29 September 2010

Advanced Cyberweapons Cause Physical Damage

Aviationweek warns that sophisticated algorithms that can destroy sensitive equipment at a distance are out there and are being used. Cyberwar...coming soon to a computer near you!
Evidence is mounting that not only have long-range cyberweapons capable of inflicting physical damage been invented, they also are being used both in tests and operationally.

Idaho National Laboratory created a 21-line piece of software code for an “Aurora test” that introduced destructive instructions into a closed computer network that “caused the generator to blow up,” said Rep. Jim Langevin (D-R.I.) during a House Armed Services subcommittee hearing Sept. 23. The 2007 test indicates that this kind of cyberweapon “is not just sitting around on a shelf somewhere.”

The Aurora test’s target was a $1 million, diesel-powered, industrial electrical generator. The software caused the machine’s circuit breakers to cycle on and off rapidly, causing vibrations so pronounced that the machine spewed black smoke and ground to a halt.

In June, a malicious code named “Stuxnet” — designed to attack precise elements of very specific pieces of equipment, perhaps even operating in closed networks — was identified by German researchers. In at least one press story, the worm was said to have attacked operating systems by exploiting a vulnerability in some versions of Microsoft Windows; it is now said to have been patched.

The code has infected thousands of machines in Pakistan, Iran, Indonesia and India, but has not been associated with any actual damage. The cyber-worm has not been identified in any U.S. systems, a DHS official says.

Department of Homeland Security officials have judged that recent press accounts concerning Stuxnet contain a great deal of speculation. Doubts surround the postulated possible target — Iranian defense industries — and the author of the cyber-worm. Some are theorizing that it came from Israel’s cyberwarfare organization, which is a closely guarded operation within the General Staff.

Stuxnet is “definitely not the world’s first” known cyber-superweapon designed to destroy Scada [supervisory control and data acquisition] networks like those that run factories, refineries, pipelines, utilities and nuclear power plants,” says a veteran cyber-warrior with insight into current operations. “Some of the techniques described [in a recent Christian Science Monitor story] are not feasible given how Scada system are or are not connected to other networks. [As a better model] you need to look at the [Aurora] test that was done to destroy power generators a few year back.”

The U.S., China, Russia and Israel are not the only countries that write sophisticated algorithms and design them into computer worms and viruses, noted U.S. Army Gen. Keith Alexander, who testified to the full House Armed Services committee on Sept. 23.

“Attribution [of a cyber-attack]—saying specifically if the problem was caused by one nation-state or another—is difficult,” Alexander says. Asked to evaluate peer competitors of the U.S., he points out that, “In cyberspace it’s not [so much about] the size of the country as it is the [skills of the people] creating the software. There are a number of countries that are near-peers to us in cyberspace and it is a concern. Others can have an asymmetric capability and advantage.”
By: Shelldrake

No comments: