Skip to main content

Stuxnet - The Most Stupid Thing A State Could Create

One has to wonder just how stupid governments have actually become. Ever since the discovery of Stuxnet – the world has become immensely more dangerous than it ever was. If you’re sceptical then take note of last month’s announcement from security vendor, Idapcomm who just released a second update to their traffic library. This update also contained 50 attacks pertaining to supervisory control and data acquisition (SCADA) systems. Using Idappcom’s network security assessment software, a company can test devices such as their firewalls to ascertain what bad stuff is coming into their infrastructure.

So what has this Idapcomm’s announcement to do with Stuxnet? There has been a lot published about Stuxnet, how it works and who created it. Some security experts notably from Symantec and Trend Micros have even postulated that Stuxnet is probably state sponsored.

“We can tell by the code that it’s very, very complex to the degree that this type of code had to be done, for example, by a state and not, for example, some hacker sitting in his parents basement,” said Symantec security researcher Eric Chien

What people seem to have forgotten is that the bad guys have also reverse engineered Stuxnet and now have the ability to create variants of Stuxnet. The upshot is that by releasing this virus, the entire world is now at risk from any hacker who somehow gets unlucky and is able to release a variant of this malware into a nuclear facility.

It is often said that history repeats itself because nobody ever listens. Once nuclear technology was created, it was only going to be a matter of time before other countries had the same technology. Ditto viral warfare and now cyber warfare - once Stuxnet was created it was only going to be a matter of time before every government and bad guy had the ability. We can now expect to see many more such announcements from security vendors providing extra protection on attacks and potential attacks on SCADA systems due to variants and evolutions of Stuxnet.

So governments and industrial organisations take note – anything you create within the arena of cyber warfare, can and will eventually be used against you. Perhaps one piece of good news to come out of this is that as a result of Stuxnet’s discovery, many governments and major corporations have become extra diligent in shoring up and auditing their security postures…or have they?