Stuxnet Worm Targets Siemens Industrial Control Systems
In control systems (and entertainment control systems especially), we've long benefited from a security standpoint from being a small, relatively obscure field. If you want to write a virus or malware, you wouldn't likely get much of a result if you targeted show systems. And if you really were that good of a hacker and interested in shows, you'd probably already be hacking for an audience (the name of a talk I gave at The Next Hope hacker conference over the summer--audio and slides posted here).
Listening to the podcast from last night's Off the Hook show, I heard about a very powerful worm that specifically targets Siemens industrial control systems, which are used to control the machinery on many large shows. The virus is spread using USB drives, and may have been written by a nation-state to target Iranian reactors (which apparently use Siemens control systems). The stuxnet worm was discovered over the summer, and noted security blogger Bruce Schneier posted some interesting links here.
This brings up, once again, the vulnerability of USB drives which I wrote about recently here. Coincidentally, at school right now we're suffering from USB-spread malware that Symantec Endpoint Protection will not find or address, and this makes me want to just cement up those USB ports.
Update
on 2010-09-26 12:49 by controlgeek
More about the Iranian theory here on Boing Boing.
Update
on 2010-11-22 14:42 by controlgeek
Bruce Schneier has more details:
New research, published late last week, has established that Stuxnet searches for frequency converter drives made by Fararo Paya of Iran and Vacon of Finland. In addition, Stuxnet is only interested in frequency converter drives that operate at very high speeds, between 807 Hz and 1210 Hz.
The malware is designed to change the output frequencies of drives, and therefore the speed of associated motors, for short intervals over periods of months. This would effectively sabotage the operation of infected devices while creating intermittent problems that are that much harder to diagnose.
Low-harmonic frequency converter drives that operate at over 600 Hz are regulated for export in the US by the Nuclear Regulatory Commission as they can be used for uranium enrichment. They may have other applications but would certainly not be needed to run a conveyor belt at a factory, for example.
Update
on 2010-12-01 17:36 by controlgeek
More fascinating info in a detailed Fox New article here.