A good news / bad news worm
Recently the U.S. Secretary of Defense made an ominous prediction: “There is a strong likelihood that the next Pearl Harbor that we confront could very well be a cyberattack.”
Leon Panetta was not alone in his assessment of threats to the United States.
FBI Director Robert Mueller has said, “I do believe that the cyberthreat will equal or surpass the threat from counterterrorism in the foreseeable future.”
In this photo taken Aug. 22, 2010 and released by the International Iran Photo Agency, a worker stands at the entrance of the reactor of an Iranian nuclear power plant. The computer virus Stuxnet targeted Iran's nuclear enrichment facility before being discovered. The virus could be used against other countries, including the U.S. (AP Photo/IIPA, Ebrahim Norouzi)
A ticking clock
And Mike Rogers, the chairman of the Intelligence Committee in the House of Representatives has warned, “We will suffer a catastrophic cyberattack. The clock is ticking.”
Cyberterrorism is not a new concept, but it is not one widely discussed, understood, or even feared by most Americans. We seem much more concerned – justifiably so – about another massive physical attack like 9/11.
But a report on CBS’s TV newsmagazine 60 Minutes, and a detailed report in last July’s Wired Magazine, show just how dangerous a well-designed cyberattack could be on the United States.
The weapon exists
What’s even more worrisome, is that the virus that could wreak such havoc has already been developed, tried and found successful in another part of the world. Worse yet, that malware can be copied by others, may have already been done so, and could be repurposed and used for just a couple million dollars.
That cost is obviously not a factor by a large terrorist group or a failed country’s regime wanting to exact revenge on America.
Stuxnet
The latest and most sophisticated “worm” or malware is called Stuxnet and was discovered accidentally in 2010 as it was attacking the controlling computer in Iran’s nuclear uranium enrichment facility.
That attack had been underway for a year before discovery and had rendered thousands of the plant’s centrifuges – devices used to enrich uranium – useless. Estimates are that Iran’s nuclear production process was set back several years as a result.
A new era
Retired Gen. Mike Hayden told reporter Steve Kroft on 60 Minutes, “We have entered into a new phase of conflict in which we use a cyberweapon to create physical destruction and, in this case, physical destruction in someone else’s critical infrastructure.” That infrastructure could be nuclear plants, massive electrical power grids, water treatment plants, air traffic control facilities, and so on.
As former director of both the CIA and national security, Hayden should know what he’s talking about. He left the CIA in 2009 and refused to speculate to Kroft on any possible CIA involvement.
Although no one has taken responsibility for developing Stuxnet, the only two countries with the capability and motives for damaging Iran’s nuclear efforts in this way seem to be the United States and Israel.
A schematic of a gas centrifuge used for uranium enrichment. Many of these were rendered useless by the Stuxnet worm. (AP Photo/International Atomic Energy Agency)
No takers
Not surprisingly, neither country’s intelligence agencies are taking responsibility for it.
Stuxnet is unlike the millions of other computer viruses in existence. It is not designed to steal passwords or individual identities, and it isn’t out to unleash its attack on all the computers it infects. Instead, it was designed to target and infect one particular computer and to perform a specific task in that computer.
Target: Iran
The computer is the main one at Iran’s Natanz nuclear enrichment plant, and the task was to cause the plant’s centrifuges to spin much faster than they were designed to do, destroying them in the process. If left unchecked, Stuxnet could totally halt the plant’s ability to enrich uranium.
According to Wired Magazine, Stuxnet uses a rare “zero-day” exploit to spread the virus in a computer.
“Zero-days are the hacking world’s most potent weapons: they exploit vulnerabilities in software that are yet unknown to the software maker or antivirus vendors,” writes Kim Zetter. “They’re also exceedingly rare: it takes considerable skill and persistence to find such vulnerabilities and exploit them. Out of more than 12 million pieces of malware that antivirus researchers discover each year, fewer than a dozen use a zero-day exploit.”
What virus?
