Stuxnet, Duqu now Flame – more and better targeted virus attacks

There seems to be a new and improved market for well written and very targeted virus at the moment.   Is this just the next phase in cyber security or is it far more sinister than that.

To the everyday person and layman what these targeted viruses can do is really immaterial  sort of ” who cares as long as I don’t get it” type situation but to people in the ICT security space it is fascinating.   These viruses are specifically targeted at industrial control systems.

That means that in order to see the total effects of what these viruses can do your computer needs to have some very specific software and have some very specific peripherals plugged into it.

So what do these viruses do:

There are a number of videos on the Internet this one being the most informative of what Stuxnet can do and how it all works.   View it here

Duqu was the next incarnation of this virus and “FLAME” is the next.   What the flame can do is not totally known at the moment because all three of these viruses have components that are still not only encrypted but are also very well hidden.   All three are well written, have no excessive code and in some instances are totally dormant and self destruct without the targeted requirements.   But, Lessons learned from Stuxnet including the lack of some checks and balances have shown that the programmers can make mistakes.

Where did they come from?

This seems to be the big question, if they were written  by hackers then they are very good, if they were written by government or business then I believe we have a serious problem.   All we do know is that a lot of money was invested in their creation.   A virus written by a government has some serious implications.   Who is the target, what is the target and what are they trying to achieve are the three main questions but the most sinister is what happens when the real author is discovered.

Hypothetically this can go in two directions, the first is the backlash from the rest of the world, whether it is ethical is immaterial, if and when it is discovered that it was created by a government, any government then the feathers and the accusations will fly.   In this situation no matter what good it was suppose to achieve, shutting down nuclear power plants for instance, really becomes immaterial.   By targeting a sovereign state you are in essence, starting a war.

The second problem, and one that never seems to enter into coders and programmers minds, if it can be made then someone else can duplicate it ( a term has now been coined called “blowback”)    If someone else can duplicate, copy and / or augment the code, they can change it to target other technology, how about reprogramming robots that make cars, reprogramming eproms for car computers or even other more secure environments can be compromised through the programming of smaller components.

Science at the moment is built on the inventions of others and on the shoulders of the greats are the people that make slight changes and call the whole idea their own.   This is noticeable across the board.   Yes there are areas of pure science where the ideas are new and brilliant but these ideas take years to percolate to the main stream.

The attitude that every system should be connected to the internet is something that needs to change, in a secure environment there is no logical reason why it should.   A secure system, especially one that creates and program automation components should be separated by at least a two air-gap firewall preferably three breaks.   The Internet, quarantine, sandpit and live systems and there should be NO physical or electronic connection between any of the components.

In the real world this does not happen, it is so much easier to connect the live system to the Internet through a firewall and download directly to the live system.   If you want to protect the system then this is only a 90% solution, unless you use a firewall like Websafe, firewalls can be compromised and your secure system is now compromised and infected with something that could damage your complete production line.

So what is your take on boutique viruses, are they the way of the future, how can we protect critical infrastructure from them and how do we ensure that they do not damage something that can kill us.   Just think, a virus in the google car!

Roger Smith, is an educator. Teaching students at ADFA (UNSW) and showing them how vulnerable they are to cybercrime.

He is also CEO at R & I ICT Consulting Services Pty Ltd, an Amazon #1 author on Cybercrime and founder of the SME Security Framework. He is a Consultant who specialises in inexpensive and highly effective security strategies for small and medium businesses and not for profit organisations.

He has developed and authored the SME Security Framework and the Security Policy Training Course which are considered to be the definitive guides to helping SME's protect their organisation using the principles of Technology, Management, Adaptability and Compliance.