Stuxnet is no longer the sole domian and property of the owners and creators nor the Major Antivirus/Governments/InfoSec people, and has been released into the wild. In a tweet earlier from the #Infosec stream on Twitter a link was posted to what purports to be the Stuxnet Source Code. But, what is Stuxnet?
For anyone who claims to have an interest in IT Security and who would dare right now to say they have not heard of Stuxnet – please leave my blog post (and return to your position with your head in the sand and ass in the air) now.
Stuxnet is a Microsoft Windows
computer worm discovered in July 2010 that targets industrial software and equipment.[1] While it is not the first time that crackers have targeted industrial systems,[2] it is the first discovered malware that spies on and subverts industrial systems,[3] and the first to include a programmable logic controller (PLC) rootkit.[4][5]
The worm initially spreads indiscriminately, but includes a highly specialized malware payload that is designed to target only Siemens
Supervisory Control And Data Acquisition (SCADA) systems that are configured to control and monitor specific industrial processes.[6][7] Stuxnet infects PLCs by subverting the Step-7 software application that is used to reprogram these devices.[8]
Different variants of Stuxnet targeted five Iranian organizations,[9] with the probable target widely suspected to be uranium enrichment infrastructure in Iran;[10][11]
Symantec noted in August 2010 that 60% of the infected computers worldwide were in Iran.[12] Siemens stated on November 29 that the worm has not caused any damage to its customers,[13] but the Iran nuclear program, which uses embargoed Siemens equipment procured clandestinely, has been damaged by Stuxnet.[14][15][16][17] Russian computer security firm Kaspersky Lab concluded that the sophisticated attack could only have been conducted “with nation-state support”[18] and it has been speculated that Israel and the United States may have been involved.[19]
In May 2011, the PBS program Need To Know cited a statement by Gary Samore, White House Coordinator for Arms Control and Weapons of Mass Destruction, in which he said, “we’re glad they [the Iranians] are having trouble with their centrifuge machine and that we – the US and its allies – are doing everything we can to make sure that we complicate matters for them” offered “winking acknowledgement” of US involvement in Stuxnet.[20] According to the British
Daily Telegraph, a showreel that was played at a retirement party for the head of the Israel Defence Forces (IDF), Gabi Ashkenazi, included references to Stuxnet as one of his operational successes as the IDF chief of staff.[21]
Pasted from <http://en.wikipedia.org/wiki/Stuxnet>
Now let me sum that up -
Stuxnet is a very clever and highly dangerous piece of code (in the wrong hands) which has caused some serious concerns around the world for over a year now. Its Origins are still up for debate (opinion) – my money is on a US Coder. I could point you to a million blog posts and news articles about where its been found and who let it loose in 2010, but that’s not my aim today.
Today I AM SIMPLY ASKING – IS THIS A GOOD TIME TO MAKE SUCH INFORMATION PUBLICLY AVAILABLE?
There is somewhat of a ‘war’ raging out there right now. People/groups/Government Departments/Communications Companies are all currently being attacked and counter attacking ‘over the wire’ in a way that I have not witnessed for all my years online.
Wikileaks , Anonymous and Lulzsec are three major examples of some of the different battle cry’s being shouted aloud and on the other side of the frontline we hear the terms Cyber Defence Strategy , IT Sec Consultants, National Security and Censorship.
The Stuxnet Tweet which prompted this post.
Coming from the ‘Hacker News’ Community on Twitter – the link leads to a ‘file download’ website where you can download the purported ‘Stuxnet’ Source Code.
The release comes 3 days after Symantec announced they had ‘cracked’ the code – so presumably now that they have a handle on it they are able to counteract the code and detect it online.
http://www.readwriteweb.com/hack/2011/06/how-symantec-cracked-stuxnet.php
But when its compiled, how easy would it be for any or ALL of the above named Cyberwarrior groups to manipulate?
In fact – should we dare compile it?
I guess the simple answer to that is – its too late now to worry about it … because its out in the Public Domain.
Something which has been described as a dangerous tool in the wrong hands – is now readily available for public usage, and I feel it is just a matter of time before the attentions of the ‘wrong’ people fall upon this terrible beauty.
If you want to download your own copy – its here -
http://www.thehackernews.com/2011/07/stuxnet-source-code-released-online.html
