What We Can Learn From Stuxnet

Hello readers,

For those of you who have no idea what stuxnet is, Stuxnet was a multitier malware code aimed at stopping the enrichment of the Iranian uranium supply. It did this by targeting specific machine parts using machine language drivers to increase or decrease the rpms of the cylinders used in the enrichment process.

Stuxnet did quite a bit more than simply target the machine drivers, and what was particularly interesting was it’s method. It targeted machines and analyzed the machine components, lay in wait while observing, passed itself along to other machines within the network, and hid it’s activity by sending false readings of the machine parts operations.

Incidently the malware crippled over 1000 machines – before escaping into the wild like some kind of super ninja code snippet.

It was introduced via usb drive within the target network to devastating effect – and no agency has yet stepped forward to claim responsibility.

Granted much of this is available on the linked wikipedia page.

What probably isn’t as immediately obvious is that this particular brand of malware used mostly simple coding and a variety of zero day exploits 4 of them according to Nova, an educational program entitled “Rise of The Hackers” was instrumental in the writing of this piece.

Among other details regarding Stuxnet; It found it’s way onto over 100,000 Microsoft Windows Computers which were presumably not being used to enrich uranium… and did so by utilizing the plug and play type interaction that most computers use when introduced to other machines within a network.

Stuxnet has a sort of celebrity status among hackers and security personell due mostly to it’s success, and while it doesn’t make an ideal model for every type of hack, it certainly gives us an overview that reads like a fairy tale warning to Little Red Riding Hood – except the warning is precisely, “Plugging unknown devices into your computer can lead to pretty much anything.”

Chances are if you work anywhere that uses computers (without pictures of french fries on them,) you have some familiarity with the ubiquitous; “Don’t do that on these computers” speech. It comes somewhere between personal emails and not stealing lunches from the office refrigerator speech.

According to Semantec: 75% of the USB devices discovered in an office setting with company branding end up “somehow” plugged in to the office computer, cd/dvds with any implied data (especially financial) that number approaches 100%. If you wondered why your IT guy hates you it’s because he imagines you doing this literally constantly.

Stuxnet is not the ideal model for every kind of hack, it is however almost the fantasy level hack for anyone who aspires to change a few odds and ends and cripple all of the banks, or power plants. It would probably be a fairly hellish scenario if it had been tailored to attack cell towers or other types of infrastructure.

I use the past tense terminology because much of the operational code has by now been studied and patches have been written to eliminate it’s functionality. Stuxnet does demonstrate what is possibly lurking in some nearby business somewhere on a usb or dvd. The attack vectors were personalized down to the specific type of machine, even the type of desired outcome was assured due to the PLC language being easily scripted.

What would have prevented Stuxnet?

Obviously not plugging in that usb drive or dvd would have eliminated the threat entirely unless the hacker was working within that environment, in which case:

Augmented topography – using smaller networks with possibly Linux machines that can be set up to detect changes within the existing networks. Everything from running processes to old school style tiger integrity checks could have potentially mitigated Stuxnet.

Smaller bullseye factor – Not being a country that isn’t trusted with nuclear weapons might have prevented anyone from bothering to handcraft the malware with the kind of precision implied.

Packet monitoring system – While I haven’t seen the specific attack vectors I can imagine that spreading from machine to machine would be preventable if those ports had active monitoring. Port mirroring enables the administrator to keep close track of switch performance by placing a protocol analyzer on the port that’s receiving the mirrored data. Port mirroring is a generic term. Various switch manufacturers each have their own names for the technology. For example, Cisco calls port monitoring SPAN, which stands for Switched Port Analyzer. Courtesy of This Link

Hindsight is 20/20 of course and most of us would never anticipate a hack of this magnitude on one of our networks but it happens. It helps to be somewhat informed and above all else knowlegable of how real the threat can be.

I do have a book about some of this stuff if you enjoyed the article.

Spread the love

373 thoughts on “What We Can Learn From Stuxnet

  1. I’m really enjoying the design and layout of your blog. It’s a very easy on the eyes which makes it much more pleasant for me to come here and visit more often. Did you hire out a designer to create your theme? Superb work!

  2. I do not know whether it’s just me or if perhaps everyone else experiencing issues with your website. It appears as though some of the text on your content are running off the screen. Can somebody else please provide feedback and let me know if this is happening to them as well? This could be a issue with my browser because I’ve had this happen previously. Cheers

  3. Howdy! This is kind of off topic but I need some advice from an established blog. Is it very difficult to set up your own blog? I’m not very techincal but I can figure things out pretty quick. I’m thinking about creating my own but I’m not sure where to begin. Do you have any tips or suggestions? Thank you

  4. Greetings! I’ve been reading your blog for some time now and finally got the bravery to go ahead and give you a shout out from Humble Tx! Just wanted to mention keep up the fantastic job!

