Thursday, February 17, 2011

Stuxnet the Leading Edge of Sophisticated Espionage and Sabotage

Natanz Nuclear Enrichment Defense Iran
Stuxnet appears to have been developed in the US and refined in Israel, before being introduced into Iranian computers by shadowy import-export companies. More from Wired:
In August 2009, Iran agreed to let the IAEA install surveillance cameras outside the enrichment facility to monitor any equipment that moved in or out. Suddenly, over a six-month period beginning late 2009, U.N. officials monitoring the surveillance images “watched in amazement” as Iranian workers “dismantled more than 10 percent of the plant’s 9,000 centrifuge machines used to enrich uranium,” according to the Washington Post. “Then, just as remarkably, hundreds of new machines arrived at the plant to replace the ones that were lost.”

Investigators described the effort as a feverish attempt to contain damage and replace broken parts, suggesting the centrifuges had indeed been operational when they broke.

“That it was 1,000 centrifuges and that it happened over a short period of time and the Iranians were upset about it” indicates the centrifuges were spinning or under vacuum – a preparation stage – when they broke, says Albright. “Because of the surprise and rapidity of all this happening, it indicates this.”

One other piece of information suggests Iran’s nuclear program was the target of Natanz. Last week security firm Symantec released a report revealing that the Stuxnet attack targeted five organizations in Iran that were infected first in an effort to spread the malware to Natanz.

Because Natanz’s PLCs are not connected to the internet, the best hope of attacking them – short of planting a mole inside Natanz – was infecting other computers that could serve as a gateway to the Natanz PLC. For example, infecting computers belonging to a contractor in charge of installing software at Natanz could help get the malware onto the Natanz system.

Symantec said the companies were hit in attacks in June and July 2009 and in March, April and May 2010. Symantec didn’t name the five organizations but said that they all “have a presence in Iran” and are involved in industrial processes.

Albright managed to glean from discussions with Symantec that some of the companies are involved in the acquisition and assembling of PLCs. What’s more, Symantec researchers told Albright that they found the names of some of the companies on suspect entity lists – lists of firms and organizations suspected of violating non-proliferation agreements by procuring parts for Iran’s nuclear program. _Wired
No one will shed tears for the Iranian nuclear weapons program, nor for the international companies which are illegally aiding the Iranians. But this attack is just the tip of the iceberg, and a mere suggestion of the wave of more sophisticated forms of sabotage, espionage, and covert warfare which is on the way.
Targeted acts of sabotage disrupt, but the real pay-off comes from identifying the human and technical links in the chain of command. Observing who responds – and when – to worm-driven destruction helps illuminate who really runs Iran’s nuclear infrastructures. Real-world Iranian responses offer critical clues as to which scientists, administrators and engineers are trusted and who is suspect. The chance to monitor Iran’s response would be of great interest to Mossad, the International Atomic Energy Agency, America’s CIA and/or Britain’s GCHQ.

Crafting a worm that generates potential insight into all those issues represents an intelligence coup. It is as potentially revelatory as a WikiLeaks data dump. That is why interpreting Stuxnet as desperate stop-gap or one-off intervention almost certainly misunderstands its purpose. Sabotage here is a means to an end; it is a gambit to make Iran’s nuclear processes more transparent.

Iran’s nuclear elite and Ministry of Intelligence know this. It is no secret now to the mullahs that their responses to the Stuxnet breach were closely monitored by external intelligence agencies. Their internal security is furiously trying to assess what information might have inadvertently been revealed. _FT

Stuxnet's sophistication is considered to be unprecedented. But from now on, Stuxnet will be the benchmark against which future spyware and malware will be gauged.
Mr Salem [of Symantec] said new technology and new approaches are needed.

"I run the largest security company in the world. I get up and people say I have a vested interest (in pushing this line). But my job is to protect and provide security and when we say critical infrastructure is under attack, it is real."

Mr Salem mapped out a number of strategic steps that need to be taken to guard against the next major cyber attack. They include an early warning system, better intelligence on what attacks could happen, better protection, the ability to anticipate what any threat could look like and the ability to clean up after an attack.

He also pointed to a role for government that might involve a counter attack or strike.

The idea of a kill switch to allow the government to switch off the internet if it is under attack is one he did not seem overly enthusiastic about.

"The ability for us to turn something off like that and not cause other massive disruption would be very hard. We are becoming more and more dependent on the internet. There are better approaches than trying to shut off the internet. _BBC
This growing dependency on the internet can be seen at all levels of every society in the advanced world. It represents a growing vulnerability -- given the revelation of what malware like Stuxnet can do -- and needs to be addressed now, before societies move to depend upon an even more vulnerable "smart grid" power system.

The threat is real, and the threat is now.
More than 100 foreign intelligence agencies have tried to breach United States defence networks, largely to steal military plans and weapons systems designs, a top Pentagon official said. _NZHerald
Consequently, the US Pentagon is seeking half a billion US dollars to develop new cyber technologies -- including powerful new defenses to guard agains the powerful new cyber-attack threats.
The $500 million is part of the Pentagon’s 2012 budget request of $2.3 billion to improve the Defense Department’s cyber capabilities. At a Pentagon news conference yesterday, Defense Secretary Robert Gates called the research money, to be spent through the Defense Advanced Research Projects Agency, or Darpa, “big investment dollars, looking to the future.”

The military is reaching out to commercial companies for the latest technologies and technical experts to safeguard the Pentagon’s computer networks from attacks and espionage, Lynn said. The effort is part of a “comprehensive cyber strategy called Cyber 3.0,” he said. _Bloomberg

The djinn is long out of the bottle, wreaking havoc on uranium enrichment centrifuge cyber systems. Similar djinns will soon fly out, based upon similar advanced cyber technology, with wider mission profiles and less selective targeting.

But regular readers of Al Fin blogs will understand that this cyber threat -- for all its potential for disruption and destruction -- is only the visible and more imaginable problem. More creative and malicious destructors are on the way, as advanced sciences and technology merge with unimaginably sophisticated hardware and software.

This is the start of the long war, which may either result in humans sinking to a pre-technological level for hundreds or thousands of years, or in humans transcending their monkey natures on the way to the wide-open next level. Watch and see.

Hope for the best. Prepare for the worst.

No comments: