Stuxnet is a malware program that was designed to spread itself to other computers in a network without direct user input. It did so by taking advantage of four zero-day vulnerabilities within the Microsoft Windows Operating System. The interesting aspect of the Stuxnet virus was that a casual user would never notice that the malware was on their system. Until it was able to locate its target, it did not take any malicious actions on infected systems - in order to avoid being detected before reaching its targeted destination. Once the Stuxnet virus was able to confirm that it had infected its target, it would let the command and control server know and wait for directions on how to wreak havoc. What was the target? Stuxnet was specifically scanning for the programmable logic controllers (PLC) in Iranian nuclear facilities.A PLC is a common device that is used in industrial environments to scan for a condition. Once that condition is confirmed, it will respond with a programmed output function. For example, a PLC implemented at a river dam may be programmed to sense for when the water level is over 10 feet, at which point a water release valve will open until the water is back under 6 feet, at which point the PLC will re-close the valve. As industries more commonly adopt the trend of the Internet Of Things, it is more frequent that a PLC such as this one is being connected to the Internet so that the operations of these devices can be managed from a central location. For example, a company that manages 50 dams across Central America may want to correlate all of the dams' PLC information on to one system so that only one person is required to monitor any alerts that may incur. Unfortunately, even though these devices are connected to the internet, many of them are not secured from low-level malware, let alone advanced targeted threats such as the Stuxnet virus.
Stuxnet was targeting a specific PLC which controlled the spinning speed of nuclear centrifuges at the Iranian nuclear facilities. Once the target was acquired, the malware would modify the frequency into one of the messaging systems in the PLC, resulting in the modification of the rotational speed of the centrifuge. At the same time, it would install a rootkit onto the network that would stop any alerts to the employees from showing up to let them know that a centrifuge was spinning too quickly. As a result, approximately 1/5th of the nuclear centrifuges in Iran were destroyed because they ripped themselves apart from spinning too quickly.
Programs like Stuxnet can be taken and adapted for use at a much larger scale, such as attacking the United States power grid and effectively knocking out large portions of our nations power supply, effectively destroying our economy, our military, and costing millions of lives. Keep an eye out for part 2, where I will continue to talk about the need for security in the industrial world.
