back to article Stuxnet code leak to cause CYBER-APOCALYPSE NOW!

Source code for the sophisticated Stuxnet worm has reportedly made it onto underground forums where it is been offered up for sale at some unspecified price. This not entirely unexpected development, first reported by Sky News, has prompted the satellite TV channel to get for broke with a loosely substantiated story …

COMMENTS

This topic is closed for new posts.
  1. Elmer Phud
    Big Brother

    Terrrrrists

    I assume then, from the same people who bring you Faux news, that my dishwasher and washing machine will soon be controlled from Iran/Iraq/China/Israel etc. etc. and they will subvert the toaster and microwave in turn.

    Never again will I be able to go to the kitchen at night unarmed.

    The central heating will either be on full or nothing and I fear for the safety and sanity of the DECT phones.

    Private Fraser was right, Sky News(?) is right - we're all doomed!

    1. Anonymous Coward
      FAIL

      Your are not far off

      Your dishawasher will be controlled by your smart house controller.

      IMO, there is nothing inherently wrong with that idea if I control it and control it via a device which is mine for which they supply information. I am slowly building something along the same lines myself in my house and I am not the only to reduce my power bills.

      That however is not how a lot of players in this field see it. If you read most of the proposals for the Government Smart Metering consultations as well as the pre-consultation work by the Energy retailers association it is EDF, British Gas or the comms supplier like Vodafone who wants to do that and insist on _OWNING_ the equipment which controls it.

      That would still have been fine (or kind'a fine) if the equipment was designed by the usual Internet, comms or even mass market retail players. That however is not the case - it is being design by the same people who design SCADA and industrial telemetry systems.

      I have been saying this for years long before this Stuxnet affair - they are utterly clueless and oblivious to the way the real world functions. SCADA security is a joke. They think that by jacking up access control to crazy levels they have secured the system.

      Wrong, the hacker's job is to circumvent access control and Stuxnet has show just how easy it is to do it with a SCADA system. We, who do real Internet work of any kind have know this for years.

      The energy sector is yet to learn that. If it did it would not have tried designing smart meters running Windows XP embedded. Which is what it does now.

      So, coming back to your question. How do you feel about _ALL_ appliances in your house _AND_ _THE_ _MAIN_ _OFF_ _SWITCH_ (that is what a smart meter is) being under control of a Windows XP appliance with userland code written by a someone who have never ever had to write any code exposed to a real Internet security threat. How do you feel knowing that this is connected to both a local network to talk to a display using a commoditity protocol, to a WAN and probably even to your local network to give you a daily dose of greenwash?

      Are you feeling fine? I bet you do :)

      1. Wize

        Its not just making these items secure for the present thats a problem...

        ...what about the future?

        My electric meter was fitted in the 80s and still works fine.

        Imagine a computer doing that job thats just 10 years old? Windows of that age is not supported anymore. You can't remote install a new version because the hardware won't take it.

        You are left with meters that need to be changed out every few years to make sure they are fully patched and supported.

        If these smart meters are supposed to lower your carbon footprint, it will be offset in the wrong direction with all this extra waste of equipment.

        Not to mention all the people hacking into the boxes to get cheep electricity (and if they are on the same street as you, hacking into yours and increasing your use so all the sums add up)

        1. heyrick Silver badge

          @ Wize

          There's a good point to be made that a meter based around a small SoC or MCU is, really, about all that is required. Or am I missing something in thinking that a computer capable of running any version of Windows is complete overkill for an electricity metering system, and something of an awfully ironic joke if this is being done to increase efficiency.

          1. Wize

            @hayrick

            Very true, all you need is a small controller. Smart but not too smart. Should run till the chips wear out.

            Trouble is, the powers that be want more and more out of things, so there is a danger of a windows CE device (or what ever its called now) being used

  2. foxski
    WTF?

    Argh! my eyes!

    That Sky article and especially the comments at the bottom really make for painful reading! These people have NO CLUE!

    1. Destroy All Monsters Silver badge

      Welcome to the Real!

      You will like it here...

  3. Paul Gomme

    I did want to post a comment

    I did want to post a comment on the Sky News website, but where do you start...?

    1. blackworx
      Thumb Up

      Tell me about it

      There's no way to argue with pious stupidity.

      Also, it was difficult to tell where the article ended and the comments began, what with all the random red text and capitalisation.

      1. Wize

        Its not just stupidity

        TV news is just as bad as the tabloids for blowing a story out of proportion just to sell their news product.

  4. Dave Murray
    Grenade

    Gilpin goes on to conclude...

    that the government should really pay him a lot more money to protect us from these deadly cyber-terrorists!

  5. M Gale
    FAIL

    Viruses in the hands of bad guys.

    No, really?

    And there's me thinking that Stuxnet was developed by totally above-board professional programmers.

    1. heyrick Silver badge

      Virus is in the hands of bad guys

      You took the words right out of my mouth. And, um, "bad guys"? Well, I suppose calling them "bad guys" is a step closer to reality than the usual "HACKERS did it", but I'm sure that was in there too...

  6. Anonymous Coward
    Unhappy

    Yep

    Considering emergency services control rooms/dispatch centres don't even use Siemens industrial control hardware (certainly the one I'm in right now doesn't, and why would they anyway?) I'll be sticking this one squarely on the "alarmist bullshit" pile, along with everything else that comes out of Fox "News".

  7. JohnG

    Shutting down the transport network across the UK

    A bit like snow but without the snowmen and snowball fights?

    What is quite funny about the comments on the Sky news site is that many have commented as if they are true experts in computer security but their comments indicate the opposite.

  8. Anomalous Cowherd Silver badge

    IT consultant to the goverment..

    If that's his grasp on reality, it certainly explains most of the recent goverment IT projects.

  9. Anonymous Coward
    FAIL

    Sky News Video

    The video made me laugh, "guys were making a section about the sale of the source code for a virus, we need some code to slide across the screen to make it look 'cool'"

    "okay boss"

    So he just copies and paste's the HTML for sky news homepage....

  10. Anonymous Coward
    WTF?

    Gilpin?

    A man who has worked in Information Assurance for 8 months (and that at the Youth Justuce Board, hardly part of the High Threat Club) considers himself authorititative enough a source to comment to the media.

    What a gobsh1te.

    CLAS consultants may not all be god's gift but I hope most are better that this fool.

  11. TeeCee Gold badge
    WTF?

    Sky News can be sensationalist and inaccurate?

    This is the same Sky News brought to us by the Murdoch empire, who also provide us with the sizzling soaraway Sun, right?

    My level-of-surprise-o-meter has stayed firmly at zero throughout this one......

    1. ph0b0s

      Fair and unbiased....

      Remember their US sister station is FOX news. Who would never use alarmist stories to push their news agenda....

  12. LinkOfHyrule

    Sod Sky News

    Sod Sky News, the Daily Mail should get on the case - I want to know if Stuxnet causes (or maybe cures) cancer!

    1. John G Imrie

      Stuxnet does not cause cancer.

      But it will lower your house value.

      1. Jimbo 6

        Worse than that

        It will download swan-roasting immigrant homosexuals directly into YOUR CHILD's bedroom.

        Be afraid. Be VERY afraid. And vote Tory.

  13. amanfromMars 1 Silver badge

    With Whom do you Battle, and Do Battle With in CyberSpace? The Enemy is Within for Withering Fire

    ""The problem with inaccurate, inflammatory and irresponsible stories about Stuxnet - good though they may be for page impressions and video views - is that they make cybercriminality sound like a second-rate problem when it is positioned against a news backdrop alleging cyberwar," Ducklin writes."

    You think there is presently cyberpeace and virtual harmony, amfM writes Mr Ducklin?

    1. John Smith 19 Gold badge
      Joke

      AMFM !

      God, it's good to hear the voice of reason again.

  14. Anonymous Coward
    Go

    @AC 10:58 "You are not far off"

    Have you read the paper from Professor Ross Anderson (Cambridge - if readers have been paying attention they'll know that name from his well known work on IT security) on Smart Meters?

    Readers who haven't already read it should start at

    http://www.lightbluetouchpaper.org/2010/07/26/who-controls-the-off-switch/

    It expresses (in more detail) the same basic concerns that AC 10:58 expresses. Now who's looking silly?

    Maybe a few folks ought to think (and better still, read) before downvoting next time?

    Have a secure weekend.

  15. drake
    Linux

    Stuxnet.

    Just run everything important on Solaris (or at least a flavour of *nix) with a decent O/S hardening security toolkit enabled across all systems. What do you expect if you run mission critical systems on windows platforms (not that i'm biased or anything)?

    1. The Fuzzy Wotnot
      Pint

      Nice idea

      Nice idea, but the malware writers target the the most popular O/S. As OSX gets more traction I fully expect it to come into the sights of the bad guys as a useful target. If we were to use *nix as the global desktop of choice, the bad guys would invest all the efforts into finding holes and gaining access. Despite *nix supporting some huge datastores with some seriously useful information, they want simple easy targets and fast bucks, *nix is not worth the effort right now.

      Watch this space though....

  16. Juan Inamillion
    Thumb Up

    @Your are not far off

    Well said Sir, well said indeed.

  17. billium
    Grenade

    stux

    "My level-of-surprise-o-meter has stayed firmly at zero throughout this one......"

    it's a sign of stuxnet infestation ...

  18. chrisjw37
    Flame

    The Sky's falling.... (pun)

    I saw the broadcast,

    looked at the BBc on-line by mistake - no mentio of it, did a googly search.

    McAfee Labs rate it at low /low as a threat and it was blocked by the A.V programs as early as July,

    BUT it infiltrated an Iranian nuclear reactor - so we better invade the country just to be sure.

  19. John Smith 19 Gold badge
    Joke

    Was this an actual Sky news piece or was it a piece lifted from their US Operations

    FUD News.

    Welcome to the State of Fear.

  20. Dog Faced Boy
    FAIL

    you could shut down the transport network across the United Kingdom

    That comment made me laugh, where I'm from the local transport network cannot even manage regular transport on only one route every 30 minutes (it's more of an hourly service, give or take another 10-20mins on top of that).

    Some of the comments on the Sky article are hilarious especially the one about planes falling from the sky, life support machines turning off, and EVERTHING failing (their capitals not mine), almost tempted to go trolling :D

  21. amanfromMars 1 Silver badge

    News Corporation stuns Establishment with Underground Trailer

    You might like to consider that Rupert and Schloss Murdoch has called it right ....... and Stuxnets are Novel Danegeld Warriors and Virtual Terrain Team Players of First Class Order.

  22. Michael Dunn
    Coat

    @Dogfaced Boy

    Quote "Some of the comments on the Sky article are hilarious especially the one about planes falling from the sky, life support machines turning off, and EVERTHING failing (their capitals not mine), almost tempted to go trolling."

    Hey, wasn't this just the scenario we were cautioned with when 2K was approaching?

    Still got a 2K update kit in one pocket, in case I survive till 3K.

  23. gollux
    Badgers

    Best thing that's ever happened...

    Now industrial computing can start taking security seriously. Firm that up now and "CyberWar" will be less effective or nonexistent later when someone attempts it.

    Personally, I filed it among all those "End of the Internet" predictions we've been receiving since 1995.

This topic is closed for new posts.

Other stories you might like