Another difference between Stuxnet and other computer worms is that this one masked the fact that it even existed. Generally, when a virus attacks a computer, the user is the first to realize it. Not so with Stuxnet. It is left free to do its damage without being readily detected.
In the case of Stuxnet, it was doing its work in the Natanz computer for a year before a computer security firm in Belarus discovered it. By then, thousands of the nuclear enrichment plant’s centrifuges had been destroyed and needed to be replaced.
If all the concern over Stuxnet were related to its ability to halt Iran’s nuclear enrichment program, few in the world would be concerned at all. It would be hard to find any Americans, in fact, who wouldn’t cheer its development.
A reusable weapon
The problem is that a cyberweapon – in this case the Stuxnet malware – doesn’t destroy itself when it is used in the way a missile, bomb, or rocket would. A cyberweapon does its damage and continues to live on.
That means the weapon is still available for use by anyone who can access it.
“There are those out there who can take a look at this, study it and maybe even attempt to turn it to their own purposes,” Gen. Hayden said.
The phrase, “unintended consequences” was used more than once by the sources. In short, it could be used against the United States.
A genie named Pandora
So the genie appears to have escaped the bottle, although repurposing and using it would require a lot of intelligence and a lot of work.
Ralph Langner, a German industrial security expert, said, “You don’t need many billions; you just need a couple of millions. And this would buy you a decent cyberattack, for example, against the U.S. power grid. (And you can access it) on the Internet.
Pesky thing, that Pandora’s Box.
Thank you for joining our conversation on A Virtual Unknown. We encourage your discussion but ask that you stay within the bounds of our commenting and posting policy.
Comments
The topic of cyber technology connected with terrorism is something that is very concerning to me. The group called Anonymous has done some terrorism on our own land already taking down websites like godhatesfags.com for extended periods of time. Although I really don’t like that website, It is wrong to attack people’s websites based on the Kant’s Moral imperative based on the laws of the United States. Suppressing people’s speech is wrong even if they are completely foolish. I completely agree that the next big terrible event will be due to cyber warfare, especially when there are so many people equipped to be able to cause a lot of trouble with their education.
The advances and power of the internet have amazed me. The things that are now possible online and through cyberspace are unparalleled by anything else. I cannot believe that cyber warfare is something that is now not only a possibility but a true threat. It scares me to think how much of our life is reliant on the internet. This obviously has many benefits but now it seems even more obviously, threats.
I am thankful you wrote about the possibilities of cyberattacks. I am not fully eduacted about this concept, but just reading about it alarms me. The very possibility of it is scary even if people are not physically harmed. This raises awareness on the topic, but I think more people should be informed about this. I think knowing this will cause people to think about how they can personally be affected by it, which they can. This cyber terrorism can affect millions of people in a matter of seconds, and that is a scary thought. I am glad government officials are already looking into this and are hopefully setting up precautions just in case it happens. This however gets me to think about what are the ethical approaches to stopping this virus that can happen soon. Is it okay to suppress the people’s right to privacy and to monitor what they do on the internetfor the greater good of preventing a virus? Is it worth it? I, personally, don’t know what the best choice is, but hopefully those in office are taking these situations into consideration.
This is all just fascinating. Not to mention terrifying. I think it’s so fascinating because it is so plausible, science-fiction no more. The thought of a cyber threat that could paralyze our nation is a real possibility. But while this threat is real, it is not healthy for a guy like me to think about for too long. Since I have absolutely no control over anything that happens in this realm, I think I’ll stick to simply using letting the intelligent men and woman who know what they’re talking about deal with this. What could I gain by worrying about such things?
There are a lot of things we feel powerless about, that’s for sure. But we should still be aware so that we elect people we think are responsible to positions of power. That’s about the only kind of control we have.
Gabbie, thanks for the comment. About the only thing we can do as individuals is to elect people we think are responsible to positions of power and to complain to those people when we think thinks are running amok.
http://www.ted.com/talks/lang/en/avi_rubin_all_your_devices_can_be_hacked.html
This is a video about cyber security. Avi Ruben is an expert on computer security systems. He points out that due to the abundance of technology, almost anything can be hacked. In fact, a implanted pacemaker can be wirelessly hacked by individuals to commit murder. He also demonstrates a virus on the iPhone that can use the accelerametor to pick up vibrations from a typing keyboard in order to guess passwords. I am not surprised at all that nuclear power plants are targets for cyber attacks and the next one can very well cause catastrophe.
