Cyberwar that actually deserves the name

Paul Raven @ 24-09-2010

After a few years of grandstanding and chest-thumping about the dangers of cyberwar from the military complexes of the West, especially the US, we finally see something that actually looks like a covert act of digital warfare initiated at nation-state level (as opposed to the petty vandalism and independent street-gang-equivalent activity that has been heretofore labelled as cyberwar). And you know what? It might well have been the US military establishment that did it.

The story in question is the Stuxnet computer worm, which you’ve probably read about somewhere already. But just in case you’ve not, here’s the skinny: Stuxnet takes advantage of four different security holes in Microsoft Windows (which is far from out of the ordinary; if you’re gonna rob houses, go for the ones with no locks on the doors), which means it can spread very fast; it’s controlled and upgraded in a decentralised peer-to-peer fashion (also not new, as we saw the same thing in the big botnet worms of recent times), and has the added ability to jump onto removable media (thumb drives) to expand the infection vectors.

So far, so geeky. The weird bit is what Stuxnet actually does. Rather than setting up spam email farms or harvesting credit card numbers (the traditional remunerative ends of such software), it targets a very specific type of embedded industrial control software developed by Siemens… software that, according to Wired, is “installed in pipelines, nuclear plants, utility companies and manufacturing facilities to manage operations.” Furthermore, the configuration suggests a very specific sort of installation was the intended target, and that sabotage thereof was the intent; a German researcher theorises (admittedly without much in the way of evidence) that one of Iran’s nuclear plants was the target, and that the US or Israel are the likely nation-states-of-origin. It’s a sad thing to admit, but that’s all too believable a theory… which is doubtless why it’s getting so many mentions. Read, and read widely:

Of course, plausibility isn’t probability; perhaps Stuxnet was developed by a rival company wishing to discredit the safety of Siemens’ systems*. The web enables industrial espionage, so why not industrial sabotage? But it seems an odd angle to take; deft marketing does just as effective a job of discrediting market-leading tech without engaging in criminal activity, and a black-ops hacking project would be an odd way to spend an R&D budget that would be better spent on, y’know, building a better mousetrap. Sabotage is a political act, ideological warfare… and that’s a nation-state game, not a corporate one.

It’ll be interesting to see what more we hear about Stuxnet, if anything, but I suspect it marks the start of a new chapter of geopolitics and technologised warfare.

[ * The fact that said systems run on Windows machines should be indictment enough, to be honest. ]

Virus on space station searched for video game logins

Tomas Martin @ 28-08-2008

USB drives transported viruses into space...NASA revealed today that some of the laptops used by astronauts on the International Space Station were infected with the computer virus Gammima.AG. The laptops, which were carried to the station in July for nutritional programs and email, were believed to be infected when they arrived.

Gamminma.AG is a year old virus that steals logins for online computer games for sale by software pirates. Computer experts say the astronauts should have disabled the ‘autorun’ command from the laptops as the virus travels by USB stick. NASA may have been caught out but there are instructions to prevent such malware automatically subverting your computer.

I wonder if the virus managed to steal any of the astronauts logins to World of Warcraft or Sins of A Solar Empire? Are avatars worth more if their user has travelled into space?

[via Google News, picture by Caro’s Lines]