Stuxnet – The Precision Weapon
// Posted by Lois on 05/28/2015 (4:36 PM)
“Stuxnet wasn’t just aimed at attacking a specific type of Siemens controller, it was a precision weapon bent on sabotaging a specific facility.” This is a direct quote from the article we read this week “How Digital Detectives Deciphered Stuxnet, The Most Menacing Malware In History.” Wow! The most menacing malware in history are strong words. But Stuxnet was a sophisticated and difficult to detect malicious malware program. One characteristic (there were many) that surprised the computer security experts was that the malware was not aimed at the U.S. but targeted foreign countries – Iran, Indonesia and India. We read that computer security has grown into a multibillion-dollar industry just due to keeping pace with the hackers, viruses and spyware programs that are constantly being created. Is this an example of negative digital progress? Yes! Along with progress that is good and propels the world forward in computer skills and abilities comes the negative aspect of hackers and those who are set on making money utilizing the very tools that are being developed. It’s a catch 22 – while we aim to steadily increase our digital knowledge to streamline and be more efficient, we are also up against hackers who’s goal is to take down what has been created and make money in the process.
Stuxnet was unique in that it used “zero-days” to spread the malware. Zero days, are the ”hacking world’s most potent weapons: they exploit vulnerabilities in software that are yet unknown to the software maker or antivirus vendors.” With this method the virus can spread from computer to computer through a contaminated USB. Something as normal as inserting a flash drive was the catalyst for Stuxnet. The shear sophistication of this malware was a puzzle to be solved by computer experts. What was it, how did it come to be and how to fix it? All critical questions for computer experts. The term zero days is new to me. It seems that if a computer virus can be initiated in vulnerabilities of software that a software maker isn’t even aware of, then how can the software maker protect their product? It’s definitely a difficult situation. I don’t think it’s going away either. Thought leaders are constantly developing new and improved hardware and software and criminals are constantly developing malicious viruses to hack in to computers and do damage or steal information.
I’ve had malware on my work office computer and my work laptop. It was a nightmare to fix! Hours of clean up time were spent to repair the damage. And, now we see the same thing happening with our tablets, iPads, and cell phones. After all, what is a cell phone but a small computer. How can we be careful that our personal information is not stolen and that our digital devices remain safe? As a consumer I trust the antiviral software that I use will protect me but I truly think you’re just lucky if you don’t experience a virus at some time with some piece of your digital world.
It’s scary to think that a company like Siemans can be targeted so specifically. Think of the money the company spends to detect the virus and fix the problem. I think most every business is vulnerable to such an attack. When I work from home I log in via a VPN (virtual private network) and I feel secure working from home, but am I? I often use my remote desktop connection and it’s as if I’m sitting in my office working and I feel protected by the Sophos software the University uses. I think it’s a false sense of security but I’ve got to trust it anyway. It seems like with big brother watching our every move and invasions of our private information and digital devices, one has to be so careful what one shares on the Internet or via digital communication. I would not share anything that I would not want exposed because you don’t know who is looking!
In reading about Stuxnet I imagined that there are many malware viruses created by our government for spying on other countries or for use in the military for the purpose of trying to prevent terrorism in the U.S. If this is actually true, I guess I don’t have a problem with what our government might be doing to “protect” us. But, on the other hand, how much data does our government have the right to have on us? It’s not an easy question to answer.