Flat Earth News

Stuxnet - A cyber weapon - or another Y2K type hype?

Click here to go to the main blog page.

Tagged: / Posted: 1 October 2010

STUXNET, once called a piece of cyber spyware, has now attained 'Cyber superweapon' or 'cyber missile' status! I can't help but noting the same sort of hype that surrounded the Y2K bug that Nick Davies writes about in the book. Even The Economist is reporting on it.

This STUXNET worm has infected more than 45,000 computers yet no major damage has been reported. So to explain this cyber squib the current theory is that STUXNET is so well written that it is only targeting a particular configuration of a specific industrial control system (known as SCADAs) which it will then disrupt or shutdown. But no one can actually work out what the exact target is so the speculation is that its Iran's nuclear facilities.

Is that not the perfect ingredients for media hype? A cyber weapon directed at a sensitive facility in a highly secretive country that would not be likely to admit such an attack should one occur anyway.

Even the method of infection sounds dubious but has been concocted to try and explain some of the glaring holes in the theory. Because of security reasons most SCADA systems are not connected to the internet. Ah, but the worm is spread via USB memory sticks. Then it only hits the rather obscure WinCC SCADA software from Siemens. If it doesn't find the WinCC it copies itself onto other USB devices (or through local networks) hoping to find it.

To explain why the infected 15 plants known to Siemens haven't been disrupted or shutdown by STUXNET the speculation is that it is actually targetting a unique configuration ie. one facility in the world. And that would be Iran's sensitive nuclear facility - of course!

So we have to believe that whoever wrote STUXNET had details of Siemens SCADA systems and the specific target facility's blueprints.
But why (I ask) if they had that much information on the target why bother using USB sticks in a way that has infected 45000 computers worldwide but is still searching for its target?

Maybe it has found its target? Iran's Bushehr nuclear reaction has been suffering from start-up delays for years and has apparently been infected but no major damage was done. So a more plausible target' is Iran's uranium-enrichment plant which the UN IAEA says only has half the centrifuges working - evidence of a successful attack according to The Economist. What, thats it? After all that effort? Yes, apparently 'whoever is behind STUXNET may feel a delay is better than nothing'.

So in July the speculation was that STUXNET is cyber spyware, 'a clear cut case of industrial espionage' that downloads the database from the industrial control system software. Then in the last few weeks the hyped speculation has been suggesting STUXNET is "a 100-percent-directed cyber attack aimed at destroying an industrial process in the physical world". And this from a cyber security expert that admitted 'his views on Stuxnet's target is speculation based on suggestive threads he has seen in the media'.

And the media is basing their stories on the speculation pumped out by the specialist based on the media suggestions based on...


http://en.wikipedia.org/wiki/Stuxnet (for a good collection of the stories and analysis)


>>> Archive of Nick Davies work >>>