Industrial Espionage

Fundamentally, sabotage is the act of exploiting a weakness in a network and manipulating that weakness in such a way that devastates the entire network. This type of sabotage has been practiced in military applications throughout history and can be quite devastating.  But we’re now seeing evidence that the ancient art of the saboteur has evolved into the twenty first century through the use of computer worms – a subclass of a virus capable of autonomous replication (Wikipedia) − to disrupt the weapons manufacturing process. This evolution has made understanding the strengths and weakness of networks, animate and inanimate, more important than ever for nation states.

Stuxnet was the first of its kind in its sophistication and simplicity. Developed by the United States with alleged partners, stuxnet is a malware capable of causing physical damage to the machinery it targets. Stuxnet was written in such a way to render it harmless against anything but the Iranian uranium centrifuges it was designed to infect, and will delete itself after it becomes obsolete. This was proven when it was accidently leaked from the Natanz plant by an unwitting worker there.

Although stuxent has multiple ways to disrupt production, one interesting reason why stuxnet works is because the network it infiltrated relied on bridges without multiple fail safe connections. Once the worm identifies the bridge it sets up shop, waiting to play the classic misinformation game known as man in the middle. The program acts as an invisible node, Z, in between nodes A and B. Node B is the centrifuge and Node A is the control panel, or where the centrifuge’s signals went to elicit response. For instance, when the centrifuge reaches a dangerously high temperature it notifies Node A so that Node A can slow Node B down, or so that Node A can alert an engineer. Presumably there was some kind of failsafe in Node B’s mechanism should Node A defect, a fact which can be deduced by the sophistication of the worm. In any case, the invisible Node Z waited for Node B to alert Node A that it was overheating. Node Z intercepted the communication, and imitated Node A in a response ordering Node B to continue as before. Meanwhile, Node Z imitated Node B in communicating with Node A, which was told all was well. Because Node B had no reason to distrust Node A and vice versa, this sort of attack is extraordinarily difficult to defend against. It’s not as if there was some alien Node C establishing new edges with Nodes A and B that they could simply ignore. Node Z took advantage of an already established network. A key lesson from the stuxnet is to diversify all the parts of a process, because the corruption of a bridge can be devastating.

The elegance of the attack is simple and appealing. With only a seemingly small flaw in the uranium developing process, the developers of stuxnet have been able to disable 20% of Iran’s centrifuges. More importantly, there have been no human causalities, which is significant unto itself.

http://www.economist.com/node/17147818

http://www.webopedia.com/DidYouKnow/Internet/2004/virus.asp

http://www.nytimes.com/2012/06/01/world/middleeast/obama-ordered-wave-of-cyberattacks-against-iran.html?pagewanted=all&_r=0

http://www.techopedia.com/definition/15812/stuxnet   (All references accessed on January 31, 2013)

 

Advertisements

One thought on “Industrial Espionage”

  1. I believe that this is just one piece of evidence that proves that in the future, this sort of “cyber war” (which, in my opinion is an outdated term) will play a much more prominent role in the national security of nations. In the United States, most if not all of our water, electrical, finance, and industrial sectors are all heavily reliant on useful but vulnerable technology. I believe it would take a very well organized and equipped terrorist cell to do large damage to our oil refineries, for example. I’m also unconcerned about a nation launching an attack on us, with the exceptions of Iran and possibly North Korea. Yet, due to the extremely low number of refineries in the nation, these targets are high impact. Taking one refinery off line for several months will have a large and direct impact on gas prices at the pump, and thus all other goods. Surely we have some of the best computer security people in the world that design systems to protect our national “cyber” interests, but it doesn’t mean we are invulnerable to a Natanz style attack.

Comments are closed.