There is a new face of the 21st century, cyber warfare. Beginning in June 2010, a computer virus was discovered to slow down Iran’s nuclear efforts. This computer worm dubbed “Stuxnet”, was created jointly by the US and Israel.
A replica of the Natanz Plant in Iran was built at American National Laboratories in 2007. By 2008 the centrifuges at the Natanz plant began to crash. Former president Bush urged President Obama to continue “Olympic Games” (codename for the Stuxnet virus). It was estimated that “Olympic Games” would set back Iran’s nuclear weapon production by 1 and a half to 2 years.
The worm consists of a layered attack against three different systems; Siemens PCS 7, WINCC, and Step 7. The current Stuxnet code will not affect computers unless they use all three of these systems.
In Summer of 2012, copies of Stuxnet were released and the internet, and became readily available to any eager hacker. This has become a major concern, since the Stuxnet code can be manipulated to do many things. For example, a well known hacker by the name of Tiffany Rad, demonstrated how she could manipulate the code to open jail cell doors in a prison without alerting the guards.
In June 2012, Stuxnet was turned off; however, it may have become a blueprint for the next big cyber weapon. DUQU is a new virus that has striking similarities to Stuxnet. According to researchers 50% of the source code and 99% of the software rules are for DUQU are the same as Stuxnet. DUGU is just as sneaky as Stuxnet also. To avoid suspicion the virus camoflauges its own data behind normal web traffic. However, DUQU does have its differences. It is able to record keystrokes and collect various details of the infected system, which are then encrypted and appended to an image file.
So what’s next? No one is really sure what will happen now. If the code gets into the wrong hands, a lot of damage could be done. Not to mention, some believe that Stuxnet could have been the start of a cyber war between the US and Iran.
Infographic by Veracode Application Security