Living in Jack Bauer’s World

Facts matter: Sign up for the free Mother Jones Daily newsletter. Support our nonprofit reporting. Subscribe to our print magazine.

A couple of months ago I linked to a Stewart Baker post about a new computer virus. This wasn’t your ordinary Windows trojan or worm, it was an extremely sophisticated piece of malware targeted specifically at SCADA systems — industrial control systems made by Siemens that are used in chemical plants and electric power plants and transmission systems worldwide.

Well, it now has a name — Stuxnet — and analysts know a lot more about it. As the Christian Science Monitor reports, a German cyber-security researcher named Ralph Langner has discovered that it’s not aimed at SCADA systems in general. Rather, it has a built in “fingerprinting” capability and is aimed at one specific SCADA system:

Since reverse engineering chunks of Stuxnet’s massive code, senior US cyber security experts confirm what Mr. Langner, the German researcher, told the Monitor: Stuxnet is essentially a precision, military-grade cyber missile deployed early last year to seek out and destroy one real-world target of high importance — a target still unknown.

“Stuxnet is a 100-percent-directed cyber attack aimed at destroying an industrial process in the physical world,” says Langner, who last week became the first to publicly detail Stuxnet’s destructive purpose and its authors’ malicious intent. “This is not about espionage, as some have said. This is a 100 percent sabotage attack.”

….Once Stuxnet identifies the critical function running on a programmable logic controller, or PLC, made by Siemens, the giant industrial controls company, the malware takes control. One of the last codes Stuxnet sends is an enigmatic “DEADF007.” Then the fireworks begin, although the precise function being overridden is not known, Langner says. It may be that the maximum safety setting for RPMs on a turbine is overridden, or that lubrication is shut off, or some other vital function shut down. Whatever it is, Stuxnet overrides it, Langner’s analysis shows.

“After the original code [on the PLC] is no longer executed, we can expect that something will blow up soon,” Langner writes in his analysis. “Something big.”

….A geographical distribution of computers hit by Stuxnet, which Microsoft produced in July, found Iran to be the apparent epicenter of the Stuxnet infections. That suggests that any enemy of Iran with advanced cyber war capability might be involved, Langner says. The US is acknowledged to have that ability, and Israel is also reported to have a formidable offensive cyber-war-fighting capability.

Could Stuxnet’s target be Iran’s Bushehr nuclear power plant, a facility much of the world condemns as a nuclear weapons threat? Langner is quick to note that his views on Stuxnet’s target is speculation based on suggestive threads he has seen in the media. Still, he suspects that the Bushehr plant may already have been wrecked by Stuxnet. Bushehr’s expected startup in late August has been delayed, he notes, for unknown reasons.

On the bright side, this strikes me as the kind of attack that can only work once. And if once it is, Bushehr seems like a worthy target. On the downside, however, this category of attack seems like it could have almost infinite possibilities. It suddenly makes all those implausible plot lines on 24 seems terrifyingly plausible after all.

(Via Stewart Baker, of course.)

WE'RE TAKING A SHORT BREAK…

from the big banner at the top of our pages asking for the donations that make Mother Jones' nonprofit journalism possible. But we still have upwards of $300,000 to raise by June 30, whether we get there is going to come down to the wire, and we can't afford to come up short.

If you value the reporting you get from Mother Jones and you can right now, please join your fellow readers who pitch in from time to time to keep our democracy-advancing, justice-seeking journalism charging hard (and to help us avoid a real budget crunch as June 30 approaches and our fiscal year ends).

payment methods

WE'RE TAKING A SHORT BREAK…

from the big banner at the top of our pages asking for the donations that make Mother Jones' nonprofit journalism possible. But we still have upwards of $300,000 to raise by June 30, whether we get there is going to come down to the wire, and we can't afford to come up short.

If you value the reporting you get from Mother Jones and you can right now, please join your fellow readers who pitch in from time to time to keep our democracy-advancing, justice-seeking journalism charging hard (and to help us avoid a real budget crunch as June 30 approaches and our fiscal year ends).

payment methods

We Recommend

Latest

Sign up for our free newsletter

Subscribe to the Mother Jones Daily to have our top stories delivered directly to your inbox.

Get our award-winning magazine

Save big on a full year of investigations, ideas, and insights.

Subscribe

Support our journalism

Help Mother Jones' reporters dig deep with a tax-deductible donation.

Donate