CS 462 – Stuxnet Discussion

The learning material briefly explained about “Stuxnet”. The video below gives an overview of the attack. Watch it and connect it with the topics you learnt this week. https://www.ted.com/talks/ralph_langner_cracking_stuxnet_a_21st_century_cyber_weapon/transcript?language=en#t-298947\

Also provide your views on why Stuxnet is actually complicated and any other interesting articles you found online.

Stuxnet has several connections to the topics from this week. It’s biggest connection to the topics from this week is that of physical and personnel vulnerabilities. As Ralph Langner mentioned, the worm managed to get in via a USB stick being taken in. This method of attack relies not only on someone taking in the infected USB stick but also on being unaware of the dangers of bringing random technology into an organization.  Another connection comes from its multiple zero-day vulnerabilities, which therefore accounts for multiple exploits in the system. However, having multiple zero-day attacks is only one part of Stuxnet’s complexity. I see Stuxnet as complicated in its functionality when and when not interacting with its target. Ralph noted that when Stuxnet was being experimented on in labs, it “sniffed, but didn’t want to eat.” It was a worm that was able to only spread under certain conditions. However, when it had those conditions, it not only was able to spin the centrifuges and change valves at the same time, but it was also able to feed operators false input data along the actual code. This kind of functionality is why I believe that Stuxnet is a complex worm. For additional information, I found an article that details how it quickly spread throughout the facility in two waves and used vulnerabilities to move but stay hidden.

https://control.com/textbook/instrumentation-cyber-security/stuxnet/

Leave a Reply

Your email address will not be published. Required fields are marked *