Saturday, October 8, 2011

Security Expert: U.S. 'Leading Force' Behind Stuxnet

Tom Gjelten

One year ago, German cyber security expert Ralph Langner announced he had found a computer worm designed to sabotage a nuclear facility in Iran. The Stuxnet worm is now recognized as a cyber super weapon, and it could end up harming those who created it.

One year ago, German cyber security expert Ralph Langner announced he had found a computer worm designed to sabotage a nuclear facility in Iran. It's called Stuxnet, and it was the most sophisticated worm Langner had ever seen.

In the year since, Stuxnet has been analyzed as a cyber super weapon, one so dangerous it might even harm those who created it.

In the summer of 2010, Langner and his partners went to work analyzing a malicious software program that was turning up in some equipment. Langner Communications is a small firm in Hamburg, Germany, but Langner and the two engineers with whom he works know a lot about industrial control systems. What they found in Stuxnet left them flabbergasted.

"I'm in this business for 20 years, and what we saw in the lab when analyzing Stuxnet was far beyond everything we had ever imagined," Langner says.

It was a worm that could burrow its way into an industrial control system, the kind of system used in power plants, refineries and nuclear stations. Amazingly, it ignored everything it found except the one piece of equipment it was seeking; when the worm reached its target, it would destroy it.

Langner says that the more his team analyzed the Stuxnet worm, the more they knew they were onto something big.

"We were pretty much working around the clock," he says, "because after we had the first impression of the magnitude of this, we were just like on speed or something like that. It was just impossible to go back to sleep."

Langner also realized after analyzing the Stuxnet code that it was designed to disable a particular nuclear facility in Iran. That's serious business, he figured. Some Iranian nuclear scientists, he remembered, had been mysteriously killed. Langner published his findings anyway.

"I wasn't actually scared, but this was just something I was thinking about," he says. "You know, this stuff must involve intelligence services who do some dirty work every now and then, and you can't just block that away from your personal situation when you are the guy who is the first to publish [that] this is a directed attack against the Iranian nuclear program. So there have been some frightening moments."

'United States Behind Stuxnet'

Langner says as they dug deeper into the Stuxnet code, each new discovery left them more impressed and wondering what was coming next. He says he couldn't imagine who could have created the worm, and the level of expertise seemed almost alien. But that would be science fiction, and Stuxnet was a reality.

"Thinking about it for another minute, if it's not aliens, it's got to be the United States," he says.

The sophistication of the worm, plus the fact that the designer had inside intelligence on the Iranian facility, led Langner to conclude the United States had developed Stuxnet, possibly with the help of Israeli intelligence.

Langner isn't shy about naming the U.S. as the Stuxnet culprit, as he stated in a recent speech at the Brookings Institution. In that speech, he also made the bigger point that having developed Stuxnet as a computer weapon, the United States has in effect introduced it into the world's cyber arsenal.

"Cyber weapons proliferate by use, as we see in the case of Stuxnet," he said. "Several months or weeks or a year later, the code is available on the Internet for dissection by anyone who has the motivation or money to do so."

It would have to be revised, Langner says, in order to target some other industrial control system besides the one in Iran, a U.S. power plant, for example. But it could be done, and he warns that U.S. utility companies are not yet prepared to deal with the threat Stuxnet represents.

The CIA declined to comment on Langner's charge that the U.S. was "the leading force" behind Stuxnet. Homeland Security officials insist measures are being taken to defend U.S. infrastructure against cyber attack. [Copyright 2011 National Public Radio]

Help Us Transmit This Story

    Add to Your Blogger Account
    Put it On Facebook
    Tweet this post
    Print it from your printer
     Email and a collection of other outlets
     Try even more services


  1. Quote: "Amazingly, it ignored everything it found except the one piece of equipment it was seeking;"

    I don't understand why a virus would attack something it wasn't programmed (written) to attack. Is this guy for real? Does he really understand coding?

    Perhaps the code looks like this...
    IF: "it"
    Then: destroy
    Else: contemplate your place in the universe and decide if you feel like destroying this other thing that isn't the thing you were looking for but might want to anyway.

  2. Perhaps I'm looking backwards at what he is saying. Maybe he is trying to say is how would someone know what to put in the virus to make it so selective. I would assume identification for nuclear terminals is somewhat secretive. In that case, ok. But say what you mean next time.

    But I would also think I could still use many other factors that would only be found in a particular condition. A list like: language used, time of day, OS version, and other things that would only be present in certain situation. And I wouldn't need to know any real secrets. Meh.

  3. No problem, Joe. Appreciate the feedback.

  4. This comment has been removed by the author.

  5. This comment has been removed by the author.