Stuxnet: the most fascinating application of software weaponry to date
I am fascinated by this story released late in November describing a computer work aimed at altering the code in industrial control systems, specifically it seems, the uranium centrifuges running Siemens control software. The theory continues that the worm was targeted even more specifically to damage the centrifuges at Natanz, the Iranian enrichment facility.
Another good analysis of this story can be found on this security blog by Bruce Schneier (aka the man on cryptography). Bruce provides a link to Symantec’s detailed evaluation of the worm.
As you read about this worm, you can’t help but to be impressed with the complexity and sophistication of the software and people behind it. This was definitely not a one man job – this required the effort of a small team of people with very specific skills – PC vulnerabilities, network communications, coding for industrial programmable logic controllers, and sophisticated story boarding of the entire worm lifecycle. It required all of this, plus very specific knowledge of the centrifuges being targeted along with operational knowledge of how the facilities function. to top it all off, the worm has sophisticated update and reporting capabilities as well as being able to hide itself from detection. Really amazing to put this all together in one tidy nuclear-program disabling package.