Stuxnet's Infection Of Chevron Shows Why 'Weaponized' Malware Is A Bad Idea

from the cyberenemy-within dept

The Stuxnet worm that attacked an Iranian nuclear enrichment facility a couple of years ago was exceptional from several viewpoints. It is believed to have been the costliest development effort in malware history, involving dozens of engineers. It also made use of an unprecedented number of zero-day exploits in Microsoft Windows in order to operate. Finally, Stuxnet seems to be the first piece of malware known with reasonable certainty to have been created by the US, probably working closely with Israel.

As Techdirt reported earlier this year, we know all this largely because the malware escaped from the target environment in Iran, and started spreading in the wild. We now learn that one of the companies infected as a result was Chevron:

The oil giant discovered the malware in July 2010 after the virus escaped from its intended target, Mark Koelmel, Chevron's general manager of the earth sciences department, told The Wall Street Journal.

"I don't think the U.S. government even realized how far it had spread," he said. "I think the downside of what they did is going to be far worse than what they actually accomplished."
This highlights a huge problem with the use of malware by national security services to carry out these kinds of covert attacks on their enemies. Where a physical attack on a foreign nation is unlikely to cause direct casualties back at home -- although it may lead to indirect ones through retaliation -- attacks using worms and other malware are far less targeted. If they escape, as is likely to happen given the near-impossibility of controlling what happens to them once they have been released, they may well find their way back to the attacker's homeland, and start infecting computer systems there.

This makes the "weaponization" of malware an inherently dangerous approach. Imagine if a nation deployed worms or viruses that changed data on infected systems in subtle ways, and that these started spreading by mistake among that same country's health organizations or banks. Lives could be lost, and financial systems thrown into disarray.

That's something worth bearing in mind amid increasing calls for the development of software that can be used offensively: as well as the likelihood of tit-for-tat responses, there is also the very real danger that the weapon will turn against the nation that created it.

Follow me @glynmoody on Twitter or identi.ca, and on Google+


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. icon
    sgt_doom (profile), 20 Nov 2012 @ 5:32pm

    Never assume .....

    Josh in CharlotteNC is incorrect, of course, but we only find out about the horrors much, much later.

    Take that malware which interfered and was blamed for bringing down that airliner (I believe it was in Spain, if I'm not mistaken). After news of it came out, and their stock began to dip, another story was released, claiming the malware was actually on the avionics diagnostic machine, at a mx facility, and not aboard the aircraft's avionics systems after all (they always do that, after the cat's out of the bag --- or never release the real truth).

    The malware wasn't targeted at the airliner's avionics, it simply interfered with the routine alarms being sounded as it occupied specific memory vector spaces it shouldn't have --- similar to that Sony attack on millions.

    When Sony CDs were sent out with their own malware aboard --- which interfered with the running of any other brand's CDs on PCs, and also made the infected PC's vulnerable to further hacks, or cracker attacks, ect., plus caused major rebooting loops when an OS patch was trying to be downloaded (funny how the corporate media never mentions this when they mentioned those Anonymous hacks against Sony).

    Remember those at least 1,300 computers at embassies around the world which were infected by malware from China? It activated the workstation, or PCs', cams and microphones, and it lasted almost 2 years (discovered by Canadian computer scientists back in 2009).

    That was bad enough, but who knows who else accessed those hacked computers as well????

    One can't make unequivocal statements about the damages wrought from malware, unless you've gone through every single line of code, and are equally familiar with every single existing system out there.

    Assumptions simply don't cut it.....

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Show Now: Takedown
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.