CBS 60 Minutes: Stuxnet worm opens new era of warfare

CBS 60 Minutes: Stuxnet worm opens new era of warfare

Summary: Stuxnet showed, for the first time, that a cyber attack could cause significant physical damage to a facility. Does this mean that future malware, modeled on Stuxnet, could target other critical infrastructure -- such as nuclear power plants or water systems?

SHARE:
TOPICS: Telcos, Security
14

The most pernicious computer virus ever known wasn't out to steal your money, identity, or passwords. So what was the intricate Stuxnet virus after? Its target appears to have been the centrifuges in a top secret Iranian nuclear facility. Stuxnet showed, for the first time, that a cyber attack could cause significant physical damage to a facility. Does this mean that future malware, modeled on Stuxnet, could target other critical infrastructure -- such as nuclear power plants or water systems? What kind of risk do we face in this country? Steve Kroft reports.

Topics: Telcos, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

14 comments
Log in or register to join the discussion
  • stuxnet virus

    The new cyber thriller - The Darwin Factor- out now as a free blog involves a Stuxnet attack as part of the storyline- you are invited to Google the title.
    dhtow01
  • Stuxnet virus

    The new cyber thriller- The Darwin Factor- out now as a free blog, incorporates several Stuxnet attacks as a critical part of the storyline- Google the title to begin
    dhtow01
  • Mark my words!

    Congress will sit on their hands until this blows up in our faces!
    JCitizen
  • 60 minutes turns into history channel!

    Is this some kind of joke?
    Are people really so ignorant about the current state of cyber warfare that this seems to be, in any way, a current topic?
    Sqrly
    • not a joke

      Yes, the majority of computer users are that ignorant. Have you ever worked on a computer for a "typical computer user". It is an experience. And most people do not understand code or drivers or how a computer works, let alone cyber warfare.
      ssassie
  • Don't blame hackers

    Stuxnet was a joint effort between Israeli and American intelligence groups. Evidence is all over the net.
    Nate_K
    • RE: Don't blame hackers

      Israel and the U.S. certainly have a motive. As to the evidence, please elaborate. And don't forget to include Duqu.

      Why not China? This would be a powerful way to send a message to the U.S. government. And by casting blame on Israel and the U.S., Iran (with its considerable petroleum reserves) moves into China's sphere of influence.
      Rabid Howler Monkey
      • don't blame hackers

        Considering the sophistication of the virus, all we can do at this point is surmise about who wrote that code. But it does seem it will change the playing field. If it was a test, it passed.
        ssassie
    • oh come on

      Just crap at this point. Can't point to anyone in particular.
      ssassie
  • "Does this mean.."

    Well, that certainly is in the category of no credit for right answers, isn't it?
    jayohem
  • What they for got!

    60 Minutes forgot to ask or even mention that most of the versions of Windows in that part of the world are illegal, non-patchable versions of Windows.
    Where in the US large business have legal and patched version of Windows and updated versions of antivirus.
    dave-richardson@...
    • What's your point?

      If you are trying to argue that fully patched Windows OS with current AV is secure I think you are mistaken. Windows source code has never been designed to be secure on its own account.

      Stuxnet used 3 zero day exploits to gain access and escalate privileges. It had nothing to do with an OS not being up to date. It even was able to successfully attack Windows 64 bit with advanced driver signing. It's way beyond just looking for a pirated version.

      This process has been part of the MS business model from the beginning. Windows has always had openings for infiltration, even with AV, zero day watchdog groups, and patching. These external measures cannot be removed, but at the same time cannot fully protect the OS.

      When using Windows, you are always in a state of flux, like riding on a sine wave of protection. If you look at what Microsoft does call security (mostly identified with 3 letter acronyms over the years), it's always an external device - never intrinsic to the source code itself.

      The most important thing for Microsoft and ZDNet to try and diminish here is the understanding of open source code like that used in various Linux distros. If Linux can be made so secure without ANY AV (like my family using it for 10+ years without AV and without infection) while the source code for the kernel and OS has been openly published since 1991, it has to be intrinsically secure and able to stand on it's own without protection.

