Living in Jack Bauer’s World

Fight disinformation. Get a daily recap of the facts that matter. Sign up for the free Mother Jones newsletter.

A couple of months ago I linked to a Stewart Baker post about a new computer virus. This wasn’t your ordinary Windows trojan or worm, it was an extremely sophisticated piece of malware targeted specifically at SCADA systems — industrial control systems made by Siemens that are used in chemical plants and electric power plants and transmission systems worldwide.

Well, it now has a name — Stuxnet — and analysts know a lot more about it. As the Christian Science Monitor reports, a German cyber-security researcher named Ralph Langner has discovered that it’s not aimed at SCADA systems in general. Rather, it has a built in “fingerprinting” capability and is aimed at one specific SCADA system:

Since reverse engineering chunks of Stuxnet’s massive code, senior US cyber security experts confirm what Mr. Langner, the German researcher, told the Monitor: Stuxnet is essentially a precision, military-grade cyber missile deployed early last year to seek out and destroy one real-world target of high importance — a target still unknown.

“Stuxnet is a 100-percent-directed cyber attack aimed at destroying an industrial process in the physical world,” says Langner, who last week became the first to publicly detail Stuxnet’s destructive purpose and its authors’ malicious intent. “This is not about espionage, as some have said. This is a 100 percent sabotage attack.”

….Once Stuxnet identifies the critical function running on a programmable logic controller, or PLC, made by Siemens, the giant industrial controls company, the malware takes control. One of the last codes Stuxnet sends is an enigmatic “DEADF007.” Then the fireworks begin, although the precise function being overridden is not known, Langner says. It may be that the maximum safety setting for RPMs on a turbine is overridden, or that lubrication is shut off, or some other vital function shut down. Whatever it is, Stuxnet overrides it, Langner’s analysis shows.

“After the original code [on the PLC] is no longer executed, we can expect that something will blow up soon,” Langner writes in his analysis. “Something big.”

….A geographical distribution of computers hit by Stuxnet, which Microsoft produced in July, found Iran to be the apparent epicenter of the Stuxnet infections. That suggests that any enemy of Iran with advanced cyber war capability might be involved, Langner says. The US is acknowledged to have that ability, and Israel is also reported to have a formidable offensive cyber-war-fighting capability.

Could Stuxnet’s target be Iran’s Bushehr nuclear power plant, a facility much of the world condemns as a nuclear weapons threat? Langner is quick to note that his views on Stuxnet’s target is speculation based on suggestive threads he has seen in the media. Still, he suspects that the Bushehr plant may already have been wrecked by Stuxnet. Bushehr’s expected startup in late August has been delayed, he notes, for unknown reasons.

On the bright side, this strikes me as the kind of attack that can only work once. And if once it is, Bushehr seems like a worthy target. On the downside, however, this category of attack seems like it could have almost infinite possibilities. It suddenly makes all those implausible plot lines on 24 seems terrifyingly plausible after all.

(Via Stewart Baker, of course.)

ONE MORE QUICK THING:

Or at least we hope. It’s fall fundraising time, and we’re trying to raise $250,000 to help fund Mother Jones’ journalism during a shorter than normal three-week push.

If you’re reading this, a fundraising pitch at the bottom of an article, you must find our team’s reporting valuable and we hope you’ll consider supporting it with a donation of any amount right now if you can.

It’s really that simple. But if you’d like to read a bit more, our membership lead, Brian Hiatt, has a post for you highlighting some of our newsroom's impressive, impactful work of late—including two big investigations in just one day and covering voting rights the way it needs to be done—that we hope you'll agree is worth supporting.

payment methods

ONE MORE QUICK THING:

Or at least we hope. It’s fall fundraising time, and we’re trying to raise $250,000 to help fund Mother Jones’ journalism during a shorter than normal three-week push.

If you’re reading this, a fundraising pitch at the bottom of an article, you must find our team’s reporting valuable and we hope you’ll consider supporting it with a donation of any amount right now if you can.

It’s really that simple. But if you’d like to read a bit more, our membership lead, Brian Hiatt, has a post for you highlighting some of our newsroom's impressive, impactful work of late—including two big investigations in just one day and covering voting rights the way it needs to be done—that we hope you’ll agree is worth supporting.

payment methods

We Recommend

Latest

Sign up for our free newsletter

Subscribe to the Mother Jones Daily to have our top stories delivered directly to your inbox.

Get our award-winning magazine

Save big on a full year of investigations, ideas, and insights.

Subscribe

Support our journalism

Help Mother Jones' reporters dig deep with a tax-deductible donation.

Donate