Is Stuxnet the new weapon for cyber insurgents?
Al Qaeda scares airlines with parcel bombs worth $4,000. War with the
Taliban costs the West billions of dollars a week. North Korea shells
disputed land, winning instant fresh attention in a standoff with major
powers.
Weaker combatants have always used unconventional or inexpensive
means to defy stronger foes, including guerrilla warfare and suicide
attacks that depend on a greater willingness to sacrifice life.
This approach can be decisive. Of all ‘asymmetric’ wars since 1800 in
which one side had far more armed power than the other, the weaker side
won in 28 percent of cases, according to a 2001 study by US political
scientist Ivan Arreguin-Toft.
Dh-104: The Bushrer nuclear plant in Iran. Stuxnet is a powerful
example of the fastest-growing sort of computer bug – customised
malware written specifically to attack a precise target. What is
new is its power, and the publicity it has attracted through a
presumed link to Iran. AP Photo |
The ratio may now be set to shift further in favour of the underdog.
The revelation this year of a novel way to use computers to sabotage
an enemy’s lifeline infrastructure suggests a powerful new kind of
weapon is moving within reach of weak states, militant groups and
criminals, some analysts say.
That weapon is likely to be a variant of Stuxnet, a highly
destructive Internet worm discovered by a Belarus company in June and
described by European security company Kaspersky Labs as ‘a fearsome
prototype of a cyber-weapon,’ analysts say.
A great danger
“Stuxnet is like the arrival of an F-35 fighter jet on a World War I
battlefield,” blogged German industrial control systems expert Ralph
Langner.
Whoever created the bug, believed by many to have targeted an Iranian
uranium enrichment facility, the job likely required many man-hours of
work and millions of dollars in investment.
But now that its code has been publicly analyzed, hackers will need
only a few months to develop a version of the customized malware for
black market sale, some experts say.
Ali Jahangiri, an information security expert who tracks Trojan
codes, harmful pieces of software that look legitimate, describes that
prospect as ‘a great danger.’
“The professional Trojan code makers have got the idea from Stuxnet
that they could make something similar which can be used by governments,
criminals or terrorists,” he told Reuters.
Stuxnet’s menace is that it reprograms a control system used in many
industrial facilities to inflict physical damage.
At risk is automation equipment common to the networks on which
modern societies depend – power plants, refineries, chemical plants,
pipelines and transport control systems.
Analysts say they suspect hackers are rushing to build a version of
the worm and sell it to the highest bidder before experts can install
counter-measures plants across the globe.
“My greatest fear is that we are running out of time to learn our
lessons,” US information security expert Michael Assante told a
Congressional hearing on Stuxnet this month.
“Stuxnet …may very well serve as a blueprint for similar but new
attacks on control system technology,” President of the US National
Board of Information Security Examiners Assante said which sets
standards for security professionals.
Langner says multinational efforts against malware inspired by
Stuxnet won’t work since “treaties won’t be countersigned by rogue
nation states, terrorists, organized crime, and hackers.”
“All of these will be able to possess and use such weapons soon,” he
said. If the next Stuxnet cost less than $1 million on the black market,
then “some not-so-well equipped nation states and well-funded terrorists
will grab their checkbooks.”
As well as favouring small states, cyber appears to be a tool of
special value for Russia and China, since it allows them to become
equals to the United States in a sphere where US conventional military
dominance counts for nothing.
Stuxnet is a powerful example of the fastest-growing sort of computer
bug – customised malware written specifically to attack a precise
target. What is new is its power, and the publicity it has attracted
through a presumed link to Iran.
That publicity will have drawn attention in small nations such as
North Korea, which can be expected to take an interest in acquiring a
Stuxnet-like capability to balance an inferiority in conventional arms
with its US-backed southern foe.
Like some impoverished countries in Africa, North Korea has a cyber
advantage – it has so few systems dependent on digital networks that a
big cyber attack on it would cause almost no damage, writes former US
National Security Coordinator Richard Clarke in his book Cyber War.
Matter of time
A state contemplating use of such a devastating weapon in a
speculative attack could not guarantee it would not be found out, and
might prudently restrict its use for all-out conflict.
However many terrorist groups, particularly those with a tradition of
glorifying martyrdom, would have no concerns about launching cyber
attacks.
“It can only be a matter of time before terrorists begin to use cyber
space more systematically, not just as a tool for their own
organization, but as a method of attack,” British Armed Forces Minister
Nick Harvey said in a speech this month.
A report on cyber warfare by Britain’s Chatham House think tank said
there was no evidence to show terrorist groups had a cyber warfare
capability but they were increasingly web-literate, using chat rooms to
propagate their message and everyday items such as smart phones, online
mapping and internet infrastructure as operational supports in attacks.
What is not in doubt is al Qaeda’s willingness to use such a weapon
to inflict economic damage on the West if it ever had the opportunity,
experts say. Few doubt it would be able to get funds from rich donors to
buy the malware on the black market.
Al Qaeda’s Yemen wing said it cost just $4,200 to mail two parcel
bombs from Yemen to America last month. Intercepted in Britain and
Dubai, the bombs sparked a global security alert.
“This strategy of attacking the enemy with smaller but more frequent
operations is what some may refer to as the strategy of a thousand
cuts,” it said. “The aim is to bleed the enemy to death.”
Reuters |