Security Recap: Stuxnet, China Internet 'Hijacking' Allegations Lead News

New revelations about the Stuxnet worm as well as a report about Internet traffic being rerouted through servers in China led security news during the past week.

Cyber-security took a political bent this past week due to discussions of Stuxnet's true target and allegations that a Chinese company had caused Internet traffic to be rerouted through servers in China.

The allegations against China Telecom were aired in a report to Congress by the U.S.-China Economic and Security Review Commission. In the report, the commission wrote that on April 8 the company had "advertised erroneous network traffic routes that instructed U.S. and other foreign Internet traffic to travel through Chinese servers."

"Other servers around the world quickly adopted these paths, routing all traffic to about 15 percent of the Internet's destinations through servers located in China," according to the report. "This incident affected traffic to and from U.S. government ('.gov') and military ('.mil'') sites, including those for the Senate, the army, the navy ... and many others. Certain commercial websites were also affected, such as those for Dell, Yahoo, Microsoft and IBM."

Initial media reports that 15 percent of all Internet traffic had been hijacked were overhyped, security researchers told eWEEK. In its report, the commission stopped short of stating anything had been done deliberately, but noted "the capability could enable severe malicious activities."

Meanwhile, researchers continued peeling back the layers of the Stuxnet worm, this time uncovering evidence that the malware could have been meant to disrupt nuclear programs. According to Symantec, the worm targets frequency converter drives, which are used to control the speed of motors.

"Stuxnet monitors the current operating frequency of these motors, which must be between 807Hz and 1,210Hz, before Stuxnet modifies their behavior," explained Eric Chien, technical director of Symantec Security Response. "Relative to the typical uses of frequency converter drives, these frequencies are considered very high-speed and now limit the potential speculated targets of Stuxnet. We are not experts in industrial control systems and do not know all the possible applications at these speeds, but ... efficient low-harmonic frequency converter drives that output over 600Hz are regulated for export in the United States by the Nuclear Regulatory Commission as they can be used for uranium enrichment."

This added to speculation that the true target of the worm was Iran's nuclear program. On Nov. 17, the U.S. Senate committee on Homeland Security and Government Affairs held a hearing with experts that touched on the worm, which was called a "game-changer" by Sean McGurk, acting director of the Department of Homeland Security's National Cybersecurity and Communications Integration Center.

"We have not seen this coordinated effort of information technology vulnerabilities [and] industrial control exploitations completely wrapped up in one unique package," McGurk said.

Elsewhere in the world of security, Facebook discussed with eWEEK some of the details of its security plans for Facebook Messages, and Adobe Systems made good on its promise to bring sandboxing technology to bear in Adobe Reader X for Windows users. According to Adobe, the technology is similar to what Google and Microsoft have implemented in Chrome and Office 2010 Protected Viewing Mode, respectively.

"While sandboxing is not a security silver bullet, it provides a strong additional level of defense against attacks as software vendors work on reducing both the frequency and the impact of security vulnerabilities," an Adobe spokesperson said.