First discovered back in June of this year, the Stuxnet worm was strange from the start. Most malware tends to target personal computers; Stuxnet is aimed squarely at industrial operations. Common worms infect users’ Windows PCs, and conscript them into large, interconnect botnets used as spam farms; Stuxnet, it seems, infects industrial control systems, for reasons not immediately apparent.
Now, though, its true purpose may have been revealed, via the Christian Science Monitor. A German security researcher named Ralph Langer, noticing that the worm lay dormant in most of the systems it infects, has developed–and convincingly supported–a stunning theory: The Stuxnet worm is targeted at a single location, which it seeks to destroy, or at the very least, cripple.
For a little background, here’s how security and antivirus company Symantec describes Stuxnet. (Warning–it gets a bit technical.)
To translate: By means of an infected USB key or other storage media, Stuxnet can take over complex computers designed to control industrial functions, such as those in a factory or power plant, without being detected by the systems meant to monitor said computers.
The tool has confounded security researchers, both with its complexity and its focus. It likely required a good deal of resources to write, and shows evidence of extensive knowledge of industrial computer systems, which it can commandeer, and use to sabotage operation in a variety of scenarios. It seems unlikely to net anyone material or monetary benefit.
After its discovery, hunches abounded that Stuxnet was a targeted weapon. And Langer’s conclusion–that the worm is “fingerprinting” its targets for extremely specific traits, and remaining dormant if it doesn’t find them–suggests just that. “This is sabotage. What we see is the manipulation of one specific process,” Langer writes. “The target must be of extremely high value to the attacker.”
But even Langer, a veteran security researcher, is reticent about his next theory: That the targeted facility is a nuclear plant in Bushehr, Iran. As evidence, he cites the startlingly high incidence of infection in the country, the susceptibility of the plant’s hardware and software, and official reports of mysterious failures at the plant, implying that the malware may have already fulfilled its singular purpose.
Specific theories aside, the implications of these findings are weighty. Stuxnet represents the dawn of a new era in which nations’ infrastructures are under threat from bits, as well as bombs.