Cyberterror and the World’s Most Dangerous Worm

Tales from the Encrypted

Cyberterror and the World’s Most Dangerous Worm

Illustration: Saachi Mehta/ Arré

T

he origin of life on Earth, as told by the ancient Greeks, was conceived by the brothers Prometheus and Epimetheus. While Prometheus toiled upon a piece of clay to forge the shape of man in the image of the Gods, Epimetheus created the birds and beasts of the world, and endowed them with all the gifts of the heavens – warm coats, protective shells, strength and speed, leaving man weak and unprotected by comparison. Distraught by the plight of his creations, Prometheus travelled to Mount Olympus, and stole fire from the Gods, thus granting mankind with a destructive gift to triumph over the dangerous world it inhabited, and birthed the dawn of human civilisation.

This fire would prove to be a dastardly thing.

Advertisement

In the mid-20th century, the world turned dangerous once more, at the hands of a fascist alliance of nations led by Adolf Hitler, Benito Mussolini, and Hirohito and would trigger a race for mankind’s ultimate control over fire in the form of the atomic bomb. Deep in the Jornada del Muerto desert (which ironically translates to “the dead man’s journey”), the United States’ “Manhattan Project” successfully tested the world’s first atomic detonation. Subsequent detonations in Hiroshima and Nagasaki brought a swift end to the war, and the dawn of a new world order, led by the chilling deterrent of nuclear warfare.

The uncomfortable truth about nuclear weapons is that the world would be an entirely different place, had these weapons been invented and employed by the Nazis in their genocidal eugenic quest for racial purity. The very same uncomfortable truth, however, led an alliance of intelligence agencies to build the world’s next super weapon in the early years of the 21st century: a computer worm famously referred to as “Stuxnet” in an intelligence operation codenamed “Olympic Games”.

History had returned full circle to Greece. Prometheus would be pleased.

***

As early as 2005, various reports from the US mainstream media based on leaks from anonymous officials, suggested that the American government had begun the development of Stuxnet. Stuxnet, which may sound like a poorly named brand of glue, was a computer worm tailored to disrupt specific hardware in the various devices that controlled the centrifuges in Iran’s nuclear enrichment facilities. Once the worm had successfully identified a network that was connected to these devices, it would send instructions to the centrifuges to spin rapidly out of control, while simultaneously reporting normal readings to users of the system. In the aftermath, Stuxnet had successfully destroyed 1,000 of the 5,000+ centrifuges at Iran’s uranium enrichment facilities, setting back a possible timeline for obtaining weapons-grade uranium by a significant margin, thus achieving one of its presumed objectives.

Unlike consumer devices, computers in industrial complexes that are responsible for controlling various automated processes are “air-gapped” (not connected to the internet), thus eliminating the possibility of being compromised by anyone without physical access to their computer systems. Within the complexes, however, computers form a private network to ensure seamless communication and control of various interconnected automated systems.

For Stuxnet to work, a co-conspirator on the ground with direct access to any of the facilities’ computer systems was essential to the plan’s success. Multiple reports have suggested that the US intelligence agencies worked alongside Israeli intelligence agencies to achieve access at this level through the use of double agents employed by third-party contractors and government officials, or anyone who would unwittingly plug in an infected USB drive to one of the facilities’ computer systems. These co-conspirators may have also provided critical information with regard to the specific hardware in use at the nuclear enrichment facilities, in order for specific code to be written that would sabotage them. In this regard, Stuxnet was arguably both a worm as well as a virus.

In the midst of its infiltration, however, something unexpected happened. The worm had proverbially turned. When an infected USB drive was presumably plugged into a personal computer of one of the technicians, Stuxnet “escaped” to the internet, and was loose on the World Wide Web, propagating and infecting computers by the thousands all over the world.

Once out in the wild, a significant degree of research went into deconstructing what was one of the most sophisticated pieces of malware ever created. Stuxnet exploited an unprecedented number of vulnerabilities within Microsoft Windows that were unpatched by, and in some cases, unknown to Microsoft themselves (commonly referred to as Zero-Day Exploits). Since Stuxnet was relatively benign to any systems that were not connected to the specific Siemens software and hardware components, the impact on the general population was minimal.

The inevitable descendants of Stuxnet could be responsible for the next nationwide blackout, as evidenced in Ukraine earlier this year.

Stuxnet was, however, discovered to be lurking in some unsettling places including power plants, air traffic control systems, and factories around the world, with most of its infections occurring in Iran, Indonesia, and India. While the architects of Stuxnet continue to remain silent, the release of the worm into the hands of the general public has sparked a great deal of concern with regard to the possibility of malicious software disrupting critical infrastructure such as air and ground traffic systems, manufacturing plants, power plants, and refineries.

The most disturbing aspect of Stuxnet, however, is that no scientific breakthrough was required for its inception. In their attempt to prevent Iran from obtaining the elusive highly enriched uranium essential to the creation of nuclear weapons, the architects of Stuxnet built a weapon using tools equivalent to the everyday laptop, obtainable for under ₹20,000 on Flipkart.

While the sophistication required to destroy a nuclear enrichment centrifuge is probably out of reach for most of the world, the underpaid systems analyst at a power plant in Trombay, or the stressed out technician at Delhi’s Indira Gandhi International Airport complex are a treasure trove of information and access for anyone that promises riches, or threatens extortion, with merely the means and the will to create chaos and anarchy.

The inevitable descendants of Stuxnet could be responsible for the next nationwide blackout, as evidenced in Ukraine earlier this year, or the disruption of industrial control systems across both the public and private sector resulting in infrastructure damage and possible economic fallout due to potentially millions in losses of revenue.

What’s perhaps more deadly is that in the six years that have followed the discovery of Stuxnet, the world has witnessed the rise of Bitcoin. One of the many repercussions of the Bitcoin phenomenon has been a sharp rise in its uptake among cybercriminals, who utilise it as a means to receive money through its untraceable, anonymous-by-design payment network, often as compensation and ransom for illegal activities. Companies like Microsoft, Google, and Facebook offer generous rewards to researchers who discover vulnerabilities in their systems, similar to those exploited by Stuxnet. The reward amounts, however, are sometimes pale in comparison to the value of such information on a Bitcoin-powered black market, where $100,000 is routinely up for grabs for anyone that offers a proof of concept including a pre-written code to exploit an as-yet undiscovered vulnerability in modern day operating systems.

Stuxnet represents the pinnacle of achievement thus far in cyberwarfare, and it too, was not without its faults and failures. By some accounts, it owed a lot of its success to sheer good fortune. Since the last decade, corporations and governments worldwide have begun to shift their attitudes and take steps toward comprehensive network security. As technology advances, the adage that life imitates art and science fiction invents the future, holds truer with each passing year.

I, for one, welcome our inevitable robot overlords.

This post is sponsored by Palo Alto Networks.

Comments