Onward, Botnet Soldiers!

Those of you who have been following the story of Stuxnet have probably been mesmerized by its Hollywood spy thriller intrigue. A worm designed to target and disable industrial systems found in nuclear enrichment facilities in Iran. Rumors that the virus was, in fact, the love child of Israel and the United States, and designed to be a silent soldier in a new type of warfare: cyber warfare. If you doubted the speculation about Stuxnet’s origins (perhaps because you didn’t want to admit that a nation would knowingly unleash a vicious worm that would spread beyond its intended targets), then you’d best take a reality check.

Back in January, it was predicted here that 2012 would see the creator – or creators – of Stuxnet unmasked, and yet no one was more surprised by the news last week that Hollywood has nothing on President Obama, who at the beginning of his administration in 2009 gave the order to attack Iran with cyber weapons, reports The New York Times. A program that began with the Bush administration, Stuxnet – which has a mysterious and disturbing link to Conficker – was designed to target and damage Siemens industrial control systems, specifically the  the kind found in industrial plants. The worm wreaked havoc on the Iranian nuclear program, particularly at Iran’s uranium enrichment facility at Natanz, where centrifuge operational capacity dropped in a year by 30 percent.

But the story doesn’t end there, no, not by a long shot. In what could be argued is the strangest coincidence of the year, the week that news leaked about the U.S. and Israeli involvement in Stuxnet, news also broke of the Flame virus, spread across the globe. According to the Times of India, “The [U.S.] Homeland Security Department’s warning about the new virus, known as “Flame,” assured US companies that no infections had been discovered so far inside the US. It described Flame as an espionage tool that was sophisticated in design, using encryption and other techniques to help break into computers and move through corporate or private networks. The virus can eavesdrop on data traffic, take screenshots and record audio and keystrokes. The department said the origin is a mystery.”

A ‘mystery,’ huh? You mean like the mystery of Stuxnet? Dubbed ‘Olympic Games,’ the U.S. attempt at getting their geek on has some scary implications, of which Flame is only the beginning. According to The NYT report, the first method of infection was through double agents and lackeys: “Getting the worm into Natanz, however, was no easy trick. The United States and Israel would have to rely on engineers, maintenance workers and others — both spies and unwitting accomplices — with physical access to the plant. “That was our holy grail,” one of the architects of the plan said. “It turns out there is always an idiot around who doesn’t think much about the thumb drive in their hand.””

Too good to be true

The problem you see, is that we may never have heard of Stuxnet at all, if it weren’t for the fact that the little bugger was – like all good worms – designed to spread itself. And that’s exactly what Stuxnet did, The NYT reports. “In the summer of 2010, shortly after a new variant of the worm had been sent into Natanz, it became clear that the worm, which was never supposed to leave the Natanz machines, had broken free, like a zoo animal that found the keys to the cage.” Surprise, surprise, the malware got away from them.

A spam in every pot

Let’s take a look at another piece of news that became public recently, of a training video created by al Qaeda, one which calls for an ‘electronic jihad’ on the U.S. In it, the video draws comparisons between the state of U.S. aviation security prior to 9/11 and the state of computer security today. The video calls for attacks on vital U.S. systems, including the power grid. Now, analysts will tell you that there’s nothing to fear and it would take a coordinated effort to launch and be successful in such attacks, and they would be partially right.

But let’s not forget that some of the most effective botnets in history weren’t created with multimillion dollar computers and hosts of MIT graduates. In fact, the success of worms, viruses, and Trojans has always relied on e-mail as an effective, broad-based delivery system. Does anyone really believe the U.S. would stop at such a tactic? It’s a safe bet that al Qaeda won’t.

How do we know that we aren’t being recruited, little spam soldiers unwittingly marching off to war?

Written by Malcolm James

0 Comments

  1. Geraldine Conan · June 10, 2012

    Conspiracy theories are always interesting and scary. But this is not just a theory anymore. The possibility of US citizens getting hit by malware from enemies of the state, or a malware disrupting power grids is not farfetched.

    The probability of terrorists moving the battleground from physical grounds to the web is not just for movie writers anymore. We are, after all, a nation of web addicts. And, unfortunately, we are also not a nation devoid of people “who [don’t] think much about the thumb drive in their hand.” Now, becoming stup*d with our personal information security not only means getting robbed of personal information, it would also mean a setback for civilized society if US will be successfully attached by those cyber-terrorists.

  2. BJ Watson · June 10, 2012

    While we can sit around and talk about how annoying spam is and what we can all do to stop it, unfortunately no such alternative really exists if the government wants to use us as botnet draftees in some great cyber-war. We can either be as tight and secure with our systems as possible and hope for the best, or break out the tin foil hats and caulk our ethernet ports shut. As more of these attacks leak and become public, we may find out we’ve already been fighting a war for years and never have realized it.

Leave A Reply