<IT WORLD> Microsoft plays catch-up
By Martin J Young
HUA HIN, Thailand - German security experts who have been analyzing the Stuxnet
malware that crippled Iran's nuclear program three months ago claim the attack
was more effective than a military strike.
In November, the International Atomic Energy Agency (IAEA) said Iran had
suspended work at its nuclear production facilities, which was a likely result
of the Stuxnet infection. It has been estimated that it will take two years for
Iran's nuclear program to get back on track following the cyber incursion. The
physical damage has been done and it is now likely that
Iran will need to rebuild the centrifuges at Natanz and possibly buy a new
turbine for Bushehr.
Security company Symantec highlighted how the worm executed its attacks; it
would first perform an inventory of systems it is running on, then look
specifically for "frequency converter drives" made by two firms, one Iranian
and the other Finnish, running at speeds between 807Hz and 1210Hz (the rotation
speeds of the centrifuges). If these drives are found, Stuxnet will sabotage
the configuration by making subtle changes over a number of weeks while
displaying normal readings to cover its tracks.
Security researcher Ralph Langer confirmed that it was a highly sophisticated
piece of code that is far in advance of anything currently in the public
domain. Talking to the Jerusalem Post, he suggested that it may have taken
several years to develop and could have been invented in a combined operation
between the US and Israel's Military Intelligence Unit 8200.
With such a lead time and over 15,000 lines of code, it was a foregone
conclusion that the most aggressive malware ever discovered was not the
handiwork of a hacker and would have probably been too much even for one state.
According to Langer, Iran's best option would be to discard all existing
computers in the facility and ensure all external employee laptops are clean in
order to totally eradicate the outbreak. Security companies offer solutions,
and websites carrying counters to Stuxnet-related problems have reported
substantial increases in visitors from Iran, indicating that the malware is
still causing havoc on the Islamic Republic's networks.
According to an Agence France-Presse report, President Mahmud Ahmadinejad
admitted that "they were able to disable on a limited basis some of our
centrifuges by software installed in electronic equipment". He also claimed
that Iranian "specialists" had stopped the attack and it would not be repeated.
A report by the US Congressional Research Service last week also emphasized the
dangers of Stuxnet and stated that such a cyber-weapon could be used against
the US in an effort to undermine society and the government's ability to defend
the nation. The report said a variant of the malicious software could do
widespread damage to critical infrastructure including water, power,
transportation, and other essential services. If reprogrammed, Stuxnet could
target a wide range of infrastructure facilities as opposed to a narrow target
such as Iran's nuclear power plants.
A slew of copycats and reverse-engineered versions of Stuxnet could well be
causing havoc elsewhere throughout 2011. Money is already being invested in an
attempt to pre-empt strikes, such as the US$10 million allocated in the US to
create a National Electric Sector Cyber Security Organization that would become
the primary cyber security center for grid infrastructure.
The worm, which has been labeled the most sophisticated cyber-weapon yet seen,
has been likened to the arrival of an F-35 fighter jet on a World War I
battlefield. Those who until now have considered cyber weapons to be the stuff
of science fiction have had a rude awakening.
Security
It has been a bumper month for Microsoft's bug-fixing department, as this
week's "Patch Tuesday" saw no fewer than 40 software vulnerabilities, including
nine deemed critical. Windows, Internet Explorer, Office, Sharepoint and
Exchange were all patched. Five of the 17 security updates addressed
long-standing flaws that could allow attackers to install malware on computers
by tricking Windows into thinking that their files were legitimate parts of the
operating system.
Patches were also issued against the above-mentioned Stuxnet malware, although
rather late for those that were affected - the damage has been done - and
variants are likely to be emerging soon.
Six critical patches were applied to all current versions of IE, including
three that have already been made public and exploited by hackers over the past
six weeks. Microsoft confirmed that the Windows flaws could be exploited even
if users are running other browsers such as Firefox, Chrome, Safari and Opera.
Patching with the MS10-091 fix will protect them. Older versions of Office,
namely XP and 2003 needed patching but the newer 2007 and 2010 editions were
fine for now.
The total number of updates released on Tuesday was a single month record for
the company, while the vulnerability count of 40 was the second-highest to
date, with October's 49 taking the record.
Martin J Young is an Asia Times Online correspondent based in Thailand.
(Copyright 2010 Asia Times Online (Holdings) Ltd. All rights reserved. Please
contact us about
sales, syndication and
republishing.)
Head
Office: Unit B, 16/F, Li Dong Building, No. 9 Li Yuen Street East,
Central, Hong Kong Thailand Bureau:
11/13 Petchkasem Road, Hua Hin, Prachuab Kirikhan, Thailand 77110
Security