This article was both interesting and frightening. I have had two computers crash due to a virus. It is scary how a whole computer can crash with just a few clicks. The idea of terrorism attacks through the cyber world sounds all to realistic and plausible because of how advanced the internet is becoming.
Cyber-terrorism will be the next threat posed to America and the world. One of the things that you touched on was that anyone can do it. All you need is the internet and with everything’s personal data on computers or online it sometimes very probable that hackers will hack into other computers from a distant country. If somebody wants to obtain or destroy something, they will find a way to do it. Gandhi said, “If someone wants to kill me, than they will succeed.” The scary part about this threat though is that it is real. The Stuxnet worm, which no one wants to admit creation/responsibility for it, attacked Iran’s nuclear computers. Imagine, if that worm fell into the wrong hands and they launched our nuclear weapons upon the world? Then what? If the Stuxnet hacked Iran’s computers, the most protected computers, than what’s the next move? We have to better protect our computers and ourselves, but what is stopping someone who really wants to do damage to the world? Cyber-terrorism is the new form of terror reigning through the world.
I was very unaware of anything like this existing. With our technology growing today, it does not surprise me that something that I feel would only exist in movies actually exists in real life. It is scary that cyber-terrorism is the new threat, but I still do not understand what exactly it is meant to attack. I see that everyone is concerned about this, but I guess I do not know enough to get the full effect of why this is as scary as everyone makes it sound.
I find it very interesting the notion of having our next big attack be a cyber one. For some reason, it has never occurred to me that this is the type of attack that I believe could do the most damage. So much of our daily world today is through cyberspace. Having the next type of terrorism go through this means can be catastrophic to so many different areas, some of which many will most likely not even recognize as being means of being attacked. A very interesting case.
Wow that was very interesting, I have never ever heard that a malware can be so complex where it can infiltrate a governments power grid, especially the Unites States. That is very scary to think of. But it is also fitting. Technology is advancing so rapidly that I am not even that surprised that a cyber attack is highly possible. Even if they were to do something small like destroy the internet in our country, so many people would freak out, including me. I rely on technology every single day, and I cannot even slightly imagine not having it for a whole day. So crazy. I hope that a cyber attack does not happen and I hope our country is sophisticated enough to be able to catch some malware before it even reaches us.
I really enjoyed reading this post, I found it so fascinating. I never had any idea this was going on or there was even a possibility of this to be honest. I can see how a cyber attack could cause a lot of problems for us but I don’t really see how it could compare to 9/11. If a cyber attack would take the internet from us I can see how it would cause havoc around the whole business world and basically any industry but can it really be that detrimental to our country?
This article is very interesting to me. I never connected cyber technology to terrorism before, but after reading this article, I definitely see the connection and it’s actually very discomforting and stressful to me. With the ability to worm a persons computer, there is so much damage that can be done and its really surprising. By just random, everyday people deciding that they want to worm peoples computers, simply because they have the knowledge and ability to, but not because the government ordered it, it could completely destroy a country. Is there a way to be ready for this kind of “attack?” Or a way to fix it? Who knows…
The idea of viruses attacking personal computers and corporations is familiar to me, but before reading this post I was not aware of how bad viruses can actually be. It’s so scary to think that someone can take down an entire nation from thousands of miles away simply through computers. When people talk about terrorists attacks, I picture bombs and explosions, not computer viruses, but with the way technology is advancing that may be the direction terrorism is heading. What is even scarier is it is much more difficult to prevent. Attacks like September 11th can be are less likely to happen again due to increased security measures, but no matter how many firewalls are made there will always be people working on a way to get past them.
