What We Can Learn From Stuxnet

Hello readers,

For those of you who have no idea what stuxnet is, Stuxnet was a multitier malware code aimed at stopping the enrichment of the Iranian uranium supply. It did this by targeting specific machine parts using machine language drivers to increase or decrease the rpms of the cylinders used in the enrichment process.

Stuxnet did quite a bit more than simply target the machine drivers, and what was particularly interesting was it’s method. It targeted machines and analyzed the machine components, lay in wait while observing, passed itself along to other machines within the network, and hid it’s activity by sending false readings of the machine parts operations.

Incidently the malware crippled over 1000 machines – before escaping into the wild like some kind of super ninja code snippet.

It was introduced via usb drive within the target network to devastating effect – and no agency has yet stepped forward to claim responsibility.

Granted much of this is available on the linked wikipedia page.

What probably isn’t as immediately obvious is that this particular brand of malware used mostly simple coding and a variety of zero day exploits 4 of them according to Nova, an educational program entitled “Rise of The Hackers” was instrumental in the writing of this piece.

Among other details regarding Stuxnet; It found it’s way onto over 100,000 Microsoft Windows Computers which were presumably not being used to enrich uranium… and did so by utilizing the plug and play type interaction that most computers use when introduced to other machines within a network.

Stuxnet has a sort of celebrity status among hackers and security personell due mostly to it’s success, and while it doesn’t make an ideal model for every type of hack, it certainly gives us an overview that reads like a fairy tale warning to Little Red Riding Hood – except the warning is precisely, “Plugging unknown devices into your computer can lead to pretty much anything.”

Chances are if you work anywhere that uses computers (without pictures of french fries on them,) you have some familiarity with the ubiquitous; “Don’t do that on these computers” speech. It comes somewhere between personal emails and not stealing lunches from the office refrigerator speech.

According to Semantec: 75% of the USB devices discovered in an office setting with company branding end up “somehow” plugged in to the office computer, cd/dvds with any implied data (especially financial) that number approaches 100%. If you wondered why your IT guy hates you it’s because he imagines you doing this literally constantly.

Stuxnet is not the ideal model for every kind of hack, it is however almost the fantasy level hack for anyone who aspires to change a few odds and ends and cripple all of the banks, or power plants. It would probably be a fairly hellish scenario if it had been tailored to attack cell towers or other types of infrastructure.

I use the past tense terminology because much of the operational code has by now been studied and patches have been written to eliminate it’s functionality. Stuxnet does demonstrate what is possibly lurking in some nearby business somewhere on a usb or dvd. The attack vectors were personalized down to the specific type of machine, even the type of desired outcome was assured due to the PLC language being easily scripted.

What would have prevented Stuxnet?

Obviously not plugging in that usb drive or dvd would have eliminated the threat entirely unless the hacker was working within that environment, in which case:

Augmented topography – using smaller networks with possibly Linux machines that can be set up to detect changes within the existing networks. Everything from running processes to old school style tiger integrity checks could have potentially mitigated Stuxnet.

Smaller bullseye factor – Not being a country that isn’t trusted with nuclear weapons might have prevented anyone from bothering to handcraft the malware with the kind of precision implied.

Packet monitoring system – While I haven’t seen the specific attack vectors I can imagine that spreading from machine to machine would be preventable if those ports had active monitoring. Port mirroring enables the administrator to keep close track of switch performance by placing a protocol analyzer on the port that’s receiving the mirrored data. Port mirroring is a generic term. Various switch manufacturers each have their own names for the technology. For example, Cisco calls port monitoring SPAN, which stands for Switched Port Analyzer. Courtesy of This Link

Hindsight is 20/20 of course and most of us would never anticipate a hack of this magnitude on one of our networks but it happens. It helps to be somewhat informed and above all else knowlegable of how real the threat can be.

I do have a book about some of this stuff if you enjoyed the article.

Spread the love

1,150 thoughts on “What We Can Learn From Stuxnet”

  1. Wonderful site you have here but I was wondering if you knew of any forums that cover the same topics discussed in this article? I’d really love to be a part of community where I can get advice from other knowledgeable individuals that share the same interest. If you have any suggestions, please let me know. Kudos!

  2. Have you ever thought about including a little bit more than just your articles? I mean, what you say is valuable and all. However think about if you added some great images or video clips to give your posts more, “pop”! Your content is excellent but with images and clips, this site could undeniably be one of the greatest in its field. Superb blog!

  3. I’m curious to find out what blog platform you are using? I’m experiencing some small security problems with my latest site and I’d like to find something more safe. Do you have any suggestions?

  4. I really like what you guys tend to be up too. This sort of clever work and coverage! Keep up the amazing works guys I’ve added you guys to blogroll.

  5. Hello! I know this is kind of off-topic however I had to ask. Does building a well-established website such as yours take a large amount of work? I am completely new to blogging however I do write in my diary on a daily basis. I’d like to start a blog so I can easily share my personal experience and thoughts online. Please let me know if you have any kind of ideas or tips for new aspiring bloggers. Thankyou!

