StuxnetVirus's Channel

90 subscribers

0 video views

No recent activity.

About StuxnetVirus's channel

Stuxnet is a Windows-specific computer worm first discovered in June 2010 by VirusBlokAda, a security firm based in Belarus. It is the first discovered worm that spies on and reprograms industrial systems.[1] It was specifically written to attack Supervisory Control And Data Acquisition (SCADA) systems used to control and monitor industrial processes.[2] Stuxnet includes the capability to reprogram the programmable logic controllers (PLCs) and hide the changes.[3]

It is the first-ever computer worm to include a PLC rootkit.[4] It is also the first known worm to target critical industrial infrastructure.[5] Furthermore, the worm's probable target has been said to have been high value infrastructures in Iran using Siemens control systems.[6][7] According to news reports the infestation by this worm might have damaged Iran's nuclear facilities in Natanz[8][9] and eventually delayed the start up of Iran's Bushehr Nuclear Power Plant.[10] Siemens has stated, however, that the worm has not in fact caused any damage.[11]

Russian digital security company Kaspersky Labs released a statement that described Stuxnet as "a working and fearsome prototype of a cyber-weapon that will lead to the creation of a new arms race in the world." Kevin Hogan, Senior Director of Security Response at Symantec, noted that 60 percent of the infected computers worldwide were in Iran, suggesting its industrial plants were the target.[12] Kaspersky Labs concluded that the attacks could only have been conducted "with nation-state support", making Iran the first target of real cyber warfare.[13][14][15]

less

Created by

StuxnetVirus

Latest Activity

Oct 11, 2010

Date Joined

Oct 11, 2010

About this user

Alan Bentley of security firm Lumension has said that Stuxnet is "the most refined piece of malware ever discovered ... mischief or financial reward wasn't its purpose, it was aimed right at the heart of a critical infrastructure". Symantec estimates that the group developing Stuxnet would have been well-funded, consisting of five to ten people, and would have taken six months to prepare.[27]

The Guardian, the BBC and The New York Times all reported that experts studying Stuxnet considered that the complexity of the code indicates that only a nation state would have the capabilities to produce it.[6][27][28] Israel, perhaps through Unit 8200,[29] has been speculated to be the country behind Stuxnet in many of the media reports[27][30][31] and by experts such as Richard Falkenrath, former Senior Director for Policy and Plans within the Office of Homeland Security.[32] This is also due to several clues in the code such as a concealed reference to the word "MYRTUS", believed to refer to the Myrtle tree, or Hadassah in Hebrew. Hadassah was the birth name of the former Jewish queen of Persia, Queen Esther. In the Book of Esther, Jewish forces, after unraveling a Persian attack plan, stage a preemptive and successful assault against their adversaries.[33][34] However, it may be that the "MYRTUS" reference is simply a misinterpreted reference to SCADA components known as RTUs (Remote Terminal Units) and that this reference is actually "My RTUs" - a management feature of SCADA.[35] Also, the number 19790509 appears once in the code and might refer to 1979, May 9th, the day Habib Elghanian, a Persian Jew, was executed in Tehran.[36][37][38] According to the New York Times a former member of the United States intelligence community said that the attack had been the work of Unit 8200.[39]

There has also been speculation on the involvement of NATO, the United States and other Western nations.[40]

Symantec claims that the majority of infected systems were in Iran (about 60%),[41], which has led to speculation that it may have been deliberately targeting "high-value infrastructure" in Iran[6] including either the Bushehr Nuclear Power Plant or the Natanz nuclear facility.[21] Ralph Langner, a German cyber-security researcher, called the malware "a one-shot weapon" and said that the intended target was probably hit,[42] although he admitted this was speculation.[21]

There are reports that Iran's uranium enrichment facility at the Natanz facility was the target of Stuxnet and the site sustained damage because of it causing a sudden 15% reduction in its production capabilities. There was also a previous report by wikileaks disclosing a "serious nuclear accident" at the site in 2009.[9][31][43][44][45][46] According to statistics published by the Federation of American Scientists (FAS) the number of enriched centrifuges operational in Iran mysteriously declined from about 4,700 to about 3,900 beginning around the time the nuclear incident WikiLeaks mentioned would have occurred.[47]

The name is derived from some keywords discovered in the software.[48] Since the whole Stuxnet code has not yet been decrypted, its intent remains unknown. Among its peculiar capabilities is a fingerprinting technology which allows it to precisely identify the systems it infects. It appears to be looking for a particular system to destroy at a specific time and place. Once it has infected a system it performs a check every 5 seconds to determine if its parameters for launching an attack are met. The exact way through which Stuxnet destroys its target is still a mystery but it is thought[by whom?] that it may be programmed to cause a catastrophic physical failure by, for example, overriding turbine RPM limits, shutting down lubrication or cooling systems, or sabotaging the high-speed spinning process of centrifuge arrays at Iran's Natanz nuclear facility.[42][49] Since the complex code of Stuxnet looks for a very particular type of system and controller, it has been theorized that the target is of a high importance for the attacker.[50]

less