Worm can attack control systems used by power plants and other facilities
(Credit: Bigod via Flickr Creative Commons)
Experts from leading security companies are saying that the Stuxnet worm is so sophisticated that it could have been a state-sponsored project and certainly not the work of a lone hacker.
The worm targets computers running Siemens software that is used to control power plants, gas and oil pipelines and other industrial facilities.
In a podcast interview I conducted for CBS News and CNET, Symantec security researcher Eric Chien said "We can tell by the code that it's very, very complex to the degree that this type of code had to be done, for example, by a state and not, for example, some hacker sitting in his parents basement."
The worm spreads via Windows computers and there is speculation that it can get from a computer to a facility management system either through a network or via a thumb drive.
Paul Ferguson, a threat analyst for TrendMicro, told me "The amount of technical expertise that went into this doesn't appear to have been by some random lone individual person because they would have had to have access to these systems to develop this."
Some experts have speculated that the worm was designed to sabotage a nuclear plant in Iran, but neither Chien nor Ferguson could confirm that.Ferguson called that "purely speculation at this point," suggesting it could have aimed at facilities in other countries that use Siemens control systems.
The Christian Science Monitor cites experts saying that Stuxnet "can be classified as a cyber superweapon," with some suggesting that it may have been designed to shut down Iran's Bushehr nuclear power plant or another facility in that country.
Click here to read more and listen to interviews with both Chien and Ferguson on my CNET blog.
For more on Internet safety & security, visit my site, SafeKids.com
Follow Larry Magid on Twitter: www.twitter.com/larrymagid