Report: Stuxnet Worm
Attacks Iran, Who is Behind It?
BY CHLOE ALBANESIUS ,
LARRY SELTZER SEPTEMBER 27, 2010
The Stuxnet worm has
already infected 30,000 IP addresses in Iran and is still mutating, according
to Monday press reports. "The attack is still ongoing and new versions of
this virus are spreading," Hamid Alipour, deputy head of Iran's
Information Technology Company, was quoted as saying by IRNA, Iran's official
news agency, AFP reported.
Stuxnet, a joint U.S.-Israel
project, is known for reportedly
destroying roughly a fifth of Iran’s nuclear centrifuges by
causing them to spin out of control. Stuxnet was created for Siemens
supervisory control and data acquisition (SCADA) systems, which control water
supplies, oil rigs, power plants, and other industrial facilities. Iranian
authorities have denied that the country's Bushehr nuclear plant was targeted,
AFP said, though Computerworld reported that while some computers at the
facility were infected, none were in control of crucial control systems.
Stuxnet appears to be
more than just another malware attack or another targeted attack. Many believe
that it is a government-sponsored attack against Iran's nuclear facilities.
Stuxnet first came to our attention as the first attack using Microsoft Windows
Shortcut 'LNK/PIF' vulnerability. German security firm Langner called it the
"hack of the century." Roel Schouwenberg of Kaspersky also said it
was groundbreaking.
Effect of the Attack: Minor
Effect is defined as an
impact of a cyber crime attack, that could be considered anywhere from major to
negligible. However, in this case the effect of this attack is not so major and
is recoverable and minor.
Moreover, the Stuxnet
virus did cause the destruction of the Iran’s nuclear centrifuges by causing
them to go out of control. The control room of the Iran’s nuclear plant
had no idea about this situation since the virus Stuxnet made everything appear
normal.
The aim of the virus was
not to destroy the centrifuge system, but to decrease the lifetime of the
Iran’s centrifuges and making the Iranian’s feel that the most advances system
is out of their understanding. The attack did make the organization realize the
importance of the cyber security and from the incident they decided to solidify
their security in cyber world as well as assigning a significant budget for
it.(Fiza Mirza)
Vulnerability: Shortcut LNK/PIF.
Vulnerability is weakness
in a system. Hacker can exploit the vulnerability to hack the system or gain
control. These vulnerabilities can be caused by improper configuration or
faulty codes or error in design of the system.
Stuxnet was a worm which
could replicate itself and spread to the whole system it does not require human
interaction. Microsoft windows is prone to vulnerability of handling LNK PIF
files. An attacker may exploit this issue to execute arbitrary code.
The attacker must
entice a victim to view an especially crafted shortcut. The Stuxnet first
attacked Microsoft windows machines Shortcut LNK/PIF. Then it sought out
Siemens Step7 software which is also windows based and used to program
industrial control system that operate equipment, such as centrifuges and
finally it compromised the programmable logic controllers.( Khadija tul Qubra)
Automation Level: Automatic
Automation level
can be defined as the level of input the user is doing in the attack. It can be
classified in three types. First type is manual in which the attacker will need
to select manually the target and the methodology. The second type is
Automatic. It requires minimum input from the attacker. The combination of both
types is called Semi-automatic.
In this case, the
attacker is an organized criminal group who are located in a foreign location.
They used tools to reach their target. In addition, the system required no
input from the attacker. The attack was executed automatically as they did not
use any manual way to do their attack. Hence, the automation level in this case
is automatic.
“Stuxnet, a
joint U.S.-Israel project, is known for reportedly destroying roughly a fifth
of Iran’s nuclear centrifuges by causing them to spin out of
control.” Large numbers were destroyed which prove that this attack
was automated. (Shaima Albugami)
Scope: Government Network
The scope is refers to
the size and kind of substance that is focused on. The scope is contain three
types which are: So, in this case study we found that the scope is
government network because the attack it was between USA and Iran.
USA want to attack the
software for Iran. And we know all these information from this paragraph:A
joint U.S.-Israel project, is known for reportedly destroying roughly a fifth
of Iran’s nuclear centrifuges by causing them to spin out of control.(shahad
maddah)
Target: Software, Windows Microsoft
Computers can be the
target of a criminal activity, a storage place for data about a criminal
activity and/or the actual tool used to commit a crime (planning criminal
activity). One of the most publicized crimes is targeting computers software.
In this case the
target was attack (Software, Windows Microsoft). The software attack
surface is the complete profile of all functions in any code running in a given
system that are available to an unauthenticated user.
Stuxnet attacked Windows
systems using an unprecedented four zero-day attacks. It is initially spread
using infected removable drives such as USB flash drives, and then uses other
exploits and techniques such as peer-to-peer RPC to infect and update other computers
inside private networks that are not directly connected to the Internet.( by
Wed Almarhabi)
For more information on this case study click here.
For countermeasure and protection from this attack click here
For other Case-studies click on the links below:
Sources:
1. http://www.pcmag.com/article2/0,2817,2369745,00.asp
