NYTimes Reveals Details Of How US Created Stuxnet... And How A Programming Error Led To Its Escape
from the when's-the-movie-coming-out dept
Perhaps even more interesting, however, is the fact that Stuxnet (which apparently originally infected Iranian nuclear plants via workers using USB keys when they shouldn't) was never supposed to get out into the wild. It was supposed to just sit in the computers at the power plant, confusing the hell out of the Iranians. But, obviously, that didn't happen. Having that info get out into the wild probably killed off the effort much earlier than expected, since it basically explained to the Iranians what was happening.
It's also noteworthy that a source in the article claims that Stuxnet was the first example of using a computer attack to destroy physical items (it made centrifuges work irregularly in ways that could cause them to break). Some have therefore used Stuxnet as "proof" of the cybersecurity threats out there and the misnamed "cyberwar." I'm not sure that's true. Stuxnet still appears to be a rather unique case in terms of a very, very specific target that had some significant vulnerabilities. We hear lots of worries about cybersecurity impacting physical infrastructure -- and I'm sure that those who wish to do harm would love to bring down power grids and airplanes through some form of a cyber attack. But I'm not convinced that the success of Stuxnet is so easily replicable in other such areas. And I don't see how that automatically justifies effectively tossing out all privacy protections.