US a target for cyber attacks in Stuxnet fallout

Powered by SC Magazine
 

Anti-virus industry 'spectacularly failed'.

Political analysts have forecast potential consequences for the United States after it was confirmed to have been involved in the creation of the Stuxnet malware that attacked Iranian uranium enrichment facilities.

The New York Times piece released last week revealed direct involvement by US President Barack Obama in ordering the creation and spread of the malware to the Iranian facilities, which largely succeeded before the virus was discovered outside of the country.

But the United States, seen as one of the most vulnerable countries to “cyber-attacks” due to its heavy reliance on computers, could become highly prone to similar attacks in future as retaliation to its actions.

SANS Institute director of research Alan Paller said news of the US' involvement meant businesses and infrastructure operators would be required to bolster their own defences against such attacks.

"We are now going to be the target of massive attacks," Paller told Computerworld US.

"For a long time everything has been under the radar ... the US has acted like it was an innocent victim. But behaviour will change when there's no longer an argument."

Ohers called it the "end of plausible deniability" for the US regarding its involvement in the attacks.

Though first created during the Bush administration under the code name 'Olympic Games', the Obama government continued using new variants of Stuxnet to sabotage the Iranian uranium refinement site, Natanz. Using a worm to sabotage Iran’s nuclear weapons programme was deemed preferable to Israeli air strikes on the facility.

Stuxnet’s existence became known in June 2010 after a programming error made the worm spread to an engineer’s computer that was connected to a centrifuge, and from there, around the world.

The Stuxnet worm and recently discovered Flame malware represent “a spectacular failure for our company and the antivirus industry in general” according to Mikko Hyppönen, the chief research office of Finnish security firm F-Secure in an article written for Wired.com’s Threat Level blog.

According to Hyppönen, Stuxnet wasn’t detected until well over a year after it was unleashed. F-Secure had samples of Flame dating back to 2010 and 2011 that were collected through its automated reporting systems, but Hyppönen said his company was unaware their existence.

Flame, Stuxnet and Duqu were most likely written by a Western intelligence agency and hidden in plain sight, according to Hyppönen, using standard code libraries that made them look more like a business database system than pieces of malware.

Hyppönen said there were likely to be more variants of politically motivated malware not yet detected.

Copyright © iTnews.com.au . All rights reserved.


US a target for cyber attacks in Stuxnet fallout
 
 
 
Top Stories
The iTnews Benchmark Awards
Meet the best of the best.
 
Telstra hands over copper, HFC in new $11bn NBN deal
Value of 2011 deal remains intact.
 
Photos: iTnews Benchmark 2015 finalists revealed
Awards alumni gather to celebrate.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  39%
 
Your insurance company
  4%
 
A technology company (Google, Facebook et al)
  8%
 
Your telco, ISP or utility
  7%
 
A retailer (Coles, Woolworths et al)
  2%
 
A Federal Government agency (ATO, Centrelink etc)
  20%
 
An Australian law enforcement agency (AFP, ASIO et al)
  14%
 
A State Government agency (Health dept, etc)
  6%
TOTAL VOTES: 1745

Vote
Do you support the abolition of the Office of the Information Commissioner?