Monday, 29 October 2012

Stuxnet – 2 years on and what we’ve learned

In June two years ago, the most sophisticated computer virus was discovered in power-plants,  factories and traffic control systems all around the world. It was said to be 20 times more complex than any other virus code created before.

Of course, we are talking about Stuxnet…

As a virus, it had a number of capabilities. It was able to turn up the pressure in nuclear reactors, switch off oil pipelines and while doing all this; it would tell all the system operators that everything was ok.

Unlike viruses before it, Stuxnet didn't forge fake security clearance. It actually had a real clearance stolen from one of the most reputable security systems in the world: Realtek. It also exploited security gaps that system creators where unaware of. These are called ‘Zero Days’ and they can go for up to $100,000 in the black market. How many ‘Zero Days’ did Stuxnet use? 20!

In the coding, it was designed to keep dormant until it reached its specific target, without that target it did not activate.

What was it planning to shut down?
It was designed to shut down the centrifuges that spin nuclear material at Iran’s enrichment facilities.

Stuxnet was a weapon, and it was the first to be made entirely out of code

The ISIS has stated that Stuxnet may have shut down over 1000 centrifuges at Natanz (Iran’s main enrichment facility). Last year, the Iranian government stated that the virus’s infection of the Bushehr’s nuclear facility meant that turning on the plant could lead to a national electricity blackout.

So what does that kind of scare do to a country?
Well Iran gathered an army of online security experts and is now said to have the second largest online army in the world.

Who created the Stuxnet virus?
There is no direct evidence as to who created it. But some believe that Israel was responsible as the code contains references to the Hebrew bible. Others believe it was the US. But it seems as though we will never know for sure.

How to be a hacker and get paid for it - legally
Yep that’s right, you can now be a hacker and get paid for it. In fact, the average salary of an ethical Hacker is over £40,000! (itjobswatch.co.uk) But what is this ethical hacker? Aka a white hat hacker is someone who hacks and exploits zero days from companies who are looking to increase their security. As simple as that; they will pay you to find and exploit zero days in order and get rid all possible risks.

EC-Council logoBecome a Certified Ethical Hacker (CEH) and be a respected hacker defending companies and even countries from viruses such as Stuxnet itself.

EC-Council is a very well know vendor for professional certifications in the IT security field. Here are some of their powerful certifications: