A 'good' virus gone bad?

A chilling report warns us about how Stuxnet can be 'retooled' to be used against infrastructure in US. I thought I'd start the discussion in this forum seeing how the virus is considered to be a 'cyperweapon'. Please feel free to move it if it shouldn't be in here.

Stuxnet 'virus' could be altered to attack US facilities, report warns

www.csmonitor.com...

Stuxnet, a computer worm that hit and may have severely damaged Iranian nuclear facilities, is the type of cyberweapon that could broadly harm the United States, undermining both society and government ability to defend the nation, says a strongly worded report to Congress.

A successful broad-based attack on the US, using new variants of the Stuxnet weapon, could do enough widespread damage to critical infrastructure – including water, power, transportation, and other services – that it "threatens to cause harm to many activities deemed critical to the basic functioning of modern society," said the little-noticed report issued by the Congressional Research Service (CRS) Dec. 9.

If retooled slightly, Stuxnet could be directed to target a wide swath of critical infrastructure facilities, rather than a narrow target such as Iran's nuclear fuel-enrichment facilities and nuclear power plant, the eight-page CRS synopsis warns, quoting researchers and other analysts.

The last paragraph notes how an industrial expert thinks the attack on Iran's facilities is a 'huge success'. Is it really considering how dangerous this can be to world infrastructure? A 'good' virus gone bad?

“It will take two years for Iran to get back on track,” he said. “This was nearly as effective as a military strike, but even better since there are no fatalities and no full-blown war. From a military perspective, this was a huge success.”

To make things a bit more chilling, the US is now issuing new advice on 'nuclear strikes'. What I find odd is the advice doesn't seem to be geared around an apocalyptic attack but one centered around fallout scenarios for the types of attacks noted above. Why this new push to advise people on nuclear attacks?

U.S. Rethinks Strategy for the Unthinkable

www.nytimes.com...

Suppose the unthinkable happened, and terrorists struck New York or another big city with an atom bomb. What should people there do? The government has a surprising new message: Do not flee. Get inside any stable building and don’t come out till officials say it’s safe.

The advice is based on recent scientific analyses showing that a nuclear attack is much more survivable if you immediately shield yourself from the lethal radiation that follows a blast, a simple tactic seen as saving hundreds of thousands of lives. Even staying in a car, the studies show, would reduce casualties by more than 50 percent; hunkering down in a basement would be better by far.

But a problem for the Obama administration is how to spread the word without seeming alarmist about a subject that few politicians care to consider, let alone discuss. So officials are proceeding gingerly in a campaign to educate the public.

“We have to get past the mental block that says it’s too terrible to think about,” W. Craig Fugate, administrator of the Federal Emergency Management Agency, said in an interview. “We have to be ready to deal with it” and help people learn how to “best protect themselves.

Do they know something we don't? Have the attacks already begun? I have no idea but I thought I'd play with the topic to see what you all think.

This reminded me of a good/bad virus we had back in early 2000. I forget the name of it but it was used to take out power stations or something like that. The original virus never hit us. A second virus was designed to combat the original. That second virus, although the intention was good, wreaked more havoc than the first. I recall the second virus, the 'good' one, taking out 21 of our offices nationwide. I worked 3 days straight cleaning up that mess and it cost us dearly.

Is The Christian Science Monitor credible?

I see some new "duck and cover" propaganda coming up again in the US anytime now lol

back to the cold war era.

I can see this in the wake of Wikileaks and other online threats as an excuse to shut down the internet..The best weapon is the one that allows you to blind and make your opponent deaf.

Sorry for being a little late on this one.

I found this using the search function as I was about to post my finding from "Discover Magazine's january/february 2011 issue, pg 31". (online version of the same article)

It's #9 top science story of 2010: World's First Cyberweapon

I will add a few quotes that support the original OP and even add a touch of conspiracy to it.

It’s a plot straight out of Hollywood: Mysterious hackers create a malicious computer code designed to seize control of critical equipment worldwide. It turns out it really happened.

Since first reported in June, the Stuxnet worm—which some call the world’s first “cyberweapon”—has spread to 100,000 machines in more than 155 countries, though most are in Iran. Only a few machines in the United States have been infected. The worm spreads via infected usb flash drives and other means.

No one knows where the worm was created or what it was targeting. Researchers know only that it was capable of causing physical damage; for instance, it could make a motor rev too quickly and even blow up. “Using something in the cyberworld to control something in the physical world is something we’ve never seen before,” says Liam O Murchu of the computer security company Symantec.

Here is the "conspiracy" angle, though it is pretty clear from the article that all signs point to a Mossad and/or CIA operation.

Computer and control system security professionals like Ralph Langner, who is based in Germany, believe the Stuxnet worm was targeting Iran’s Bushehr nuclear power plant, its uranium enrichment facility at Natanz, or both.

Langner and others say the malware’s sophistication points to one or more well-financed nation-states such as Israel or the United States, two countries with motive and the ability to conduct the attack. (Neither country has officially commented on the Stuxnet attack.)

And here is the last sentence:

“The clock is ticking,” Langner says. “We are going to see copycats by the beginning of 2011.”

Nice find OP, this is quite important, so I hope it does not get lost in the ATS jungle.

the Billmeister

I remember reading about Stuxnet in a magazine article a few weeks ago. If the Iranian's managed to contain a small portion of the virus it could be reverse-engineered or however you want to say it to attack their enemies systems. Actually in reality you wouldn't have to go through all of that hassle. You could just unleash it anywhere else since it doesn't know the difference between target A and target B.

US Helped Develop Stuxnet Computer Worm - US, Israeli Forces Tested Worm at Dimona

A new article in the New York Times detailing the damage done to Iran’s civilian nuclear program by the Stuxnet computer worm not only confirms Israel’s role in the development, but adds that the US played a role in its development and testing.

Though officials have declind to confirm this directly, the article describes Stuxnet as a “joint American and Israeli effort” and details its testing at Israel’s Dimona site, where they use “virtually identical” centrifuges in the creation of their own massive nuclear arsenal.

news.antiwar.com...

Stuxnet virus attack: Russia warns of ‘Iranian Chernobyl

Russian nuclear officials have warned of another Chernobyl-style nuclear disaster at Iran's controversial Bushehr reactor because of the damage caused by the Stuxnet virus, according to the latest Western intelligence reports.

www.telegraph.co.uk...

This Stuxnet thing is unnerving since the first time I read about it. This is the first step in an old war that has been brewing for years.

The question that came to my mind was "can this be considered an act of war? or terrorism?" and if so, would retaliation be justified?

I am no cyber-weapons expert, but I imagine that the virus can have sections of code altered as to have a different software "key" and therefore be redirected to a new target in retaliation. If that is the case, any computer-based mechanical industry is a potential target, which could be a huge advantage in any conflict.

Even for an industrial conflict, potentially, GM could target Toyota, or Pepsi could target Coke and cause a big enough disruption in production with huge financial impacts.

Very chilling prospects indeed.

the Billmeister