State Actors have Developed Cyberweapons to Cripple Infrastructure

“… we believe that state actors have developed cyberweapons to cripple infrastructure targets in ways tantamount to kinetic assaults. Some of these weapons could potentially destroy hardware as well as data and software.”

This was the report General Keith Alexander, head of the U.S. Cyber Command, told Congress last Wednesday according to the Washington Times.

Stuxnet has really shaken the cyber war experts with it’s innate ability to modify and actually destroy physical hardware. Unfortunately this seems to have not gone unnoticed by all the nations that are involved and creating offensive cyber weapons.

Countries are actively searching out and recruiting the necessary talent to create such weapons. Iran is willing to pay up to $10,000 per month for computer hackers. And the thing is, the individual recruits may not even know what they are working on:

“Computer experts working on piecemeal projects wouldn’t even necessarily know they were working on a government cyberattack plan, according to Mohsen Sazegara, another former member of the Iranian Revolutionary Guard, who now lives in the Washington, D.C., area. “It’s a process.

They write complicated programs and divide and subdivide the work in such a way that even a highly qualified person might not know the end results. So they (the regime) can recruit many people who would not know that the end result of their work might be a computer worm.”

This process sounds very much like the plot of the 2007 “Live free or Die Hard” movie with Bruce Willis and “I’m a Mac” actor Justin Long.  Where individual hacker’s programs are created separately, then brought together to create an attack that shuts down American infrastructure.

And if General Alexander belief that state actors have already created “kinetic” cyber weapons, then we will be facing much more sophisticated attacks than the Iranian Cyber Army’s defacement of the “Voice of America news service” website.

Simple Example of How Stuxnet Infects PLC Controls

Good video from Symantec with a simple demonstration of how the Stuxnet virus could actually modify the program being fed to a PLC controller. A PLC controller is simply a programmable driver that runs a motor or other industrial device. 

In the example, an air pump is connected to a PLC and programmed to run for 3 seconds. The motor correctly runs for three seconds, then shuts off. Once a modified DLL file is used, simulating a  Stuxnet attack, even though the pump is told to run for three seconds by the program, it runs continually.

The real Stuxnet virus would run Iran’s processing motors at high and low speeds while still displaying to the control console that the speed was constant. This in effect ruined the process of refining the fuel and also damaged the motors.

Stuxnet, just another Malware or Targeted Cyberweapon?

For those who follow Cyber Arms regularly, you have noticed that there was not a Cyber Arms Intelligence report this week. With Stuxnet being the major news story by far and with so many different main stream news channels covering it, it just seemed to be redundant.

I still personally believe that Israel is behind Stuxnet. Not that I am against Israel in any way. But, they do have the technology, know how, and the intent. I remember near the end of last year, that Israel announced that they would strike Iran before January 2010 if negotiations and sanctions against Iran failed. Last I checked, negotiations have not worked and Iran has been laughing at the sanctions.

Israel is known for taking the best and brightest of their college youth and placing them into government security type positions. Israel’s signal intelligence and code decryption Unit 8200 is formed this way. This is the same unit that also gave Israel’s hackers a choice in the 1990’s, sign up or face prison time.

A nuclear armed Iran is a very serious threat to Israel. For us here in the US, it is a big concern if Iran gets nuclear weapons, but to Israel it is a life or death issue. Israel is such a small nation, about the size of New Jersey, and is surrounded on every side by nations that hate her or want her destroyed. If Iran did not attack Israel directly with nuclear weapons, Iran most likely would sell nuclear material to any number of terrorists groups.

Israel attacked nuclear reactors that were being built in Syria and Iraq. No way would they sit idly by and allow Iran to complete the Bushehr plant. Also, with Russia helping Iran build the plant and up until recently, possibly providing them with state of the art anti-aircraft missiles, the possibility of an air strike was dwindling. So, how do you take out a nuclear plant, without bombing it from the air?

Stuxnet seems to be the perfect weapon for the job, a USB drive malware that attacks SCADA systems, uploads its configuration data and can even reprogram the equipment. Then it can hide itself with a root kit to prevent detection. 

Did I mention that one of the world’s largest USB drive manufacturers was founded and is run by an Israeli engineer? No correlation I am sure.

The command and control server for Stuxnet has been taken down, as far as we know. But even experts do not know if removing the malware will completely eradicate the effects. Control equipment company Siemens was afraid that even with the virus removed, it may have already altered parts of the Siemens programming language and recommended that infected users restore from a known good backup.

So Iran may have a nuclear plant, but will it ever be safe to turn it on?