Back to top

Stuxnet worm hits the black market

News that the source code of the Stuxnet worm has been traded on the black market has some of the UK's biggest news outlets in a bit of a lather.

The malware, which is widely suspected to have been developed by a nation state, and was almost certainly deliberately targeted at Iran's fledgeling nuclear industry, has fallen into the hands of criminal gangs, according to a characteristically shrill new report on Sky News.

The report quotes 'senior security figures' who warn that the virus could be used to "attack any physical target which relies on computers."

Adding to the hysteria, Will Gilpin who apparently advises the Government on security matters, adds, "You could shut down the police 999 system. You could shut down hospital systems and equipment. You could shut down power stations, you could shut down the transport network across the United Kingdom."

Quite frankly, we've never heard such a load of old cock in our lives.

The best intelligence we have on the Stuxnet worm at the moment is that it was developed to disrupt a specific set of pumps on a specific industrial complex in Iran. The malware was intended to drive those pumps at an unusually high speed leading to either a failure of those pumps, or manual intervention shutting down the system to prevent further damage.

Quite how making a motor going too fast will shut down the 999 service is a bit beyond us, but it just goes to show there's no point in letting a little bit of research get in the way of a terrifying story.

The reason the virus has spread to so many unrelated and unconnected systems is because it was almost certainly delivered into the Iranian nuclear plant on a USB drive or similar portable storage device. Allowing the worm to propagate over hundreds of thousands of computers raises the chances that it will find itself installed on the chosen target exponentially. There is, of course, no evidence that the malware reached its intended target.

All of the available evidence points at a narrowly-targeted attack instigated by a highly sophisticated, and well-funded team of top notch hackers with a huge amount of in-depth inside knowledge about the systems they were trying to disrupt.

Suggesting that anyone who lays their hands on the code is capable of adapting it to bring the entire world to a halt is irresponsible, sensationalist and, quite frankly, stupid. Sticking the magic catchword 'Terrorists' in there for good measure beggars belief.

We all have enough real bogey men to worry about without people making stuff up to keep us cowering in the dark.