Stuxnet: War 2.0
The virus that attacked Iran’s nuclear facilities marked the beginning of an era of cyber war.
Is the world on the brink of a military IT revolution? Facts. Comments Analytics.
“I don’t know what weapons they will fight in the third world war, but in the fourth they will use stones and batons”
In late September, it became known that the Stuxnet virus caused serious damage to the Iranian nuclear program. Using vulnerabilities in the operating system and the notorious “human factor,” Stuxnet successfully hit 1,368 of the 5,000 centrifuges at the Natanz uranium enrichment plant, and also missed the launch date for the Bushehr nuclear power plant. The customer is unknown. The contractor is a negligent Siemens employee who inserted an infected flash drive into a workstation. The damage to Iran’s nuclear facilities is comparable to the damage from an Israeli air force attack.
The world started talking about a new generation of wars. Cyber attacks can be ideal tools for subsequent wars - they are swift, effective in their destructiveness and, as a rule, anonymous. Today, states hastily agree on a joint strategy to counter cyber threats. What will be tomorrow? Unfortunately, Einstein’s gloomy aphorism remains the most realistic answer to this question.
Iran helpless before techno-threat
The editorials of the world press were filled with gloomy prophecies about the era of technological wars. Over the clue to Stuxnet, a virus that has struck Iran’s nuclear facilities, experts from a wide range of fields are fighting: from IT security to linguistics and anthropology. Stuxnet was discovered by antivirus laboratories a long time ago, but the world learned about the true extent of the infection in late September, when it became known about the delay in launching the first Bushehr nuclear power plant in Iran. Despite the fact that Ali Akbar Salehi , head of the Atomic Energy Organization of Iran, said that the delay in starting up nuclear power plants has nothing to do with the virus, Mark Fitzpatrick, an employee of the International Institute for Strategic Studies said that it sounds "not very serious", and Iran is inclined to hush up real problems at nuclear power plants. After some time, “let slip” Mahmoud Jafari, project manager at the Bushehr station. According to him, Stuxnet "hit several computers, but did not cause any damage to the main operating system of the station." Sapienti sat. Iran’s nuclear facilities in Natanz also suffered very seriously: 1368 out of 5,000 centrifuges were put out of action as a result of Stuxnet’s actions. When Mahmoud Ahmadinejad, after a session of the UN General Assembly, was directly asked about technological problems with the nuclear program, he only shrugged and did not answer. Note that according to the New York Times, the damage from the virus in Iran is comparable, perhaps, with the attack of the Israeli Air Force.
The author! The author!
For obvious reasons, Stuxnet developers prefer to stay in the background, but it is clear that the complexity of the virus can be called unprecedented. The creation of such a project requires huge intellectual and financial investments, which means that only state-scale structures can do it. All experts agree that the virus is not the fruit of the efforts of the "group of enthusiasts." Laurent Esloh, Symantec Security Manager, suggests that at least six to ten people have worked on the Stuxnet for six to nine months. Frank Rieger, Technical Director of GSMK, supports his colleague - according to him, the virus was created by a team of ten experienced programmers, and the development took about six months. Rieger also names the estimated amount of Stuxnet creation: it amounts to at least $ 3 million. Evgeny Kaspersky, Kaspersky Lab’s CEO, says about the virus’s military objectives: “Stuxnet does not steal money, does not send spam and does not steal confidential information. This malware was created to control production processes, literally manage huge production capacities. In the recent past, we fought against cyber criminals and online hooligans, now, I am afraid, the time is coming for cyber terrorism, cyber weapons and cyber war. ” Tillmann Werner, Member of the Internet Security Community literally manage huge production facilities. In the recent past, we fought against cyber criminals and online hooligans, now, I am afraid, the time is coming for cyber terrorism, cyber weapons and cyber war. ” Tillmann Werner, Member of the Internet Security Community literally manage huge production facilities. In the recent past, we fought against cyber criminals and online hooligans, now, I am afraid, the time is coming for cyber terrorism, cyber weapons and cyber war. ” Tillmann Werner, Member of the Internet Security CommunityHoneynet Project , I am sure: lone hackers are not capable of this. “Stuxnet is so perfect from a technical point of view that it should be based on the fact that experts from government agencies took part in the development of the malware, or that at least they provided some assistance in its creation,” says Werner.
In the analysis of Stuxnet, some media concluded that Israel is behind the creation of the virus. The first to speak of Israel’s involvement in the attack on Iran was John Markoff , a journalist for the New York Times, reporting that analysts emphasized the name of one of the code fragments “myrtus” (“myrtle”). Translated into Hebrew, “myrtle” sounds like “adas,” which, in turn, is consonant with the name “Adassa” belonging to Esther (Esther)- The heroine of Jewish history, who saved her people from destruction in the Persian Empire. Drawing an analogy with ancient Persia, on the territory of which modern Iran is located, some analysts believe that Israel left a “calling card” in the virus code. However, according to a number of experts, this version does not withstand any criticism and resembles the plot of a cheap detective - too primitive "handwriting", as for a project of this magnitude.
However, it should be emphasized that as early as last summer (recall, the distribution of Stuxnet began in 2009), the WikiLeaks resource reported a serious nuclear accident in Natanz. Soon after, it became known that the head of the Atomic Energy Organization of Iran, Gholam Reza Aghazadehresigned without explanation. At about the same time, Israeli politicians and the military spoke about the possible confrontation with Iran on the technological front in the media. In addition, Israel adjusted the forecast date for Iran to receive the atomic bomb, postponing it for 2014, and the powers of Meir Dagan , the head of the Mossad, were extended for his participation in unnamed “important projects”.
A noteworthy history of primary infection, which laid the foundation for the spread of the virus. Obviously, automated control systems of this level are not connected to the Network. Expert from NATO Cyber Center in Estonia Kenneth Geersat one of the security conferences, suggested that the success of the Stuxnet attack depended solely on contacts with the right people and ... basic USB drives. “You can pay someone who launches the trojan into a closed system, or replace the USB flash drive, which was intended only for internal use,” says Girs. “It’s enough to insert an infected USB flash drive into the standard USB port of the computer, and Stuxnet will automatically jump to the operating system immediately, and no anti-virus programs and other protection measures will hinder it.” Indeed, the human factor turned out to be the “weak link” - Stuxnet was entered into the system using a regular USB drive, which, inadvertently, was inserted by a negligent employee into the workstation. It is noteworthy that after the statements of the Minister of Intelligence of IranHeydar Moslehi (Heydar Moslehi) about the detention of "nuclear spies" (they turned out to be completely uninvited Russian technicians), the leadership of Siemens acknowledged that the virus was carried by company employees, emphasizing the unintentional nature of the infection. It should be noted that Stuxnet only affects a specific type of Siemens controller, namely SIMATIC S7, which, according to the IAEA, is used by Iran.
Cyber war. Battleground - Earth?
At the 2010 Virus Bulletin conference in Vancouver, Canada, a brief report by Liam O Murchu , one of Symantec’s leading IT security experts , drew public attention . The analyst conducted an experiment explaining the dangers of cyber threats better than hundreds of formal reports. About Merchu installed an air pump on the stage running the Siemens operating system, infected the workstation with the Stuxnet virus and launched the process. The pump quickly inflated the balloon, but the process did not stop - the balloon inflated until it burst. “Imagine this is not a balloon, but an Iranian nuclear power plant,” the expert said, putting an end to the issue of the “seriousness” of cyber war.
Colleagues About Merch fully share his concerns. Trend Micro researcher Paul Ferguson said that with the creation of Stuxnet, a full-fledged cyber weapon has appeared in the world that goes beyond the traditional destructive schemes (theft of credit card numbers, etc.) and can lead to serious accidents in very dangerous industrial facilities. Ferguson emphasizes that now analysts will "literally intimidate the government in order to begin to take serious security measures."
Indeed, the head of the newly created US Cyber Staff at the Pentagon, General Keith AlexanderSpeaking in Congress, he publicly stated that over the past few years, the threat of cyber war has been growing rapidly. Alexander recalled two cyber attacks on entire states - on Estonia (in 2007, after the dismantling of the Bronze Soldier) and on Georgia (in 2008, during the war with Russia).
