Latest news
Some two months since the discovery of the Stuxnet worm made headlines and started speculations on who is behind it, Symantec's researchers have unearthed another piece of the puzzle that tells us a bit more about its likely target. According to the latest results of the analysis of the worm's code, Stuxnet was developed to search for industrial control systems that have frequency converter drives from a specific Finnish or Iranian vendor - or from both. These drives function as a power supply that can change the speed of a motor by changing the frequency of the output.
What Stuxnet does is change drastically the operating frequency of these motors every once in a while, sabotaging the workings of the automation system that they run.
Stuxnet begins this procedure after it has been witnessing the drives operating at speeds that go from 807 Hz to 1210 Hz for an undefined period of time.
Researcher Eric Chien says that these these frequencies are actually a lot higher that those required to power, let's say, a conveyor belt in a factory. "Also, efficient low-harmonic frequency converter drives that output over 600Hz are regulated for export in the United States by the Nuclear Regulatory Commission as they can be used for uranium enrichment," he notes. "We would be interested in hearing what other applications use frequency converter drives at these frequencies."
According to Symantec's updated paper on Stuxnet, the worm springs to life only when it detects 33 or more frequency converter drives from one or both of the two manufacturers - a fact that seems to imply that its developers had specific specific targets in mind and that they are familiar with their networks.
“I imagine there are not too many countries outside of Iran that are using an Iranian device. I can’t imagine any facility in the U.S. using an Iranian device," said Liam O Murchu, one of Symantec's researchers that work on analyzing Stuxnet, to Wired. And he's probably right. This speculation seems to give weight to the theory that the Iranian Bushehr nuclear power plant was Stuxnet's main target.
Spotlight
Cyber espionage campaign uses professionally-made malware
Posted on 20 May 2013. | A massive cyber espionage campaign has been hitting government ministries, IT companies, academic research institutions, and more.
Ransomware adds password stealing to its arsenal
Posted on 17 May 2013. | Microsoft researchers are warning about a new variant of the well-known Reveton ransomware doing rounds.
Application vulnerabilities still a top security concern
Posted on 16 May 2013. | Respondents to a new (ISC)2 study identified application vulnerabilities as their top security concern. A significant gap persists between software developers’ priorities and security professionals’ concerns.
IT security jobs: What's in demand and how to meet it
Posted on 15 May 2013. | Let's say you want a career in information security, where do you start? What credentials do you need? What are employers looking for? Read on to find some answers.
Hacking charge stations for electric cars
Posted on 15 May 2013. | Ofer Shezaf talks about what charge stations really are, why they have to be ‘smart’ and the potential risks created to the grid, to the car and most importantly to its owner’s privacy and safety.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
 |
