What amazes me every day is how life seems to match that of a b-rate science fiction movie as in the 60’s I had never thought Dick Tracy’s wrist watch phone would be a reality let alone toss in video and internet too! However there seems to be a darker side to all of this too as each movie also has a villain as hey what fun would it be without one right? However this too exists today in the form of a dark angel if you will serving the perceived right by doing wrong and that is “Stuxnet”.
For those that may not have heard, the uranium enrichment plant in Iran was struck by a computer bug and not a normal bug at that. This one had a unique appetite if you will for specialize (real world) control hardware used to run the actual plant. Matter a fact this was “hardware” which was stand alone in that it didn’t come in contact with the internet and wasn’t even wired to a local network of sorts, yet it became infected and was severely damaged.
Well you might be saying so what there are virus’s all over the internet and what’s the big deal about this as you hear it all the time in the popular media. Well there are two things which make this different and very different, which leads to the scary part of the discussion as the aspect to consider is this virus affects the real world. As until now, a computer infection only caused soft damage as in stealing credit card data, deleting personal files, or logging things like user IDs and passwords. However “Stuxnet” is different as it has the programmatic ability to “damage” the real world by autonomous control and do these deeds nefariously even under the oversight of a human operator.
Think about it this way as a premium class automobile now has over 100 million lines of code to drive the multiple microprocessors embed throughout the vehicle, and guess what many of these are even linked to internet! Thus making them far more likely targets then highly protected PLC’s (Program Logic Controllers) running a nuclear fuel refinement facility. This concept (attack) in turn can be cascaded to obviously airplanes, trains and any other devices with an embedded microprocessor in it which is just about everything in our modern world.
It use to be in the past we felt all safe and cozy that since these devices where not commonly connected like our personal computers to the internet that we were safe and malicious mishaps where not a reality as they lack possibly. However we now have found this to be wrong as “Stuxnet” has done what we all once thought was impossible and is the virus equivalent of what “Trinity” was to the explosive world. Yes it’s on the same plane as unleashing the atom. Why such a bold statement you ask, as its hard to get any bolder however it’s the second aspect and potentially most lethal too is its delivery system.
Think about it this way as we will use the old adage of needing to find a needle in a hay stack as the only way to infect these stand alone devices is via the computer which is used to connect to them via a hard line, so therefore you need to first infect those systems (the ones used for configuration), so how does one do that? First you have to infect a lot of devices, second it needs to autonomously spread and finally it has to be buried very deep to avoid being discovered. In essence this is the cruise missile of the virus world; just far more accurate if you will as to strike a target like this is an amazing feat. Again, “so what” as who cares, well let’s look at this again.
This virus is like a multistage rocket which can shed pieces of itself yet releasing new payloads to continue the march forward. Second is how deep within the OS (Operating System) it had to be to not be found as it could even be on your computer now, you could have a silent carrier as to hit its target a vast and I do mean vast number of machines needed to be infected to increase the chances that the machine used to configure the controller would come into contact with it (the virus).
One final thought on this is the potential existence of “back door” if you will in the OS code base, BIOS sets or hardware itself which allow the silent passing of data by parties (governments) in the know. This would be akin to the kill switch the US builds into the military hardware it sells abroad as a protection measure should the purchaser decide unwisely to use it against America.
Regardless of how you package it, much like the splitting of the atom let the genie out of the atomic bottle, “Stuxnet” has now let the genie our the virus bottle in a big way…