Page 47: of Maritime Logistics Professional Magazine (Jul/Aug 2017)

PORTS & INFRASTRUCTURE

Read this page in Pdf, Flash or Html5 edition of Jul/Aug 2017 Maritime Logistics Professional Magazine

though, hacking is not malware – it’s about get- and ting direct access to source code.

damage connected machinery.

Most malware and hacking assaults are intended to either Very specifc machinery: centrifuges used to enrich Urani- steal or destroy information, gain access to bank accounts and um. No-one has claimed responsibility for Stuxnet, but it is steal money, demand a ransom or simply show off hacking widely believed to have been the creation of a western gov- skills. Where then is this new weapon? ernment to set back the Iranian nuclear program in 2008/9. If that was the case, it worked. Stuxnet ravaged Iran’s Natanz

Does Anyone Remember Stuxnet?

nuclear facility, destroying the centrifuges by causing them

Stuxnet was a worm that spread widely via USB sticks in to spin out of control. the Middle East in 2009 and was discovered in 2010. Here’s a

To date, Stuxnet remains the only malware designed to summary of what it did: physically destroy machinery and establishes the model for » Exploited no fewer than 4 zero-day (previously the next Pearl Harbor: unknown and unpatched) vulnerabilities in MS Windows; » Infect a networked computer; » Covered its own tracks by falsifying system data; » Deploy a root kit to take control of the computer, » Communicated with its owner when the infected cover traces, reconnoitre the network and report PC was online; back to base; » Searched the local network for Siemens PLCs » Deploy a payload that overrides the connected running the Step 7 OS; and industrial control system and damages or destroys » If the Siemens OS version and other parameters [power station, turbine, valve in gas pipeline, rail matched certain criteria, it would deploy its payload.

infrastructure, aircraft, reactor, medical device, etc.].

The Stuxnet payload was malicious code that entered the

According to Kaspersky Labs Threat Landscape for Indus- industrial control system (ICS) to carefully change settings trial Automation Systems 2016, a quarter of all cyber attacks

Image above: AdobeStock credit: daliu www.maritimelogisticsprofessional.com 47

I

Maritime Logistics Professional

Maritime Logistics Professional magazine is published six times annually.