Story

Stuxnet “neutralized” – Who sows the wind storm gathers!

 The news has caused much uproar in the scientific community, according European and U.S. officials and private experts the iranian scientists have isolated and made harmless the Stuxnet malware that has infected the control systems of the nuclear plants all over the country. For some years Iranian security experts are facing with this virus that is considered the first cyber weapon in the history used to attack critical infrastructures of a country,  in this case some nuclear plants in which Teharan government is pursuing its nuclear program.

Cyber warfare expert John Bumgarner claims that the Stuxnet and Duqu virus have been active for much longer than previously suspected, he says that they are active in different variant since 2006. Precisely he claims that the Stuxnet computer virus is linked to Conficker, a mysterious “worm” that surfaced in late 2008 and infected millions of PCs. Conficker was used to open back doors into computers in Iran, then infect them with Stuxnet … “Conficker was a door kicker,”

Who has projected the deadly weapon?
Which are the investments behind their production and what the real goals? 
Are we dealing with an isolated case or other similar malware are designed to attack other strategic goals?

It is clear that Stuxnet has been designed with the intent to strike the Iranian nuclear program and even more clear is who has always opposed such a program, U.S. and Israel first. To corroborate the thesis we made the consideration that the tecnology skill necessary to develope a similar weapon is really high and during the investigation made by the main security firms it has been discovered that Stuxnet is just a component of a larger project. The innovative project is related to the development of an open platform used to assemble the deadly cyber weapons in relation to the final targets.

It has been discovered a platform behind Stuxnet called “Tilded Platform“, used also for the development of Duqu malware, and that make possible the development of a set of reusable tools, a true innovation that make possible the composition of ever new and enhanced agents with modules developed to fulfill specific functions against clearly defined targets. Officially the U.S. and Israeli governments have always rejected any allegations concerning the paternity of the virus and agents related to it.

Who developed Stuxnet has demonstrated a deep knowledge of the vulnerabilities of industrial control systems, result of a meticulous intelligence action that has left no stone unturned.

How have the Iranians eradicated the malware from their systems?

In November 2010, Iranian President Mahmoud Ahmadinejad said that malicious software had created problems in some of Iran's uranium enrichment centrifuges, although he declared that the problems had been solved. At the moment there are no official information on how they managed to defeat Stuxnet and there are many hypotheses in circulation. The most credible claim that Iranian scientists have availed themselves of the support of experts from Western that from several years are on the trail of malware. The clamor around Stuxnet and countless surveys on the structure of the code on which is based would provide valuable information for the neutralization of the virus.

Peter Sommer, a computer security expert based in Britain, said that once Iran had detected the presence of the worm and figured out how it worked, it shouldn't have been too hard for them to disable it. 

"Once you know that it's there it's not that difficult to reverse engineer... Neutralization of Stuxnet, once its operation is understood, would not be that difficult as it was precisely engineered to disrupt a specific item of machinery." "Once Stuxnet's signature is identified it can be eliminated from a system," Sommer added."

I fully share the Summer' point of view and I add that the work of reverse engineer made on the virus has made possible to understand how Stuxnet operates, that knowledge could be used as a starting point for the development of further cyber weapons. Paradoxically, a weapon used to injure could be studied and suitably modified to attack control systems scattered across the world.

In light of these considerations that are very important for those interested in the processes of malware creation and testing, what are the characteristics that we will dentify in future instances of direct descendants of the current agents Duqu  and Stuxnet?
  • Deep information manipulation
  • Trasfering information via Command & Control mainly through via search engine optimizition and SEO search engines like Bing, Google or Yahoo.
  • Free file format exploit with special attention to those file formats that are free and not owned by organizations like AVI format.

Many studies revealed a drammatic sytuation in Europe and USA alerting the world population about the possibility of attacks that could compromise the computer systems of critical structures. Unfortunately, many countries are still behind in the implementation of a cyber strategy that protects the population from the looming cyber threat.

The concern is high, it could materialize the nightmare of every responsible government. An incident can undermine the safety of millions of individuals and of the entire nation. Dozens, hundreds, thousands of installations all over the country potentially vulnerable to attack from anywhere on the planet, attacks that happened in what we might call the fourth dimension, cyberspace, and that could also lead to the loss of many human lives. Not necessarily our minds must fly at a nuclear plant and led to an accident in its of government systems, you can just think about the impact it could have on a chemical plant as many.

The announcement of the neutralization of Stuxnet could kick off a new phase of evolution of the dreaded cyber threat, therefore I consider essential to be able to evelare alert level against these threats. Probably while we are reading this article, Iranian experts are already working on the next cyber weapon to use against Western enemy.
Who sows the wind storm gathers.

Pierluigi Paganini

References

http://securityaffairs.co/wordpress/2599/malware/stuxnet-neutralized-who-sows-the-wind-storm-gathers.html

http://ca.news.yahoo.com/experts-iran-neutralized-stuxnet-virus-231246798.html