Stuxnet Worm: Cyber Weapon Targets Power Plants, Factories

Sept. 24, 2010— -- A first-of-its-kind computer worm is taking malicious software to an unprecedented level.

As if attempting to steal personal information or inflicting chaos on your laptop isn't bad enough, security experts say the Stuxnet worm is designed to hijack and potentially cripple real-world targets such as nuclear power plants, factories and oil rigs.

Security experts first learned of the new strain of software in June, but only disclosed its ability to infect major industrial systems in recent weeks.

"This is cyber sabotage," said Roel Schouwenberg, a senior researcher for the security firm Kaspersky Labs. "Stuxnet is designed to basically bring down a plant or take down operations."

For several years, the security community has speculated about a worm complex enough to infiltrate a computer system for a nuclear power plant or oil refinery and then modify operations, he said. But they've never actually seen one in the public arena until Stuxnet.

"Stuxnet is the first in so many different areas. It's amazing, basically," he said. "This could well be a turning point in how we view cyber, basically."

Stuxnet Hides Hijack From System Administrators

Liam O Murchu, a researcher for Internet security company Symantec, said he and his team started analyzing the worm after an anti-virus company in Belarus discovered it in June.

He said it has the power not only to control machinery anywhere in the world, including those key to water supplies, sewage, oil refineries and factories, it also can hide its hijack from system administrators.

"It can hide how your equipment works in your plant and it can hide those changes from you so that you won't even see that there is code," he said.

While they don't know who is behind the worm or if they've succeeded in sabotaging a target, he said, they do know that it's infected several systems around the world, mostly in Iran. The worm won't succeed in taking over the target, however, unless it's configured in a specific way.

Since about 60 percent of the cases were based in Iran, they suspect that the actual target may have been in that country and cases in other countries were just collateral damage, he said.

Nation-State Could Be Behind Worm, Researchers Say

He added that although they can't trace the worm to one particular person or group, given Stuxnet's complexity they believe the worm originated with a group with enough time, money, expertise and manpower not only to write the program, but to do the real-world reconnaissance work and testing behind it.

"It's hard to say exactly who would be behind it, but when you look at the resources behind it ... it doesn't leave you with many entities to look at," he said. "There's speculation that it could be a government, a government agency or nation-state, based on the amount of researchers needed. But it could also be a private entity who is interested in going after industrial control systems."

Kaspersky's Schouwenberg said that although the worm may herald a new age of cyber sabotage and should elevate cyber weapons concerns, vulnerability to this particular worm is not especially high.

"As soon as the Stuxnet news hit, I think everybody checked their systems and made the necessary preparations," he said. "If there are any positives so far from Stuxnet, I hope it will raise further awareness with governments and plan management so they allocate more and more budgets to protect our systems.