Cyber Sabotage – the SCADA threat

Sabotage can occur at many levels i.e. military, government, utility platforms (i.e. electricity, oil, banking, stock markets, transport etc) or corporate and all will use the same attack methods. Sabotage is one of the major threats to our everyday lives and could in essence take a nation-state into the dark ages. With ever increasing reliance on the Internet (remember we are running out of IP addresses – think IPv6), it’s no surprise that cyber sabotage is going to increase the risks to every nationstate on Earth.

Cyber sabotage can do many things i.e. reprogramme existing source code; control or change the way programmable logic controllers work (PLC) by embedding a rootkit in the code; edit/delete source code and or readable documents and command and control of a servers files and folders. These are just some ways attackers (or a nation-state) might exploit damage on another network/system.

One of the most destructive sabotage attack vectors seen to date has to be Stuxnet. Stuxnet (seen earlier in 2010) is a Windows-based computer worm that specifically attempts to sabotage and in some instances reprogram industrial software systems like SCADA which are used to control and monitor industrial processes across the globe The worm targeted the Siemens SCADA control systems (via USB flash drives)* and is believed to have been created in the West and used in a sabotage attack on a nuclear plant in Iran.

The worm’s impact on the plant will probably never be known. What is known is that it delayed the start-up of the plant for some weeks. The malware itself was unique in that the malware writers would have had to have had firsthand knowledge of industrial processes – what was equally strange was that the malware was coded in C and C++ (malware isn’t normally coded this way) and that the malware had two stolen digital certificates. One significant advancement on previous malware was its’ ability to update itself over peer to peer – so all in all this is probably the most sophisticated malware of its type to date.

Who wrote it? This was probably a Western sponsored cyber sabotage. The Stuxnet worm is very much the beginning of a new dawn in cyber weaponry and leaves leading security researchers in no doubt that we will now see the evolution of the Stuxnet family.

Source of Information : Hakin9 November 2010


Subscribe to Developer Techno ?
Enter your email address:

Delivered by FeedBurner