Stuxnet Worm Targets Siemens Industrial Control Systems
In control systems (and entertainment control systems especially), we've long benefited from a security standpoint from being a small, relatively obscure field. If you want to write a virus or malware, you wouldn't likely get much of a result if you targeted show systems. And if you really were that good of a hacker and interested in shows, you'd probably already be hacking for an audience (the name of a talk I gave at The Next Hope hacker conference over the summer--audio and slides posted here).
Listening to the podcast from last night's Off the Hook show, I heard about a very powerful worm that specifically targets Siemens industrial control systems, which are used to control the machinery on many large shows. The virus is spread using USB drives, and may have been written by a nation-state to target Iranian reactors (which apparently use Siemens control systems). The stuxnet worm was discovered over the summer, and noted security blogger Bruce Schneier posted some interesting links here.
This brings up, once again, the vulnerability of USB drives which I wrote about recently here. Coincidentally, at school right now we're suffering from USB-spread malware that Symantec Endpoint Protection will not find or address, and this makes me want to just cement up those USB ports.
John Huntington
More about the Iranian theory here on Boing Boing.
John Huntington
Bruce Schneier has more details:
New research, published late last week, has established that Stuxnet searches for frequency converter drives made by Fararo Paya of Iran and Vacon of Finland. In addition, Stuxnet is only interested in frequency converter drives that operate at very high speeds, between 807 Hz and 1210 Hz.The malware is designed to change the output frequencies of drives, and therefore the speed of associated motors, for short intervals over periods of months. This would effectively sabotage the operation of infected devices while creating intermittent problems that are that much harder to diagnose.
Low-harmonic frequency converter drives that operate at over 600 Hz are regulated for export in the US by the Nuclear Regulatory Commission as they can be used for uranium enrichment. They may have other applications but would certainly not be needed to run a conveyor belt at a factory, for example.
John Huntington
More fascinating info in a detailed Fox New article here.
Reader Comments (2)
The name of the company mentioned on the article http://www.bbc.co.uk/news/technology-11388018 is "Siemens", not "Seimens"
Siemens is a well known manufacturer if industrial control systems and there has been some issues lately found on their systems security.
I have not heard of company "Seimens" and Google did not give anything either....
D'Oh! My mistake--that's what I get for writing a post in the middle of the day when I was doing 12 other things at once. Of course it is Siemens, http://www.siemens.com/entry/cc/en/. I've been using their stuff since the 1980's so I should have known better. I've corrected it now, but unfortunately that also broke the link to this page.
Thanks for pointing this out.