TIMES OF INDIA – Javed Anwer, TNN | Aug 20, 2012:

There is a cyber war going on between Iran and a few other countries. And India has been caught in the crossfire. It all started two years ago with Stuxnet, considered the most sophisticated computer virus ever and the virtual world’s first weapon of mass destruction. Stuxnet is like a laserguided missile. Compared to it, the older generation of viruses and trojans (malicious computer programmes) seem like crude bombs, says Shantanu Ghosh, MD, Symantec, a cyber security firm. It is capable of wrecking massive damage to digital infrastructure.

There is a reason why Stuxnet, caught in the wild by cyber security researchers in 2010, acquired this fearsome reputation. Cyber security firms like Kaspersky believe Stuxnet is the work of a nation. The likely suspects are the US and Israel because the malicious programme seems to have been designed with a single purpose – to disable and create havoc inside the nuclear installations of Iran by targeting several components manufactured by Siemens which are used by machines inside Iranian facilities.

While no one has confirmed anything,reports say that Stuxnet has hit a home run as far as derailing Iran’s N-programme is concerned. This attack was followed by Duqu, a virus caught last year. It was designed to collect information from official computer systems in Iran and several other Middle East countries. And just a few months back, Iran was hit by Flame, which too is believed to be the handiwork of state agencies.

Unfortunately,while Stuxnet,Duqu and Flame have acted as superb guided missiles, they are also weapons of mass destruction that are difficult to control. Cyber security experts believe that there may be several versions of these malicious programmes and not all are under control of the people who created them.

Computer Emergency Response Team for India (CERT-IN ) issued the first alert regarding Stuxnet infection in India on July 19, 2010. But by then,it was already too late. Kaspersky estimated that by September that year, Stuxnet had infected over 80,000 computers in India. Another security firm, ESET, estimates that the virus even infected some computers in the US.

By the end of last year, India was the third most affected country by Stuxnet, after Iran and then, Indonesia. Duqu too took a toll with India being the 8th most affected country. We even found a command and control server for Duqu in Mumbai, says Ghosh. There were reports in June that CERT-IN came across computers that had even been infected by Flame.

While Stuxnet has affected thousands of machines in India, including computers in vital and strategic installations, it doesnt damage a machine unless it finds certain Siemens components, says CERT-IN director Dr Gulsha Rai. But that doesnt mean it is not a danger. We had cleaned the infection from nearly 60,000 computers.

Nonetheless, companies and government agencies have suffered losses due to it. The main cost has been the resources we had to employ to contain and clean the infection, says Verizon’s Mark Goudie, who handles investigative response in the Asia Pacific region. Goudie says, “We have seen that many cyber criminals are trying to take control of Stuxnet so that they could modify and use it. Companies have to get rid of it. Our clients, who are mostly part of India’s service industry, have spent hundreds of thousands of dollars to get rid of it.

In July, US President Barack Obama painted a grim picture of a cyber attack in an article in The Wall Street Journal. Across the country, trains had derailed, including one carrying industrial chemicals that exploded into a toxic cloud. Water treatment plants in several states had shut down, contaminating drinking water and causing Americans to fall ill. Our nation,it appeared, was under cyber attack, he wrote. He asked the US Senate to pass the Cybersecurity Act of 2012 which will help the US acquire better offensive and defensive cyber warfare capabilities.

This case shows that cyber warfare is not likely to be confined to geographical boundaries. Rai and Ghosh agree that cyber warfare is akin to biological or chemical warfare,only with a potential to be messier as criminals or enemy states can theoretically target and damage vital installations, like power grids, on a grand scale. Rai says that an international treaty is required that clearly defines the rules of the game. Given the fact that cyber warfare is difficult to control, there is likelihood of massive collateral damage,something that will affect the common man even if he has nothing to do with the skirmish.

Malicious Missiles

Stuxnet

This virus used stolen security certificates from well-known hardware companies like JMicron and Realtek so that it could fool computer systems Spreads through USB drives Reports say it crippled Irans nuclear installations by increasing and decreasing the speed of centrifuges rotor.It set that country’s nuclear programme back by two years.

Duqu

Mostly spreads through emails. Commands and controls servers found across the world.

Flame

It has a code with a size of 20MB; Stuxnet has a size of just 500KB. Can take screenshots, record keystrokes, steal data and monitor network activities.

Advertisements