Stuxnet Virus - Research Paper Example

? Full Paper Introduction The world is evolving with advanced computing integration in almost every industry. Countries are integrating critical infrastructure “refers to processes, systems, facilities, technologies, networks, assets and services essential to the health, safety, security or economic well-being” (Critical infrastructure). The integration of advance computing infrastructure is installed for operating services related to E commerce, industrial and financial sector. New innovative integration of system control and data acquisition (SCADA), military defense systems, and financial systems operate on the Internet. The critical infrastructure of any country consists of composite, self-governing and cyber based resources, which is vital for the nation’s financial system and supervision. It is concerned with communications, transportation, water supply, energy, emergency services, and banking and finance. On the other side, vulnerabilities also emerged causing disruption to the critical infrastructure affecting in several ways. Although there are many vulnerabilities, cyber attacks are the most prominent one. Cyber attacks approach the target in a nontraditional way. Due to inequity in the military strengths, hackers attack this critical infrastructure affecting both the economy as well as the military sector of the country (SANS: Critical infrastructure protection). Economy of countries adopting a computerized critical infrastructure relies on cyber-supported infrastructures, enabling hackers to attack on the information systems and the infrastructure to damage the economy and military strength (SANS: Critical infrastructure protection). Thousands of new cyber attacks categorized with ‘Major’ and ‘Minor’ are penetrated on the Internet daily. The focus is the power sector of the United States including websites of Poland, South Korea and United Kingdom. They all have witnessed cyber attacks in past few months. Different schools in various states of America have lost millions of fraudulent wire transfers (Shackelford, 2010). Cyber attacks are intelligent as well as organized. Once the network is hacked, they install small lop holes or software intruders for giving hackers access whenever they want to access the network again. In simple words, one can say that, it is a computer-to-computer attack to steal the confidential information, integrity or the data presently available on the network. The attack adopts a calculated approach to modify action against data, software and hardware in both computers and networks (Denning & Denning, 2010). It is essential to define a solid network defense for handling cyber attacks. The government or the private sector could operate it, both Networks provide opportunities for hackers to intrude the destination remotely and take control of the capabilities and resources these devices has. The impact of hacking in these systems is devastating. For example, hackers may gain access to the military radar systems, credit card data stolen, data stolen from the Federal Bureau of Investigation (FBI) has revealed secret agents, and now their life is at risk etc. The capacity of these attacks impact on the country’s economy, security and financial stability. They breach government networks that are directly related to national services. ‘Stuxnet’ The most destructive virus or worm was discovered in June 2010 named as ‘Stuxnet’. It was classified as a ‘worm’. Network dictionary provides a comprehensive definition of a ‘worm’ that states as “A destructive program that replicates itself throughout a single computer or across a network, both wired and wireless. It can do damage by sheer reproduction, consuming internal disk and memory resources within a single computer or by exhausting network bandwidth. It can also deposit a Trojan that turns a computer into a zombie for spam and other malicious purposes. Very often, the terms "worm" and "virus" are used synonymously; however, worm implies an automatic method for reproducing itself in other computers.” As Sean McGurk the acting director of the National Cyber security and Communications Integration Center in the U.S. Department of Homeland Security identifies Stuxnet’ as a game changer for every sector or industry that is equipped with a computer network. ‘Stuxnet’ is fully compatible to conduct a data theft, by modifying the files of the applications that are incorporated with industrial systems, without showing its presence (GROSS, 2010). He further said, “We have not seen this coordinated effort of information technology vulnerabilities and industrial control exploitation completely wrapped up in one unique package” (GROSS, 2010). The virus was developed to target a specific type of equipment installed in the industry. For instance, it can affect high frequency convertors contribute massively for