Posted on 09/24/2010 6:35:14 AM PDT by SmartInsight
A piece of highly sophisticated malicious software that has infected an unknown number of power plants, pipelines and factories over the past year is the first program designed to cause serious damage in the physical world, security experts are warning.
The Stuxnet computer worm spreads through previously unknown holes in Microsoft’s Windows operating system and then looks for a type of software made by Siemens and used to control industrial components, including valves and brakes.
“It is not speculation that this is the first directed cyber weaponâ€, or one aimed at a specific real-world process, said Joe Weiss, a US expert who has testified to Congress on technological security threats to the electric grid and other physical operations. “The only speculation is what it is being used against, and by whom.â€
They suggest that it is most likely associated with a national government and that terrorism, ideological motivation or even extortion cannot be ruled out.
(Excerpt) Read more at ft.com ...
Late last fall, Detective Chris Hsiung of the Mountain View, Calif., police department began investigating a suspicious pattern of surveillance against Silicon Valley computers. From the Middle East and South Asia, unknown browsers were exploring the digital systems used to manage Bay Area utilities and government offices. Hsiung, a specialist in high-technology crime, alerted the FBI's San Francisco computer intrusion squad.
Working with experts at the Lawrence Livermore National Laboratory, the FBI traced trails of a broader reconnaissance. A forensic summary of the investigation, prepared in the Defense Department, said the bureau found "multiple casings of sites" nationwide. Routed through telecommunications switches in Saudi Arabia, Indonesia and Pakistan, the visitors studied emergency telephone systems, electrical generation and transmission, water storage and distribution, nuclear power plants and gas facilities.
Some of the probes suggested planning for a conventional attack, U.S. officials said. But others homed in on a class of digital devices that allow remote control of services such as fire dispatch and of equipment such as pipelines. More information about those devices -- and how to program them -- turned up on al Qaeda computers seized this year, according to law enforcement and national security officials.
I used to work with Joe Weiss at EPRI. Good to see my old colleague getting some press.
We don’t need a EMP or solar event to reduce us to the middle ages.
I have been arguing for years that the Windows monopoly is a monoculture. It will suffer the same fate as the Dutch tulip market crash, the Irish potato(e) famine, the boll weevil infestation and other monocultures over history.
If 95% of our computers are controlled by one family of operating systems, some day there will be a worldwide infection that has the potential to wipe them out.
The only answer is Diversity. I know this is a bad word with so-called Conservatives, but heterogeneity in computers is a necessary thing in a modern, wired, connected world economy.
Think about it: if all your connected computers run Windows, there is a 100% chance that a Windows infection on one of them will spread to another.
But say you have four Operating Systems in your institution; 1/4 Windows, 1/4Mac, 1/4 Linux, 1/4 some other obscure OS. If one system gets infected, the chances of the next is 1/4. The chances of ALL your systems getting the infection is (1/4)**N where N is the number of systems in your entire institution.
But as with all visionary concepts, this will be ignored until the disaster strikes. Then everyone will ask: “Why didn’t we take precautions?”
I hear ya. I'm switchin' back to Windows 3.1.
Worse, Microsoft believes that obscurity is security.
Look at that article again:
The Stuxnet computer worm spreads through previously unknown holes in Microsoft's Windows operating system
Somehow this reminds me of the 0bama administration, everything happens "unexpectedly"...
It’s happening.
bump for after work
I was just reading about something similar:
The Farewell Dossier (How the CIA blew up the Trans-Siberian pipeline with pirated software)
http://www.freerepublic.com/focus/f-news/2594959/posts
This is the danger when you hire the lowest cost person in a third world country to program your systems. I am beginning to believe that these unknown exploits in Microsoft code are deliberately put there.
Do you think it's related to this? The whole company? Kind of scary - always feel that Walmart will get 'the trucks through' - metaphorically speaking ( Hurricane Katrina and all )...
Are you saying we put out the worm?
It's our strength.
Somehow this reminds me of the 0bama administration, everything happens "unexpectedly"...
And...it's full of previously unknown holes!
For your most obscure 4th OS,you might try Amiga OS !
I actually ran into a large industrial router not too long ago running on OS/2! The manufacturer wanted some ungodly amount for a Windows version of their operating software, so we had to deal with it as is.
I'm right down the street!
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.