Wednesday, February 2, 2011

Some Lessons to be Learned from Stuxnet

STUXNET creators not so ELITE?

Everyone knows what Stuxnet is and if you don’t you probably missed the most discussed and much praised worm of the past few years.

The worm targeting Siemens systems, controlling critical power infrastructures, has been subject of deep analysis by researchers to uncover who’s behind it and who the final target was. Both of the above questions had readily found an answer: at least according to the authoritative Times, It’s been a joint effort between US and Israel governments, to destroy alleged Iranian projects to build a nuclear arsenal.

Although the goal has not been reached, Iranian path to having nuclear bombs has been set back by 2 years, as President Obama, although skirting the Stuxnet issue, stated in an interview regarding Iran. The much hyped Stuxnet, dubbed as the most sophisticated worm ever, has also been subject of analysis of Tom Parker. Tom is a security researcher who has presented his own analysis and view of the Stuxnet case at BlackHat DC.

For the first time, someone states that Stuxnet worm is not so elite as everybody thought in the beginning and probably media played an important role in the matter. Still according to Parker, too many mistakes (have been) made and too many logic flaws made things go wrong. Parker seconded the hypothesis according to which code was produced by two separate groups: one building the core of it and another, much less experienced, providing the exploits and the command and control code.

Another security expert, Nate Lawson, considers Stuxnet code nothing more elite than any other malware around, not even implementing advanced obfuscation techniques such as anti-debugging routines.

Some more interesting links to learn more details and lesson learnt analysis:
Strategic Lessons of Stuxnet
ICS-CERT Stuxnet Lessons Learnt
Stuxnet Lesson Learned: The Twain Always Meet

No comments: