Cyber security experts have found what they believe to be the first super weapon designed to destroy a specific real-world target. The malware, named Stuxnet, was discovered in June of this year, but was so complex even the world’s cyber experts had to take time to unravel exactly how it works. When they did, what they found caused both admiration of the creators’ skills and legitimized concern that such attacks were possible.
Up until the announcement of Stuxnet’s capabilities, a lot of the world’s cyber experts didn’t believe it was yet possible to create a program in today’s world that would do what Stuxnet does so well. Stuxnet searches for and attempts to destroy specific targets by infiltrating “industrial supervisory control and data acquisition (SCADA) software”. That kind of software is used to run chemical plants and factories, as well as electric power plants and transmissions all over the world. The software is distributed by the Siemens Corporation, which claims they have already discovered how to render the malware ineffective.
Stuxnet is different from previous malware because it is so specific and can take over a computer system without the user touching a button or downloading files. It overwrites key components of SCADA with its own, in order to get SCADA to do whatever Stuxnet is programmed to do.
Cyber experts have been unanimous in their assertion that the monetary resources and engineering capabilities needed to create something like Stuxnet indicated that only an entity such as a nation state would be capable of the feat. This has sparked understandable alarm worldwide. Iran’s Bushehr Nuclear Plant has been mentioned as the very likely target of Stuxnet, leading to speculation that Stuxnet may have been implemented by the United States or Israel, two vocal opponents of Iran’s nuclear program.
The implications of malware programs that can target specific entities in specific nations are disastrous. Already strained relationships between nations could boil over and create new conflict. If one nation could prove that another specifically targeted them, the results are too horrible to think about. There is hope in that cyber security experts are now aware that that is a possibility, because now they have to go into overdrive to protect themselves. However, no one is quite sure what this means for international relations. Everyone seems to agree, though, that it isn’t good.
Larry Seltzer, “Who’s Behind Stuxnet? The Americans? The Israelis?” PCMag.com
Mark Clayton, “Stuxnet Malware is ‘Weapon’ out to Destroy…Iran’s Bushehr Nuclear Plant?” CSMonitor.com
Robert McMillan, “Was Stuxnet Built to to Attack Iran’s Nuclear Program?” PCWorld.com