Stuxnet developers made ‘too many mistakes’
By Tom Brewster,
The creators of Stuxnet made “too many mistakes” and much went wrong in its use, a researcher has claimed.
Speaking at the Black Hat DC conference yesterday, security consultant Tom Parker said it was unlikely a Western state was responsible for developing Stuxnet due to the issues it encountered.
Parker claimed there was “too much technical inconsistency” and suggested Stuxnet’s code was not of particularly high quality, Kaspersky Lab’s Threatpost reported.
Furthermore, he said the command-and-control mechanism was badly put together. It was also unlikely the creators wanted Stuxnet to spread over the internet as it did, Parker added.
However, he said Stuxnet was still very effective on a number of levels and it was highly unlikely only one person developed the worm on their own.
"There are a lot of skills needed to write Stuxnet," Parker said.
"Whoever did this needed to know WinCC programming, Step 7, they needed platform process knowledge, the ability to reverse engineer a number of file formats, kernel rootkit development and exploit development. That's a broad set of skills.”
He hypothesised two separate groups could have launched Stuxnet – possibly a set of skilled programmers to produce the code and exploits, and a less technically proficient group to adapt the worm for its final use.
Mikko Hypponen, chief research officer at F-Secure, suggested Stuxnet authors may not have added encryption and anti-debugging features "because they wanted to make the program look as 'normal' as possible."
"Most AV labs use automation to find 'suspicious' samples," Hypponen told IT PRO.
"Stuxnet didn't look suspicious. It looked like an automation toolkit that would install signed device drivers."
When Stuxnet emerged last year, it caused a big stir in the security sphere, with many hailing it as a watershed moment.
A recent report in the New York Times suggested Stuxnet was tested in Israel before the worm was involved in sabotage of Iranian nuclear centrifuges.
The report, which cited unidentified intelligence and military experts, indicated Stuxnet was tested at the heavily-guarded Dimona complex in the Negev desert.
You may also like...
Sponsored Links
advertisement
You may also like...
Latest Security Analysis & Insight
What is your password worth?
Would you be tempted to sell off company passwords for a fee? If not, seems like you're in the minority, acccording to research.
- Macs under attack?
- Intel: security inside
- Are you spending too much on IT security?
- Does the government want to snoop on your data?
- Eurocrats versus the cyber criminals
- The truth about spam
- Google and privacy: What’s the problem?
- Q&A: Symantec’s CISO on the source code hack
- RSA: Back from the breach?
Latest Security Reviews
Check Point 2210 Appliance review
Rating: 
advertisement
Most popular
- UK regulator shuts down Angry Birds scam
- Apple iPad 3 vs iPad 2 head-to-head review
- IBM bans use of Siri on iPhones
- Chromebooks: What's gone wrong?
- HP plans massive job cuts
- EMC World 2012: Tucci declares Documentum is here to stay
- Dell EqualLogic PS6100XS review
- Macs and Android under malware threat
- RIM loses its head of sales
- Local fibre broadband needs common standards
Latest News Videos in Security
IT PRO Podcast: Are UK data protection laws flawed?
PlayWe bring in two experts to talk about the problems with UK data protection law and the way it is managed.
Register for IT PRO
You'll get exclusive member benefits including free whitepapers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.
