By Tuan Nguyen
Posting in Design
Hackers have unleashed a decrypted version of the mysterious stuxnet cyberworm onto the internet. Should we worry?
Hackers have unleashed a decrypted version of the mysterious Stuxnet cyberworm onto the internet, according to a report on Fox News.
A shadowy collective of hacktivists known as "Anonymous," recently tweeted that the group has in thier posession the source code to the super cyberweapon that has wrecked havoc on Iranian nuclear facilities. The tweet included a link to a "decompile" of the infamous worm. Anonymous claims to have found the code when they hacked into databases at HBGary, a U.S. security firm investigating the identities of the group's members.
Initially discovered back in July, Stuxnet is designed specifically to attack certain industrial computers with such a high degree of sophistication that cybersecurity experts have speculated that a government agency was likely involved in its creation. An analysis of the manner in which stuxnet infected computers over a 10-month period showed that the worm repeatedly targeted five industrial facilities in Iran. And The New York Times has recently uncovered some evidence that suggests scientists at the Idaho National Laboratory collaborated with the Isrealis to create what many proclaim to be the ultimate cyberweapon.
What happens next is anybody's guess. A security expert Fox News interviewed for the story warns that the published information can be used to the create malware that inflicts the same kind of damage to other types of computers.
"There is the real potential that others will build on what is being released," Michael Gregg, chief operating officer of cybersecurity firm Superior Solutions, told FoxNews.com. Gregg was quick to clarify that the group hasn't released the Stuxnet worm itself, but rather a decrypted version of it HBGary had been studying -- which could act almost like a building block for cybercrooks.
"As an attacker you need to understand how something works. The better you understand how it works the easier it is to build something similar that servers the same purpose," Gregg explained. The "decompiled" code the group made available is in that sense akin to a recipe book for disaster, he said.
"With the right tools -- and these guys have shown themselves more than once to be a fairly technical bunch of individuals -- then it gives others a cookbook to start modifying," he told FoxNews.com.
Other experts, however, are reassuring the public that they should'nt hit the panic button -- at least not yet. The stolen code, as revealed on the internet, is merely a translated version, not the "binary" source code neccesary to duplicate stuxnet destructive capabilties.
Snorre Fagerland, a senior threat researcher at the Norwegian internet security firm Norman, told the Guardian:
"The trouble with this [version of Stuxnet] is that you lose almost all context to its abilities," Fagerland said. "The original source code would contain all the text information about why it's built this way – that's gold if you want to use it. If you decompile it you lose all of that."
Though the prospect of criminals harnessing the worm's destructive capabilities to cripple ordinary computers is worrisome, such a scenario has yet to materialize. The only bonafide cyberweapon the hacktivists are wielding thus far is the ability to spread fear.
Related on SmartPlanet:
- Stuxnet worm signals the dawn of the cyber super weapon
- Report suggests that U.S. helped create super cyber weapon
Feb 16, 2011
Not to be on the defense but I wouldn't downplay the community. Time and time again they have made a mockery of everyone. I learned 99% of my current IT skills as a consultant from doing things when I was young and stupid. This has given me great insight into the community and how it thinks as a collective. Companies that chose not to hire me mistook lack of paper certification as lack of skill and have resulted in many nice consultancy paychecks from many happy customers to myself. Programmers use examples of code all the time and the final product is whats left. Saying they can do nothing with a guidebook means we have books in school for no purpose either. Reverse engineering is so deeply rooted in what is done every day I can't help but laugh thinking any less of a thought is an insult to them. A company might have a few developers, a collective could be thousands and more and all with the same sharing purposeful intent.
PERSONALLY I HOPE THEY USE IT LIKE A AXE ON THE BASTARD BANKERS THAT BREAK US AND THE RICH THAT DON'T PAY THERE SHARE CORPORATIONS ALSO