Thursday, September 30, 2010

(Updated) Stuxnet Update IV: Targeted OT Attacks Risk Collateral Damage


Sep 30 Update: Stuxnet takes out an Indian Satellite? See Jeff Carr's article in Forbes.com

------------------------------------------

Hat tip to IBM cyber defenders and watchdogs Scott Warfield, Brooks La Gree and others for pointing out these several articles. All followed Ralph Langner's revelations that he and his small cyber forensics team in Germany seem to have found the smoking gun ... the code that tells you what Stuxnet is really after.

I won't ruin the surprise; you'll get your answer when you click on any of the following links. But I'll give you a clue: it's the SCADA/ICS (OT/Operational Technology) in a system that's bigger than a breadbasket. And sometimes it glows.

In ascending order of technical sophistication, here are some links to get you educated right quick:

CNET
PC World
DIGITAL BOND
LANGNER

One of the hundred questions I have is whether the folks who built this beast intended (or realized) that it would have impacts far beyond its initial target. And whether that mattered. Or if it was intentional and the scope is larger than it might at first appear. And what's next. And and and ....

And then there's this, from another Langner dispatch just in:
The analysis that Langner has conducted shows that it is not technically difficult to inject rogue ladder logic into PLC programs. It is important to understand that this vulnerability cannot be considered a bug, either technically or legally, so it should not be expected that vendors would be able to release a “patch”. 
Nice, huh? Stay tuned.

Photo credit: ViZZZual.com on Flickr.com

No comments: