Thursday, July 28, 2011

Stuxnet virus 'could be adapted to attack the West'

Power and water and other vital services in the West could be crippled by adapted versions of the Stuxnet virus, which was originally developed to disrupt the Iranian nuclear programme, the US government has warned.

In evidence to a congressional committee, the Department of Homeland Security said the malicious software, widely dubbed “the world’s first cyberweapon”, was available for other attackers to modify for new targets.

“The Department is concerned that attackers could use the increasingly public information about the code to develop variants targeted at broader installations of programmable equipment in control systems,” it said in a submission to the House Energy and Commerce Committee.

Stuxnet was first detected in July last year. Analysis by computer security experts showed it exploited no fewer than four previously unknown vulnerabilities in Microsoft Windows to take over industrial control systems, making it more sophisticated than any virus seen before.

Once inside a Windows systems, the self-replicating code looks for connections to Siemens industrial control systems. It then exploits more vulnerabilities in the German firm’s own operating system to make surreptitious adjustments to industrial processes.

In its original form, those adjustments were highly specific to the particular centrifuges used at Natanz, Iran’s uranium enrichment site. The Department of Homeland Security said that now the Stuxnet code is in the wild it could be adapted, however. (more)