Stuxnet unleashes malware warfare
Let me tell you about a new form of warfare. Electronic computers have been around since the end of Second World War. Computer viruses have been around since 1971.
In 2009, somebody (and we still don't know who they are) unleashed a very cunning computer virus. It was called Stuxnet, and it successfully attacked nuclear facilities in Iran.
A computer virus is a computer program that, like a biological virus, makes copies of itself and spreads itself from one computer to the next. It can spread via the global internet, a local network, or even a USB memory stick.
Today, the term 'computer virus' is a fairly vague term, so let's use the word malware, where 'mal' means bad.
Malware may or may not be able to reproduce. Malware includes computer viruses, computer worms, spyware, adware and Trojan horses.
A Trojan horse is a program that seems harmless, but has a hidden and evil function. For example, it might use your internet connection and your computer to send out millions of spam emails, while you are peacefully sleeping in your bed.
Other malware might include a program that records all the keystrokes that your fingers do on the keyboard and, whenever you do any online banking, it sends the keystrokes off to someone wicked.
One amazing thing about Stuxnet, and even today we don't know who wrote it, is that it used what is called a 'zero-day vulnerability'. (A vulnerability is a security flaw in your software that will let an outsider in.)
What makes it a zero-day vulnerability is that neither the software manufacturer, nor the anti-virus makers, know that this security flaw exists. Only the person who found it knows about it.
So zero-day vulnerabilities are very powerful.
Even if you have all your recommended patches and updates installed, even if you have disabled the auto-run facility, even if you are operating in a restricted low-level user account and not a high-level administrator account, and even if you have specifically disabled the execution of any programs from a USB memory stick, if you are hit by a zero-day vulnerability in some computer malware, your machine will get infected.
Zero-day vulnerabilities are very powerful, but they are also very rare.
Every year, about 12 million pieces of new malware are released by the forces of darkness. And each year, fewer than twelve of them are zero-day vulnerabilities.
So if a zero-day vulnerability turns up, it can sell on the black market for $100,000.
It's very rare for a piece of computer malware to use even a single zero-day vulnerability.
But Stuxnet had four zero-day vulnerabilities incorporated into it! That is absolutely unprecedented. Whoever made Stuxnet wanted to be darn sure that it would hit its target.
To be even more sure, Stuxnet also used a digital certificate. A Digital Certificate is kind of like a passport. It proves who you are.
In a computer program, it's an encrypted string of bits that prove that the program is legitimate. So when you download an updated version of a program, or an updated driver for a printer, it comes with this digital certificate.
Before Stuxnet, forged or bogus digital certificates had been used. They're a bit like an underage person using a fake ID to get into a bar.
But Stuxnet was the first computer malware to use a genuine, but stolen, digital certificate. So any computer would see this genuine digital certificate and accept that the accompanying program was genuine.
In fact, just to be extra sure, Stuxnet used not just one genuine stolen digital certificate, but two of them!
They were stolen from two companies, RealTek and JMicron, that have their headquarters in the same Hsinchu Science Park in Taiwan.
The Stuxnet malware is huge: 500 kilobytes rather than the usual 10–15 kilobytes. This 500 kilobytes is not wasted on a big image or picture, nor in loose and inefficient coding.
No! Instead, Stuxware is a very dense and efficiently coded ensemble of data and commands. It's all neatly compartmentalised to allow easy updates and modifications, as the target, the Iranian nuclear program, tried to eradicate Stuxnet.
The Iranian nuclear program had, what they call in the trade, an 'air gap'. None of the internal computers in the nuclear program were connected to the internet.
So how did Stuxnet get in? I'll talk about that, and how it got its vaguely malevolent name, next time.
No comments:
Post a Comment