pseagrenat June 07,2015 Brilliant. Stuxnet has always interested me because the creator used a large amount of time, energy and skills in order to achieve the many breakthroughs required to specifically target specific machines. I believe the three largest factors of success was stealing the encryption keys, programming the worm to analyze and verify the specifications of the equipment and boards before proceeding to the next phase, and knowingly safeguarding a day zero exploit. The same basic principles used with Stuxnet can (and will) be used again. Imagine if the boards on roller coasters were compromised and set to full speed at all major theme parks in the U.S.; or if all programmable ovens were set to turn on high heat in the middle of the day while everyone is at work.
tlawlessat June 07,2015 I have to imagine that this was not the work of just a single individual (and likely not of just one team of individuals). Just based on the amount of prior intelligence that was necessary to develop the specifications for the creation of Stuxnet this was clearly a significant investment by the creators (and required some special access). Not only did the coding of this worm require VERY specific details about the infrastructure that Iran had in place at their secure facility but it required details for multiple networks of completely different architectures (possibly even at the processor level). So aside from the vast amount of technical hurdles that are presented as part of this video there had to have been multiple methods of surveying the networks beforehand to ensure that when deployed, Stuxnet only infected systems it was designed to infect.
I think the concepts that Stuxnet used to execute on its mission are fairly basic (in principle). It was the combination and application of them in ways that haven't been brought into the public domain yet that makes this very interesting. It indeed sheds some light onto the (in)secure future of the famed "Internet of Things" and the world of connected devices. I'm kind of excited to see when someone hacks into my web-connected egg tray!
logybombat June 11,2015 It is obvious, I would say, that this was a very well funded and targeted attack. I think the real question is if this was an attack by a government or collection of governments, or rather by a hacker collective. I think given the political ramifications of the attack, the former is more likely.
As we as a society become more integrated with "smart" technology, these attacks become all the more important to understand and be able to defend against. For instance, a lot of newer cars operate with computer chips connected to remote servers and offer several features in automated driving assistance. If a virus could propagate to all vehicles of a certain type and invoke commands which could say disable braking, or lock the steering wheel from turning, or control acceleration it could potentially be a catastrophic terrorist attack.
I think its important not to be naive in regards to technology and the capability of nefarious organizations. Just because governments whom are friendly to ours are using this stuxnet virus one day doesn't mean that an organization, like ISIS, can't observe this attack and reproduce it to throw a similar if not worst virus back at us.
mrgodfrey3at July 15,2015 Amazing. Too bad it was discovered. Imagine if outside experts didn't take the time to reverse engineer the virus and the Iranians never found out - I bet their nuclear program would have never materialized as they intended.
arautat July 20,2015 Very simple , low -tech explanation of Stuxnet. Stuxnet was one of the most sophisticated worm , that public probably knows about. Bringing together experts in different fields of computer science and engineering, time and money must have been huge.