The Pandora's Box of Stuxnet, Duqu, and Flame

It would be awesome if someone could develop a stealth computer program that could infiltrate enemy systems to surreptitiously gather data, or possibly even to shut down or damage elements of the nation’s critical infrastructure. It would be a much more efficient method of obtaining covert intelligence or crippling enemy capabilities without putting lives in danger.

Of course, the code might be discovered by the enemy or a third-party, and all of the brilliant engineering that went into developing the threat might also be used against its creator. Creating such a threat is a Pandora’s Box that can have serious negative consequences. In a nutshell, that seems to be how the Stuxnet virus is unfolding.

A new report in the New York Times reveals that the United States and Israel were, in fact, behind the development of the Stuxnet virus. As suspected, the malware was designed specifically to target Iranian nuclear facilities and cripple that nation’s ability to develop nuclear weapons.

It seems to have succeeded more or less in its intended role. However, it also escaped the boundaries of the Natanz facility it was targeted for, and began to spread to other systems across the Internet. Eventually it was discovered and dissected by security researchers--and probably by malicious hackers as well.

In the wake of Stuxnet, two new threats have emerged which bear many similarities to Stuxnet and appear to rely on Stuxnet as a foundation. Duqu and Flame both exhibit many of the same behaviors and use techniques familiar to Stuxnet, but we don’t yet know whether these are evolutions of Stuxnet still developed by the United States and/or Israel, or if the proverbial genie is out of the bottle and other parties are building on Stuxnet to develop their own malware threats.

A computer virus is the Internet equivalent of biological warfare. One of the reasons that nations around the world entered into a treaty banning the development, stockpiling, or use of biological weapons was fear of what might happen if those weapons fell into the wrong hands, or if a catastrophe occurred that might unintentionally unleash biological agents against the civilian population.

While the goal of Stuxnet is understandable from the perspective of the United States, Israel, or its allies, the fallout is that the code is now out there. The enemies of the United States and Israel can reverse-engineer it, learn from it, and use the tricks to develop their own attacks. Malicious hackers can take lessons from Stuxnet and apply them to create new threats.

Stuxnet may have achieved the goals it was developed for. Regardless of whether we agree that the mission was admirable or necessary, though, we now have to deal with the Internet equivalent of a mustard gas or Agent Orange leak that has the potential to affect us all.

recommended for you

Malware Gets Snoopy

Read more »

Subscribe to the Security Watch Newsletter