into the pit of despair, we know how infuriating intermittent results can be; we know the nooks and crannies. The reason Linux, UNIX, mainframes, Apple etc. is safe is because those cultures have no interest in exploit, or at least no interest in getting caught.  The use of professionals is akin to letting Navy Seals loose on a kindergarten playground.
Whoever did this went to a lot of effort to target specific sites in a specific timeframe.  We will not be so lucky next time.

No comments:

Post a Comment