Stuxnet Worm Targets Siemens Industrial Control Systems

In control systems (and entertainment control systems especially), we've long benefited from a security standpoint from being a small, relatively obscure field. If you want to write a virus or malware, you wouldn't likely get much of a result if you targeted show systems. And if you really were that good of a hacker and interested in shows, you'd probably already be hacking for an audience (the name of a talk I gave at The Next Hope hacker conference over the summer--audio and slides posted here).

Listening to the podcast from last night's Off the Hook show, I heard about a very powerful worm that specifically targets Siemens industrial control systems, which are used to control the machinery on many large shows. The virus is spread using USB drives, and may have been written by a nation-state to target Iranian reactors (which apparently use Siemens control systems).  The stuxnet worm was discovered over the summer, and noted security blogger Bruce Schneier posted some interesting links here.

This brings up, once again, the vulnerability of USB drives which I wrote about recently here.  Coincidentally, at school right now we're suffering from USB-spread malware that Symantec Endpoint Protection will not find or address, and this makes me want to just cement up those USB ports.