When people think of malicious software infecting a computer network, they probably envision a file silently accessing and replicating gigabytes worth of data to be harvested for the virus’s creators. They probably don’t think of the office coffeemaker going on the fritz.
But that’s exactly what a worm called the Stuxnet worm is capable of. Discovered in 2010, this particularly nasty software not only attacks the host computer that receives it, but it is capable of disabling other physical components that the computer controls. In one of the more headline grabbing cases of malware attacks, Stuxnet—spread through infected computers belonging to third-party contractors—disabled the centrifuges at an Iranian nuclear power facility, causing them to shut down and need to be replaced.
There is a lot of speculation as to the origins of Stuxnet, and quiet finger pointing has named a number of chief officials and government leaders from several countries as having been at least aware of the design and implementation of Stuxnet.
While Stuxnet is a globally destructive tool, meaning that it’s more likely to be used to shut down the machines the run a country’s electrical power plants than to infect your computer’s online banking information, there are some lessons to be learned from Stuxnet as far as average citizens are concerned. The most important is that Stuxnet is believed to have been spread to the contractors’ computers in Iran via USB flash drives; some reports indicate that files transferred by those vendors on DVDs or CD-ROMs were not infected, but files transferred by flash drive were. There have been reports for quite some time about the vulnerabilities of flash drives, and that even everyday individuals have been victimized by harmful software embedded in the driver that controls the flash drive.
To avoid this problem, always use flash drives from trusted companies—as opposed to inexpensive or “free gift” flash drives from unknown sources—and scan the drive for viruses before using them. The vulnerabilities in flash drives are such that even store-bought drives from known manufacturers should be scanned before use.
Moreover, this is certainly not the first time malicious software has reached its intended objective via third-party contractors, as in the now-famous Target credit card breach that affected millions of shoppers. Stuxnet should serve as a wakeup call to all forms of industry that work with contractors and vendors, and force them to see the need to ensure excellent anti-virus and anti-malware controls before they are connected to outside computers.
If this is the new era of warfare, it is disturbing to think of the ramifications if this worm ever falls into the wrong hands. Experts who have investigated Stuxnet have come up with more questions than answers about how the system operates, but it is known that this is the first time a computer virus has had the capability to manipulate and harm physical objects, such as machinery, that are controlled by the infected computer.