      Seriously, you don't need AV with Linux and nothing happens year after year.

      My Acer One netbook was set up for dual boot with Mint when I first purchased it about a year ago.The Windows 7 home premium was used for installing the AV and Updates. When I recently started Windows I was greeted with pop ups from the AV informing me Windows was infected. It turned out to be 5 infections including Alureon.DX rootkit. When I removed the infections, the browsers would not work because they couldn't find the "proxy" server. The Alureon configured Firefox and IE to use a proxy server in Russia. This is for a new Acer One with Windows Home Premium 64 bit that was used to install Avira AV and do critical updates. It's not the hardware, it's the design of Windows which uses totally insecure source code.

      Look at the current problem with XBox 360 and "Swatting". Everyone who uses it is vulnerable to hacking from another individual they are playing with. How can this be possible? SS numbers, credit cards, addresses, are stolen while the victim is playing someone online.
      Joe.Smetona
  • WHY did 60 Minutes not use the words SMART GRID or SMART METER?

    An issue mentioned in the segment was the potential problems to the utility grid - but it omitted the smart meter and smart grid words. Call a spade a spade!!

    If anything can be hacked... IT WILL be hacked - new mantra of the digital age.

    It is foolhardy for the federal government (and those in other nations) and utilities to continue to implement the digital smart grid when they are being warned by I.T. professionals and cyber security experts with Ph.Ds that this grid would have increased vulnerability to cyber hacking.

    Ever heard of hubris? Look it up under Greek Tragedy. The tragedy of the utility commons is that the left hand does not know what the right hand is doing - not
    extraordinary for the bipolar syndrome of zombie bureaucrats and citizens in to which we have degenerated. Needed: a new Age of Enlightenment - and the new knowledge that it is no longer cool to be kewl.

    P.S. Palo Alto, the _seat of techies_ recently voted to put a MORATORIUM on SMART METERS until 2015 partly due to health complaints and higher electric bills.
    PerningOne
    • Stuxnet report from Symantec.

      The Stuxnet .pdf (about 70 pages) makes it clear that Stuxnet only attacks Windows and if it does not find Windows, it will exit. It uses 3 zero-day (Windows) vulnerabilities to attack and escalate into the Windows core of operation.

      It's been obvious to me for decades that the Microsoft business model never included writing intrinsically secure OS source code. This is evidenced by its need for external AV and external patches from Microsoft in the form of critical updates. Microsoft is secure as long as the perpetrator has not discovered the next open hole for entry or exploitation. Using Microsoft products has always been a security compromise. The hundreds of thousands of items AV scans for always have their root in a defect with Windows that allows infiltration.

      If you believe ZDNet is a Microsoft publication like I do, you can see that when a new article is released about Windows, security talk is avoided at all cost and the topics center around some new gadgetry or features. In effect, you could see two or three hundred posts in a row about Windows 8 with no mention of security. This is intentional and designed into the blog.

      It's ZDnets' job and the goal of the posting agents to keep the focus away from Microsoft's dismal security, even with new and un-released OS's. Articles about major break-ins to Linux systems continually fail to provide the dirty little secret that the administrator(s) were keeping their system login and password information on their Windows notebook or desktop that was easily compromised to yield the critical information for the major break-in. Keeping separate records of hundreds or thousands of passwords is understandable, but using Windows just provides the weak link for total control of an otherwise totally secure system.

      I don't believe Windows should ever be used for infrastructure or electrical grid control. Period. Use an OS originally designed for network security like Linux or BSD. My family has been using Linux for 10 + years without any AV at all and we have never had any malware issues.

      See my post above about my experience with the Alureon.DX rootkit on a new Acer 64-bit, Win7 netbook. If you need security, Windows is not an option.

      [i] "In November 2010, the press reported that the rootkit has evolved to the point that it is able to bypass the mandatory kernel-mode driver signing requirement of 64-bit editions of Windows 7 by subverting the master boot record,[9] something that also makes it particularly resistant on all systems to detection and removal by anti-virus software." [/i]
      http://en.wikipedia.org/wiki/Alureon

      http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_stuxnet_dossier.pdf
      Joe.Smetona