  6. Greetings! I know this is kind of off topic but I was wondering which blog platform are you using for this website? I’m getting tired of WordPress because I’ve had issues with hackers and I’m looking at alternatives for another platform. I would be great if you could point me in the direction of a good platform.

  7. Wow! This blog looks just like my old one! It’s on a totally different topic but it has pretty much the same page layout and design. Superb choice of colors!

  8. Howdy! Do you know if they make any plugins to safeguard against hackers? I’m kinda paranoid about losing everything I’ve worked hard on. Any recommendations?

  9. Do you mind if I quote a couple of your posts as long as I provide credit and sources back to your weblog? My website is in the exact same area of interest as yours and my users would definitely benefit from some of the information you provide here. Please let me know if this alright with you. Thanks a lot!

  10. My developer is trying to persuade me to move to .net from PHP. I have always disliked the idea because of the expenses. But he’s tryiong none the less. I’ve been using WordPress on a number of websites for about a year and am anxious about switching to another platform. I have heard fantastic things about blogengine.net. Is there a way I can transfer all my wordpress posts into it? Any help would be greatly appreciated!

  11. I am not sure where you’re getting your info, but great topic. I needs to spend some time learning much more or understanding more. Thanks for wonderful info I was looking for this information for my mission.

  12. Its like you read my mind! You seem to know so much about this, like you wrote the book in it or something. I think that you could do with a few pics to drive the message home a little bit, but instead of that, this is excellent blog. An excellent read. I will certainly be back.

  13. You could certainly see your skills in the paintings you write. The arena hopes for even more passionate writers such as you who aren’t afraid to say how they believe. At all times go after your heart.

  14. I have been examinating out many of your posts and i must say pretty clever stuff. I will surely bookmark your website.

  15. Howdy! I’m at work browsing your blog from my new iphone 3gs! Just wanted to say I love reading your blog and look forward to all your posts! Keep up the superb work!

  16. I’m not that much of a online reader to be honest but your blogs really nice, keep it up! I’ll go ahead and bookmark your site to come back down the road. Cheers

  17. Have you ever considered about adding a little bit more than just your articles? I mean, what you say is important and everything. However think of if you added some great graphics or videos to give your posts more, “pop”! Your content is excellent but with images and clips, this site could undeniably be one of the best in its field. Very good blog!

  18. Today, I went to the beachfront with my children. I found a sea shell and gave it to my 4 year old daughter and said “You can hear the ocean if you put this to your ear.” She put the shell to her ear and screamed. There was a hermit crab inside and it pinched her ear. She never wants to go back! LoL I know this is completely off topic but I had to tell someone!

  19. Good day! This post couldn’t be written any better! Reading through this post reminds me of my previous room mate! He always kept talking about this. I will forward this post to him. Fairly certain he will have a good read. Many thanks for sharing!

  20. Hello! Someone in my Myspace group shared this website with us so I came to take a look. I’m definitely loving the information. I’m bookmarking and will be tweeting this to my followers! Fantastic blog and amazing style and design.

  21. Definitely, what a fantastic site and informative posts, I definitely will bookmark your website.Best Regards!

  22. Greetings from Florida! I’m bored to tears at work so I decided to check out your blog on my iphone during lunch break. I enjoy the info you present here and can’t wait to take a look when I get home. I’m surprised at how quick your blog loaded on my mobile .. I’m not even using WIFI, just 3G .. Anyways, wonderful site!

  23. Hello there! Do you know if they make any plugins to help with Search Engine Optimization? I’m trying to get my blog to rank for some targeted keywords but I’m not seeing very good success. If you know of any please share. Many thanks!

  24. Great post however , I was wondering if you could write a litte more on this topic? I’d be very grateful if you could elaborate a little bit further. Cheers!

  25. I was curious if you ever considered changing the layout of your blog? Its very well written; I love what youve got to say. But maybe you could a little more in the way of content so people could connect with it better. Youve got an awful lot of text for only having one or two pictures. Maybe you could space it out better?

  26. Hey I know this is off topic but I was wondering if you knew of any widgets I could add to my blog that automatically tweet my newest twitter updates. I’ve been looking for a plug-in like this for quite some time and was hoping maybe you would have some experience with something like this. Please let me know if you run into anything. I truly enjoy reading your blog and I look forward to your new updates.

  27. I’m not sure exactly why but this blog is loading extremely slow for me. Is anyone else having this issue or is it a issue on my end? I’ll check back later on and see if the problem still exists.

  28. Very good written post. It will be beneficial to anyone who utilizes it, as well as myself. Keep doing what you are doing – i will definitely read more posts.

  29. Hmm is anyone else having problems with the images on this blog loading? I’m trying to find out if its a problem on my end or if it’s the blog. Any suggestions would be greatly appreciated.

  30. Hello superb blog! Does running a blog such as this take a lot of work? I have absolutely no understanding of computer programming but I was hoping to start my own blog soon. Anyhow, should you have any suggestions or techniques for new blog owners please share. I know this is off subject however I just had to ask. Appreciate it!