This is extremely frightening to me. I have a Mac laptop and have convinced myself that there is no possible way I will get a virus, however I know this is not true. It should not be surprising that a virus like this exists. With all of the technology that we have these days, something like this is bound to happen. It is actually quite smart and I only wish that the US could be the one to use it. Although a cyberattack would seem not as bad because no one would physically die, people would die on the inside. We so heavily rely on our computers, and technology in general. To have it threatened, or even destroyed seems tragic. Hopefully this virus can be destroyed before it attacks the US or any other country. It was great reading about it and being informed because I never imagined something like this actually existed.
I found this blog post to be the most interesting yet because I, like the article said, had never even thought or heard about the idea of a physical attack. I think this is because it doesn’t present any “physical” damage to me like most “attacks” that we think of would. It is also interesting to me looking at this from a psychological aspect that people aren’t the least bit concerned or even knowledgable about this because it doesn’t directly effect them (not yet anyways). It is scary to think that someone had the capabilities to plant a worm in a factory that was producing Uranium for Nuclear weapons. I feel like out of all facilities, that is the one type that would make sure to have their security up to par since the material they are working with can be catastrophical when used or put in the wrong hands. I though Danika made a good point by mentioning that those of us with macbooks for some reason think we are invincible and that a virus would surely never be able to take over out laptop.
It is no surprise that no is fessing up because let’s be honest, why would you? Literally nothing good will come from that and who ever the genius was that developed this worm knows that better then anyone else. The scariest part about all of this to me is that if one country can develop it, it will only be a matter of time before another country can develop it. Being that the U.S. is disliked by a few pretty angry countries, this is NOT GOOD NEWS for the American peoples.
Well this article was both intriguing and disturbing at the same time. It is so interesting to see how far technology has advanced and the possibilities that are now coming forth. This kind of technology is really incredible and the genius it takes to create something of this sort is remarkable. However, it is really disturbing to think that with a million dollars or so and access to the Internet viruses like the one used against Iran could become a part of any terrorist group or country’s arsenal of defense. After reading this article I was struck by the idea that it seems like we are moving into a new phases of warfare in which standing military’s become nearly obsolete. With this kind of technology does it really matter what size your military is or what kind of military equipment you have? It seems as though none of these things can or will protect or defer a country or organization from launching a cyber attack.
I have been very interesting to this article because I have never think about it. I never connected the cyber technology and terrorism together. Before, the computers are not that popular, so people will never think about cyber attacks. However, the computers and laptops are so popular now, so it makes big different then before because people will not be expect about it. I am glad government is already think about it and tries to prepare about it. For right now the technology is too important to everyone. Therefore, if terrorism really attacks by the cyber attacks. There will be a huge damage for the nation because people are not expecting about the others using cyber attacks, so the people have no defense at all. It is really scare thing to be worried about.
I’ve always considered what might happen in the event of cyber attacks. With the increasing dependence that we have on digital technology, crashing a few crucial systems can result in chaos. This idea has been referenced many times especially in different media one being Live Free or Die Hard. I’m sure there are others that utilize this as well. I wouldn’t want a cyber attack to happen, and it is very concerning. However, I just go on living life not thinking about it. There is no point in letting fear control one’s life
Scary topic to discuss indeed! One question that sparked my interest however is the backups or second line defenses that we have in place or are developing for situations such as this. No doubt counter software has already been developed, but even less talked about is the discussion of what is our back up plan if eventually one day or cyber defenses are breached.
I found this article very enlightening. I was one of those Americans who would only worry about such terrorist attacks similar to 9/11. Even when starting to read the article, I thought how much terror could one wreak by worming the countries computers? But then realizing it wasn’t on a personal level but a governmental level or in a way to effect areas such as nuclear plants, or air traffic control, I then realized how much of an effect it could cause and really how much terror it would really wreak over the country, and to know that it already exists, and just needs to be bought and referbished at a price that would mean very little in the broad perspective, it is quite a scary thing to know, and even scarier it is a bug that cannot be detected like other computer viruses. Wow. It’s a good thing to be informed about and I am at least comforted to know that if it exists people and officials are aware of it and can put in to works the best plan against it if the time came and it was needed.