October 1st, 2010
By: Iain Thomson
Delegates at the Virus Bulletin 2010 conference in Vancouver have heard that the Stuxnet worm could have been an inside job.
Graham Cluley, senior technology consultant at Sophos, told V3.co.uk that the worm may have been written by someone with detailed knowledge of Siemens’ computer systems, possibly a current or former employee.
“The message I got was that it appears to have been written by someone with inside knowledge of how Siemens’ systems work,” he said.
“But none of the presenters gave any evidence about who wrote it and against who it was targeted. Unless we get access to the computer it was written on, or someone admits writing it, we’ll probably never know.”
The malware contains the date 9 May 1979, which coincides with the execution of an Israeli businessman in Iran. But Cluley explained that this date is also, for example, the birth date of actress Rosario Dawson, and could be a red herring.
Cluley also said that the evidence for this being a targeted attack on Iran is patchy, since Symantec reported that more attacks had been reported in India and Indonesia than in Iran.
Mikko Hyppönen, chief research officer at F-Secure, told V3.co.uk that, based on the evidence he’d seen, the Stuxnet worm looks like a government attack, although conference presentations focused on the technical details of the attack rather than the motive.
“The obvious conclusion from Stuxnet is that there isn’t any clear motive other than sabotage,” he said.
“Crucially no-one has found a way that anyone could make money from this, which makes criminal involvement unlikely. If you look at the level of difficulty and complexity behind Stuxnet, it has to be a government effort.”
Hyppönen was awarded Best Educator at the conference, while Kaspersky Lab founder Eugene Kaspersky received a Lifetime Achievement award.