Tuesday, July 12, 2011

How AV Researchers Deciphered Stuxnet

The fascinating story of the people who decoded the Stuxnet worm and how they did it.

"Stuxnet a one-shot weapon. Once it was discovered, the attackers would never be able to use it or a similar ploy again without Iran growing immediately suspicious of malfunctioning equipment. “The attackers had to bet on the assumption that the victim had no clue about cybersecurity, and that no independent third party would successfully analyze the weapon and make results public early, thereby giving the victim a chance to defuse the weapon in time,” [...]. In the end, Stuxnet’s creators invested years and perhaps hundreds of thousands of dollars in an attack that was derailed by a single rebooting PC, a trio of naive researchers who knew nothing about centrifuges, and a brash-talking German who didn’t even have an internet connection at home."
It's also being discussed here in Bruce Schneier's blog.

And the moral of the story is "If you find a USB stick lying around, do not plug it into your computer. Especially if you work for a super secret research facility."