Cyber Terror

 

Cyber Terror

 The recent ransomed shutdown of the Colonial Pipeline, presumably by private Russian hackers, no longer at all afraid of our weak government, raises several points.  The most important is how easy it is for hackers to break into and ransom our infrastructure.  Ransomware is old technology, that has been around for ages.  The fact that these guys applied ransomware to a major American pipeline, dos not bode well for other crucial systems that we rely upon.

 The simple fact is that anyone who knows their way around the computer and network world, and has some knowledge of network security, could probably have accessed the modules controlling the pipeline.  These modules are either little network devices, with IP addresses themselves, or controlled by offline computers, where destructive code would need to be loaded by an external device, like a flash drive.

 All of the major powers, including our NSA, have cyberweapons groups that are actively developing cyberweapons to disable enemy infrastructure.  The Chinese, Russians and other communist or ex-communist countries are particularly active and adept in this field.

 There are also independent hacker groups all over the world, whose aim is to hold individuals, companies or countries hostage for money, like this incident with Colonial Pipeline.

 This reminds me of Stuxnet, which found and ruined multiple centrifuges in Iran in 2010 onward.  This was an extremely sophisticated cyberattack, which not only found a particular model of logic controller in Iran, Stuxnet masked itself and imperceptibly sped up uranium centrifuges, and burned out over 1,000 of them. 

 Trump, as a pragmatic, no nonsense, businessman, would probably ensure that our infrastructure is properly strengthened.  Biden and his bureaucratic clowns?  Not so much.

 This is my write-up of Stuxnet dated two years ago.  Stuxnet code is now available to anyone.  With capabilities such as these, is there any wonder that our infrastructure is in danger?

  

Stuxnet and Ramifications

 I just finished reading “Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon” by Kim Zetter, about the Stuxnet cyber worm and variants, that succeeded in setting back the Iranian nuclear program by several years.

 Stuxnet is a malicious computer worm, first uncovered in 2010, that targets SCADA systems and is believed to be responsible for causing substantial damage to Iran's nuclear program. Although neither country has openly admitted responsibility, the worm is believed to be a jointly built American/Israeli cyberweapon.

 Stuxnet specifically targets programmable logic controllers (PLCs), which allow the automation of electromechanical processes such as those used to control machinery and industrial processes including centrifuges for separating nuclear material. Stuxnet functions by targeting machines using the Microsoft Windows operating system and networks, then seeking out Siemens Step7 software. Stuxnet reportedly compromised Iranian PLCs, collecting information on industrial systems and causing the fast-spinning centrifuges to either tear themselves apart, or spin irregularly and fail sooner than normal. Stuxnet Has really opened up a can of worms (sic), since it could be tailored as a platform for attacking any modern supervisory control and data acquisition (SCADA) and PLC systems (e.g., in factory assembly lines or power plants), the majority of which reside in Europe, Japan and the US.

 Stuxnet reportedly ruined almost one fifth of Iran's nuclear centrifuges. Targeting industrial control systems, the worm infected over 200,000 computers and caused 1,000 machines to physically degrade.

 Stuxnet has three modules: a worm that executes all routines related to the main payload of the attack; a link file that automatically executes the propagated copies of the worm; and a rootkit component responsible for hiding all malicious files and processes, preventing detection of the presence of Stuxnet. Versions of Stuxnet incorporated up to four or five “zero day” exploits and several stolen, digitally signed certificates for device drivers, both unheard of in the normal “hacktivist” world.  It is typically introduced to the target environment via an infected USB flash drive, thereby crossing any air gap. The worm then propagates across the local or wider network, scanning for Siemens Step7 software on computers controlling a PLC. In the absence of either criterion, Stuxnet becomes dormant inside the computer. If both the conditions are fulfilled, Stuxnet introduces the infected rootkit onto the PLC and Step7 software, modifying the code and giving unexpected commands to the PLC while returning a loop of normal operations system values feedback to the users.

 Kim Zetter’s book traces the discovery of a version of Stuxnet in an Iranian personal computer by Sergey Ulasen, of VirusBlokAda a small security company in Belarus, to unpacking and reverse engineering Stuxnet and variants by the Symantec and Kaspersky security groups over a number of years.  She also discusses the ramifications of what amounts to a cyber-attack by one nation-state against another, and the fact that this technology is now available in the wild for possible further use.

Ray Gruszecki

May 8, 2019 & May 12, 2021