Monday, September 27, 2010

where did stuxnet come from?

sep 27th, 2010

pretty intriguing. from good morning silicon valley:

"An electronic war has been launched against Iran."

— Mahmoud Liayi, head of the information technology council at Iran's ministry of industries, on a worm that has infected the computer systems at that country's first nuclear power plant. The Stuxnet worm, which also has been found in India and Indonesia, targets SCADA(supervisory control and data acquisition) systems, such as utilities or other infrastructure controls, by exploiting security holes in Microsoft's Windows. Security researchers from Symantec and Kaspersky Lab disagree about when the Stuxnet worm first attacked (January or July), but they do agree that its scope and sophistication — and whose existence is referred to by a Forbescontributing writer as a "game-changer" — make it likely that it was government-backed, according toComputerworld. A cybersecurity expert quoted by theWall Street Journal says suspects include the U.S., U.K., and Israel.


so found in india and indonesia as well, eh? guess then it's china's handiwork. they are the guys who have made asymmetric and total warfare a priority


Verbal said...

nizhal yoddha, could you please provide me with your guys email address so i can send you some reports you could possibly put on your blog. I couldnt find how to contact you guys by email.

my email is

Anyway, this looks like a systematic thing china and the US are doing worldwide.. india needs to take cyber security and hacking more seriously if it wishes to progress

Raja said...

The recent Prithvi test went haywire. Before that the ambitious Cryogenic engine failre - I attribute both these failures to onboard navigation control systems' failure possibly by stuxnet. I read somewhere that Siemens' SCADA systems are the most vulnerable as they are used in most power generation industries to control the processes. Hope ISRO is not using any of these Siemens' SCADAS in their design.

Raghu said...

Amkit Fadia reported long ago that he was contacted by the FBI for some work regarding hacking, whereas the GOI ignored him.
How long before we really get screwed for putting our heads in the sand?