Tag Archives: laser

Stuck on Stuxnet

By Jeremy Wagstaff (this is my weekly Loose Wire Service column for newspaper syndication)

We’ve reached one of those moments that I like: When we’ll look back at the time before and wonder how we were so naive about everything. In this case, we’ll think about when we thought computer viruses were just things that messed up, well, computers.

Henceforward, with every mechanical screw-up, every piston that fails, every pump that gives out, any sign of smoke, we’ll be asking ourselves: was that a virus?

I’m talking, of course, about the Stuxnet worm. It’s a piece of computer code–about the size of half an average MP3 file–which many believe is designed to take out Iran’s nuclear program. Some think it may already have done so.

What’s got everyone in a tizzy is that this sort of thing was considered a bit too James Bond to actually be possible. Sure, there are stories. Like the one about how the U.S. infected some software which a Siberian pipeline so it exploded in 1982 and brought down the whole Soviet Union. No-one’s actually sure that this happened–after all, who’s going to hear a pipeline blow up in the middle of Siberia in the early 1980s?–but that hasn’t stopped it becoming one of those stories you know are too good not to be true.

And then there’s the story about how the Saddam Hussein’s phone network was disabled by US commandos in January 1991 armed with a software virus, some night vision goggles and a French dot matrix printer. It’s not necessarily that these things didn’t happen–it’s just that we heard about them so long after the fact that we’re perhaps a little suspicious about why we’re being told them now.

But Stuxnet is happening now. And it seems, if all the security boffins are to be believed, to open up a scary vista of a future when one piece of software can become a laser-guided missile pointed right at the heart of a very, very specific target. Which needn’t be a computer at all, but a piece of heavy machinery. Like, say, a uranium enrichment plant.

Stuxnet is at its heart just like any other computer virus. It runs on Windows. You can infect a computer by one of those USB flash drive thingies, or through a network if it finds a weak password.

But it does a lot more than that. It’s on the look out for machinery to infect—specifically, a Siemens Simatic Step 7 factory system. This system runs a version of Microsoft Windows, and is where the code that runs the programmable logic controllers (PLCs) are put together. Once they’re compiled, these PLCs are uploaded to the computer that controls the machinery. Stuxnet, from what people can figure out, fiddles around with this code within the Siemens computer, tweaking it as it goes to and comes back from the PLC itself.

This is the thing: No one has seen this kind of thing before. Of course, we’ve heard stories. Only last month it was reported that the 2008 crash of a Spanish passenger jet, killing 154 people, may have been caused by a virus.

But this Stuxnet thing seems to be on a whole new level. It seems to be very deliberately targeted at one factory, and would make complex modifications to the system. It uses at least four different weaknesses in Windows to burrow its way inside, and installs its own software drivers—something that shouldn’t happen because drivers are supposed to be certified.

And it’s happening in real time. Computers are infected in Indonesia, India, Iran and now China. Boffins are studying it and may well be studying it for years to come. And it may have already done what it’s supposed to have done; we may never know. One of the key vulnerabilities the Trojan used was first publicized in April 2009 in an obscure Polish hacker’s magazine. The number of operating centrifuges in Iran’s main nuclear enrichment program at Natanz was reduced significantly a few months later; the head of Iran’s Atomic Energy Organization resigned in late June 2009.

All this is guesswork and very smoke and mirrors: Israel, perhaps inevitably, has been blamed by some. After all, it has its own cyber warfare division called Unit 8200, and is known to have been interested, like the U.S., in stopping Iran from developing any nuclear capability. And researchers have found supposed connections inside the code: the word myrtle, for example, which may or may not refer to the Book of Esther, which tells of a Persian plot against the Jews, and the string 19790509, which may or may not be a nod to Habib Elghanian, a Jewish-Iranian businessman who was accused of spying for Israel and was executed in Iran on May 9, 1979.

Frankly, who knows?

The point with all this is that we’re entering unchartered territory. It may all be a storm in a teacup, but it probably isn’t. Behind all this is a team of hackers who not only really know what they’re doing, but know what they want to do. And that is to move computer viruses out of our computers and into machinery. As Sam Curry from security company RSA puts it:

This is, in effect, an IT exploit targeted at a vital system that is not an IT system.

That, if nothing else, is reason enough to look nostalgically back on the days when we didn’t wonder whether the machinery we entrusted ourselves to was infected.

Eight Gigabytes Of Stuff On One DVD

In the next few weeks, expect to be able to buy DVD discs that can store up 16 hours of video or 8.5 GB of Data. Verbatim said yesterday they would this spring release “the industry’s first Double-Layer DVD+R (DVD+R DL) discs”, nearly doubling the storage capacity on DVD recordable discs (from 4.7GB to 8.5GB) on a single side. Verbatim says these discs will be compatible with existing DVD video players and DVD-ROM drives.

That ’16 hours’ bit needs some clarifying: in fact, you could only store up to 4 hours of DVD-quality video — the 16 hours refers to VHS video quality. The way Verbatim say they do this is to have the first recording layer semi-transparent with enough reflectivity for writing/reading data on the first layer, yet transmitting enough laser power to read/write on the second layer by refocusing the laser.

Verbatim expect content developers (read DVD movies, big software packages) to make use of this technology: You could fit two Hollywood movies on one of these discs, if you really wanted to. Is this the time when I can talk about how I remember how all you could get on a floppy drive was less than one megabyte, but how somehow we were happier then? (No – Ed.)

News: Palm’s New Wireless Keyboard

 On the heels of its launch of fresh handhelds, Palm has launched some new accessories, including a wireless keyboard, multifunction stylus, six cases, a camera card, handheld device protection units and complete accessory kits.
 
According to UK PR firm M2 Communications the wireless keyboard lets users type using a QWERTY key layout without the need to connect the device to the main unit with wires. Pricing starts at GBP59.99. The stylus costs GBP9.99 and can be used as a writing pen, a laser pointer, a torch and a stylus.

News: Type Anywhere, On Anything

 From the This Really Could Be Funky Dept: iBIZ Technology Corporation has introduced its Virtual Laser Keyboard and has promised to start shipping the unit by November for $99.00. The Virtual Keyboard is an infrared device that projects the image of a keyboard onto any surface, allowing you to type straight into a PDA, a desktop, a laptop or a cell phone running Windows and Palm’s operating systems. See a picture here.

Info: More Memory For That Old Machine In The Attic

 From the Obscure Info But Store It Away Because You’re Bound To Need It Someday Dept comes an interesting service: new and legacy memory for desktop computers, notebooks, servers, workstations, laser printers, digital cameras and palm-top computers.
 
 
Memory4Less uses a state-of-the-art user-friendly website featuring the “Ultimate Configurator” and “Advanced Search Tools”, which sound exciting in their own right, to help you find your memory.