Stuxnet Worm: Prime Example of What Can Happen

By Chris Preimesberger  |  Posted 2010-12-27 Print this article Print

The Stuxnet worm, which appeared in July 2010, was a prime example, "wreaking havoc on the Iranian nuclear facilities," Crosby said.

Stuxnet exploited four zero-day vulnerabilities in Windows and a vulnerability in Windows' Print Spooler service to do its dirty work. Early versions of the virus abused Windows' AutoRun feature in an effort to infect industrial control systems, Symantec revealed in September.

"The interesting departure [this year] is that we have started to see nation-states play an active role in these attacks," Crosby said. "That is more threatening than the traditional bad guys who spam you with email or blackmail the gambling sites to say, 'Your site's going to be down until you pay me some money.' "

Crosby said that all these concerns point to the cloud as the best place to maintain a "survivable" application.

"Here's a good example: Visa was nailed by the anonymous crew on WikiLeaks. But Amazon didn't even blink when Anonymous pointed 10 gigabits of traffic at it. Amazon has this massive cloud that's redundant, has multiple availability zones spread around geographical regions, and so on. So if you want to make your application survive a big attack, the place to run it is called the cloud."

This is probably counter to what most people think in response to these attacks, Crosby said.

"Most people are going to want to close all the boundaries, run a private cloud, and get my head down in my bunker and hope that I'm secure," he said. "But in that situation, you are more vulnerable than if you are automated. People are running around your infrastructure with USB sticks and everything else. That's how WikiLeaks happened."

When nation-states start pouring defense budget-sized amounts of money into cyber war, then we will see "very interesting attacks," Crosby said. It has been estimated that it cost somebody "on the order of $10 million" to build Stuxnet, for example, Crosby said.

"We don't know where it [Stuxnet] came from, but it's pretty clear that it was organized by a nation-state because of the sophistication of the attack," Crosby said. "Most attacks use a single vulnerability; Stuxnet used four--four that were previously unknown to anyone, including Microsoft. So that basically suggests that somebody had the Windows source code and used it [for that attack]."

Access to source code a major problem

Many governments have access to this source code, he said.  Stuxnet also targeted very specific enterprise devices, Crosby said, and was not aimed at the average consumer.

"It was clearly targeted for political reasons, it cost a lot of money to do, and it was very robust," Crosby said. "It still has not been cleared; it's out there causing havoc."

This trend is going to make IT managers sit up and take notice, he said.

"You may say, well, I have good people and procedures in place, but the more people you have involved, the more vulnerable you are--either through mistakes or deliberate sabotage," Crosby said.

"That basically says you need to get on the cloud."

Bradley Manning, the U.S. military IT assistant implicated in the WikiLeaks controversy, used a USB stick on a PC to access most of the information that ended up being published on the site.

"Now, if that organization had been using desktop virtualization, that would never have been allowed to happen. Every single device on every client is policy controlled for access, and you can shut these off. Any properly automated cloud would have prevented WikiLeaks from happening," Crosby said.

Prior to founding XenSource, Crosby was the founder of CPlane Inc., a network-optimization software vendor, where he held a variety of executive roles. Before CPlane, Simon was a tenured faculty member at the University of Cambridge, UK, where he led research on network performance and control, and multimedia operating systems.

He is author of more than 35 research papers and has patents on a number of data center and networking topics, including security, network and server virtualization, resource optimization and performance. In 2007, Simon was named one of InfoWorld's Top 25 CTOs.

Chris Preimesberger Chris Preimesberger was named Editor-in-Chief of Features & Analysis at eWEEK in November 2011. Previously he served eWEEK as Senior Writer, covering a range of IT sectors that include data center systems, cloud computing, storage, virtualization, green IT, e-discovery and IT governance. His blog, Storage Station, is considered a go-to information source. Chris won a national Folio Award for magazine writing in November 2011 for a cover story on and CEO-founder Marc Benioff, and he has served as a judge for the SIIA Codie Awards since 2005. In previous IT journalism, Chris was a founding editor of both IT Manager's Journal and and was managing editor of Software Development magazine. His diverse resume also includes: sportswriter for the Los Angeles Daily News, covering NCAA and NBA basketball, television critic for the Palo Alto Times Tribune, and Sports Information Director at Stanford University. He has served as a correspondent for The Associated Press, covering Stanford and NCAA tournament basketball, since 1983. He has covered a number of major events, including the 1984 Democratic National Convention, a Presidential press conference at the White House in 1993, the Emmy Awards (three times), two Rose Bowls, the Fiesta Bowl, several NCAA men's and women's basketball tournaments, a Formula One Grand Prix auto race, a heavyweight boxing championship bout (Ali vs. Spinks, 1978), and the 1985 Super Bowl. A 1975 graduate of Pepperdine University in Malibu, Calif., Chris has won more than a dozen regional and national awards for his work. He and his wife, Rebecca, have four children and reside in Redwood City, Calif.Follow on Twitter: editingwhiz

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel