by Christopher Tippins of the Software Synergy Group
Over the past year I’ve written several articles about a new type of computer virus – Stuxnet – one designed to infiltrate and destroy the control systems of Iran’s centrifuge systems that manufacture enriched uranium.
What has made Stuxnet (and now Duqu) so completely different than any other type of computer virus or malware is that it seems to have been state sponsored. It is widely believed that it was either developed by Israel or the United States or perhaps by teams working for both countries. Additionally, it was targeted to infect Siemens control systems and those specifically in Iran.
It’s unknown at this point where Duqu came from, but the first evidence of its existence seems to have occurred in Hungary sometime over the past four to six weeks. Stuxnet wreaked havoc in Iran by targeting the systems that controlled the speed of the motors running the centrifuges and causing them to run wildly out of control and burning them out, all the while sending data indicating that the motors were operating within normal limits. It is estimated that it set Iran’s nuclear program back a year or more.
The Duqu virus, which is believed to be based on code that came directly from Stuxnet, seems to have a completely different purpose. First accounts indicate it is designed to do two things:
- Gain remote access to systems for its designers and
- Act as a keylogger to record keystrokes and other data and send that data package back to developers
Infection so far has been rare and this new virus may be nothing more than a test deployment to see how well it functions in the field as well as how easily it can be distributed without detection. Interestingly, the payload or “dropper” program – the delivery application – has not been found, only the remnants of the infection and the resulting payload.
Aside from the amazing complexities of this malware and its design goal, these viruses represent a new era in warfare. Ponder for a minute what the ramifications of these types of threats represent if code like this is developed to bring down portions of the power grid or the control systems of online nuclear reactors or communications systems. In theory at least, these threats could do more damage to an infrastructure then an out and out barrage by conventional weapons.
Here are some links if you’d like to read more about this fascinating story:
10/23/2011: Update: The Boston Globe published an interesting article (click here) about a researcher who was able to duplicate at least some of the capabilities (remote access and control) of Stuxnet type applications – and do it with less then 20,000 dollars and in less then 2 months.