Uranium enrichment. The density level of ‘Stuxnet’ is considered by the fact including a report demonstrating the initial discovery of this virus consisting of more than half the instances. Moreover, the report identified the emergence of this virus from Iran. As previously, some problems were identified in Iran’s uranium enrichment facility. These facts concluded by some analyst were to relate this virus from an example of ‘cyberwarfare’ that was purposely built for Iran’s controversial nuclear facility. However, Iran’s government refused for any possible issues due to ‘Stuxnet’ (Stuxnet (computer virus).2010). ‘Stuxnet’ is a software program or ‘Worm’ that infects the industrial control systems. The complexity of the virus indicates that it has been developed by the group of expert hackers funded by a national government. The software does not indicate that it has been developed by hacker or cyber criminals (The meaning of stuxnet2010). The security experts break the cryptographic code of the virus to peek in and identify the objective and working methodology. After analyzing the behavior of the virus, Initial thought of the experts were that the virus is tailored for stealing industrial secrets and factory formulas. The formulas can be used to build counterfeit products. This conclusion went wrong when Ralph Langner, who is an expert of the industrial system security revealed that the virus targets Siemens software systems. He also published that the virus may have been used to sabotage Iran’s nuclear reactor. Langner simulated Siemens industrial network to test the activity of the virus (Stuxnet virus may be aimed at Iran nuclear reactor - ComputerworldUK.com ). This proved to be right as an article was published on ‘www.computerworld’ regarding “Officials in Iran have confirmed that the Stuxnet worm infected at least 30,000 Windows PCs in the country, multiple Iranian news services reported on Saturday.”Langner reveals that when the virus achieve its target at the last level, it modifies itself to a Siemens code named as “Organization Block 35”. The default functionality of this Siemens component monitors the vital factory operations within 100 milliseconds by modifying itself to a Siemens critical component (Stuxnet virus may be aimed at Iran nuclear reactor - ComputerworldUK.com). The ‘Stuxnet’ virus can cause a refinery centrifuge to malfunction. This is not the end as it can attack other targets too . The CRS synopsis consisting of eight pages warns analyst and researchers. "Depending on the severity of the attack, the interconnected nature of the affected critical infrastructure facilities, and government preparation and response plans, entities and individuals relying on these facilities could be without life sustaining or comforting services for a long period of time"(Clayton, 2010). The study further concluded, “The resulting damage to the nation's critical infrastructure could threaten many aspects of life, including the government's ability to safeguard national security interests” (Clayton, 2010) Most Unique Malware An organization named as Belarus revealed ‘Stuxnet’ that was considered as a threat for industries connected on the critical architecture. However, the primary objective was to take control of the centrifuges that are used for uranium enrichment. The enrichment of uranium is the first step before developing an atomic bomb. Moreover, the next five months were also vulnerable for network security as particulars of unlawful programs were revealed. Likewise, ‘Stuxnet’ became the first unique malware discovered until now. As there is no cure and an antivirus that can prevent ‘Stuxnet’, scientists believe that finding from the government is required for developing a tool to prevent ‘Stuxnet’ (Stuxnet (computer virus).2010). As per (Republicaninvestor.com » new york times ) Symantec corporation, an antivirus development company reports 44,000 instances of ‘Stuxnet’ virus in November 2010 that are found from various sources around the globe. The categorization of country wise results states approx 60% were reported from Iran and 1600 were reported in the United States (Republicaninvestor.com » new york times). Impact on the Industry Internet vulnerabilities are known to everyone. Denial of service, threats, viruses, Trojans, backdoors, spam, mal ware, root kits etc. are all associated to the Information technology. The integration of computing technologies to the industry contributing to the economy has facilitated to a great extent. “A SURVEY of more than 900 IT managers shows that adoption of encryption in their organizations is being driven by two main factors, anxiety about possible cyber attacks and the need to meet the payment-card industry (PCI) data security standards” (Wong, 2011). Cyber attacks affect organizations in several ways. As the cyber attacks become more dominant and