Living in Jack Bauer’s World

Fight disinformation: Sign up for the free Mother Jones Daily newsletter and follow the news that matters.

A couple of months ago I linked to a Stewart Baker post about a new computer virus. This wasn’t your ordinary Windows trojan or worm, it was an extremely sophisticated piece of malware targeted specifically at SCADA systems — industrial control systems made by Siemens that are used in chemical plants and electric power plants and transmission systems worldwide.

Well, it now has a name — Stuxnet — and analysts know a lot more about it. As the Christian Science Monitor reports, a German cyber-security researcher named Ralph Langner has discovered that it’s not aimed at SCADA systems in general. Rather, it has a built in “fingerprinting” capability and is aimed at one specific SCADA system:

Since reverse engineering chunks of Stuxnet’s massive code, senior US cyber security experts confirm what Mr. Langner, the German researcher, told the Monitor: Stuxnet is essentially a precision, military-grade cyber missile deployed early last year to seek out and destroy one real-world target of high importance — a target still unknown.

“Stuxnet is a 100-percent-directed cyber attack aimed at destroying an industrial process in the physical world,” says Langner, who last week became the first to publicly detail Stuxnet’s destructive purpose and its authors’ malicious intent. “This is not about espionage, as some have said. This is a 100 percent sabotage attack.”

….Once Stuxnet identifies the critical function running on a programmable logic controller, or PLC, made by Siemens, the giant industrial controls company, the malware takes control. One of the last codes Stuxnet sends is an enigmatic “DEADF007.” Then the fireworks begin, although the precise function being overridden is not known, Langner says. It may be that the maximum safety setting for RPMs on a turbine is overridden, or that lubrication is shut off, or some other vital function shut down. Whatever it is, Stuxnet overrides it, Langner’s analysis shows.

“After the original code [on the PLC] is no longer executed, we can expect that something will blow up soon,” Langner writes in his analysis. “Something big.”

….A geographical distribution of computers hit by Stuxnet, which Microsoft produced in July, found Iran to be the apparent epicenter of the Stuxnet infections. That suggests that any enemy of Iran with advanced cyber war capability might be involved, Langner says. The US is acknowledged to have that ability, and Israel is also reported to have a formidable offensive cyber-war-fighting capability.

Could Stuxnet’s target be Iran’s Bushehr nuclear power plant, a facility much of the world condemns as a nuclear weapons threat? Langner is quick to note that his views on Stuxnet’s target is speculation based on suggestive threads he has seen in the media. Still, he suspects that the Bushehr plant may already have been wrecked by Stuxnet. Bushehr’s expected startup in late August has been delayed, he notes, for unknown reasons.

On the bright side, this strikes me as the kind of attack that can only work once. And if once it is, Bushehr seems like a worthy target. On the downside, however, this category of attack seems like it could have almost infinite possibilities. It suddenly makes all those implausible plot lines on 24 seems terrifyingly plausible after all.

(Via Stewart Baker, of course.)

FOLLOW THE MONEY

Corporations and billionaires don’t fund journalism like ours that exists to shake things up. Instead, support from readers allows Mother Jones to call it like it is without fear, favor, or false equivalence.

And right now, a longtime friend of Mother Jones has pledged an incredibly generous gift to inspire—and double—giving from online readers. That's huge! Because you can see that our fall fundraising drive is well behind the $325,000 we need to raise. So if you agree that in-depth, fiercely independent journalism matters right now, please support our work and help us raise the money it takes to keep Mother Jones charging hard. Your gift, and all online donations up to $94,000 total, will be matched and go twice as far—but only until the November 9 deadline.

$400,000 to go: Please help us pick up the pace!

payment methods

FOLLOW THE MONEY

Corporations and billionaires don’t fund journalism like ours that exists to shake things up. Instead, support from readers allows Mother Jones to call it like it is without fear, favor, or false equivalence.

And right now, a longtime friend of Mother Jones has pledged an incredibly generous gift to inspire—and double—giving from online readers. That's huge! Because you can see that our fall fundraising drive is well behind the $325,000 we need to raise. So if you agree that in-depth, fiercely independent journalism matters right now, please support our work and help us raise the money it takes to keep Mother Jones charging hard. Your gift, and all online donations up $94,000 total, will be matched and go twice as far—but only until the November 9 deadline.

$400,000 to go: Please help us pick up the pace!

payment methods

We Recommend

Latest

Sign up for our free newsletter

Subscribe to the Mother Jones Daily to have our top stories delivered directly to your inbox.

Get our award-winning magazine

Save big on a full year of investigations, ideas, and insights.

Subscribe

Support our journalism

Help Mother Jones' reporters dig deep with a tax-deductible donation.

Donate