The existence of Stuxnet really brings modern cyberwar into the realm of life imitating science fiction. The video speaks about how Stuxnet is the implicit case for weaponized code—truthfully any tool can be turned into a weapon. The compelling case for this virus is that it was designed with only one purpose: to infect and destroy nuclear enrichment centrifuges used byIran.
It’s been more than a year since it’s first discovery in June of 2010; but the impetus behind its creation and release is still unknown aside from understanding its activity. In this era, cybersecurity is just as important for stopping automated attackers like viruses as it is hackers—those of the hactivist, state sponsored, or corporate variety.
We’ve seen numerous cases where the failure of simple Internet hygiene (think, “Wash your hands” style security) caused virus infections in secure locations, such as some spyware that infected a US Drone operations center probably came through a something masquerading as a Facebook game.
Like every other profession in the world, virus writers look at what works and it’s possible to dismantle and autopsy code with a decompiler, as a result, Stuxnet’s descendants will come onto the scene. One good example is Duqu, which didn’t last long but behaved a lot like Stuxnet; in fact, it’s widely regarded as if it took after a lot of Stuxnet’s code by security researchers who decompiled the code themselves.
Massive infections of computers worldwide, and the ease of infections to get into them, will drive a further ecology of viruses that attack very specific code. The properties of Stuxnet show that it’s was very much a political weapon and that viruses can be harnessed to proceed with very real cyber warfare.
Coming into the world of 2012, Anonymous and hactivism is a big deal; but we still have the world of malware and viruses to look to for the next move of that community. In their infancy, most viruses were simply malicious (doing damage as they went) but now they’re complex bits of malware designed to spy on users, turn their computers into zombies in a network to do a task, or even do complex computations while stealing their CPU cycles.
The security risks of a machine deep inside a nuclear facility and sitting on the desk in a residence are totally different. If defense contractors and governments don’t start battening down their cyber-hatches and actually implementing strong cyber-hygiene, we might see the next Stuxnet sooner than expected.