“With the right tools — and these guys have shown themselves more than once to be a fairly technical bunch of individuals — then it gives others a cookbook to start modifying.”
The ones and zeroes that make up the code called the Stuxnet worm – described as the most sophisticated cyberweapon ever created – has been released online, according to a Twitter message by one representative of the Anonymous hackers. Security experts are yet not sure how dangerous the cloned version of Stuxnet is.
The codes for the mysterious and highly complex piece of software were reportedly found when the faceless group hacked into the computers of HBGary, an US security company that the Anonymous collective views as an enemy.
According to the website – TheHackerNews.com – security experts says the leaked code is serious cause for concern.
“There is the real potential that others will build on what is being released,” Michael Gregg, chief operating officer of cybersecurity firm Superior Solutions.
Gregg emphasise that the group hasn’t released the Stuxnet worm itself, but rather a decrypted version of it.
HBGary has been investigating the malicious software.
According to the Anonymous is the composition of Stuxnet almost like a building block for cyber criminals.
“As an attacker you need to understand how something works. The better you understand how it works the easier it is to build something similar that servers the same purpose,” Gregg explains.
The “decompiled” code the group has made available is in that sense a kind of recipe book for disaster, he says.
“With the right tools – and these guys have shown themselves more than once to be a fairly technical bunch of individuals – then it gives others a cookbook to start modifying,”.
Careful examination of the Stuxnet worm by an army of security analysts have shown it to be a cybermissile designed to penetrate advanced security systems.
It was equipped with a “warhead” that targeted and took over the controls of the centrifuge systems at Iran’s uranium processing center in Natanz, it also had a second “warhead” that targeted the massive turbine at the nuclear reactor in Bashehr.
Stuxnet was designed specifically to take over those control systems and evade detection, and it apparently was successful.
But Dave Aitel, CEO of Immunity Inc., painted a firm draw a distinguished line between the version of the worm that destroyed Iran’s nuclear plant and the code released by Anonymous.
“What they’ve released is essentially incomprehensible,” he says.
Adding that what the pieces of the code group found was removed from the raw worm that has been “travelling around Iran destroying nuclear things.”
“This is essentially just a translation. HBGary took the worm in the wild and translated it into a slightly easier to read format,” Aitel says.
He notes that Stuxnet is still a threat, however, and the more dangerous raw version of the worm – or the “binary” version – is still easily accessible for those wishing to use it maliciously.
“The stuxnet binary is widely available,” Aitel points out. “The people who would use the binary would know how to find it.”
Orla Cox, a security operations manager at Symantec, told The Guardian that it was “very difficult to tell” how dangerous Anonymous’ copy of Stuxnet is.
“It would be possible (for Anonymous to use Stuxnet in an attack),” Cox says.
“But it would require a lot of work; it’s certainly not trivial.”
A hacker would need to repurpose the single-minded code and retarget it, a likely challenge, according to the experts.
The Anonymous group say they released the Stuxnet code on February 13, after finding it in a database of e-mails it stole from HBGary.
“First public Stuxnet decompile is to be found here,” one representative of the group wrote over Twitter.
Anonymous claims the hacking was a response to HBGary’s purported efforts to penetrate the group and identify its members.
But the reasons for releasing the Stuxnet code are unclear.
The ramifications, experts say, are far less obscure.
“Now that pieces of that code become available, it’s not a far step to others developing their own attack kits, Michael Gregg says.
“Just because they don’t have malicious intent with it doesn’t mean others wouldn’t.”
This won’t lead to an immediate threat. But it could lead to something soon, Gregg says.
“Weeks wouldn’t surprise me.”
Well, I would not jump off my chair just yet.
One of the things that made the original Stuxnet so special, was that it was designed to use 4 so-called “zero-day” vulnerabilities.
These short-time fixes are sold on the black market at very high prices.
Only one will cost a fortune.
But now we might see what kind of money power these cyber activist have…
Related by the Econotwist’s:
- Iran Nuke Virus Hits ‘Net (foxnews.com)
- Hackers release decrypted Stuxnet code — but don’t panic (infoworld.com)
- Anonymous release translated Stuxnet Worm code online (geek.com)
- Anonymous Claims Possession of Stuxnet Worm (it.slashdot.org)
- Stuxnet, GitHub and a Worm with Cloak and Dagger Written All Over It (readwriteweb.com)
- Stuxnet expert: other sites were hit but Natanz was true target (news.cnet.com)
- Report: Stuxnet did minimal damage to Iran’s key nuclear facility (hotair.com)