Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cloud
    • Cloud
    • Cybersecurity
    • Networking

    Stuxnet Turns USB Memory Sticks into Weapons of Mass Destruction

    Written by

    Wayne Rash
    Published February 16, 2011
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      This story starts at the Washington, D.C., Auto Show, which is held at the end of January each year. While I was at the show, one of the people at the Land Rover display handed me a USB memory stick. I assumed that it contained a brochure or something similar, so I put it into my pocket and took it home. There, I promptly forgot about it.

      Fast forward a few days and the device appeared on my desk, so I did what you’re not supposed to do, and plugged it into my USB port, assuming that Norton would block any bad stuff. Apparently there wasn’t any bad stuff, but what alarmed me was that this USB memory didn’t appear on my desktop as a removable drive-it simply launched a video showing me a new model of the Range Rover. I couldn’t detect the device as a removable drive, so I couldn’t reformat it for some other use. Instead, I tossed it into the trash before the video got going.

      The reason this alarmed me is that it demonstrated how easy it is to insert and execute software, good or bad, without the user knowing. Had this same USB memory module contained Stuxnet, my computer might have been infected. This is exactly what happened a couple of years ago in Iran when the Israeli Defense Forces quietly planted some USB memory sticks in places frequented by Iranian nuclear engineers. Like everyone else, they popped the devices into their computers and the rest is history.

      Apparently the insertion of the USB device into the respective computers worked much like the one that showed me the Land Rover video. As soon as the device detected the insertion, it went to work and never waited for permission or a mouse click or whatever. Unlike the video, this worm never gave any indication that it was setting itself up and running. Instead, the software quietly installed itself and then took over the control computers for Iran’s uranium centrifuges. It caused the centrifuges to overspeed until they were destroyed, while reporting to the operators that everything was normal.

      While virtually every computer infected by Stuxnet is in Iran, or belongs to a company with a presence in Iran, that doesn’t mean that you’re in the clear. Now that Stuxnet has been out for a while, it’s only a matter of time before malware producers use the delivery mechanism to attack other targets.

      Time to Put Restrictions on USB Use

      While the major anti-malware makers say they’re ready, most of those are assuming that the new Stuxnet-like malware will be delivered over the Internet. But suppose some infected USB sticks are mixed in with the info kits delivered at a trade show?

      You know how those work: Companies hand out logo-imprinted USB memory devices like they were candy and people take them back to the office and try to use them. Frequently the goal is to erase the brochure and use the memory. But in the case of USB drives, they’d be infected before you could look at the first file. You could bring down an entire industry if you chose your target well.

      And that’s the problem with this sort of removable mass storage. It’s all too common for people to get USB memory or CD-ROMs that they want to put into their computers and either look at the information or use the memory. But it’s very easy to infect these devices and use them as a vector for a massive infection.

      To prevent this, you have a couple of choices. The first is to buy computers without USB ports, but that move has its own set of problems. The second choice is to manage your removable storage so that it can only do certain things. For example, set a USB port so it can only run a keyboard or mouse, but not use mass storage. Or you can set a CD drive so it can’t execute programs.

      Either choice will likely cause complaints in the user community, but that may not matter. It’s very likely that most users won’t have a business-related reason for looking at these devices or using the media, and you can always enable access on a case by case basis if they do.

      But that’s only part of the solution. You have to also educate users to not do what I did. By that I mean they have to really believe that they shouldn’t just put a USB stick or CD of unknown origin into their computers. All I got for my lapse in judgment was a brief look at a new Range Rover. But it could have been much worse. I was lucky, but next time I need to be smart enough to follow my own advice.

      You’re invited to laugh at me or even point fingers and make gestures. I deserve it. Just don’t make the same mistake.

      Wayne Rash
      Wayne Rash
      https://www.eweek.com/author/wayne-rash/
      Wayne Rash is a content writer and editor with a 35-year history covering technology. He’s a frequent speaker on business, technology issues and enterprise computing. He is the author of five books, including his most recent, "Politics on the Nets." Rash is a former Executive Editor of eWEEK and a former analyst in the eWEEK Test Center. He was also an analyst in the InfoWorld Test Center and editor of InternetWeek. He's a retired naval officer, a former principal at American Management Systems and a long-time columnist for Byte Magazine.

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×