Experts say Stuxnet worm could be state-sponsored (podcast)

Symantec and TrendMicro researchers agree that the worm, which some say was designed to attack a nuclear power plant in Iran, was so sophisticated that it was likely "state sponsored."

Could worms like Stuxnet threaten nuclear plants? Paul J. Everett via Flickr Creative Commons

The Stuxnet computer worm that may have been designed to attack a nuclear facility in Iran could have been state sponsored, according to two security experts with whom I spoke.

"We can tell by the code that it's very, very complex to the degree that this type of code had to be done, for example, by a state and not, for example, some hacker sitting in his parents basement," said Symantec security researcher Eric Chien. Chien added, however, that "there's nothing in the code that points to the particular author" or "what their motivation is." (Scroll down to listen to entire Chien interview.)

TrendMicro security researcher Paul Ferguson agrees that Stuxnet was likely state-sponsored. "The amount of technical expertise that went into this doesn't appear to have been by some random lone individual person because they would have had to have access to these systems to develop this."

Not necessarily aimed at Iran nuke
Ferguson could not confirm that the target was an Iranian nuclear plant. "That is purely speculation at this point, there have been lots of theories as to what the target was." He said it could also have been aimed at oil and gas facilities or other installations that use Siemens control systems, which were specifically attacked, he said. (Scroll down to listen to entire Ferguson interview.)

Serious threat
Both Chien and Ferguson said this type of code is a major security concern. "For the broader population, this is definitely a new generation of attack. We're not talking any more about someone stealing someone's credit card numbers, what we're talking about is someone being able to, for example, cause a pipeline to blow up or cause a nuclear centrifuge to go out of control or cause power stations to go down. So we're not taking about virtual or 'cyber' sort of implications here, what we're talking about are real life implications."

Ferguson said "it is a big deal because the utility companies, and manufacturing communities and the power companies and gas and oil companies for years have been using closed propriety systems to manage their infrastructure and over the course of the past few years they've been making business decisions to use off-the-shelf software like Windows." He added that now we're seeing the same threat as with other networks as facilitates are connected to the Internet or allow access to thumb drives. This type of threat, according to Ferguson, is "absolutely new and that's why a lot of people in the intelligence community, in the Department of Homeland Security and different governments around the world are really kind of spooked by this development. It shows the targeted nature and sophistication of the criminal/espionage aspect to this."

Podcast interviews with Chien and Ferguson

Click links below to listen to separate podcast interviews with Symantec's Eric Chien and TrendMicro's Paul Ferguson.

Symantec's Eric Chien

Podcast


TrendMicro's Paul Ferguson

Podcast


Subscribe now: iTunes (audio) | RSS (audio)
About the author

Larry Magid is a technology journalist and an Internet safety advocate. He's been writing and speaking about Internet safety since he wrote Internet safety guide "Child Safety on the Information Highway" in 1994. He is co-director of ConnectSafely.org, founder of SafeKids.com and SafeTeens.com, and a board member of the National Center for Missing & Exploited Children. Larry's technology analysis and commentary can be heard on CBS News and CBS affiliates, and read on CBSNews.com. He also writes a personal-tech column for the San Jose Mercury News. You can e-mail Larry.

 

Join the discussion

Conversation powered by Livefyre

Don't Miss
Hot Products
Trending on CNET

HOT ON CNET

Point-and-shoot quality with your phone?

Upgrade your camera photo game with these great additions.