Stuxnet is a computer worm that has infected thousands of PCs and the industrial control systems that are programmed using those PCs. Symantec, one of the leading anti-virus software makers, has a series of blog posts analyzing Stuxnet. The worm has a very specific function: to sabotage the industrial processes controlled by the industrial control systems. For example, Stuxnet could tell the controller monitoring the pressure in a gas pipeline to increase pressure to the point where the pipeline would fail catastrophically. It could tell the controller monitoring vital functions in nuclear reactor to ignore warnings. It could tell the centrifuges used to separate U235 from U238 to spin out of control.

Stuxnet is not the creation of a criminal hacker organization because it serves no criminal purpose. It doesn’t steal passwords or identities. It doesn’t transfer funds. All it does is screw with very specific industrial processes. It is also very sophisticated. It knows a lot about its targets:

The overall process of infection for methods A/B is as follows:

  • Check the PLC type; it must be an S7/315-2
  • Check the SDB blocks and determine whether sequence A or B should be written
  • Find DP_RECV, copy it to FC1869, replace it with a malicious copy embedded in Stuxnet
  • Write the malicious blocks (in total, 20 blocks) of the sequence, embedded in Stuxnet
  • Infect OB1 so that the malicious code is executed at the start of a cycle
  • Infect OB35, which will act as a watchdog

As a software guy, I’m impressed. I do what I call “ethical programming”. I make certain that my code is clean, easy to understand, and reasonably efficient. If I use a hack I document it. I have to do that, because the people maintaining my code likely work in Mumbai and have a couple of years of experience compared to my thirty plus years. The people who created “Stuxnet” are very skillful unethical programmers. They may also be ethical in that they used their skills to prevent a greater evil. What might that evil be? Let’s say a nuclear Iran.

Let’s look at where Stuxnet has hit, India, Indonesia and Iran top the pops. The rest of the world, not so much.

Did it work? Who knows? The victims aren’t going to own up, are they? But there are hints that the Iranians have had difficulties at their nuclear plants.

We do see reports like this from the LA Times:

Now, as experts’ analyses of the worm are being published and as it becomes clearer that computers associated with Iran’s controversial nuclear program were affected, it is also becoming clearer that Stuxnet is about sabotage, not espionage, and it’s way bigger than was apparent. Computer technicians thought they could root out the virus in a month or two, senior Iranian information technology official Hamid Alipur was quoted as saying, but attacks keep coming and new versions of it continue to mutate and spread, hampering cleanup.

Gerry Egan, a top Symantec executive, told CNN that the high level of design and specialized knowledge associated with worm was not something “the average hacker at home or in a garage” would have access to.

The sophistication behind Stuxnet combined with Iran’s nuclear facility as an apparent target is spawning much speculation.

The theory among experts is that this “took the resources of a nation-state to create a piece of malware so sophisticated,” Richard Falkenrath of Chertoff Group told Bloomberg this week. It is theoretically possible that the U.S. did this, he said, noting that this was a remote possibility. A more likely creator, he said, was Israel.

The end result is that Iran will not be able to trust any Western technology. Siemens was the target this time. Who knows who will be next?

Even if it wasn’t responsible for Stuxnet, Israel will get the blame. But the end result is good; evil regimes have learned that western technology can be used against them. Their isn’t any alternative Muslim technology, as specified in the Koran, that they can fall back on. So it puts them between a rock and a hard place, which is where they deserve to be.