Friday, March 11, 2011

Stuxnet

I've been following the Stuxnet worm in the technical press and it is fair to say that this is probably the world's first weaponised computer worm. In a very real sense this is cyberwar.
From Bruce Schneier's excellent blog;
Stuxnet was expensive to create. Estimates are that it took 8 to 10 people six months to write. There's also the lab setup--surely any organization that goes to all this trouble would test the thing before releasing it--and the intelligence gathering to know exactly how to target it. Additionally, zero-day exploits are valuable. They're hard to find, and they can only be used once. Whoever wrote Stuxnet was willing to spend a lot of money to ensure that whatever job it was intended to do would be done.

Symantec's report is very thorough but somewhat long!
The best expose on the whole subject is Steve Gibson's podcast on the subject;
http://media.grc.com/sn/sn-291.mp3

No comments: