The Register® — Biting the hand that feeds IT

Feeds

Stuxnet clones may target critical US systems, DHS warns

Code samples raise concerns of variants

By Dan Goodin, 27th July 2011
  • print
  • alert

Cloud based data management

Officials with the US Department of Homeland Security warned that hackers could attack the country's power generation plants, water treatment facilities, and other critical infrastructure with clones of the Stuxnet computer worm, which was used to disrupt Iran's nuclear-enrichment operations.

Stuxnet was first detected last July as a self-replicating piece of malware that spread virally through SCADA, or supervisory control and data acquisition, systems used to control valves, gears, and other physical processes in industrial plants and factories. It was eventually identified as a highly sophisticated worm that exploited previously unknown vulnerabilities in Microsoft Windows and Siemens software that actively sought to sabotage several uranium enrichment facilities in Iran.

Speculation has abounded that it was the covert work of Israel, the US, or both.

At a hearing Tuesday before a subcommittee of the US House of Representatives Committee on Energy and Commerce, DHS officials said they are worried the wealth of technical details and code samples from Stuxnet could lead to clones that similarly target critical infrastructure in the US.

"Looking ahead, the Department is concerned that attackers could use the increasingly public information about the code to develop variants targeted at broader installations of programmable equipment in control systems," Roberta Stempfley and Sean P. McGurk warned in written comments posted on Wired.com, which reported on the warning earlier. "Copies of the Stuxnet code, in various different iterations, have been publicly available for some time now."

The ICS-CERT, short for the Industrial Control Systems Cyber Emergency Response Team, and the National Cybersecurity and Communications Integration Center "remain vigilant and continue analysis and mitigation efforts of any derivative malware," they added.

Stempfley and McGurk are the DHS assistant secretary for the DHS Office of Cybersecurity and Communications and director of the National Cybersecurity and Communications Integration Center Office, respectively. Their comments before the US House's Subcommittee on Oversight and Investigations warned that various nation states, terrorist networks, organized crime groups, and individuals on US soil "are capable of targeting elements of the US information infrastructure to disrupt, or destroy systems upon which we depend."

ICS-CERT recently warned that SCADA software originating from China and used by some customers in Europe, the Americas, and elsewhere contain security holes that could leave them open to Stuxnet-style attacks. The worm attacked five industrial plants inside Iran in 12,000 separate infections over a 10-month period, causing centrifuge arrays to malfunction. ®

Regcast training : Hyper-V 3.0, VM high availability and disaster recovery

COMMENTS

House Rules Send Corrections
All Reader Comments (33)
Highly Rated
Mark 65

So it turns out

Someone in a glass house threw some very large stones when they wrote this code.

10
0
Anonymous Coward
Anonymous Coward
Reply Icon

The more interesting question is

The more interesting question is why there are no shutters available to put in front of the glass in case stones start flying around. That way you stand at least some chance and get an extra breather until you rebuild the house or put bulletproof glass.

Some of us have said it for years. SCADA is at the security level where Internet was before Aleph1's paper "Smashing The Stack for Fun and Profit" 14 years ago. The security on most systems is directed only against people who go via authorized access. To add insult to injury it regularly runs on systems with prehistoric patch levels. A piece of attack code can sail through the "glass window" and smash it to bits any time any day. In fact, Stux was a total overkill. It was like smashing a shopfront window with an ICBM. Most systems out there require a fraction of the Stux effort.

Unfortunately the powers that be in charge of "putting the shutters" were busy in making sure that the shutters are designed by the "right" contractors instead of putting any shutters at all.

As a result as you noted we still have a glass house with a lot of stones flying around. At least in this country.

3
0
Steen Hive

Oh dear

Those pesky roosting chickens once again, eh?

3
0

More from The Register

breaking news
Number of cops abusing Police National Computer access on the rise
Only a telegram from the Queen can get you off it
136
breaking news
NSA PRISM snoop-gate: Won't someone think of the children, wails Apple
10,000 things probed, mostly about missing kids, Alzheimer patients, we're told
96
Flash flaw potentially makes every webcam or laptop a PEEPHOLE
But it's a Google problem - Chrome only, insists Adobe
61
Internet fraud still stings suckers
Australians twice as gullible as Americans
36
breaking news
NSA PRISM-gate: Relax, GCHQ spooks 'keep us safe', says Cameron
Whatever they are up to, it's all above board, we're told
90
breaking news
Yahoo! joins! rivals! in! PRISM! data! request! admission!
Keep calm and carry on using American tech firms, folks
41
PRISM snitch claims NSA hacked Chinese targets since 2009
Snowden suddenly looks safer in Hong Kong after revelations
33
breaking news
US chief spook: Look, we only want to spy on 6.66 BEELLLION of you
Americans assured they are not in the NSA's sights
68
Speech-to-text drives motorists to distraction
Will talking to you mean I crash into that car up ahead, Siri?
30
DHS warns of vulns in hospital medical equipment
Has your doctor's anasthesia machine been hacked?
17