aggressive, they can severely harm critical databases, Interrupt services running on a background and portray catastrophic financial damage (Financial sector « core security technologies). Worms affect financial institutions more than any other sector. The priorities for selecting financial institutions are the transactions that are conducted online. The objectives of hackers are to steal the credentials of the online shopper. That is why the financial institutions received the most Worm attacks. The economic impact of cyber threats would be the physical damage to the critical structure in terms of breaching security and taking control of the devices and equipments on the network. The impact would be to blow the power generators, oil refinery, chemical distribution pipes chemical leakage in to clean drinking water, disrupting the tunnel train by changing their routes, and killing people is also part of this process. Financial impact involves the theft of organizations critical data which is also called business information. This is a critical threat because the organizations bear more cost for the missing data as compared to the online fraud of credit cards. The business theft portrays a severe damage to the organizations, they lose their business, they lose their customers, and their presence in the global economy. For providing electric power from the power producers, the data related to transmission and distribution needs to be shared between them. In order to communicate, a network with different protocols containing the Quality of Service (QoS) is implemented. The infrastructure of the oil and electrical industry is build to provide performance rather than security. The software on which these equipments operate follows a proprietary standard emphasizing on functionality rather than security. The power grid development and installation is going on a rapid pace for meeting the demands. The automation systems in the oil and power industry is tailored from legacy and new modules. There is no room for added network functionality features the systems may support. The network security features are designed for the Information systems, and does not require performance requirements (Wei et al., ). As mentioned previously, ‘Stuxnet’ was specifically designed to disrupt and take control of equipments and devices, which contributes for industrial processes. For instance, many industrial processes are reliant on motors based on gears. The gears change speed level in the process of uranium enrichment. The instances of ‘Stuxnet’ were found in Iran, imposed a negative impact on motors that were connected to centrifuges. ‘Stuxnet’ can make the rotations of these motors too fast, resulting in rotation failure or gears are also modified to reduce or increase the speed of motor rotations. Consequently, these actions destroy the result that is required. Moreover, some characteristics of this virus illustrated travelling paths from personal computers including Microsoft windows environments to computers that are manufactured by Siemens. This German company was specialized to control many industrials operations including centrifuges that are used in the initial stages i.e. uranium enrichment (Stuxnet (computer virus).2010). Functionality ‘Stuxnet’ aims for specific types of power supplies called as frequency convertors. These frequency convertors regulate the speeds of these motors by modifying the charge of electric power transmitted. ‘Stuxnet’ dominates the device that modifies the electric charge by which these motors vary there speeds. ‘Stuxnet’ would result in incorrect results or may lead to a hardware failure can increase the charge. The Symantec report illustrates it as “Stuxnet is a highly complex virus targeting Siemens' SCADA ["supervisory control and data acquisition"] software. The threat exploits a previously unpatched vulnerability in Siemens SIMATIC WinCC/STEP 7 (CVE-2010-2772) and four vulnerabilities in Microsoft Windows, two of which have been patched at this time (CVE-2010-2568, CVE-2010-2729). It also utilizes a rootkit to conceal its presence, as well as 2 different stolen digital certificates” (Stuxnet (computer virus).2010). ‘Stuxnet’ Approach A study conducted by software professionals revealed that the approach of ‘Stuxnet’ follows by penetrating within the networks by moving from one workstation to the other. Moreover, USB flash drives are also dominated as employees tends to exchange data from their personal computer to the office computer. Likewise, from office computers, there viruses travels and finds the security control and data acquisition systems controlled by software developed by Siemens (German electronics company). After breaching the controlling application or software, the next and last target is to dominate the automated frequency convertors Stuxnet (computer virus).2010). Furthermore, western