Wednesday, February 16, 2011

Hackers Release Stuxnet's Decompiled Code Online

From Homeland Security NewsWire:

Cyberwar


Hackers release Stuxnet's decompiled code online

Published 16 February 2011



The Stuxnet worm was a cybermissile designed to penetrate advanced security systems; it was equipped with a warhead that targeted and took over the controls of the centrifuge systems at Iran's uranium processing center in Natanz, and it had a second warhead that targeted the massive turbine at the nuclear reactor in Bushehr; security experts say it is the most sophisticated cyberweapon ever designed; now, a group of anonymous "hacktivists" hacked the computers of a U.S. security company and stole a decrypted version -- the decompiled code -- of the malware, and put it on the Web; security experts are anxious: "There is the real potential that others will build on what is being released," says one; this will not lead to an immediate threat, but it could lead to something soon, he added; "Weeks wouldn't surprise me"



A snippet of the Stuxnet source code // Source: data0.net

The group of anonymous “hacktivists” that made headlines for online cyberattacks in December just released a bombshell online: a decrypted version of the same cyberworm that crippled Iran’s nuclear weapons program.



The ones and zeroes that make up the code called the Stuxnet worm — described as the most sophisticated cyberweapon ever created — were reportedly found when the faceless group hacked into the computers of HBGary, a U.S. security company that the anonymous collective viewed as an enemy, Fox News reported. Security experts said the leaked code was serious cause for concern.



“There is the real potential that others will build on what is being released,” Michael Gregg, chief operating officer of cybersecurity firm Superior Solutions, told FoxNews.com. Gregg was quick to clarify that the group has not released the Stuxnet worm itself, but rather a decrypted version of it HBGary had been studying — which could act almost like a building block for cybercrooks.



“As an attacker you need to understand how something works. The better you understand how it works the easier it is to build something similar that serves the same purpose,” Gregg explained. The “decompiled” code the group made available is in that sense akin to a recipe book for disaster, he said.



“With the right tools — and these guys have shown themselves more than once to be a fairly technical bunch of individuals — then it gives others a cookbook to start modifying,” he said.



Careful examination of the Stuxnet worm by armies of security analysts have shown it to be a cybermissile designed to penetrate advanced security systems. It was equipped with a warhead that targeted and took over the controls of the centrifuge systems at Iran’s uranium processing center in Natanz, and it had a second warhead that targeted the massive turbine at the nuclear reactor in Bushehr.



Stuxnet was designed specifically to take over those control systems and evade detection, and it apparently was very successful. Dave Aitel, CEO of Immunity Inc., painted a firm line between the version of the worm that destroyed Iran’s nuclear plant and the code released by Anonymous.



“What they’ve released is essentially incomprehensible,” he said, saying that what the group found was far removed from the raw worm that has been “travelling around Iran destroying nuclear things.”



“This is essentially just a translation. HBGary took the worm in the wild and translated it into a slightly easier to read format,” Aitel said. He notes that Stuxnet is still a threat, however, and the more dangerous raw version of the worm — or the “binary” version — is still easily accessible for those wishing to use it maliciously.



“The stuxnet binary is widely available,” Aitel told FoxNews.com. “The people who would use the binary would know how to find it.”



Orla Cox, a security operations manager at Symantec, told the Guardian that it was “very difficult to tell” how dangerous Anonymous’ copy of Stuxnet is.



“It would be possible [for Anonymous to use Stuxnet in an attack],” Cox said. “But it would require a lot of work; it’s certainly not trivial.” A hacker would need to repurpose the single-minded code and retarget it, a likely challenge, experts said.



The Anonymous group released the Stuxnet code on 13 February, after finding it in a database of e-mails it stole from HBGary. “First public Stuxnet decompile is to be found here,” one representative of the group wrote over Twitter.



Anonymous claims the hacking was a response to HBGary’s purported efforts to penetrate the group and identify its members. The reasons for releasing the Stuxnet code are unclear, be they malicious or merely anarchist.



The ramifications, experts say, are far less obscure.



“Now that pieces of that code become available, it’s not a far step to others developing their own attack kits, Gregg told FoxNews.com. “Just because they don’t have malicious intent with it doesn’t mean others wouldn’t.”



This will not lead to an immediate threat, but it could lead to something soon, Gregg said. “Weeks wouldn’t surprise me.”



No comments:

Post a Comment