DIGITAL AMERICA

Stuxnet – The Precision Weapon

// Posted by on 05/28/2015 (4:36 PM)

“Stuxnet wasn’t just aimed at attacking a specific type of Siemens controller, it was a precision weapon bent on sabotaging a specific facility.” This is a direct quote from the article we read this week “How Digital Detectives Deciphered Stuxnet, The Most Menacing Malware In History.” Wow! The most menacing malware in history are strong words. But Stuxnet was a sophisticated and difficult to detect malicious malware program. One characteristic (there were many) that surprised the computer security experts was that the malware was not aimed at the U.S. but targeted foreign countries – Iran, Indonesia and India. We read that computer security has grown into a multibillion-dollar industry just due to keeping pace with the hackers, viruses and spyware programs that are constantly being created. Is this an example of negative digital progress? Yes! Along with progress that is good and propels the world forward in computer skills and abilities comes the negative aspect of hackers and those who are set on making money utilizing the very tools that are being developed. It’s a catch 22 – while we aim to steadily increase our digital knowledge to streamline and be more efficient, we are also up against hackers who’s goal is to take down what has been created and make money in the process.

Stuxnet was unique in that it used “zero-days” to spread the malware. Zero days, are the ”hacking world’s  most potent weapons: they exploit vulnerabilities in software that are yet unknown to the software maker or antivirus vendors.” With this method the virus can spread from computer to computer through a contaminated USB. Something as normal as inserting a flash drive was the catalyst for Stuxnet. The shear sophistication of this malware was a puzzle to be solved by computer experts. What was it, how did it come to be and how to fix it? All critical questions for computer experts. The term zero days is  new to me. It seems that if a computer virus can be initiated in vulnerabilities of software that a software maker isn’t even aware of, then how can the software maker protect their product? It’s definitely a difficult situation. I don’t think it’s going away either. Thought leaders are constantly developing new and improved hardware and software and criminals are constantly developing malicious viruses to hack in to computers and do damage or steal information.

I’ve had malware on my work office computer and my work laptop. It was a nightmare to fix! Hours of clean up time were spent to repair the damage. And, now we see the same thing happening with our tablets, iPads, and cell phones. After all, what is a cell phone but a small computer. How can we be careful that our personal information is not stolen and that our digital devices remain safe? As a consumer I trust the antiviral software that I use will protect me but I truly think you’re just lucky if you don’t experience a virus at some time with some piece of your digital world.

It’s scary to think that a company like Siemans can be targeted so specifically. Think of the money the company spends to detect the virus and fix the problem. I think most every business is vulnerable to such an attack. When I work from home I log in via a VPN (virtual private network) and I feel secure working from home, but am I? I often use my remote desktop connection and it’s as if I’m sitting in my office working and I feel protected by the Sophos software the University uses. I think it’s a false sense of security but I’ve got to trust it anyway. It seems like with big brother watching our every move and invasions of our private information and digital devices, one has to be so careful what one shares on the Internet or via digital communication. I would not share anything that I would not want exposed because you don’t know who is looking!

In reading about Stuxnet I imagined that there are many malware viruses created by our government for spying on other countries or for use in the military for the purpose of trying to prevent terrorism in the U.S. If this is actually true, I guess I don’t have a problem with what our government might be doing to “protect” us. But, on the other hand, how much data does our government have the right to have on us? It’s not an easy question to answer.


Categories: Uncategorized
Tags: ,

Comments:


Rosatelli said...

Hi Lois,

There is definitely a personal element to these stories, but I encourage you to think about how cyberwar can affect us as a nation. What is the big picture shift that is happening? Little virus that infect your computer are most likely there for either fun (someone could hack it so they did), or identity theft/credit cards. This is small stuff–uncomfortable, but small. What are the implications of large scale malware infections? Infrastructure attacks? Governments v. private companies? Power is a really big theme throughout these readings, and I encourage you to think about who has it, who wants it, and who is going to get it.

// 05/29/2015 at 8:57 pm

SarahP said...

Hi Lois!

Oh my gosh, I’m right there with you when it comes to nightmare-ish malware!! I had a rootkit on my desktop computer and it took months to get rid of it. It kept skirting by Norton, since it identifies as a normal program. Viruses are getting more and more clever…

// 05/29/2015 at 9:47 pm

Ginger said...

Lois,

You bring up many good points in your posting. I, too, had malware attack my computer at work. The IT guy said he had never seen anything like it. What happened next was kind of funny. In an effort to keep this from happening again the IT department made is so, (IT people please forgive my IT ignorance) so you could not launch any programs on the internet. Okay, this seems like a good idea in theory, but many of the programs we use for work are internet-based. It was bad at work for a couple of weeks!

This is what could happen though, the pendulum swinging the other way, way too far. As you mentioned, something that could help us and make us more efficient being used against us.

To those that would argue that they do not use the internet to pay bills or shop I would ask how many times have you given your credit card to a waiter or waitress? I have heard of people getting their identities stolen that way. My husband was jogging at work and lost one of his dog tags. A man opened up a credit card in his name using the information on the dog tag.

Our personal data is only that in name it seems.

// 05/30/2015 at 8:38 pm

Lois said...

Professor Rosatelli,

I feel as though I did address the small implications and the large scale implications in my blog post. I mentioned my own personal example with malware and also in the final paragraph talked about big brother watching our every move and how government uses spyware/malware to assist in the prevention of terrorism which is a world wide issue. Perhaps I did not say it as best I could but Siemens’ infrastructure was definitely affected by the malware, staff time and delay in production just to mention two affects.

I appreciate your comments and will continue to explore my thinking of the implications of malware.

// 06/01/2015 at 12:26 pm