US a target for cyber attacks in Stuxnet fallout

Powered by SC Magazine
 

Anti-virus industry 'spectacularly failed'.

Political analysts have forecast potential consequences for the United States after it was confirmed to have been involved in the creation of the Stuxnet malware that attacked Iranian uranium enrichment facilities.

The New York Times piece released last week revealed direct involvement by US President Barack Obama in ordering the creation and spread of the malware to the Iranian facilities, which largely succeeded before the virus was discovered outside of the country.

But the United States, seen as one of the most vulnerable countries to “cyber-attacks” due to its heavy reliance on computers, could become highly prone to similar attacks in future as retaliation to its actions.

SANS Institute director of research Alan Paller said news of the US' involvement meant businesses and infrastructure operators would be required to bolster their own defences against such attacks.

"We are now going to be the target of massive attacks," Paller told Computerworld US.

"For a long time everything has been under the radar ... the US has acted like it was an innocent victim. But behaviour will change when there's no longer an argument."

Ohers called it the "end of plausible deniability" for the US regarding its involvement in the attacks.

Though first created during the Bush administration under the code name 'Olympic Games', the Obama government continued using new variants of Stuxnet to sabotage the Iranian uranium refinement site, Natanz. Using a worm to sabotage Iran’s nuclear weapons programme was deemed preferable to Israeli air strikes on the facility.

Stuxnet’s existence became known in June 2010 after a programming error made the worm spread to an engineer’s computer that was connected to a centrifuge, and from there, around the world.

The Stuxnet worm and recently discovered Flame malware represent “a spectacular failure for our company and the antivirus industry in general” according to Mikko Hyppönen, the chief research office of Finnish security firm F-Secure in an article written for Wired.com’s Threat Level blog.

According to Hyppönen, Stuxnet wasn’t detected until well over a year after it was unleashed. F-Secure had samples of Flame dating back to 2010 and 2011 that were collected through its automated reporting systems, but Hyppönen said his company was unaware their existence.

Flame, Stuxnet and Duqu were most likely written by a Western intelligence agency and hidden in plain sight, according to Hyppönen, using standard code libraries that made them look more like a business database system than pieces of malware.

Hyppönen said there were likely to be more variants of politically motivated malware not yet detected.

Copyright © iTnews.com.au . All rights reserved.


US a target for cyber attacks in Stuxnet fallout
 
 
 
Top Stories
The True Cost of BYOD - 2014 survey
Twelve months on from our first study, is BYOD a better proposition?
 
Photos: Unboxing the Magnus supercomputer
Pawsey's biggest beast slots into place.
 
ANZ looks to life beyond the transaction
If digital disruptors think an online payments startup could rock the big four, they’ve missed the point of why people use banks, says Patrick Maes.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
What is delaying adoption of public cloud in your organisation?







   |   View results
Lock-in concerns
  29%
 
Application integration concerns
  3%
 
Security and compliance concerns
  28%
 
Unreliable network infrastructure
  9%
 
Data sovereignty concerns
  21%
 
Lack of stakeholder support
  3%
 
Protecting on-premise IT jobs
  4%
 
Difficulty transitioning CapEx budget into OpEx
  3%
TOTAL VOTES: 1068

Vote