Estonian President Toomas Hendrik Ilvesin an interview with Berliner Zeitung raises the issue of cyber threats at the highest level. The Estonian president emphasizes: NATO’s decision to host the Cybersecurity Center in Tallinn (recall, it opened in May 2008) is due to the fact that Estonia is one of the most computerized countries in Europe, as well as the first state to undergo a full-scale cyber attack in 2007. After an attack that paralyzed the infrastructure of an entire country, Estonian Minister of Defense Jaak Aaviksooeven demanded that NATO equate these cyber raids with military action. The president expresses similar points today: “The Stuxnet virus has demonstrated how seriously we should take cybersecurity, because with the help of such products the vital infrastructure can be destroyed. In the case of Iran, the virus seemed to be aimed at a nuclear program, but similar viruses could ruin our computer-controlled economy. This should be discussed in NATO: if a rocket destroys a power plant, paragraph 5 comes into effect. But what should be done in case of a computer virus attack? ”Asks Toomas Hendrik Ilves. The president’s proposal is in line with current trends: “Both the EU and NATO should develop a common policy, including legal norms,
First Deputy Secretary of Defense William L. Lynn fully agrees with Toomas Hendrick Ilves . In an interview with Radio Liberty, Lynn tried to answer the question raised by Ilves: “If the strike touched on the essential elements of our economy, we should probably consider it an attack. But if the hack resulted in data theft, then this may not be an attack. Between these two extremes are many other options. To clearly articulate a political line, we must decide where the line lies between hacking and attack, or between espionage and data theft. I believe both in the government and outside it there is a discussion on this topic, and I do not think that this discussion has been exhausted. ”
In addition, a key moment in William Lynn’s speech was the public announcement of the five principles that underpin the new United States cybersecurity strategy. We quote the US Deputy Secretary of Defense without cuts:
“The first of these principles is that we must recognize cyberspace as what it has already become - a new zone of military operations. In the same way as land, sea, air and outer space, we must consider cyberspace as the sphere of our actions, which we will protect and to which we will extend our military doctrine. This is what prompted us to create a united Cyber Command as part of the Strategic Command.
The second principle that I have already mentioned is that defense must be active. It should include two generally accepted lines of passive defense - in fact, this is ordinary hygiene: put patches on time, update your antivirus programs, and improve protection tools. We also need a second line of defense, which is used by private companies: intrusion detectors, security monitoring programs. All of these tools are likely to help you repel approximately 80 percent of the attacks. The remaining 20 percent is a very rough estimate - sophisticated attacks that cannot be prevented or stopped by patching holes. A much more active arsenal is needed. We need tools that can detect and block malicious code. Need programs which will detect and pursue within your own network the malicious elements invading it. When you find them, you should be able to block their communication with the external network. In other words, it is more like a maneuver war than the Maginot Line.
The third principle of a cybersecurity strategy is to protect civilian infrastructure.
Fourth, the United States and its allies must take collective defense measures. At the upcoming NATO summit in Lisbon, important decisions will be made in this regard.
Finally, the fifth principle is that the United States must remain at the forefront of software development. ”
The reaction of Dmitry Rogozin is very remarkable, Permanent Representative of Russia to NATO, on the processes taking place in the Alliance. Apparently, Russia is extremely concerned about the upcoming NATO summit in Lisbon, which will be held on November 20, because it is there that it is planned to clarify the dilemma whether an attack on the military and government computer networks of a NATO member is an occasion in order to engage Article 5 of the Washington Treaty and respond with a collective military strike. In his characteristic style, Rogozin writes: “We will finally find out whether it is permissible for NATO to hit a hacker’s apartment with a vigorous bomb or is it assumed that a cyber war will not go beyond cyberspace. In the last scenario, I have great reason to doubt. Literally before our eyes, in the Western periodicals, a grandiose scandal unfolded in connection with the spread of a computer worm called Stuxnet. I was used to reading and sending SMS in Latin, so I immediately read the name of the virus as a Russian verb of the future tense form: “it will die”. Be sure that something will surely fade or fall off from someone, and moreover, from those who launched this virus. As you know, whoever sows the wind will reap the storm. ” Not daring to comment on the literary and creative research of Mr. Rogozin, we note that Russia was blamed for the two largest hacker attacks on entire states (Estonia and Georgia) - perhaps this is what caused such a violent reaction from the impressive envoy. "Will die". Be sure that something will surely fade or fall off from someone, and moreover, from those who launched this virus. As you know, whoever sows the wind will reap the storm. ” Not daring to comment on the literary and creative research of Mr. Rogozin, we note that Russia was blamed for the two largest hacker attacks on entire states (Estonia and Georgia) - perhaps this is what caused such a violent reaction from the impressive envoy. "Will die". Be sure that something will surely fade or fall off from someone, and moreover, from those who launched this virus. As you know, whoever sows the wind will reap the storm. ” Not daring to comment on the literary and creative research of Mr. Rogozin, we note that Russia was blamed for the two largest hacker attacks on entire states (Estonia and Georgia) - perhaps this is what caused such a violent reaction from the impressive envoy.
Thus, amidst the hysteria provoked by Stuxnet, a number of states have expressed the need to establish a joint policy to prevent cyber attacks. Will this lead to the desired result, even if we assume that a document regulating the use of destructive technologies will be developed (and signed)? IT Business week, this seems extremely doubtful, the temptations offered by high technologies are too great: anonymity, security (for the attacker), an unprecedented cost / effectiveness ratio. So, Stuxnet was only the first sign of the era of the techno-social revolution, which did not begin at all as it was dreamed of.