The Stuxnet worm and how it can Kill

"[Stuxnet is] the most refined piece of malware ever discovered ... mischief or financial reward wasn’t its purpose, it was aimed right at the heart of a critical infrastructure"
-Alan Bentley

In a previous post,"Viruses, Worms, and Bugs Oh My!", I explained some basic information about computer viruses, worms, spyware, and other harmful programs that can invade your computer and cause damage and irritation. But what is the maximum amount of damage these programs can cause? In some extreme cases, bank information can be stolen and users will have to take time to recover their funds. But most commonly, these attacker programs will simply cause annoyance and frustration.

But what if they could kill you and your family?

Introducing Stuxnet, the internet worm that can kill people. But how? How can a virtual worm harm humans? The answer to that question is by infecting powerful systems, resulting in possibly grave dangers to the world. The worm can infect computer systems designed to control mechanical sytems, such as valves, alarms, pumps, and motors. Sound dangerous? If not, consider these examples:

• The safety alarms could be disabled at a water dam, while valves designed to control water flow could be opened, allowing the dam to possibly collapse with almost no warning to the employees or surrounding residents.
• A sewage treatment plant's pumps and safety systems could be taken over by an attacker, allowing for contaminates to infect our drinking water.
• Perhaps the most frightening example, the safety systems could be disengaged at a nuclear power plant or on a pipeline. The resulting explosion could be devastating.

These are all very dangerous examples of what a computer worm like Stuxnet can do. But why is it different from other computer worms and viruses? Shouldn't these critical infrastructure companies be prepared for this? The answer is because Stuxnet is the first of its kind. Computers at industry plants do not run like our home and business computers, where we access a program, such as Microsoft Word, and make changes, such as deleting a file from our vacation picture album. The computers at plants are controlled by Industrial control systems, which govern PLCs (programmable logic controllers). Think of a PLC as a small computer that is programmed to do certain tasks, such as opening and closing a valve in a water plant. They are programmed for a very strict environment, with set limits regarding what they can and cannot do. They operate without any need for human interaction and it is through these PLCs that our industries run autonomously (1). Stuxnet infects computers that control PLCs and uploads its own code to the logic controllers, allowing for the PLC code and functions to be modified. But Stuxnet does not stop there. The code is also hidden from view, so a programmer checking for errors or infection in the PLC code will not see any trace of the malicious code inserted by Stuxnet. This makes the code very difficult to detect and remove.

On September 26, 2010, it was reported that Stuxnet had infected one of Iran's nuclear power plants. Although it caused no serious damage, it should be looked at as a proof of concept. The threat is real. And we are all at risk. It has been confirmed by Symantec that the people behind Stuxnet have been working with it for over a year, and most likely consisted of a team of five to ten people. The code allowed the worm to jump between portable storage devices and spread like the "Conflicker" worm via p2p networks (2).

With the advancement of automation, computer technology, and our world wide web, we are developing new ways to make life easier and more efficient. But we are also allowing for the possibility of new, dangerous threats. And with the movement to Smart Technology, such as the "Smart Grid", where our power systems would be controlled over a network, these threats are more dangerous than ever.

-------------------------------------------------------------------------
(1) Tasu, A. S. (2004). Programmable Logic Controller. Retrieved from http://www.nipne.ro/rjp/2006_51_1-2/0305_0310.pdf

(2) Chien, E. (2010, September 30). W32.stuxnet dossier. Retrieved from http://www.symantec.com/connect/blogs/w32stuxnet-dossier