software engineers evaluated various account in a windows environment. They revealed that ‘Stuxnet’ bypasses via personal computers security, as they were the host on the network. In the elevation of privileges, two bugs were identified i.e. bugs and print spooler bug. Consequently, any computer having similar configuration is vulnerable to this virus (Stuxnet (computer virus).2010). Targets Until November 2010, ‘Stuxnet’ was identified in Indonesia, Iran, India and United states. However, the most occurrences were in Iran. As studies demonstrates the dominance and purpose of this virus is to interrupt the process of uranium enrichment (Stuxnet (computer virus).2010). Iran was the victim many times as former deputy director of the International Atomic Energy Agency (IAEA) Olli Heinonen said “Iran had experienced problems with the centrifuges used to enrich uranium, and that the problems could have been , but were not necessarily, caused by Stuxnet”. Similarly, in November 2010, Iranian Vice President Ali Akbar Salehi , who was heading the nuclear project said, “from more than a year ago, Westerners tried to implant the virus into our nuclear facilities in order to disrupt our activities, but our young scientists stopped the virus at the very same spot they wanted to penetrate” (Stuxnet (computer virus).2010). Developer of ‘Stuxnet’ As per June 2010, no one still has been identified as an owner or developer of ‘Stuxnet’. However, predictions from scientists and experts clearly illustrates the intelligence of this virus is not a work of an expert individual. There is a strong possibility that government agencies are involved for the development of ‘Stuxnet’, as this virus aims to a ‘cyberwarare’ in spite of civilian victimization. Conclusion The purpose of constructing the virus is to prevent uranium enrichment. The dominance and presence of this Virus is frequently reported in Iran, concluding that it was primarily designed to interrupt or disrupt uranium enrichment in Iran. The technological nature of Stuxnet’s architecture gave the opportunity to attack personal computers, travel in USB flash drives and attack data acquisition and security systems. Probably, the developer of ‘Stuxnet’ thought that the application developers of industrial system only use Siemens software. However, ‘Stuxnet’ is extremely efficient as it can control the operations of mechanical and electronic equipments. The impacts on the industry and the society can b massive, as any equipment installed in the power generation industry will impose to transmit more current to the electricity highways, resulting in explosions of power transformers along with damaging household electronic appliances. Similarly, military based radar systems can also be dominated by this virus that will result in cyber warfare between two countries. · References SANS: Critical infrastructure protection Retrieved 11/20/2010, 2010, from http://www.sans.org/security-training/critical-infrastructure-protection-12-mid Critical infrastructure Retrieved 5/13/2011, 2011, from http://www.publicsafety.gc.ca/prg/em/ci/index-eng.aspx Stuxnet (computer virus). (2010). Background Information Summaries, , 7-7. Republicaninvestor.com » new york times Retrieved 5/13/2011, 2011, from http://republicaninvestor.com/?cat=240 Denning, P. J., & Denning, D. E. (2010). The profession of IT discussing cyber attack. Communications of the ACM, 53(9), 29-31. doi:10.1145/1810891.1810904 Shackelford, S. J. (2010). Estonia three years later: A progress report on combating cyber attacks. Journal of Internet Law, 13(8), 22-29. SANS: Critical infrastructure protection Retrieved 11/20/2010, 2010, from http://www.sans.org/security-training/critical-infrastructure-protection-12-mid The meaning of stuxnet (2010). Economist Newspaper Limited. Stuxnet virus may be aimed at iran nuclear reactor - ComputerworldUK.com Retrieved 11/20/2010, 2010, from http://www.computerworlduk.com/news/security/3240458/stuxnet-virus-may-be-aimed-at-iran-nuclear-reactor/ Iran confirms massive stuxnet infection of industrial systems - computerworld Retrieved 11/20/2010, 2010, from http://www.computerworld.com/s/article/9188018/Iran_confirms_massive_Stuxnet_infection_of_industrial_systems Wei, D., Lu, Y., Skare, P., Jafari, M., Rohde, K., & Muller, M.Power infrastructure security: Fundamental insights of potential cyber attacks and their impacts on the power grid† 1 Financial sector « core security technologies Retrieved 11/20/2010, 2010, from http://coresecurity.com/tag/financial-sector/ Clayton, M. (2010). Stuxnet 'virus' could be altered to attack US facilities, report warns. Christian Science Monitor, , N.PAG. Wong, R. (2011). Data protection: The future of privacy. Computer Law & Security Review, 27(1), 53-57. doi:10.1016/j.clsr.2010.11.004 GROSS, G. (2010). Stuxnet changed cybersecurity. Network World, 27(22), 10-10. Read More