  5. Thanks for your personal marvelous posting! I genuinely enjoyed reading it, you might be a great author.I will make certain to bookmark your blog and may come back later in life. I want to encourage you to ultimately continue your great work, have a nice morning!

  6. Hi there! I just wanted to ask if you ever have any problems with hackers? My last blog (wordpress) was hacked and I ended up losing a few months of hard work due to no backup. Do you have any methods to stop hackers?

  7. It¡¦s truly a great and helpful piece of information. I am satisfied that you shared this helpful info with us. Please keep us up to date like this. Thanks for sharing.

  8. Hi there! I know this is kinda off topic but I’d figured I’d ask. Would you be interested in exchanging links or maybe guest writing a blog post or vice-versa? My site covers a lot of the same subjects as yours and I believe we could greatly benefit from each other. If you are interested feel free to send me an e-mail. I look forward to hearing from you! Great blog by the way!

  9. With havin so much content and articles do you ever run into any problems of plagorism or copyright violation? My website has a lot of completely unique content I’ve either created myself or outsourced but it looks like a lot of it is popping it up all over the internet without my permission. Do you know any ways to help protect against content from being ripped off? I’d truly appreciate it.

  10. I’m truly enjoying the design and layout of your blog. It’s a very easy on the eyes which makes it much more pleasant for me to come here and visit more often. Did you hire out a developer to create your theme? Outstanding work!

  11. Today, I went to the beach with my children. I found a sea shell and gave it to my 4 year old daughter and said “You can hear the ocean if you put this to your ear.” She put the shell to her ear and screamed. There was a hermit crab inside and it pinched her ear. She never wants to go back! LoL I know this is entirely off topic but I had to tell someone!

  12. Write more, thats all I have to say. Literally, it seems as though you relied on the video to make your point. You definitely know what youre talking about, why waste your intelligence on just posting videos to your site when you could be giving us something informative to read?

  13. Hello there I am so happy I found your weblog, I really found you by error, while I was browsing on Bing for something else, Nonetheless I am here now and would just like to say thanks for a tremendous post and a all round exciting blog (I also love the theme/design), I don’t have time to read through it all at the moment but I have bookmarked it and also added your RSS feeds, so when I have time I will be back to read a lot more, Please do keep up the superb work.

  14. Hey there just wanted to give you a quick heads up. The words in your content seem to be running off the screen in Internet explorer. I’m not sure if this is a format issue or something to do with web browser compatibility but I figured I’d post to let you know. The layout look great though! Hope you get the issue fixed soon. Thanks

  15. My developer is trying to convince me to move to .net from PHP. I have always disliked the idea because of the costs. But he’s tryiong none the less. I’ve been using WordPress on numerous websites for about a year and am nervous about switching to another platform. I have heard excellent things about blogengine.net. Is there a way I can transfer all my wordpress content into it? Any help would be really appreciated!

  16. I really like your blog.. very nice colors & theme. Did you make this website yourself or did you hire someone to do it for you? Plz answer back as I’m looking to construct my own blog and would like to know where u got this from. cheers

  17. Hey I know this is off topic but I was wondering if you knew of any widgets I could add to my blog that automatically tweet my newest twitter updates. I’ve been looking for a plug-in like this for quite some time and was hoping maybe you would have some experience with something like this. Please let me know if you run into anything. I truly enjoy reading your blog and I look forward to your new updates.

  18. With havin so much content and articles do you ever run into any issues of plagorism or copyright violation? My website has a lot of unique content I’ve either created myself or outsourced but it appears a lot of it is popping it up all over the web without my permission. Do you know any methods to help stop content from being ripped off? I’d certainly appreciate it.

  19. Greetings! I’ve been following your blog for a while now and finally got the courage to go ahead and give you a shout out from Porter Tx! Just wanted to mention keep up the fantastic work!

  20. I am curious to find out what blog system you happen to be utilizing? I’m having some minor security issues with my latest blog and I would like to find something more safeguarded. Do you have any solutions?

  21. Hi! Do you know if they make any plugins to help with Search Engine Optimization? I’m trying to get my blog to rank for some targeted keywords but I’m not seeing very good results. If you know of any please share. Thank you!

  22. Do you have a spam problem on this site; I also am a blogger, and I was wanting to know your situation; we have created some nice methods and we are looking to exchange strategies with others, please shoot me an e-mail if interested.

Leave a Reply

Your email address will not be published. Required fields are marked *