Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

Nuclear warheads could be next Stuxnet target: Check Point

Code in Stuxnet worm can be modified with right skills, says security expert

Due to the complexity and sophistication of the code contained within the Stuxnet worm, the possibility of it being used to take control of a nuclear warhead is high, according to a security expert.

At Check Point’s Sydney conference this week, Check Point Israel security evangelist, Tomer Teller, said he analysed the code of the Stuxnet worm, which was used to take control of a nuclear facility in Iran in June, 2009.

“This is a huge file, it’s 1 megabyte [MB] of code and I respect the skill required to engineer that code as it is very complex,” he said.

Teller confirmed the code in Stuxnet could be modified to launch new SCADA attacks. “Nuclear warheads are controlled by computers so if someone managed to slip a worm inside a facility that will reach the warhead component, they could launch it and than aim it back at the country’s facility,” he said.

“Stuxnet is the first cyber weapon that could cause major disruption."

While Teller is uncertain which country was behind the Iranian nuclear facility attack, he said a USB stick was the most likely method used to carry the worm inside the facility.

However, Teller also mentioned a rogue employee may have helped compromise the facility's internal security defences first to help the rapid spread of Stuxnet.

He explained that in order to insert certificates embedded with Stuxnet into a Windows 64-bit system, it had to be trusted by Microsoft.

“In order to get something trusted by Microsoft, you need to get those exploits signed,” Teller said.

“What we think happened is that an insider broke into JMicron, a chip manufacturing company based in Taiwan, as there is a computer at that office which is dedicated to signing these Microsoft drivers.”

According to Teller, Stuxnet is a blueprint for future SCADA attacks, and he is aware that people have downloaded and modified the worm.

"Stuxnet may have been deployed already but we don't know about it because some companies won't disclose breaches," he said.

Got a security tip-off? Contact Hamish Barwick at hamish_barwick at idg.com.au

Follow Hamish Barwick on Twitter: @HamishBarwick

Follow Computerworld Australia on Twitter: @ComputerworldAU

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

References show all

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: check point, Check Point Israel, nuclear warheads, security, Stuxnet, Stuxnet worm, Tomer Teller
Latest Blog Posts
Whitepapers
  • Case Study: Svenska Kraftnät safeguards web and ensures communication security with Clearswift
    Energy producers from surrounding countries load power onto the Swedish National Grid’s network, with energy suppliers then paying the Swedish National Grid to load onto their grids for them to sell-on to customers. Using Clearswift’s Email Appliance, and MIMEsweeper for SMTP means that the organisation has safe and resilient email helping them to meet their goal of providing a safe, robust, cost-effective and environmentally sound energy transmission system.
    Learn more »
  • Top Reasons to Implement an SOA Governance Strategy: A List for IT Executives
    Service-oriented architecture (SOA) has moved beyond hype to widespread acceptance as an IT strategy for delivering business value. SOA promotes the notion of modularity, providing overwhelming flexibility and superior economics for addressing business demands. However, undertaking the transformation to SOA is not without its challenges. If left unchecked, your inventory of SOA assets will become unmanageable; the reuse of services will diminish in favor of custom development; or even worse, modifications will be made to your existing services that break other business processes. The purpose of SOA governance is to help you ensure that this does not happen. This paper outlines the most compelling reasons for you to establish SOA governance within your organization.
    Learn more »
  • Business Intelligence Best Practices for Dashboard Design
    Even if a dashboard’s appearance looks professional and is aesthetically pleasing, appearances can be deceiving. Although visual design is important, it is also important to ask yourself: Is the data reliable? Is it timely? Is any data missing? Is it consistent across all dashboards?. This paper offers an overview of best practice business intelligence (BI) dashboard design principles and discusses data integration options for getting data into a dashboard.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Recent comments