Due to the complexity and sophistication of the code contained within the Stuxnet worm, the possibility of it being used to take control of a nuclear warhead is high, according to a security expert.
At Check Point’s Sydney conference this week, Check Point Israel security evangelist, Tomer Teller, said he analysed the code of the Stuxnet worm, which was used to take control of a nuclear facility in Iran in June, 2009.
“This is a huge file, it’s 1 megabyte [MB] of code and I respect the skill required to engineer that code as it is very complex,” he said.
Teller confirmed the code in Stuxnet could be modified to launch new SCADA attacks. “Nuclear warheads are controlled by computers so if someone managed to slip a worm inside a facility that will reach the warhead component, they could launch it and than aim it back at the country’s facility,” he said.
“Stuxnet is the first cyber weapon that could cause major disruption."
While Teller is uncertain which country was behind the Iranian nuclear facility attack, he said a USB stick was the most likely method used to carry the worm inside the facility.
However, Teller also mentioned a rogue employee may have helped compromise the facility's internal security defences first to help the rapid spread of Stuxnet.
He explained that in order to insert certificates embedded with Stuxnet into a Windows 64-bit system, it had to be trusted by Microsoft.
“In order to get something trusted by Microsoft, you need to get those exploits signed,” Teller said.
“What we think happened is that an insider broke into JMicron, a chip manufacturing company based in Taiwan, as there is a computer at that office which is dedicated to signing these Microsoft drivers.”
According to Teller, Stuxnet is a blueprint for future SCADA attacks, and he is aware that people have downloaded and modified the worm.
"Stuxnet may have been deployed already but we don't know about it because some companies won't disclose breaches," he said.
Got a security tip-off? Contact Hamish Barwick at hamish_barwick at idg.com.au
Follow Hamish Barwick on Twitter: @HamishBarwick
Follow Computerworld Australia on Twitter: @ComputerworldAU