Cyber Security Speaker Series Kickoff — Carey Nachenberg (4/28/2015)
Stuxnet has signaled a fundamental shift in the malware space.
Stuxnet proves cyber-warfare against physical infrastructure is feasible.
Stuxnet was first discovered in June 2010. First some definitions.
Computer worm -> spreads from computer to computer
Trojan horse -> secretly infiltrates a system intending to cause damage
Virus -> attaches and embeds to data files and software to cause it to spread
Stuxnet was a very sophisticated and complex attack as it had the attributes of all three.
Another interesting fact. Most computer virus are about 10kb. Stuxnet was 500kb, which is a 50x magnitude increase. This increase in size was due to logic alone rather than images or graphics. This paints a picture of how well planned, meticulous, and complex Stuxnet was.
How Does Stuxnet Work?
Four main technqiues
- Discover proper computers
- Disrupt centrifuges
- Evade detection
Stuxnet uses seven distinct mechanisms to spread to new computers. Six of these attacks targeted flaws (back doors) that were unknown to the security industry and software vendors! It’s important to note that typical cybersecurity attacks only use one attack vector.
A natural question is how did Stuxnet spread since the centrifuges are air gapped from the network. The answer turns to be both quite simple yet sophisticated. Stuxnet replicated itself by infecting USB flash drives. Whenever an infect USB flash drive was plugged in, Stuxnet immediately replicated itself yet at the same time hid itself to evade detection.
The attackers infected five industrial companies with potential subcontracting relationships with the plant. These companies (likely) then unknowingly ferried the infection into Natanz’s research and enrichment networks.
“It is increasingly accepted that, in late 2009 or early 2010, Stuxnet destroyed about 1,000 IR-1 centrifuges out of about 9,000 deployed at the site.”
Impact and Cybersecurity Future
Unfortunately, the same techniques can be used to attack other physical and virtual systems.
No technology utilized in Stuxnet is fundamentally new. All the utilized attacks that must work just right is unprecedented.
The biggest fear would be a payload this mass disseminated to millions of computers in a very short period of time that could potentially damage the hardware rather than the software. This would cause a wide-spread infrastructure outage that would take months to repair as hardware techniciations would need to go from computer to computer.
Video lecture here
Notes by Joshua Joy, email@example.com
UCLA Computer Science Professor Carey Nachenberg has just released his debut novel, entitled The Florentine Deception. The techno-thriller, which takes place in part on the UCLA campus, follows Alex Fife as he searches for a mysterious object known as The Florentine. But what starts out as an innocuous pursuit quickly devolves into a nightmare, as Alex discovers the true technological nature of the Florentine, and of the adversaries who will do anything to control it. Carey will be donating all proceeds to charity, including to UCLA’s UniCamp program. Find out more at: http://florentinedeception.com