Nationwide holiday ups China's risk to Stuxnet

Week-long national holiday may see many more industrial facilities in China infected by the malware, and security experts warn of dire consequences akin to "terrorism attacks".
Written by Tyler Thia, Contributor on

Computer hackers have warned that the week-long National Day holiday in China that began Friday could leave the country vulnerable to further attacks from Stuxnet, according to a report by news agency AFP.

The cyberworm, which may have been designed to attack Iran's nuclear facilities, has already hit millions of computers around the country, most of them industrial facilities.

"With the entire nation going on holiday from Friday, cybersecurity staff at large state-owned enterprises would be minimal," said China's biggest hacker group Chinese Honker Union. "So if they [cybercriminals] are up to something, they may very likely do it now."

In another report published by The H Security, it quoted Chinese media reports as saying that millions of PCs and close to 1,000 industrial facilities in the country have already been infected by Stuxnet.

However, an analyst at China Information Technology Security Evaluation Centre said no major damage had been observed.

The South China Morning Post reported that the Chinese government "plans to carry out a nationwide assessment of plants using Siemens software and examine whether contracts should continue to be awarded to Siemens in future."

The Stuxnet cyberworm is believed to target control systems made by the German industrial giant, which are used to manage water supplies, oil rigs and power plants. Security experts worry that such an attack may lead to malfunction of these critical systems, causing widespread fear and disaster.

An earlier report by ZDNet Asia explained that the Stuxnet malware exploits a vulnerability in the way Microsoft's Windows Shell handles shortcut files and, if tapped, could allow the attacker to gain complete control of a system.

The virus was initially written to steal data from critical infrastructure companies by specifically targeting Scada (supervisory control and data acquisition) systems running Siemens' WinCC software.

Malware akin to terrorism
Security experts whom ZDNet Asia spoke to believe that as the Stuxnet malware is rather "new", the computer world is still struggling to learn more about the worm and are not yet equipped to pre-empt such an attack.

In an interview with ZDNet Asia, Kaspersky Lab CEO Eugene Kaspersky explained that industrial machineries are not designed to be "secure" as they are not made to understand access and users operating them.

"These systems are designed to work in 'secure' environments, which are traditionally protected by humans and other capabilities, and this creates a loophole which cybercriminals are now taking advantage of," he added.

Kaspersky mentioned that the design of Stuxnet is highly sophisticated and capable of remaining undetected by any antivirus software. "Even with the source code of the malware, you can't redesign it as it has been cryptographically signed with stolen signatures."

He stressed that governments were informed about the severity of Stuxnet's capabilities for years. However, due to the lack of information and resources, many have not taken serious action to protect critical infrastructure until now.

Kaspersky said: "Stuxnet has been around for a while, but it remained undetected till July, as victim countries do not have sophisticated IT personnel good enough to uncover the malware."

In the worst-case scenario, Stuxnet can be used to carry out cyber warfare, warned James Lyne, chief technologist at the CTO office of Sophos.

"Imagine the 'bad guys' taking out global Internet power, utilities and water… the level of destruction and ease of execution [are] terrifying," stressed Lyne. "As we build more critical infrastructure such as smart grid projects and our lives become more dependant on networks, those kinds of attacks indicate serious terrorism."

Cybercrime strategist at McAfee, Pamela Warren, said that while much remains to be seen and learned about the malware, what end users can do is to ensure that their computers' virus signatures are updated and that peripherals such as USB devices are "clean", as often the infected users are unintended recipients of malware.

Editorial standards