  31. With havin so much written content do you ever run into any problems of plagorism or copyright violation? My site has a lot of completely unique content I’ve either created myself or outsourced but it looks like a lot of it is popping it up all over the internet without my agreement. Do you know any solutions to help protect against content from being stolen? I’d certainly appreciate it.

  32. Hi there! I just wanted to ask if you ever have any problems with hackers? My last blog (wordpress) was hacked and I ended up losing a few months of hard work due to no backup. Do you have any methods to protect against hackers?

  33. I was curious if you ever thought of changing the structure of your blog? Its very well written; I love what youve got to say. But maybe you could a little more in the way of content so people could connect with it better. Youve got an awful lot of text for only having 1 or two images. Maybe you could space it out better?

  34. Hey I know this is off topic but I was wondering if you knew of any widgets I could add to my blog that automatically tweet my newest twitter updates. I’ve been looking for a plug-in like this for quite some time and was hoping maybe you would have some experience with something like this. Please let me know if you run into anything. I truly enjoy reading your blog and I look forward to your new updates.

  35. Great blog! Is your theme custom made or did you download it from somewhere? A design like yours with a few simple tweeks would really make my blog jump out. Please let me know where you got your theme. Bless you

  36. I know this if off topic but I’m looking into starting my own weblog and was curious what all is needed to get set up? I’m assuming having a blog like yours would cost a pretty penny? I’m not very internet savvy so I’m not 100% positive. Any tips or advice would be greatly appreciated. Kudos

  37. The other day, while I was at work, my cousin stole my iPad and tested to see if it can survive a 40 foot drop, just so she can be a youtube sensation. My apple ipad is now broken and she has 83 views. I know this is totally off topic but I had to share it with someone!

  38. Pretty section of content. I just stumbled upon your weblog and in accession capital to assert that I acquire actually enjoyed account your blog posts. Anyway I will be subscribing to your augment and even I achievement you access consistently rapidly.

  39. Hello! Someone in my Facebook group shared this site with us so I came to look it over. I’m definitely loving the information. I’m bookmarking and will be tweeting this to my followers! Exceptional blog and outstanding design and style.

  40. Hmm is anyone else experiencing problems with the pictures on this blog loading? I’m trying to find out if its a problem on my end or if it’s the blog. Any suggestions would be greatly appreciated.

  41. Do you mind if I quote a couple of your articles as long as I provide credit and sources back to your weblog? My blog is in the very same niche as yours and my visitors would genuinely benefit from a lot of the information you provide here. Please let me know if this ok with you. Appreciate it!

  42. Hi there! This post couldn’t be written any better! Reading this post reminds me of my good old room mate! He always kept chatting about this. I will forward this article to him. Pretty sure he will have a good read. Many thanks for sharing!

  43. Hey! I know this is kinda off topic nevertheless I’d figured I’d ask. Would you be interested in trading links or maybe guest writing a blog post or vice-versa? My blog addresses a lot of the same topics as yours and I think we could greatly benefit from each other. If you’re interested feel free to send me an email. I look forward to hearing from you! Awesome blog by the way!

  44. First off I want to say superb blog! I had a quick question that I’d like to ask if you do not mind. I was interested to find out how you center yourself and clear your mind before writing. I’ve had difficulty clearing my mind in getting my ideas out. I truly do take pleasure in writing however it just seems like the first 10 to 15 minutes are usually wasted just trying to figure out how to begin. Any suggestions or tips? Thank you!

  45. Howdy I am so happy I found your blog, I really found you by mistake, while I was searching on Aol for something else, Nonetheless I am here now and would just like to say kudos for a fantastic post and a all round interesting blog (I also love the theme/design), I don’t have time to look over it all at the moment but I have book-marked it and also added in your RSS feeds, so when I have time I will be back to read a great deal more, Please do keep up the fantastic work.

  46. Hmm is anyone else having problems with the images on this blog loading? I’m trying to determine if its a problem on my end or if it’s the blog. Any feed-back would be greatly appreciated.

  47. Does your website have a contact page? I’m having problems locating it but, I’d like to send you an e-mail. I’ve got some ideas for your blog you might be interested in hearing. Either way, great site and I look forward to seeing it expand over time.

  48. At this time it looks like BlogEngine is the top blogging platform available right now. (from what I’ve read) Is that what you are using on your blog?

  49. With havin so much content do you ever run into any issues of plagorism or copyright infringement? My website has a lot of completely unique content I’ve either written myself or outsourced but it seems a lot of it is popping it up all over the internet without my permission. Do you know any ways to help stop content from being stolen? I’d genuinely appreciate it.

  50. Have you ever considered publishing an ebook or guest authoring on other sites? I have a blog based upon on the same topics you discuss and would love to have you share some stories/information. I know my visitors would appreciate your work. If you’re even remotely interested, feel free to shoot me an email.

Leave a Reply

Your email address will not be published. Required fields are marked *