So, I was reminded of our class' talk recently by two news-stories about the - hmm, how to describe it? - desire by some to globally regulate internet content. Maybe it's not merely about the desire; maybe desire is predicated (trumped?) here by necessity? I'm not 100% sure, but I do know that the ideas in these two stories speaks to the idea of content control/regulation. Read on!
Ever heard of Stuxnet? Probably not, and there's no reason you necessarily would have. However, some believe that it could very well kill everyone you know. Got your attention now? Wait, there's more!
Stuxnet is malware designed to deliver a pretty specific set of trojans into a computer system, theoretically then allowing some remote user(s) access into the infected system. Usually, trojans like that are designed to give those remote users access to our sensitive information: passwords, bank account/credit card info, etc. On that level, Stuxnet works a lot like malware you or I might get on our adorable little computers at home or school. However, (according to a great article on PC World) industrial cyber-security experts like Ralph Langer and Dale Peterson, CEO of Digital Bond, believe that because of the sheer complexity and artistry of the code itself, the malware likely was designed for a specific target: Iran's nearly-completed Bushehr nuclear reactor. In fact, Langer describes Stuxnet as "the hack of the century."
Stuxnet evidently targets some specific sectors of computer networks designed by Siemens, a big name in giant, industrial computer networks, among other things. The specificity and complexity of the attack, coupled with the small number of organizations that use the exact combination of Siemens' systems, limits the possible number of targets to just about one: Iran's nuclear reactor. Put another way, the Stuxnet trojans were designed to shut down "critical factory operations -- things that need a response within 100 milliseconds," according to IDG News' Robert McMillan (via PC World), not to infiltrate lots of different computers all over the world to steal lots of info like credit card numbers from regular Windows/Mac computers. McMillan argues that failure in those industrial systems could mean reactor meltdown, chemical catastrophe, etc, and that the target's specificity suggests that a new breed of cybercriminal - and/or "possibly a nation state" - created this malware to "destroy something big."
Up next time: "idea crime" and the internet!
Well, trojans usually open backdoors into systems, and part of what makes Stuxnet so dangerous is that its code delivers multiple payloads: trojans, yes, but also targeting sectors of the network for shotdown. And, then of course, what the authors cited above as the sheer complexity and specificity of the code itself. Scary stuff.
ReplyDeleteStuxnet. That is definitely a word I have not heard of. I feel that this is great information. You learn something new everyday.
ReplyDeleteOn Wednesday, there was a virus going around on Twitter. No, it is not as intense as this trojan the Stuxnet, but it was a virus none the less. Now, I'm really unsure how I feel about this virus being able to "infultrate" the system and stop a world wide nuclear catastrophe from happening. Is promoting this on the web really a great ideal? That's one thing I've never understood. If something is so secretive and should be kept from the world, then why promote it? I'll write more later.
ReplyDeleteWow!!! I've heard of computer viruses, but this stuff is MINDBLOWING!!! What do we do now, stay off the computer??!! Keep us informed on any updates.
ReplyDelete